> On May 21, 2014, 11:39 p.m., Benjamin Hindman wrote: > > src/authorizer/authorizer.hpp, line 284 > > <https://reviews.apache.org/r/21723/diff/1/?file=585504#file585504line284> > > > > Why is this an error? Why not just assume an empty flags.acls is equal > > to '{}'? > > Vinod Kone wrote: > The main reason is that I want Master to instantiate an Authorizer only > when ACLs are specified (they could be {} but that is still considered > specified). That way we can turn off the Authorizer code path (for whatever > reason) by not specifying the "acls" flag. Given these semantics, it seems > odd to silently assume flags.acls.isNone() is equivalent to "{}". I would > rather the user of Authorizer think about this. Do you have any use case in > mind where your suggestion makes sense? > > Benjamin Hindman wrote: > But the master is already doing this IIUC, by checking > flags.acls.isSome() and only doing Authorizer::create when there are some > ACLs. But otherwise it seemed like the ACLs being optional are just whether > or not you have any ACLs, not whether or not you want an Authorizer, and if > you've called Authorizer::create it seems like you definitely want an > Authorizer!
Yes master does it. From your suggestion, flags.acls.isNone() means "don't use authorizer" in master but means "use it with no ACLs" in authorizer. That seems a bit weird considering the later can be specified explicitly. Also, per my reply to Dominic's comment, how about I just take JSON for now and punt on this altogether :) - Vinod ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/21723/#review43674 ----------------------------------------------------------- On May 22, 2014, 12:39 a.m., Vinod Kone wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/21723/ > ----------------------------------------------------------- > > (Updated May 22, 2014, 12:39 a.m.) > > > Review request for mesos and Benjamin Hindman. > > > Bugs: MESOS-1387 > https://issues.apache.org/jira/browse/MESOS-1387 > > > Repository: mesos-git > > > Description > ------- > > Master just initializes the Authorizer with ACLs, doesn't do any > authorization yet. > > > Diffs > ----- > > src/authorizer/authorizer.hpp 75b5a33cc2d83016598e5858d537ce1106784b41 > src/master/flags.hpp db21ab02f799e1eb33de40b6aa964a7d0e6477c9 > src/master/master.hpp 6f51eadbcfb8c332bf33bbbd0aa0c4ba3ad7b61d > src/master/master.cpp dc078de7e323e00e29f8dd3c55baa2b126d314b3 > src/tests/mesos.cpp 7e5e96a4de29b56a906716fc2e03ae4fce4a8584 > > Diff: https://reviews.apache.org/r/21723/diff/ > > > Testing > ------- > > make check > > > Thanks, > > Vinod Kone > >
