> On Dec. 2, 2015, 3:05 p.m., Alexander Rukletsov wrote: > > src/master/http.cpp, lines 1035-1038 > > <https://reviews.apache.org/r/39988/diff/11/?file=1150203#file1150203line1035> > > > > Let's leave a comment here, that `principal` matches > > `reservation().principal()` for each resource in > > `operation.reserve().resources()`, hence it's OK to authorize for > > `principal` and use `reservation().principal()` in `unreserve()`. Maybe a > > symmetrical comment in `unreserve()` path would also make sense. > > > > Maybe if you validate before authorizing it will be more easy to > > understand?
+1 on validate before authorizing. That could save us a big comment here. - Jie ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/39988/#review108653 ----------------------------------------------------------- On Dec. 2, 2015, 9:06 a.m., Greg Mann wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/39988/ > ----------------------------------------------------------- > > (Updated Dec. 2, 2015, 9:06 a.m.) > > > Review request for mesos, Adam B, Jie Yu, Michael Park, and Till Toenshoff. > > > Bugs: MESOS-3062 > https://issues.apache.org/jira/browse/MESOS-3062 > > > Repository: mesos > > > Description > ------- > > Added authorization for dynamic reservation master endpoints. > Note: this review is continued from https://reviews.apache.org/r/37126/ > > > Diffs > ----- > > src/master/http.cpp 9d729ef7f7d7ad6185934648f833e4f8a4f0a123 > src/master/master.hpp 96951e766de32842197506504e5ac67a2caa3efe > src/tests/reservation_endpoints_tests.cpp > f30ff8bc6a3e9773437fa7fd7c8f569b7d7e2d9d > > Diff: https://reviews.apache.org/r/39988/diff/ > > > Testing > ------- > > This is the fourth in a chain of 5 patches. Added new reservation endpoints > tests to validate authorization of reserve and unreserve operations using > ACLs. `make check` was run to test after all patches were applied. > > > Thanks, > > Greg Mann > >