You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by me...@apache.org on 2016/01/04 10:05:41 UTC

mesos git commit: Cleaned up Authorizer interface.

Repository: mesos
Updated Branches:
  refs/heads/master db767fa01 -> af8987f03


Cleaned up Authorizer interface.

Extract a repetitive part of the function comments into a class comment.
Added backticks, quotes when necessary, formatted comments to avoid
jaggedness.

Review: https://reviews.apache.org/r/41444/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/af8987f0
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/af8987f0
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/af8987f0

Branch: refs/heads/master
Commit: af8987f03c36dffd513f8bd141c5a653ef609576
Parents: db767fa
Author: Alexander Rukletsov <ru...@gmail.com>
Authored: Mon Jan 4 00:58:36 2016 -0800
Committer: Adam B <ad...@mesosphere.io>
Committed: Mon Jan 4 01:03:34 2016 -0800

----------------------------------------------------------------------
 include/mesos/authorizer/authorizer.hpp | 223 +++++++++++----------------
 src/master/main.cpp                     |   2 +
 2 files changed, 92 insertions(+), 133 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/af8987f0/include/mesos/authorizer/authorizer.hpp
----------------------------------------------------------------------
diff --git a/include/mesos/authorizer/authorizer.hpp b/include/mesos/authorizer/authorizer.hpp
index 19f6e1a..7a04ca8 100644
--- a/include/mesos/authorizer/authorizer.hpp
+++ b/include/mesos/authorizer/authorizer.hpp
@@ -32,10 +32,22 @@
 namespace mesos {
 
 /**
- * An interface used to provide authorization for actions with ACLs.
- * Refer to "docs/authorization.md" for the details regarding the
- * authorization mechanism.
+ * An interface for authorization of actions with ACLs. Refer to
+ * "authorizer.proto" and "docs/authorization.md" for the details
+ * regarding the authorization mechanism.
  *
+ * Each `authorize()` function returns `Future<bool>`, which has the same
+ * meaning for all functions. If the action is allowed, the future is set to
+ * `true`, otherwise to `false`. A third possible outcome is that the future
+ * fails, which indicates that the request could not be completed at the
+ * moment. This may be a temporary condition.
+ *
+ * NOTE: Any request allows bundling multiple values for each entity, which
+ * are often principals. Though the default authorizer implementation
+ * (`LocalAuthorizer`) supports this feature, Mesos code currently does not
+ * authorize multiple principals in a single call.
+ *
+ * @see authorizer.proto
  * @see docs/authorization.md
  */
 class Authorizer
@@ -46,186 +58,131 @@ public:
   virtual ~Authorizer() {}
 
   /**
-   * Only relevant for the default implementation of the Authorizer class
-   * (MESOS-3072) and it will not be called for any other implementation.
-   *
    * Sets the Access Control Lists for the current instance of the interface.
-   * The contents of the acls parameter are used to define the rules which apply
-   * to the authorization actions. Please check the 'authorizer.proto' file to
-   * review their format, and the 'docs/authorization.md' for a description on
-   * how authorization is performed.
+   * The contents of the `acls` parameter are used to define the rules which
+   * apply to the authorization actions.
    *
    * @param acls The access control lists used to initialize the authorizer
-   *     instance. See the autorizer.proto file for a description on their
-   *     format.
+   *     instance. See "authorizer.proto" for a description of their format.
    *
-   * @return Nothing if the instance of the authorizer was successfully
-   +     initialized, an Error otherwise.
+   * @return `Nothing` if the instance of the authorizer was successfully
+   *     initialized, an `Error` otherwise.
    *
-   * TODO(arojas): Remove once we have a module only initialization which would
-   * rely only module specific parameters as supplied via the modules JSON blob
-   * (see MESOS-3072).
+   * TODO(arojas): This function is relevant for the default implementation
+   * of the `Authorizer` class only (see MESOS-3072) and it will not be
+   * called for any other implementation. Remove it once we have a module-only
+   * initialization which relies on module-specific parameters supplied via
+   * the modules JSON blob.
    */
   virtual Try<Nothing> initialize(const Option<ACLs>& acls) = 0;
 
   /**
-   * Used to verify if a principal is allowed to register a framework with a
-   * specific role. The principal and role parameters are packed in the request.
-   * If the principal is allowed to perform the action, this method returns
-   * true. Otherwise it returns false. A third possible outcome is that the
-   * future fails. Then it indicates the request could not be checked at the
-   * moment. This may be a temporary condition.
-   *
-   * @param request An instance of an ACL::RegisterFramework protobuf message.
-   *     It packs all the parameters needed to verify if the principal is
-   *     allowed to register a framework with the specified role.
-   *
-   * @return true if the principal is allowed to register the framework with the
-   *     specified role or false otherwise. A failed future is neither true
-   *     nor false. It indicates a problem processing the request and the
-   *     request can be retried.
+   * Verifies whether a principal can register a framework with a specific role.
+   *
+   * @param request `ACL::RegisterFramework` packing all the parameters
+   *     needed to verify if the given principal can register a framework
+   *     with the specified role.
+   *
+   * @return true if the principal can register the framework with the
+   *     specified role or false otherwise. A failed future indicates a
+   *     problem processing the request; the request can be retried.
    */
   virtual process::Future<bool> authorize(
       const ACL::RegisterFramework& request) = 0;
 
   /**
-   * Used to verify if a principal is allowed to run tasks as the given UNIX
-   * user. The principal and user parameters are packed in the request. If the
-   * principal is allowed to perform the action, this method returns true.
-   * Otherwise it returns false. A third possible outcome is that the future
-   * fails. Then it indicates the request could not be checked at the moment.
-   * This may be a temporary condition.
-   *
-   * @param request An instance of an ACL::RunTask protobuf message. It packs
-   *     all the parameters needed to verify if a principal can launch a task
-   *     using the specified UNIX user.
-   *
-   * @return true if the principal is allowed to run a task using the given
-   *     UNIX user name, false otherwise. A failed future is neither true
-   *     nor false. It indicates a problem processing the request and the
-   *     request can be retried.
+   * Verifies whether a principal can run tasks as the given UNIX user.
+   *
+   * @param request `ACL::RunTask` packing all the parameters needed to verify
+   *     if the given principal can launch a task using the specified UNIX user.
+   *
+   * @return true if the principal can run a task using the given UNIX user
+   *     name, false otherwise. A failed future indicates a problem processing
+   *     the request; the request can be retried.
    */
   virtual process::Future<bool> authorize(
       const ACL::RunTask& request) = 0;
 
   /**
-   * Used to verify if a principal is allowed to shut down a framework launched
-   * by the given framework_principal. The principal and framework_principal
-   * parameters are packed in the request. If the principal is allowed to
-   * perform the action, this method returns true. Otherwise it returns false.
-   * A third possible outcome is that the future fails. Then it indicates the
-   * request could not be checked at the moment. This may be a temporary
-   * condition.
-   *
-   * @param request An instance of an ACL::RunTask protobuf message. It packs
-   *     all the parameters needed to verify the given principal is allowed to
-   *     shut down a framework launched by the framework principal, i.e. the
-   *     principal who originally registered the framework.
-   *
-   * @return true if the principal can shutdown a framework ran by the
-   *     framework_principal, false otherwise. A failed future is neither true
-   *     nor false. It indicates a problem processing the request and the
-   *     request can be retried.
+   * Verifies whether a principal can shutdown a framework launched by another
+   * principal.
+   *
+   * @param request `ACL::ShutdownFramework` packing all the parameters needed
+   *     to verify the given principal can shutdown a framework originally
+   *     registered by a (potentially different) framework principal.
+   *
+   * @return true if the principal can shutdown a framework registered by the
+   *     framework principal, false otherwise. A failed future indicates a
+   *     problem processing the request; the request can be retried.
    */
   virtual process::Future<bool> authorize(
       const ACL::ShutdownFramework& request) = 0;
 
   /**
-   * Used to verify if a principal is allowed to reserve particular resources.
-   * The principal and resources parameters are packed in the request. If the
-   * principal is allowed to perform the action, this method returns true,
-   * otherwise it returns false. A third possible outcome is that the future
-   * fails, which indicates that the request could not be checked at the moment.
-   * This may be a temporary condition.
-   *
-   * @param request An instance of an `ACL::ReserveResources` protobuf message.
-   *     It packs all the parameters needed to verify the given principal is
-   *     allowed to reserve one or more types of resources.
-   *
-   * @return true if the principal can reserve the types of resources contained
-   *     in the request, false otherwise. A failed future is neither true nor
-   *     false. It indicates a problem processing the request and the request
+   * Verifies whether a principal can reserve particular resources.
+   *
+   * @param request `ACL::ReserveResources` packing all the parameters needed to
+   *     verify the given principal can reserve one or more types of resources.
+   *
+   * @return true if the principal can reserve the resources, false otherwise. A
+   *     failed future indicates a problem processing the request; the request
    *     can be retried.
    */
   virtual process::Future<bool> authorize(
       const ACL::ReserveResources& request) = 0;
 
   /**
-   * Used to verify if a principal is allowed to unreserve resources reserved
-   * by another principal. The principal and reserver_principal parameters are
-   * packed in the request. If the principal is allowed to perform the action,
-   * this method returns true, otherwise it returns false. A third possible
-   * outcome is that the future fails, which indicates that the request could
-   * not be checked at the moment. This may be a temporary condition.
-   *
-   * @param request An instance of an ACL::UnreserveResources protobuf message.
-   *     It packs all the parameters needed to verify the given principal is
-   *     allowed to unreserve resources which were reserved by the reserver
-   *     principal contained in the request.
+   * Verifies whether a principal can unreserve resources reserved by another
+   * principal.
+   *
+   * @param request `ACL::UnreserveResources` packing all the parameters needed
+   *     to verify the given principal can unreserve resources which were
+   *     reserved by the reserver principal contained in the request.
    *
    * @return true if the principal can unreserve resources which were reserved
-   *     by the reserver_principal, false otherwise. A failed future is neither
-   *     true nor false. It indicates a problem processing the request and the
-   *     request can be retried.
+   *     by the reserver principal, false otherwise. A failed future indicates
+   *     a problem processing the request; the request can be retried.
    */
   virtual process::Future<bool> authorize(
       const ACL::UnreserveResources& request) = 0;
 
   /**
-   * Used to verify if a principal is allowed to create a persistent volume.
-   * The `principals` and `volume_types` parameters are packed in the request.
-   * If the principal is allowed to perform the action, this method returns
-   * true. Otherwise it returns false. A third possible outcome is that the
-   * future fails, which indicates that the request could not be checked at the
-   * moment. This may be a temporary condition.
+   * Verifies whether a principal can create a persistent volume.
    *
-   * @param request An instance of an `ACL::CreateVolume` protobuf message. It
-   *     packs all the parameters needed to verify the given principal is
-   *     allowed to create the given type of volume.
+   * @param request `ACL::CreateVolume` packing all the parameters needed to
+   *     verify the given principal can create the given type of volume.
    *
    * @return true if the principal can create a persistent volume, false
-   *     otherwise. A failed future is neither true nor false. It indicates a
-   *     problem processing the request and the request can be retried.
+   *     otherwise. A failed future indicates a problem processing the
+   *     request; the request can be retried.
    */
   virtual process::Future<bool> authorize(
       const ACL::CreateVolume& request) = 0;
 
   /**
-   * Used to verify if a principal is allowed to destroy a volume created by
-   * another principal. The `principals` and `creator_principals` parameters are
-   * packed in the request. If the principal is allowed to perform the action,
-   * this method returns true. Otherwise it returns false. A third possible
-   * outcome is that the future fails, which indicates that the request could
-   * not be checked at the moment. This may be a temporary condition.
-   *
-   * @param request An instance of an `ACL::DestroyVolume` protobuf message. It
-   *     packs all the parameters needed to verify the given principal is
-   *     allowed to destroy volumes which were created by the creator principal
-   *     contained in the request.
-   *
-   * @return true if the principal can destroy volumes which were created by the
-   *     creator principal, false otherwise. A failed future is neither true nor
-   *     false. It indicates a problem processing the request and the request
-   *     can be retried.
+   * Verifies whether a principal can destroy a volume created by another
+   * principal.
+   *
+   * @param request `ACL::DestroyVolume` packing all the parameters needed to
+   *     verify the given principal can destroy volumes which were created by
+   *     the creator principal contained in the request.
+   *
+   * @return true if the principal can destroy volumes which were created by
+   *     the creator principal, false otherwise. A failed future indicates a
+   *     problem processing the request; the request can be retried.
    */
   virtual process::Future<bool> authorize(
       const ACL::DestroyVolume& request) = 0;
 
   /**
-   * Used to verify if a principal is allowed to set a quota for a specific
-   * role. The principal and role parameters are packed in `request`. If the
-   * principal is allowed to perform the action, this method returns true,
-   * otherwise it returns false. A third possible outcome is that the future
-   * fails. This indicates that the request could not be checked at the
-   * moment. This may be a temporary condition.
-   *
-   * @param request An instance of an `ACL::SetQuota` protobuf message. It
-   *     packs all the parameters needed to verify if the given principal is
-   *     allowed to request a quota with the specified role.
-   *
-   * @return true if the principal is allowed to set a quota for the specified
-   *     role or false otherwise. A failed future however indicates a problem
-   *     processing the request and the request can be retried.
+   * Verifies whether a principal can set a quota for a specific role.
+   *
+   * @param request `ACL::SetQuota` packing all the parameters needed to verify
+   *     if the given principal can set a quota for the specified role.
+   *
+   * @return true if the principal can set a quota for the specified role,
+   *     false otherwise. A failed future indicates a problem processing
+   *     the request; the request can be retried.
    */
   virtual process::Future<bool> authorize(
       const ACL::SetQuota& request) = 0;

http://git-wip-us.apache.org/repos/asf/mesos/blob/af8987f0/src/master/main.cpp
----------------------------------------------------------------------
diff --git a/src/master/main.cpp b/src/master/main.cpp
index e00f878..0d5ac49 100644
--- a/src/master/main.cpp
+++ b/src/master/main.cpp
@@ -367,6 +367,8 @@ int main(int argc, char** argv)
 
     LOG(INFO) << "Using '" << authorizerName << "' authorizer";
 
+    // Only default authorizer requires initialization, see the comment
+    // for `initialize()` in "mesos/authorizer/authorizer.hpp".
     if (authorizerName == master::DEFAULT_AUTHORIZER) {
       Try<Nothing> initialize = authorizer.get()->initialize(flags.acls.get());