Re: Review Request 58254: Added implicit executor authorization to the agent operator API.

Fri, 07 Apr 2017 04:40:29 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58254/#review171320
-----------------------------------------------------------




src/authorizer/local/authorizer.cpp
Line 576 (original), 601-603 (patched)
<https://reviews.apache.org/r/58254/#comment244220>

    I think options are default initialized to `None()`, in which case I think
    
    ```c++
    Option<authorization::Subject> subject;
    if (request.has_subject()) {
      subject = request.subject();
    }
    ```
    
    would work just as well.



src/authorizer/local/authorizer.cpp
Lines 654-657 (original), 683-690 (patched)
<https://reviews.apache.org/r/58254/#comment244234>

    I'm not so sure returning a `RejectingObjectApprover()` is the right thing 
to do. It looks to me that the request is in an invalid state and at the very 
least should log that, but this if sounds like a precondition to me: If it has 
claims, it needs to be one of the three actions. Probably chang it for a 
`CHECK`.
    
    If I'm wrong, at least a comment mentioning when is it a valid case having 
a request that fails the check would help.



src/authorizer/local/authorizer.cpp
Lines 692-699 (patched)
<https://reviews.apache.org/r/58254/#comment244235>

    Refer to my review of previous patch.



src/authorizer/local/authorizer.cpp
Lines 743 (patched)
<https://reviews.apache.org/r/58254/#comment244236>

    Given the ussage, this one could be promoted to a top level class at this 
point.


- Alexander Rojas


On April 7, 2017, 5:38 a.m., Greg Mann wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58254/
> -----------------------------------------------------------
> 
> (Updated April 7, 2017, 5:38 a.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rojas, Till Toenshoff, and Vinod 
> Kone.
> 
> 
> Bugs: MESOS-7014
>     https://issues.apache.org/jira/browse/MESOS-7014
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This patch updates the agent handlers for the LAUNCH_, WAIT_,
> and KILL_NESTED_CONTAINER calls of the operator API to set the
> `container_id` field within the authorization object,
> facilitating implicit executor authorization.
> 
> 
> Diffs
> -----
> 
>   include/mesos/authorizer/authorizer.proto 
> 736f76d552956f2351ffd40fc51d088dff83f8c8 
>   src/authorizer/local/authorizer.cpp 
> e241edf4afa48d35dbbbb94d72e8e8690f5bedfc 
>   src/slave/http.cpp b07ce7c73a90ef297d980806ebba9530d86f25ae 
> 
> 
> Diff: https://reviews.apache.org/r/58254/diff/1/
> 
> 
> Testing
> -------
> 
> Testing details can be found at the end of this chain.
> 
> 
> Thanks,
> 
> Greg Mann
> 
>

Reply via email to