[
https://issues.apache.org/jira/browse/MESOS-6401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15581798#comment-15581798
]
Alexander Rojas edited comment on MESOS-6401 at 10/31/16 9:07 AM:
------------------------------------------------------------------
[r/52600/|https://reviews.apache.org/r/52600/]: Enable multiple field based
authorization in the authorizer interface.
[r/53057/|https://reviews.apache.org/r/53057/]: Updates calls to the authorizer
to use whole protobuf messages.
[r/53058/|https://reviews.apache.org/r/53058/]: Added tests for whole protobuf
message based authorization.
was (Author: arojas):
[r/52600/|https://reviews.apache.org/r/52600/]: Enable multiple field based
authorization in the authorizer interface.
> Authorizer interface should behave more uniform
> -----------------------------------------------
>
> Key: MESOS-6401
> URL: https://issues.apache.org/jira/browse/MESOS-6401
> Project: Mesos
> Issue Type: Improvement
> Reporter: Alexander Rojas
> Assignee: Alexander Rojas
>
> As currently implemented, the Authorizer interface distinguish between two
> types of authorizations, those suffixed with either {{_WITH_PRINCIPAL}} and
> {{_WITH_ROLE}} and almost all other actions. While the former expect a single
> value to perform authorization, the latter allow for multiple fields based on
> whole protobuf messages.
> Since protobuf messages are associated with almost all authorization actions
> (exceptions are {{VIEW_ROLES}} and {{GET_ENDPOINT_WITH_PATH}}, it makes sense
> to standardize the way authorization is performed by using protobuf messages
> for all actions that have one available.
> This will also help module writers which desire to create complex rules when
> an action can be performed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
