> On June 2, 2017, 4:44 a.m., Greg Mann wrote: > > src/master/http.cpp > > Lines 4482-4483 (patched) > > <https://reviews.apache.org/r/59147/diff/4/?file=1734445#file1734445line4482> > > > > Following on my previous comment regarding calls to `approved` which > > return an error: let's try to establish some consistent endpoint behavior > > when authorization attempts return an error. > > > > I think that the approach that you use here seems reasonable: if any > > authorization request returns an error, then fail the request. But if we do > > this here, we should probably do it elsewhere as well. > > > > I don't think the behavior of the endpoint when all authorization > > requests are successful should influence its behavior in the presence of an > > error from the authorizer. i.e., this endpoint has all-or-nothing > > authorization semantics when all authorization requests succeed, and > > GET_MAINTENANCE_STATUS has filtering-type semantics when all authorization > > requests succeed. However, I would argue that they should both have the > > same semantics in the presence of errors from the authorizer. > > > > WDYT?
It is common for all the endpoints that do some filtering to just treat error's as false while returning an internal server error if there is an error. While I understand your point, and share it, I don't want to break the pattern by trying to solve it here. It would be better to open a Jira and fix them all at once. Although what should be the solution, that I do not know. - Alexander ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/59147/#review176726 ----------------------------------------------------------- On June 1, 2017, 4:57 p.m., Alexander Rojas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/59147/ > ----------------------------------------------------------- > > (Updated June 1, 2017, 4:57 p.m.) > > > Review request for mesos, Adam B, Greg Mann, and Till Toenshoff. > > > Bugs: MESOS-7415 > https://issues.apache.org/jira/browse/MESOS-7415 > > > Repository: mesos > > > Description > ------- > > Enables the use of authorization for the `START_MAINTENANCE` and > `STOP_MAINTENANCE` v1 API calls, using the ACLs `StartMaintenance` > and `StopMaintenance` respectively as well the actions of the same > name as the API calls. > > It also updates the ApiTests to take into account the authorization > case. > > > Diffs > ----- > > src/master/http.cpp 7060b8fa53e0682681c50e051908ffbbf50fb7da > src/tests/api_tests.cpp faf3242f9c86d866c4bb5e457fcfe47c1063cc09 > > > Diff: https://reviews.apache.org/r/59147/diff/4/ > > > Testing > ------- > > make check > > > Thanks, > > Alexander Rojas > >