> On Feb. 9, 2017, 1:59 p.m., Benjamin Mahler wrote: > > src/authorizer/local/authorizer.cpp, line 248 > > <https://reviews.apache.org/r/56178/diff/8/?file=1628302#file1628302line248> > > > > Not yours, but I find it rather confusing as to what the object value > > is, looking at the other code, is it the role? It would be nice to clarify > > how one figures out what `value` represents.
That's part of the reason why we're moving away from 'value' to more explicit FrameworkInfo/FooInfos, from which the authorizer can authorize based on any/many fields. Until then, the best documentation is in authorizer.proto: ``` // `REGISTER_FRAMEWORK` will have an object with `FrameworkInfo` set. // The `_WITH_ROLE` alias is deprecated and will be removed after // Mesos 1.2's deprecation cycle ends. The `value` field will continue // to be set until that time. REGISTER_FRAMEWORK = 1; REGISTER_FRAMEWORK_WITH_ROLE = 1; ``` - Adam ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/56178/#review165014 ----------------------------------------------------------- On Feb. 9, 2017, 1:26 a.m., Benjamin Bannier wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/56178/ > ----------------------------------------------------------- > > (Updated Feb. 9, 2017, 1:26 a.m.) > > > Review request for mesos, Adam B, Alexander Rojas, and Benjamin Mahler. > > > Bugs: MESOS-7022 > https://issues.apache.org/jira/browse/MESOS-7022 > > > Repository: mesos > > > Description > ------- > > This updates the local authorizer so that MULTI_ROLE frameworks can be > authorized. > > For non-MULTI_ROLE frameworks we continue to support use of the > deprecated 'value' field in the authorization request's 'Object'; > however for MULTI_ROLE frameworks the 'value' field will not be set, > and authorizers still relying on it should be updated to instead use > the object's 'framework_info' field to extract roles to authorize > against from. > > > Diffs > ----- > > src/authorizer/local/authorizer.cpp > b98e1fcdf2ee5ec1f6ac0be6f8accdefaa390a09 > src/master/master.cpp 620919ecfe85367b5c1281afc5216cc20e5e2e3c > > Diff: https://reviews.apache.org/r/56178/diff/ > > > Testing > ------- > > Tested on various configurations in internal CI. > > > Thanks, > > Benjamin Bannier > >
