> On April 17, 2018, 4:14 p.m., Greg Mann wrote: > > src/master/master.cpp > > Lines 4924-4925 (original), 4980-4981 (patched) > > <https://reviews.apache.org/r/66531/diff/1/?file=1995228#file1995228line4980> > > > > You need to finish implementing authorization here, and below for > > SHRINK_VOLUME.
Will fix, but I have question/comments on operation authorization handling in `Master::_accept`: 1. We don't really check that `authorizations.size() == operations.size()`. My feeling is that this at least leaves space for error when devs adding new operations; 2. we allow part of the operations which are authorized to proceed while drop unauthorized operations. I'm not convinced it's either safe from security perspective or clear from user perspective; 3. I see some comments about `We may want to retry this failed authorization request rather than dropping it immediately.`. If authorization result is "Unavaiable" rather than "Rejected", should that be reflected from result type? - Zhitao ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66531/#review201357 ----------------------------------------------------------- On April 10, 2018, 12:24 p.m., Zhitao Li wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/66531/ > ----------------------------------------------------------- > > (Updated April 10, 2018, 12:24 p.m.) > > > Review request for mesos, Chun-Hung Hsiao and Greg Mann. > > > Bugs: MESOS-8748 > https://issues.apache.org/jira/browse/MESOS-8748 > > > Repository: mesos > > > Description > ------- > > The new authorization action is modelled after `CreateVolume`, and will > be shared by both `GROW_VOLUME` and `SHRINK_VOLUME` operations and > corresponding operator APIs. > > > Diffs > ----- > > include/mesos/authorizer/acls.proto > 8ef33210644e7d2924b402a3158b1b38c1fdb464 > include/mesos/authorizer/authorizer.proto > 1508c01130013d74ed2b2574a2428f38e3d2c064 > src/authorizer/local/authorizer.cpp > c098ba9ded1b29a2e079cf09ab80b61f6fa4af05 > src/master/master.hpp 0d9620dd0c232dc1df83477e838eeb7313bf8828 > src/master/master.cpp f7da675e8fe96159e5335c9e83b65b67ed90eda8 > > > Diff: https://reviews.apache.org/r/66531/diff/1/ > > > Testing > ------- > > Manually created ACL and verified that untrusted principals will not allow to > grow/shrink volumes. > Also created unit test in next patch. > > > Thanks, > > Zhitao Li > >