You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@mesos.apache.org by Greg Mann <gr...@mesosphere.io> on 2017/02/13 23:46:36 UTC
Review Request 56618: Updated common Mesos code to use
'AuthenticationContext'.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/
-----------------------------------------------------------
Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
Bugs: MESOS-7003
https://issues.apache.org/jira/browse/MESOS-7003
Repository: mesos
Description
-------
This patch updates common Mesos HTTP-related helpers,
as well as the `authorization::Subject` protobuf
message, to make use of the `AuthenticationContext`
type instead of an `Option<string> principal`.
Diffs
-----
include/mesos/authorizer/authorizer.proto 8b860a3e8e0b1c660a8fefc97f10f5acc0501920
src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4
src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e
Diff: https://reviews.apache.org/r/56618/diff/
Testing
-------
Testing information can be found at the end of this review chain.
Thanks,
Greg Mann
Re: Review Request 56618: Updated common Mesos code to use
'AuthenticationContext'.
Posted by Adam B <ad...@mesosphere.io>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/#review166118
-----------------------------------------------------------
Lookin good
include/mesos/authorizer/authorizer.proto (lines 29 - 30)
<https://reviews.apache.org/r/56618/#comment238013>
"currently only a value" is no longer accurate
- Adam B
On Feb. 17, 2017, 2:34 p.m., Greg Mann wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56618/
> -----------------------------------------------------------
>
> (Updated Feb. 17, 2017, 2:34 p.m.)
>
>
> Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
>
>
> Bugs: MESOS-7003
> https://issues.apache.org/jira/browse/MESOS-7003
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This patch updates common Mesos HTTP-related helpers,
> as well as the `authorization::Subject` protobuf
> message, to make use of the `AuthenticationContext`
> type instead of an `Option<string> principal`.
>
>
> Diffs
> -----
>
> include/mesos/authorizer/authorizer.proto 9cc75b0db17b2d0bab3f449f795cbf505c5b0f15
> src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4
> src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e
>
> Diff: https://reviews.apache.org/r/56618/diff/
>
>
> Testing
> -------
>
> Testing information can be found at the end of this review chain.
>
>
> Thanks,
>
> Greg Mann
>
>
Re: Review Request 56618: Updated common Mesos code to use
'AuthenticationContext'.
Posted by Alexander Rojas <al...@mesosphere.io>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/#review166854
-----------------------------------------------------------
Ship it!
Ship It!
- Alexander Rojas
On Feb. 22, 2017, 2:15 a.m., Greg Mann wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56618/
> -----------------------------------------------------------
>
> (Updated Feb. 22, 2017, 2:15 a.m.)
>
>
> Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
>
>
> Bugs: MESOS-7003
> https://issues.apache.org/jira/browse/MESOS-7003
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This patch updates common Mesos HTTP-related helpers,
> as well as the `authorization::Subject` protobuf
> message, to make use of the `AuthenticationContext`
> type instead of an `Option<string> principal`.
>
>
> Diffs
> -----
>
> include/mesos/authorizer/authorizer.proto 9cc75b0db17b2d0bab3f449f795cbf505c5b0f15
> src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4
> src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e
>
> Diff: https://reviews.apache.org/r/56618/diff/
>
>
> Testing
> -------
>
> Testing information can be found at the end of this review chain.
>
>
> Thanks,
>
> Greg Mann
>
>
Re: Review Request 56618: Updated common Mesos code to use the
'Principal' type.
Posted by Greg Mann <gr...@mesosphere.io>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/
-----------------------------------------------------------
(Updated March 3, 2017, 11:38 p.m.)
Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
Bugs: MESOS-7003
https://issues.apache.org/jira/browse/MESOS-7003
Repository: mesos
Description
-------
This patch updates common Mesos HTTP-related helpers,
as well as the `authorization::Subject` protobuf
message, to make use of the `Principal` type instead
of an `Option<string> principal`.
Diffs (updated)
-----
include/mesos/authorizer/authorizer.proto 9cc75b0db17b2d0bab3f449f795cbf505c5b0f15
src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4
src/common/http.cpp 5d75ecd8b6d2e288bebac50e7de738712858f74d
Diff: https://reviews.apache.org/r/56618/diff/6/
Changes: https://reviews.apache.org/r/56618/diff/5-6/
Testing
-------
Testing information can be found at the end of this review chain.
Thanks,
Greg Mann
Re: Review Request 56618: Updated common Mesos code to use the
'Principal' type.
Posted by Vinod Kone <vi...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/#review167891
-----------------------------------------------------------
Ship it!
src/common/http.hpp
Line 134 (original), 134 (patched)
<https://reviews.apache.org/r/56618/#comment239869>
s/callsites/call sites/ ?
- Vinod Kone
On March 3, 2017, 6:39 p.m., Greg Mann wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56618/
> -----------------------------------------------------------
>
> (Updated March 3, 2017, 6:39 p.m.)
>
>
> Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
>
>
> Bugs: MESOS-7003
> https://issues.apache.org/jira/browse/MESOS-7003
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This patch updates common Mesos HTTP-related helpers,
> as well as the `authorization::Subject` protobuf
> message, to make use of the `Principal` type instead
> of an `Option<string> principal`.
>
>
> Diffs
> -----
>
> include/mesos/authorizer/authorizer.proto 9cc75b0db17b2d0bab3f449f795cbf505c5b0f15
> src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4
> src/common/http.cpp 5d75ecd8b6d2e288bebac50e7de738712858f74d
>
>
> Diff: https://reviews.apache.org/r/56618/diff/5/
>
>
> Testing
> -------
>
> Testing information can be found at the end of this review chain.
>
>
> Thanks,
>
> Greg Mann
>
>
Re: Review Request 56618: Updated common Mesos code to use the
'Principal' type.
Posted by Greg Mann <gr...@mesosphere.io>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/
-----------------------------------------------------------
(Updated March 3, 2017, 6:39 p.m.)
Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
Changes
-------
Removed `createOptionalSubject()`.
Bugs: MESOS-7003
https://issues.apache.org/jira/browse/MESOS-7003
Repository: mesos
Description
-------
This patch updates common Mesos HTTP-related helpers,
as well as the `authorization::Subject` protobuf
message, to make use of the `Principal` type instead
of an `Option<string> principal`.
Diffs (updated)
-----
include/mesos/authorizer/authorizer.proto 9cc75b0db17b2d0bab3f449f795cbf505c5b0f15
src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4
src/common/http.cpp 5d75ecd8b6d2e288bebac50e7de738712858f74d
Diff: https://reviews.apache.org/r/56618/diff/5/
Changes: https://reviews.apache.org/r/56618/diff/4-5/
Testing
-------
Testing information can be found at the end of this review chain.
Thanks,
Greg Mann
Re: Review Request 56618: Updated common Mesos code to use the
'Principal' type.
Posted by Greg Mann <gr...@mesosphere.io>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/
-----------------------------------------------------------
(Updated Feb. 28, 2017, 6:31 a.m.)
Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
Summary (updated)
-----------------
Updated common Mesos code to use the 'Principal' type.
Bugs: MESOS-7003
https://issues.apache.org/jira/browse/MESOS-7003
Repository: mesos
Description
-------
This patch updates common Mesos HTTP-related helpers,
as well as the `authorization::Subject` protobuf
message, to make use of the `Principal` type instead
of an `Option<string> principal`.
Diffs
-----
include/mesos/authorizer/authorizer.proto 9cc75b0db17b2d0bab3f449f795cbf505c5b0f15
src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4
src/common/http.cpp 5d75ecd8b6d2e288bebac50e7de738712858f74d
Diff: https://reviews.apache.org/r/56618/diff/
Testing
-------
Testing information can be found at the end of this review chain.
Thanks,
Greg Mann
Re: Review Request 56618: Updated common Mesos code to use
'AuthenticationContext'.
Posted by Greg Mann <gr...@mesosphere.io>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/
-----------------------------------------------------------
(Updated Feb. 28, 2017, 6:24 a.m.)
Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
Changes
-------
Changed 'AuthenticationContext' to 'Principal'.
Bugs: MESOS-7003
https://issues.apache.org/jira/browse/MESOS-7003
Repository: mesos
Description (updated)
-------
This patch updates common Mesos HTTP-related helpers,
as well as the `authorization::Subject` protobuf
message, to make use of the `Principal` type instead
of an `Option<string> principal`.
Diffs (updated)
-----
include/mesos/authorizer/authorizer.proto 9cc75b0db17b2d0bab3f449f795cbf505c5b0f15
src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4
src/common/http.cpp 5d75ecd8b6d2e288bebac50e7de738712858f74d
Diff: https://reviews.apache.org/r/56618/diff/
Testing
-------
Testing information can be found at the end of this review chain.
Thanks,
Greg Mann
Re: Review Request 56618: Updated common Mesos code to use
'AuthenticationContext'.
Posted by Vinod Kone <vi...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/#review166631
-----------------------------------------------------------
Ship it!
Ship It!
- Vinod Kone
On Feb. 22, 2017, 1:15 a.m., Greg Mann wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56618/
> -----------------------------------------------------------
>
> (Updated Feb. 22, 2017, 1:15 a.m.)
>
>
> Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
>
>
> Bugs: MESOS-7003
> https://issues.apache.org/jira/browse/MESOS-7003
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This patch updates common Mesos HTTP-related helpers,
> as well as the `authorization::Subject` protobuf
> message, to make use of the `AuthenticationContext`
> type instead of an `Option<string> principal`.
>
>
> Diffs
> -----
>
> include/mesos/authorizer/authorizer.proto 9cc75b0db17b2d0bab3f449f795cbf505c5b0f15
> src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4
> src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e
>
> Diff: https://reviews.apache.org/r/56618/diff/
>
>
> Testing
> -------
>
> Testing information can be found at the end of this review chain.
>
>
> Thanks,
>
> Greg Mann
>
>
Re: Review Request 56618: Updated common Mesos code to use
'AuthenticationContext'.
Posted by Greg Mann <gr...@mesosphere.io>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/
-----------------------------------------------------------
(Updated Feb. 22, 2017, 1:15 a.m.)
Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
Changes
-------
Changed `context` to `authContext`.
Bugs: MESOS-7003
https://issues.apache.org/jira/browse/MESOS-7003
Repository: mesos
Description
-------
This patch updates common Mesos HTTP-related helpers,
as well as the `authorization::Subject` protobuf
message, to make use of the `AuthenticationContext`
type instead of an `Option<string> principal`.
Diffs (updated)
-----
include/mesos/authorizer/authorizer.proto 9cc75b0db17b2d0bab3f449f795cbf505c5b0f15
src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4
src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e
Diff: https://reviews.apache.org/r/56618/diff/
Testing
-------
Testing information can be found at the end of this review chain.
Thanks,
Greg Mann
Re: Review Request 56618: Updated common Mesos code to use
'AuthenticationContext'.
Posted by Greg Mann <gr...@mesosphere.io>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/
-----------------------------------------------------------
(Updated Feb. 17, 2017, 10:34 p.m.)
Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
Bugs: MESOS-7003
https://issues.apache.org/jira/browse/MESOS-7003
Repository: mesos
Description
-------
This patch updates common Mesos HTTP-related helpers,
as well as the `authorization::Subject` protobuf
message, to make use of the `AuthenticationContext`
type instead of an `Option<string> principal`.
Diffs (updated)
-----
include/mesos/authorizer/authorizer.proto 9cc75b0db17b2d0bab3f449f795cbf505c5b0f15
src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4
src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e
Diff: https://reviews.apache.org/r/56618/diff/
Testing
-------
Testing information can be found at the end of this review chain.
Thanks,
Greg Mann
Re: Review Request 56618: Updated common Mesos code to use
'AuthenticationContext'.
Posted by Greg Mann <gr...@mesosphere.io>.
> On Feb. 16, 2017, 10:56 a.m., Alexander Rojas wrote:
> > src/common/http.cpp, line 708
> > <https://reviews.apache.org/r/56618/diff/1/?file=1632575#file1632575line708>
> >
> > I have the feeling that `extractAuthorizationSubject` may be a better way of describing what is happening here.
> >
> > I wonder if there is a way of introducing this to the protobuf generated `Subject` class so this is not a free function.
I'm not really a fan of `extractAuthorizationSubject`, since there isn't an actual `authorization::Subject` within the context type, we're constructing a new one and returning it.
I don't think it's worth messing with the protobuf classes to avoid a free function. I'll namespace the creation functions to improve the isolation.
- Greg
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/#review165825
-----------------------------------------------------------
On Feb. 13, 2017, 11:46 p.m., Greg Mann wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56618/
> -----------------------------------------------------------
>
> (Updated Feb. 13, 2017, 11:46 p.m.)
>
>
> Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
>
>
> Bugs: MESOS-7003
> https://issues.apache.org/jira/browse/MESOS-7003
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This patch updates common Mesos HTTP-related helpers,
> as well as the `authorization::Subject` protobuf
> message, to make use of the `AuthenticationContext`
> type instead of an `Option<string> principal`.
>
>
> Diffs
> -----
>
> include/mesos/authorizer/authorizer.proto 8b860a3e8e0b1c660a8fefc97f10f5acc0501920
> src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4
> src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e
>
> Diff: https://reviews.apache.org/r/56618/diff/
>
>
> Testing
> -------
>
> Testing information can be found at the end of this review chain.
>
>
> Thanks,
>
> Greg Mann
>
>
Re: Review Request 56618: Updated common Mesos code to use
'AuthenticationContext'.
Posted by Alexander Rojas <al...@mesosphere.io>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/#review165825
-----------------------------------------------------------
src/common/http.hpp (line 133)
<https://reviews.apache.org/r/56618/#comment237668>
Given that we always use the complete name `http::authentication::AuthenticationContext` I was wondering if it makes any sense of calling this type `AuthenticationContext` or if it is redundant given its namespace.
I'm not asking you to change it, but to think about it.
src/common/http.cpp (line 708)
<https://reviews.apache.org/r/56618/#comment237669>
I have the feeling that `extractAuthorizationSubject` may be a better way of describing what is happening here.
I wonder if there is a way of introducing this to the protobuf generated `Subject` class so this is not a free function.
- Alexander Rojas
On Feb. 14, 2017, 12:46 a.m., Greg Mann wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56618/
> -----------------------------------------------------------
>
> (Updated Feb. 14, 2017, 12:46 a.m.)
>
>
> Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
>
>
> Bugs: MESOS-7003
> https://issues.apache.org/jira/browse/MESOS-7003
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This patch updates common Mesos HTTP-related helpers,
> as well as the `authorization::Subject` protobuf
> message, to make use of the `AuthenticationContext`
> type instead of an `Option<string> principal`.
>
>
> Diffs
> -----
>
> include/mesos/authorizer/authorizer.proto 8b860a3e8e0b1c660a8fefc97f10f5acc0501920
> src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4
> src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e
>
> Diff: https://reviews.apache.org/r/56618/diff/
>
>
> Testing
> -------
>
> Testing information can be found at the end of this review chain.
>
>
> Thanks,
>
> Greg Mann
>
>
Re: Review Request 56618: Updated common Mesos code to use
'AuthenticationContext'.
Posted by Alexander Rojas <al...@mesosphere.io>.
> On Feb. 14, 2017, 4:12 p.m., Jan Schlicht wrote:
> > src/common/http.hpp, line 132
> > <https://reviews.apache.org/r/56618/diff/1/?file=1632574#file1632574line132>
> >
> > Why `const` when you're returning a value?
so you cannot assign to the returned value, i.e. you cannot do `createAuthorizationObject() = somethingelse`. It is a common C++ idiom.
- Alexander
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/#review165511
-----------------------------------------------------------
On Feb. 14, 2017, 12:46 a.m., Greg Mann wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56618/
> -----------------------------------------------------------
>
> (Updated Feb. 14, 2017, 12:46 a.m.)
>
>
> Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
>
>
> Bugs: MESOS-7003
> https://issues.apache.org/jira/browse/MESOS-7003
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This patch updates common Mesos HTTP-related helpers,
> as well as the `authorization::Subject` protobuf
> message, to make use of the `AuthenticationContext`
> type instead of an `Option<string> principal`.
>
>
> Diffs
> -----
>
> include/mesos/authorizer/authorizer.proto 8b860a3e8e0b1c660a8fefc97f10f5acc0501920
> src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4
> src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e
>
> Diff: https://reviews.apache.org/r/56618/diff/
>
>
> Testing
> -------
>
> Testing information can be found at the end of this review chain.
>
>
> Thanks,
>
> Greg Mann
>
>
Re: Review Request 56618: Updated common Mesos code to use
'AuthenticationContext'.
Posted by Jan Schlicht <ja...@mesosphere.io>.
> On Feb. 14, 2017, 4:12 p.m., Jan Schlicht wrote:
> > src/common/http.hpp, line 133
> > <https://reviews.apache.org/r/56618/diff/1/?file=1632574#file1632574line133>
> >
> > How about using an `Option<AuthenticationContext>` here and returning `Subject()` in the case of `context.isNone()`?
> > All calls to this functions in the following patch are either
> > ```
> > authorization::Subject subject = context.isSome()
> > ? createAuthorizationSubject(context.get())
> > : authorization::Subject();
> > ```
> > or
> > ```
> > if (context.isSome()) {
> > request.mutable_subject()->CopyFrom(createAuthorizationSubject(context.get()));
> > }
> > ```
> > At least the first form would look much simpler and concise when changing the function signature this way:
> > ```
> > authorization::Subject subject = createAuthorizationSubject(context)
> > ```
> > What do you think?
>
> Alexander Rojas wrote:
> We discussed this, and the semantics of a default created `authorization::Subject` are different from that of a non setted subject, therefore this is a bad idea. However, there may be a related bug already inside Mesos authorizer for not paying attention to the different semantics. We still need to build a test for it.
Okay, so the first example wouldn't be concerned by this, because it is always creating an `authorization::Subject`. Of course, this is true for the second example, we want to differ between `Request::subject` being set or not. Still, changing the signature and doing
```
if (context.isSome()) {
request.mutable_subject()->CopyFrom(createAuthorizationSubject(context));
}
```
would make sure of that.
- Jan
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/#review165511
-----------------------------------------------------------
On Feb. 14, 2017, 12:46 a.m., Greg Mann wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56618/
> -----------------------------------------------------------
>
> (Updated Feb. 14, 2017, 12:46 a.m.)
>
>
> Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
>
>
> Bugs: MESOS-7003
> https://issues.apache.org/jira/browse/MESOS-7003
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This patch updates common Mesos HTTP-related helpers,
> as well as the `authorization::Subject` protobuf
> message, to make use of the `AuthenticationContext`
> type instead of an `Option<string> principal`.
>
>
> Diffs
> -----
>
> include/mesos/authorizer/authorizer.proto 8b860a3e8e0b1c660a8fefc97f10f5acc0501920
> src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4
> src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e
>
> Diff: https://reviews.apache.org/r/56618/diff/
>
>
> Testing
> -------
>
> Testing information can be found at the end of this review chain.
>
>
> Thanks,
>
> Greg Mann
>
>
Re: Review Request 56618: Updated common Mesos code to use
'AuthenticationContext'.
Posted by Greg Mann <gr...@mesosphere.io>.
> On Feb. 14, 2017, 3:12 p.m., Jan Schlicht wrote:
> > src/common/http.hpp, line 133
> > <https://reviews.apache.org/r/56618/diff/1/?file=1632574#file1632574line133>
> >
> > How about using an `Option<AuthenticationContext>` here and returning `Subject()` in the case of `context.isNone()`?
> > All calls to this functions in the following patch are either
> > ```
> > authorization::Subject subject = context.isSome()
> > ? createAuthorizationSubject(context.get())
> > : authorization::Subject();
> > ```
> > or
> > ```
> > if (context.isSome()) {
> > request.mutable_subject()->CopyFrom(createAuthorizationSubject(context.get()));
> > }
> > ```
> > At least the first form would look much simpler and concise when changing the function signature this way:
> > ```
> > authorization::Subject subject = createAuthorizationSubject(context)
> > ```
> > What do you think?
>
> Alexander Rojas wrote:
> We discussed this, and the semantics of a default created `authorization::Subject` are different from that of a non setted subject, therefore this is a bad idea. However, there may be a related bug already inside Mesos authorizer for not paying attention to the different semantics. We still need to build a test for it.
>
> Jan Schlicht wrote:
> Okay, so the first example wouldn't be concerned by this, because it is always creating an `authorization::Subject`. Of course, this is true for the second example, we want to differ between `Request::subject` being set or not. Still, changing the signature and doing
> ```
> if (context.isSome()) {
> request.mutable_subject()->CopyFrom(createAuthorizationSubject(context));
> }
> ```
> would make sure of that.
After looking at the callsites in our handlers a bit more, I think we have the following two cases:
1) We want to call `getObjectApprover`, which accepts an `Option<authorization::Subject>`
2) We want to set the `subject` of an authorization request conditionally, only when `context.isSome()`
To accommodate these two cases, I think it's actually beneficial to have two different helpers; one of which returns an `authorization::Subject`, while the other returns `Option<authorization::Subject>`. I've updated the patches to include two functions, `createSubject` and `createOptionalSubject`, to handle these cases. Let me know what you guys think!
- Greg
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/#review165511
-----------------------------------------------------------
On Feb. 17, 2017, 10:34 p.m., Greg Mann wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56618/
> -----------------------------------------------------------
>
> (Updated Feb. 17, 2017, 10:34 p.m.)
>
>
> Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
>
>
> Bugs: MESOS-7003
> https://issues.apache.org/jira/browse/MESOS-7003
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This patch updates common Mesos HTTP-related helpers,
> as well as the `authorization::Subject` protobuf
> message, to make use of the `AuthenticationContext`
> type instead of an `Option<string> principal`.
>
>
> Diffs
> -----
>
> include/mesos/authorizer/authorizer.proto 9cc75b0db17b2d0bab3f449f795cbf505c5b0f15
> src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4
> src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e
>
> Diff: https://reviews.apache.org/r/56618/diff/
>
>
> Testing
> -------
>
> Testing information can be found at the end of this review chain.
>
>
> Thanks,
>
> Greg Mann
>
>
Re: Review Request 56618: Updated common Mesos code to use
'AuthenticationContext'.
Posted by Alexander Rojas <al...@mesosphere.io>.
> On Feb. 14, 2017, 4:12 p.m., Jan Schlicht wrote:
> > src/common/http.hpp, line 133
> > <https://reviews.apache.org/r/56618/diff/1/?file=1632574#file1632574line133>
> >
> > How about using an `Option<AuthenticationContext>` here and returning `Subject()` in the case of `context.isNone()`?
> > All calls to this functions in the following patch are either
> > ```
> > authorization::Subject subject = context.isSome()
> > ? createAuthorizationSubject(context.get())
> > : authorization::Subject();
> > ```
> > or
> > ```
> > if (context.isSome()) {
> > request.mutable_subject()->CopyFrom(createAuthorizationSubject(context.get()));
> > }
> > ```
> > At least the first form would look much simpler and concise when changing the function signature this way:
> > ```
> > authorization::Subject subject = createAuthorizationSubject(context)
> > ```
> > What do you think?
We discussed this, and the semantics of a default created `authorization::Subject` are different from that of a non setted subject, therefore this is a bad idea. However, there may be a related bug already inside Mesos authorizer for not paying attention to the different semantics. We still need to build a test for it.
- Alexander
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/#review165511
-----------------------------------------------------------
On Feb. 14, 2017, 12:46 a.m., Greg Mann wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56618/
> -----------------------------------------------------------
>
> (Updated Feb. 14, 2017, 12:46 a.m.)
>
>
> Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
>
>
> Bugs: MESOS-7003
> https://issues.apache.org/jira/browse/MESOS-7003
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This patch updates common Mesos HTTP-related helpers,
> as well as the `authorization::Subject` protobuf
> message, to make use of the `AuthenticationContext`
> type instead of an `Option<string> principal`.
>
>
> Diffs
> -----
>
> include/mesos/authorizer/authorizer.proto 8b860a3e8e0b1c660a8fefc97f10f5acc0501920
> src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4
> src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e
>
> Diff: https://reviews.apache.org/r/56618/diff/
>
>
> Testing
> -------
>
> Testing information can be found at the end of this review chain.
>
>
> Thanks,
>
> Greg Mann
>
>
Re: Review Request 56618: Updated common Mesos code to use
'AuthenticationContext'.
Posted by Jan Schlicht <ja...@mesosphere.io>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/#review165511
-----------------------------------------------------------
This look great already. But I'll need more time to deeply review this, e.g. I'll do another round, this are the few things I found while quickly looking over the patch.
src/common/http.hpp (line 132)
<https://reviews.apache.org/r/56618/#comment237353>
Why `const` when you're returning a value?
src/common/http.hpp (line 133)
<https://reviews.apache.org/r/56618/#comment237352>
How about using an `Option<AuthenticationContext>` here and returning `Subject()` in the case of `context.isNone()`?
All calls to this functions in the following patch are either
```
authorization::Subject subject = context.isSome()
? createAuthorizationSubject(context.get())
: authorization::Subject();
```
or
```
if (context.isSome()) {
request.mutable_subject()->CopyFrom(createAuthorizationSubject(context.get()));
}
```
At least the first form would look much simpler and concise when changing the function signature this way:
```
authorization::Subject subject = createAuthorizationSubject(context)
```
What do you think?
- Jan Schlicht
On Feb. 14, 2017, 12:46 a.m., Greg Mann wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56618/
> -----------------------------------------------------------
>
> (Updated Feb. 14, 2017, 12:46 a.m.)
>
>
> Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
>
>
> Bugs: MESOS-7003
> https://issues.apache.org/jira/browse/MESOS-7003
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This patch updates common Mesos HTTP-related helpers,
> as well as the `authorization::Subject` protobuf
> message, to make use of the `AuthenticationContext`
> type instead of an `Option<string> principal`.
>
>
> Diffs
> -----
>
> include/mesos/authorizer/authorizer.proto 8b860a3e8e0b1c660a8fefc97f10f5acc0501920
> src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4
> src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e
>
> Diff: https://reviews.apache.org/r/56618/diff/
>
>
> Testing
> -------
>
> Testing information can be found at the end of this review chain.
>
>
> Thanks,
>
> Greg Mann
>
>