[
https://issues.apache.org/jira/browse/MESOS-2946?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14613069#comment-14613069
]
Till Toenshoff edited comment on MESOS-2946 at 7/7/15 8:27 PM:
---------------------------------------------------------------
h4.Status Quo
As the current design stands, {{Authorizer}} is indeed an interface, but its
default implementation is declared in the same header. Moreover, if one decides
to create an alternative implementation for authorization, Mesos needs to be
recompiled and all the places where the authorizer gets instantiated need to be
updated.
h4.Design
Under the modularize version, the MVP for the {{Authorizer}} interface will
look like:
{code}
class Authorizer
{
public:
static Try<Authorizer*> create(const std::string& name);
virtual ~Authorizer() {}
virtual Try<Nothing> initialize(const Option<ACLs>& acls) = 0;
virtual process::Future<bool> authorize(
const ACL::RegisterFramework& request) = 0;
virtual process::Future<bool> authorize(
const ACL::RunTask& request) = 0;
virtual process::Future<bool> authorize(
const ACL::ShutdownFramework& request) = 0;
protected:
Authorizer() {}
};
{code}
Where {{Authorizer::create(const std::string&)}} is the factory function which
will construct the default {{LocalAuthorizer}} if local is selected and will
use the existing facilities within {{ModuleManager}} to load the appropriate
module in any other case.
In order to allow the {{LocalAuthorizer}} to play nicely with the general
modules design, it needs a default constructor. This constraint leads to the
existence of {{Authorizer::initialize(const Option<ACLs>&)}} which is needed to
pass initialization parameters to the {{LocalAuthorizer}}. Note that all other
authorizers will use the {{ModuleManager}} mechanisms to pass initialization
parameters. This follows the pattern used in the {{Authenticator}} module. The
method {{Authorizer::initialize(const Option<ACLs>&)}} can be removed when we
go to a modules only implementation.
All other methods remain unchanged from the original {{Authorizer}} interface.
was (Author: arojas):
h4.Status Quo
As the current design stands, {{Authorizer}} is indeed an interface, but its
default implementation is declared in the same header. Moreover, if one decides
to create an alternative implementation for authorization, Mesos needs to be
recompiled and all the places where the authorizer gets instantiated need to be
updated.
h4.Design
Under the modularize version, the MVP for the {{Authorizer}} interface will
look like:
{code}
class Authorizer
{
public:
static Try<Authorizer*> create(const std::string& name);
virtual ~Authorizer() {}
virtual Try<Nothing> initialize(const Option<ACLs>& acls) = 0;
virtual process::Future<bool> authorize(
const ACL::RegisterFramework& request) = 0;
virtual process::Future<bool> authorize(
const ACL::RunTask& request) = 0;
virtual process::Future<bool> authorize(
const ACL::ShutdownFramework& request) = 0;
protected:
Authorizer() {}
};
{code}
Where {{Authorizer::create(const std::string&)}} is the factory function which
will construct the default {{LocalAuthorizer}} if local is selected and will
use the existing facilities within {{ModuleManager}} to load the appropriate
module in any other case.
In order to allow the {{LocalAuthorizer}} to play nicely with the general
modules design, it needs a default constructor. This constraint leads to the
existence of {{Authorizer::initialize(const Option<ACLs>&)}} which is needed to
pass initialization parameters to the {{LocalAuthorizer}}. Note that all other
authorizers will use the {{ModuleManager}} mechanisms to pass initialization
parameters. This follows the pattern used in the {{Authorizator}} module. The
method {{Authorizer::initialize(const Option<ACLs>&)}} can be removed when we
go to a modules only implementation.
All other methods remain unchanged from the original {{Authorizer}} interface.
> Authorizer Module: Interface design
> -----------------------------------
>
> Key: MESOS-2946
> URL: https://issues.apache.org/jira/browse/MESOS-2946
> Project: Mesos
> Issue Type: Improvement
> Reporter: Till Toenshoff
> Assignee: Till Toenshoff
> Labels: mesosphere, module, security
>
> h4.Motivation
> Design an interface covering authorizer modules while staying minimally
> invasive in regards to changes to the existing {{LocalAuthorizer}}
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
