You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by me...@apache.org on 2016/01/04 10:05:41 UTC
mesos git commit: Cleaned up Authorizer interface.
Repository: mesos
Updated Branches:
refs/heads/master db767fa01 -> af8987f03
Cleaned up Authorizer interface.
Extract a repetitive part of the function comments into a class comment.
Added backticks, quotes when necessary, formatted comments to avoid
jaggedness.
Review: https://reviews.apache.org/r/41444/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/af8987f0
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/af8987f0
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/af8987f0
Branch: refs/heads/master
Commit: af8987f03c36dffd513f8bd141c5a653ef609576
Parents: db767fa
Author: Alexander Rukletsov <ru...@gmail.com>
Authored: Mon Jan 4 00:58:36 2016 -0800
Committer: Adam B <ad...@mesosphere.io>
Committed: Mon Jan 4 01:03:34 2016 -0800
----------------------------------------------------------------------
include/mesos/authorizer/authorizer.hpp | 223 +++++++++++----------------
src/master/main.cpp | 2 +
2 files changed, 92 insertions(+), 133 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/af8987f0/include/mesos/authorizer/authorizer.hpp
----------------------------------------------------------------------
diff --git a/include/mesos/authorizer/authorizer.hpp b/include/mesos/authorizer/authorizer.hpp
index 19f6e1a..7a04ca8 100644
--- a/include/mesos/authorizer/authorizer.hpp
+++ b/include/mesos/authorizer/authorizer.hpp
@@ -32,10 +32,22 @@
namespace mesos {
/**
- * An interface used to provide authorization for actions with ACLs.
- * Refer to "docs/authorization.md" for the details regarding the
- * authorization mechanism.
+ * An interface for authorization of actions with ACLs. Refer to
+ * "authorizer.proto" and "docs/authorization.md" for the details
+ * regarding the authorization mechanism.
*
+ * Each `authorize()` function returns `Future<bool>`, which has the same
+ * meaning for all functions. If the action is allowed, the future is set to
+ * `true`, otherwise to `false`. A third possible outcome is that the future
+ * fails, which indicates that the request could not be completed at the
+ * moment. This may be a temporary condition.
+ *
+ * NOTE: Any request allows bundling multiple values for each entity, which
+ * are often principals. Though the default authorizer implementation
+ * (`LocalAuthorizer`) supports this feature, Mesos code currently does not
+ * authorize multiple principals in a single call.
+ *
+ * @see authorizer.proto
* @see docs/authorization.md
*/
class Authorizer
@@ -46,186 +58,131 @@ public:
virtual ~Authorizer() {}
/**
- * Only relevant for the default implementation of the Authorizer class
- * (MESOS-3072) and it will not be called for any other implementation.
- *
* Sets the Access Control Lists for the current instance of the interface.
- * The contents of the acls parameter are used to define the rules which apply
- * to the authorization actions. Please check the 'authorizer.proto' file to
- * review their format, and the 'docs/authorization.md' for a description on
- * how authorization is performed.
+ * The contents of the `acls` parameter are used to define the rules which
+ * apply to the authorization actions.
*
* @param acls The access control lists used to initialize the authorizer
- * instance. See the autorizer.proto file for a description on their
- * format.
+ * instance. See "authorizer.proto" for a description of their format.
*
- * @return Nothing if the instance of the authorizer was successfully
- + initialized, an Error otherwise.
+ * @return `Nothing` if the instance of the authorizer was successfully
+ * initialized, an `Error` otherwise.
*
- * TODO(arojas): Remove once we have a module only initialization which would
- * rely only module specific parameters as supplied via the modules JSON blob
- * (see MESOS-3072).
+ * TODO(arojas): This function is relevant for the default implementation
+ * of the `Authorizer` class only (see MESOS-3072) and it will not be
+ * called for any other implementation. Remove it once we have a module-only
+ * initialization which relies on module-specific parameters supplied via
+ * the modules JSON blob.
*/
virtual Try<Nothing> initialize(const Option<ACLs>& acls) = 0;
/**
- * Used to verify if a principal is allowed to register a framework with a
- * specific role. The principal and role parameters are packed in the request.
- * If the principal is allowed to perform the action, this method returns
- * true. Otherwise it returns false. A third possible outcome is that the
- * future fails. Then it indicates the request could not be checked at the
- * moment. This may be a temporary condition.
- *
- * @param request An instance of an ACL::RegisterFramework protobuf message.
- * It packs all the parameters needed to verify if the principal is
- * allowed to register a framework with the specified role.
- *
- * @return true if the principal is allowed to register the framework with the
- * specified role or false otherwise. A failed future is neither true
- * nor false. It indicates a problem processing the request and the
- * request can be retried.
+ * Verifies whether a principal can register a framework with a specific role.
+ *
+ * @param request `ACL::RegisterFramework` packing all the parameters
+ * needed to verify if the given principal can register a framework
+ * with the specified role.
+ *
+ * @return true if the principal can register the framework with the
+ * specified role or false otherwise. A failed future indicates a
+ * problem processing the request; the request can be retried.
*/
virtual process::Future<bool> authorize(
const ACL::RegisterFramework& request) = 0;
/**
- * Used to verify if a principal is allowed to run tasks as the given UNIX
- * user. The principal and user parameters are packed in the request. If the
- * principal is allowed to perform the action, this method returns true.
- * Otherwise it returns false. A third possible outcome is that the future
- * fails. Then it indicates the request could not be checked at the moment.
- * This may be a temporary condition.
- *
- * @param request An instance of an ACL::RunTask protobuf message. It packs
- * all the parameters needed to verify if a principal can launch a task
- * using the specified UNIX user.
- *
- * @return true if the principal is allowed to run a task using the given
- * UNIX user name, false otherwise. A failed future is neither true
- * nor false. It indicates a problem processing the request and the
- * request can be retried.
+ * Verifies whether a principal can run tasks as the given UNIX user.
+ *
+ * @param request `ACL::RunTask` packing all the parameters needed to verify
+ * if the given principal can launch a task using the specified UNIX user.
+ *
+ * @return true if the principal can run a task using the given UNIX user
+ * name, false otherwise. A failed future indicates a problem processing
+ * the request; the request can be retried.
*/
virtual process::Future<bool> authorize(
const ACL::RunTask& request) = 0;
/**
- * Used to verify if a principal is allowed to shut down a framework launched
- * by the given framework_principal. The principal and framework_principal
- * parameters are packed in the request. If the principal is allowed to
- * perform the action, this method returns true. Otherwise it returns false.
- * A third possible outcome is that the future fails. Then it indicates the
- * request could not be checked at the moment. This may be a temporary
- * condition.
- *
- * @param request An instance of an ACL::RunTask protobuf message. It packs
- * all the parameters needed to verify the given principal is allowed to
- * shut down a framework launched by the framework principal, i.e. the
- * principal who originally registered the framework.
- *
- * @return true if the principal can shutdown a framework ran by the
- * framework_principal, false otherwise. A failed future is neither true
- * nor false. It indicates a problem processing the request and the
- * request can be retried.
+ * Verifies whether a principal can shutdown a framework launched by another
+ * principal.
+ *
+ * @param request `ACL::ShutdownFramework` packing all the parameters needed
+ * to verify the given principal can shutdown a framework originally
+ * registered by a (potentially different) framework principal.
+ *
+ * @return true if the principal can shutdown a framework registered by the
+ * framework principal, false otherwise. A failed future indicates a
+ * problem processing the request; the request can be retried.
*/
virtual process::Future<bool> authorize(
const ACL::ShutdownFramework& request) = 0;
/**
- * Used to verify if a principal is allowed to reserve particular resources.
- * The principal and resources parameters are packed in the request. If the
- * principal is allowed to perform the action, this method returns true,
- * otherwise it returns false. A third possible outcome is that the future
- * fails, which indicates that the request could not be checked at the moment.
- * This may be a temporary condition.
- *
- * @param request An instance of an `ACL::ReserveResources` protobuf message.
- * It packs all the parameters needed to verify the given principal is
- * allowed to reserve one or more types of resources.
- *
- * @return true if the principal can reserve the types of resources contained
- * in the request, false otherwise. A failed future is neither true nor
- * false. It indicates a problem processing the request and the request
+ * Verifies whether a principal can reserve particular resources.
+ *
+ * @param request `ACL::ReserveResources` packing all the parameters needed to
+ * verify the given principal can reserve one or more types of resources.
+ *
+ * @return true if the principal can reserve the resources, false otherwise. A
+ * failed future indicates a problem processing the request; the request
* can be retried.
*/
virtual process::Future<bool> authorize(
const ACL::ReserveResources& request) = 0;
/**
- * Used to verify if a principal is allowed to unreserve resources reserved
- * by another principal. The principal and reserver_principal parameters are
- * packed in the request. If the principal is allowed to perform the action,
- * this method returns true, otherwise it returns false. A third possible
- * outcome is that the future fails, which indicates that the request could
- * not be checked at the moment. This may be a temporary condition.
- *
- * @param request An instance of an ACL::UnreserveResources protobuf message.
- * It packs all the parameters needed to verify the given principal is
- * allowed to unreserve resources which were reserved by the reserver
- * principal contained in the request.
+ * Verifies whether a principal can unreserve resources reserved by another
+ * principal.
+ *
+ * @param request `ACL::UnreserveResources` packing all the parameters needed
+ * to verify the given principal can unreserve resources which were
+ * reserved by the reserver principal contained in the request.
*
* @return true if the principal can unreserve resources which were reserved
- * by the reserver_principal, false otherwise. A failed future is neither
- * true nor false. It indicates a problem processing the request and the
- * request can be retried.
+ * by the reserver principal, false otherwise. A failed future indicates
+ * a problem processing the request; the request can be retried.
*/
virtual process::Future<bool> authorize(
const ACL::UnreserveResources& request) = 0;
/**
- * Used to verify if a principal is allowed to create a persistent volume.
- * The `principals` and `volume_types` parameters are packed in the request.
- * If the principal is allowed to perform the action, this method returns
- * true. Otherwise it returns false. A third possible outcome is that the
- * future fails, which indicates that the request could not be checked at the
- * moment. This may be a temporary condition.
+ * Verifies whether a principal can create a persistent volume.
*
- * @param request An instance of an `ACL::CreateVolume` protobuf message. It
- * packs all the parameters needed to verify the given principal is
- * allowed to create the given type of volume.
+ * @param request `ACL::CreateVolume` packing all the parameters needed to
+ * verify the given principal can create the given type of volume.
*
* @return true if the principal can create a persistent volume, false
- * otherwise. A failed future is neither true nor false. It indicates a
- * problem processing the request and the request can be retried.
+ * otherwise. A failed future indicates a problem processing the
+ * request; the request can be retried.
*/
virtual process::Future<bool> authorize(
const ACL::CreateVolume& request) = 0;
/**
- * Used to verify if a principal is allowed to destroy a volume created by
- * another principal. The `principals` and `creator_principals` parameters are
- * packed in the request. If the principal is allowed to perform the action,
- * this method returns true. Otherwise it returns false. A third possible
- * outcome is that the future fails, which indicates that the request could
- * not be checked at the moment. This may be a temporary condition.
- *
- * @param request An instance of an `ACL::DestroyVolume` protobuf message. It
- * packs all the parameters needed to verify the given principal is
- * allowed to destroy volumes which were created by the creator principal
- * contained in the request.
- *
- * @return true if the principal can destroy volumes which were created by the
- * creator principal, false otherwise. A failed future is neither true nor
- * false. It indicates a problem processing the request and the request
- * can be retried.
+ * Verifies whether a principal can destroy a volume created by another
+ * principal.
+ *
+ * @param request `ACL::DestroyVolume` packing all the parameters needed to
+ * verify the given principal can destroy volumes which were created by
+ * the creator principal contained in the request.
+ *
+ * @return true if the principal can destroy volumes which were created by
+ * the creator principal, false otherwise. A failed future indicates a
+ * problem processing the request; the request can be retried.
*/
virtual process::Future<bool> authorize(
const ACL::DestroyVolume& request) = 0;
/**
- * Used to verify if a principal is allowed to set a quota for a specific
- * role. The principal and role parameters are packed in `request`. If the
- * principal is allowed to perform the action, this method returns true,
- * otherwise it returns false. A third possible outcome is that the future
- * fails. This indicates that the request could not be checked at the
- * moment. This may be a temporary condition.
- *
- * @param request An instance of an `ACL::SetQuota` protobuf message. It
- * packs all the parameters needed to verify if the given principal is
- * allowed to request a quota with the specified role.
- *
- * @return true if the principal is allowed to set a quota for the specified
- * role or false otherwise. A failed future however indicates a problem
- * processing the request and the request can be retried.
+ * Verifies whether a principal can set a quota for a specific role.
+ *
+ * @param request `ACL::SetQuota` packing all the parameters needed to verify
+ * if the given principal can set a quota for the specified role.
+ *
+ * @return true if the principal can set a quota for the specified role,
+ * false otherwise. A failed future indicates a problem processing
+ * the request; the request can be retried.
*/
virtual process::Future<bool> authorize(
const ACL::SetQuota& request) = 0;
http://git-wip-us.apache.org/repos/asf/mesos/blob/af8987f0/src/master/main.cpp
----------------------------------------------------------------------
diff --git a/src/master/main.cpp b/src/master/main.cpp
index e00f878..0d5ac49 100644
--- a/src/master/main.cpp
+++ b/src/master/main.cpp
@@ -367,6 +367,8 @@ int main(int argc, char** argv)
LOG(INFO) << "Using '" << authorizerName << "' authorizer";
+ // Only default authorizer requires initialization, see the comment
+ // for `initialize()` in "mesos/authorizer/authorizer.hpp".
if (authorizerName == master::DEFAULT_AUTHORIZER) {
Try<Nothing> initialize = authorizer.get()->initialize(flags.acls.get());