[ https://issues.apache.org/jira/browse/MESOS-2946?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14613069#comment-14613069 ]
Till Toenshoff edited comment on MESOS-2946 at 7/7/15 8:27 PM: --------------------------------------------------------------- h4.Status Quo As the current design stands, {{Authorizer}} is indeed an interface, but its default implementation is declared in the same header. Moreover, if one decides to create an alternative implementation for authorization, Mesos needs to be recompiled and all the places where the authorizer gets instantiated need to be updated. h4.Design Under the modularize version, the MVP for the {{Authorizer}} interface will look like: {code} class Authorizer { public: static Try<Authorizer*> create(const std::string& name); virtual ~Authorizer() {} virtual Try<Nothing> initialize(const Option<ACLs>& acls) = 0; virtual process::Future<bool> authorize( const ACL::RegisterFramework& request) = 0; virtual process::Future<bool> authorize( const ACL::RunTask& request) = 0; virtual process::Future<bool> authorize( const ACL::ShutdownFramework& request) = 0; protected: Authorizer() {} }; {code} Where {{Authorizer::create(const std::string&)}} is the factory function which will construct the default {{LocalAuthorizer}} if local is selected and will use the existing facilities within {{ModuleManager}} to load the appropriate module in any other case. In order to allow the {{LocalAuthorizer}} to play nicely with the general modules design, it needs a default constructor. This constraint leads to the existence of {{Authorizer::initialize(const Option<ACLs>&)}} which is needed to pass initialization parameters to the {{LocalAuthorizer}}. Note that all other authorizers will use the {{ModuleManager}} mechanisms to pass initialization parameters. This follows the pattern used in the {{Authenticator}} module. The method {{Authorizer::initialize(const Option<ACLs>&)}} can be removed when we go to a modules only implementation. All other methods remain unchanged from the original {{Authorizer}} interface. was (Author: arojas): h4.Status Quo As the current design stands, {{Authorizer}} is indeed an interface, but its default implementation is declared in the same header. Moreover, if one decides to create an alternative implementation for authorization, Mesos needs to be recompiled and all the places where the authorizer gets instantiated need to be updated. h4.Design Under the modularize version, the MVP for the {{Authorizer}} interface will look like: {code} class Authorizer { public: static Try<Authorizer*> create(const std::string& name); virtual ~Authorizer() {} virtual Try<Nothing> initialize(const Option<ACLs>& acls) = 0; virtual process::Future<bool> authorize( const ACL::RegisterFramework& request) = 0; virtual process::Future<bool> authorize( const ACL::RunTask& request) = 0; virtual process::Future<bool> authorize( const ACL::ShutdownFramework& request) = 0; protected: Authorizer() {} }; {code} Where {{Authorizer::create(const std::string&)}} is the factory function which will construct the default {{LocalAuthorizer}} if local is selected and will use the existing facilities within {{ModuleManager}} to load the appropriate module in any other case. In order to allow the {{LocalAuthorizer}} to play nicely with the general modules design, it needs a default constructor. This constraint leads to the existence of {{Authorizer::initialize(const Option<ACLs>&)}} which is needed to pass initialization parameters to the {{LocalAuthorizer}}. Note that all other authorizers will use the {{ModuleManager}} mechanisms to pass initialization parameters. This follows the pattern used in the {{Authorizator}} module. The method {{Authorizer::initialize(const Option<ACLs>&)}} can be removed when we go to a modules only implementation. All other methods remain unchanged from the original {{Authorizer}} interface. > Authorizer Module: Interface design > ----------------------------------- > > Key: MESOS-2946 > URL: https://issues.apache.org/jira/browse/MESOS-2946 > Project: Mesos > Issue Type: Improvement > Reporter: Till Toenshoff > Assignee: Till Toenshoff > Labels: mesosphere, module, security > > h4.Motivation > Design an interface covering authorizer modules while staying minimally > invasive in regards to changes to the existing {{LocalAuthorizer}} > implementation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)