> On May 17, 2017, 11:57 a.m., Adam B wrote: > > include/mesos/authorizer/acls.proto > > Lines 364 (patched) > > <https://reviews.apache.org/r/58964/diff/3/?file=1716675#file1716675line364> > > > > Why do we think `machines` is the entity we want to authorize on? What > > if we decide we want to authorize on `schedules` in the future? This > > required field isn't very flexible. > > Also, why not `agents` like in `RegisterAgent` above. Is there a > > distinction between agents and machines?
Schedules could be an interesting way to authorize, but also they would define a rather complex object which is not easy to specify by an entity. Moreover, a schedule is a beginning time, a duration and a set of machines. How you do define equality on them? does it make sense to say that someone is authorized to create a schedule in certain times and not in others. Likewise, machine could contain multiple agents. So what does it mean to be able to authorize one agent but not another in the same machine? that is why I decided machines made much more sense. Moreover, the request to set a maintenance schedule comes with a set of `machines_id`, which makes authorization much more easier and intuitive than using `agent_id` or any other. > On May 17, 2017, 11:57 a.m., Adam B wrote: > > include/mesos/authorizer/authorizer.proto > > Lines 58 (patched) > > <https://reviews.apache.org/r/58964/diff/3/?file=1716676#file1716676line58> > > > > Unused?!? sorry, original I was planning to have the request use the machine ID to be authorized. I still think it makes sense to give the machine ID, which the authorizer could ignore. Let's decide on that. - Alexander ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58964/#review175224 ----------------------------------------------------------- On May 12, 2017, 2:51 p.m., Alexander Rojas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/58964/ > ----------------------------------------------------------- > > (Updated May 12, 2017, 2:51 p.m.) > > > Review request for mesos, Adam B and Greg Mann. > > > Bugs: MESOS-7415 > https://issues.apache.org/jira/browse/MESOS-7415 > > > Repository: mesos > > > Description > ------- > > Adds the actions `UPDATE_MAINTENANCE_SCHEDULE`, > `GET_MAINTENANCE_SCHEDULE`, `START_MAINTENANCE`, `STOP_MAINTENANCE` > and `GET_MAINTENANCE_STATUS` to the authorizer API as well as the > necesary code to handle these new actions. > > > Diffs > ----- > > include/mesos/authorizer/acls.proto > ae0b1ea2e6417d186b1606542d75f3a20e0811db > include/mesos/authorizer/authorizer.proto > c9184d151befa4cea9bdebb36a315c760e6424b2 > src/authorizer/local/authorizer.cpp > 89aaf4b712d337d519445c922606789c334e5101 > src/tests/authorization_tests.cpp 32aa6ac4db7854507127ea2fb88b3e92daa277c0 > > > Diff: https://reviews.apache.org/r/58964/diff/3/ > > > Testing > ------- > > make check > > > Thanks, > > Alexander Rojas > >
