Re: Review Request 18730: Implemented a basic Authorizer interface.

Tue, 04 Mar 2014 09:30:14 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/18730/#review36117
-----------------------------------------------------------



include/mesos/mesos.proto
<https://reviews.apache.org/r/18730/#comment67029>

    ACL implies a mapping from principal/user to a specific permission. More 
advanced ACLs can eventually be useful (for example controlling visibility 
between frameworks e.g. in end-points/webui). But it seems more appropriate to 
use a term like "principal-map" here or introduce a field which describes the 
permission that it grants. Here it is implicitly allowing 1) A principal can 
use resources from role X 2) A principal can su to user Y. Does that make 
sense? :)



src/authorizer/authorizer.hpp
<https://reviews.apache.org/r/18730/#comment67030>

    Should we be able to specify default behavior i.e. block all principals 
that isn't mapped or only enforce mappings present and otherwise allow anything?
    Also, like the isolators. We should maybe plan for specifying the 
authorizer to use; we can start by having it default to "local" which use the 
json file.


- Niklas Nielsen


On March 3, 2014, 11:09 p.m., Vinod Kone wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/18730/
> -----------------------------------------------------------
> 
> (Updated March 3, 2014, 11:09 p.m.)
> 
> 
> Review request for mesos, Adam B, Benjamin Hindman, and Niklas Nielsen.
> 
> 
> Bugs: MESOS-911
>     https://issues.apache.org/jira/browse/MESOS-911
> 
> 
> Repository: mesos-git
> 
> 
> Description
> -------
> 
> See summary.
> 
> 
> Diffs
> -----
> 
>   include/mesos/mesos.proto 37f8a7fcd23d467b1274c46c405b836510afbd49 
>   src/Makefile.am 61d832b89132be2cc5b8ae9bbf743685464f78a4 
>   src/authorizer/authorizer.hpp PRE-CREATION 
>   src/tests/authorization_tests.cpp PRE-CREATION 
>   src/tests/master_contender_detector_tests.cpp 
> 8da7420e18c7a960b566fae13a5975857eb777ee 
> 
> Diff: https://reviews.apache.org/r/18730/diff/
> 
> 
> Testing
> -------
> 
> make check
> 
> 
> Thanks,
> 
> Vinod Kone
> 
>

Reply via email to