You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@mesos.apache.org by Greg Mann <gr...@mesosphere.io> on 2017/02/13 23:46:36 UTC

Review Request 56618: Updated common Mesos code to use 'AuthenticationContext'.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/
-----------------------------------------------------------

Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.


Bugs: MESOS-7003
    https://issues.apache.org/jira/browse/MESOS-7003


Repository: mesos


Description
-------

This patch updates common Mesos HTTP-related helpers,
as well as the `authorization::Subject` protobuf
message, to make use of the `AuthenticationContext`
type instead of an `Option<string> principal`.


Diffs
-----

  include/mesos/authorizer/authorizer.proto 8b860a3e8e0b1c660a8fefc97f10f5acc0501920 
  src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4 
  src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e 

Diff: https://reviews.apache.org/r/56618/diff/


Testing
-------

Testing information can be found at the end of this review chain.


Thanks,

Greg Mann

Re: Review Request 56618: Updated common Mesos code to use 'AuthenticationContext'.

Posted by Adam B <ad...@mesosphere.io>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/#review166118
-----------------------------------------------------------



Lookin good


include/mesos/authorizer/authorizer.proto (lines 29 - 30)
<https://reviews.apache.org/r/56618/#comment238013>

    "currently only a value" is no longer accurate


- Adam B


On Feb. 17, 2017, 2:34 p.m., Greg Mann wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56618/
> -----------------------------------------------------------
> 
> (Updated Feb. 17, 2017, 2:34 p.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
> 
> 
> Bugs: MESOS-7003
>     https://issues.apache.org/jira/browse/MESOS-7003
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This patch updates common Mesos HTTP-related helpers,
> as well as the `authorization::Subject` protobuf
> message, to make use of the `AuthenticationContext`
> type instead of an `Option<string> principal`.
> 
> 
> Diffs
> -----
> 
>   include/mesos/authorizer/authorizer.proto 9cc75b0db17b2d0bab3f449f795cbf505c5b0f15 
>   src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4 
>   src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e 
> 
> Diff: https://reviews.apache.org/r/56618/diff/
> 
> 
> Testing
> -------
> 
> Testing information can be found at the end of this review chain.
> 
> 
> Thanks,
> 
> Greg Mann
> 
>

Re: Review Request 56618: Updated common Mesos code to use 'AuthenticationContext'.

Posted by Alexander Rojas <al...@mesosphere.io>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/#review166854
-----------------------------------------------------------


Ship it!




Ship It!

- Alexander Rojas


On Feb. 22, 2017, 2:15 a.m., Greg Mann wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56618/
> -----------------------------------------------------------
> 
> (Updated Feb. 22, 2017, 2:15 a.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
> 
> 
> Bugs: MESOS-7003
>     https://issues.apache.org/jira/browse/MESOS-7003
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This patch updates common Mesos HTTP-related helpers,
> as well as the `authorization::Subject` protobuf
> message, to make use of the `AuthenticationContext`
> type instead of an `Option<string> principal`.
> 
> 
> Diffs
> -----
> 
>   include/mesos/authorizer/authorizer.proto 9cc75b0db17b2d0bab3f449f795cbf505c5b0f15 
>   src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4 
>   src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e 
> 
> Diff: https://reviews.apache.org/r/56618/diff/
> 
> 
> Testing
> -------
> 
> Testing information can be found at the end of this review chain.
> 
> 
> Thanks,
> 
> Greg Mann
> 
>

Re: Review Request 56618: Updated common Mesos code to use the 'Principal' type.

Posted by Greg Mann <gr...@mesosphere.io>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/
-----------------------------------------------------------

(Updated March 3, 2017, 11:38 p.m.)


Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.


Bugs: MESOS-7003
    https://issues.apache.org/jira/browse/MESOS-7003


Repository: mesos


Description
-------

This patch updates common Mesos HTTP-related helpers,
as well as the `authorization::Subject` protobuf
message, to make use of the `Principal` type instead
of an `Option<string> principal`.


Diffs (updated)
-----

  include/mesos/authorizer/authorizer.proto 9cc75b0db17b2d0bab3f449f795cbf505c5b0f15 
  src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4 
  src/common/http.cpp 5d75ecd8b6d2e288bebac50e7de738712858f74d 


Diff: https://reviews.apache.org/r/56618/diff/6/

Changes: https://reviews.apache.org/r/56618/diff/5-6/


Testing
-------

Testing information can be found at the end of this review chain.


Thanks,

Greg Mann

Re: Review Request 56618: Updated common Mesos code to use the 'Principal' type.

Posted by Vinod Kone <vi...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/#review167891
-----------------------------------------------------------


Ship it!





src/common/http.hpp
Line 134 (original), 134 (patched)
<https://reviews.apache.org/r/56618/#comment239869>

    s/callsites/call sites/ ?


- Vinod Kone


On March 3, 2017, 6:39 p.m., Greg Mann wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56618/
> -----------------------------------------------------------
> 
> (Updated March 3, 2017, 6:39 p.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
> 
> 
> Bugs: MESOS-7003
>     https://issues.apache.org/jira/browse/MESOS-7003
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This patch updates common Mesos HTTP-related helpers,
> as well as the `authorization::Subject` protobuf
> message, to make use of the `Principal` type instead
> of an `Option<string> principal`.
> 
> 
> Diffs
> -----
> 
>   include/mesos/authorizer/authorizer.proto 9cc75b0db17b2d0bab3f449f795cbf505c5b0f15 
>   src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4 
>   src/common/http.cpp 5d75ecd8b6d2e288bebac50e7de738712858f74d 
> 
> 
> Diff: https://reviews.apache.org/r/56618/diff/5/
> 
> 
> Testing
> -------
> 
> Testing information can be found at the end of this review chain.
> 
> 
> Thanks,
> 
> Greg Mann
> 
>

Re: Review Request 56618: Updated common Mesos code to use the 'Principal' type.

Posted by Greg Mann <gr...@mesosphere.io>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/
-----------------------------------------------------------

(Updated March 3, 2017, 6:39 p.m.)


Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.


Changes
-------

Removed `createOptionalSubject()`.


Bugs: MESOS-7003
    https://issues.apache.org/jira/browse/MESOS-7003


Repository: mesos


Description
-------

This patch updates common Mesos HTTP-related helpers,
as well as the `authorization::Subject` protobuf
message, to make use of the `Principal` type instead
of an `Option<string> principal`.


Diffs (updated)
-----

  include/mesos/authorizer/authorizer.proto 9cc75b0db17b2d0bab3f449f795cbf505c5b0f15 
  src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4 
  src/common/http.cpp 5d75ecd8b6d2e288bebac50e7de738712858f74d 


Diff: https://reviews.apache.org/r/56618/diff/5/

Changes: https://reviews.apache.org/r/56618/diff/4-5/


Testing
-------

Testing information can be found at the end of this review chain.


Thanks,

Greg Mann

Re: Review Request 56618: Updated common Mesos code to use the 'Principal' type.

Posted by Greg Mann <gr...@mesosphere.io>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/
-----------------------------------------------------------

(Updated Feb. 28, 2017, 6:31 a.m.)


Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.


Summary (updated)
-----------------

Updated common Mesos code to use the 'Principal' type.


Bugs: MESOS-7003
    https://issues.apache.org/jira/browse/MESOS-7003


Repository: mesos


Description
-------

This patch updates common Mesos HTTP-related helpers,
as well as the `authorization::Subject` protobuf
message, to make use of the `Principal` type instead
of an `Option<string> principal`.


Diffs
-----

  include/mesos/authorizer/authorizer.proto 9cc75b0db17b2d0bab3f449f795cbf505c5b0f15 
  src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4 
  src/common/http.cpp 5d75ecd8b6d2e288bebac50e7de738712858f74d 

Diff: https://reviews.apache.org/r/56618/diff/


Testing
-------

Testing information can be found at the end of this review chain.


Thanks,

Greg Mann

Re: Review Request 56618: Updated common Mesos code to use 'AuthenticationContext'.

Posted by Greg Mann <gr...@mesosphere.io>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/
-----------------------------------------------------------

(Updated Feb. 28, 2017, 6:24 a.m.)


Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.


Changes
-------

Changed 'AuthenticationContext' to 'Principal'.


Bugs: MESOS-7003
    https://issues.apache.org/jira/browse/MESOS-7003


Repository: mesos


Description (updated)
-------

This patch updates common Mesos HTTP-related helpers,
as well as the `authorization::Subject` protobuf
message, to make use of the `Principal` type instead
of an `Option<string> principal`.


Diffs (updated)
-----

  include/mesos/authorizer/authorizer.proto 9cc75b0db17b2d0bab3f449f795cbf505c5b0f15 
  src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4 
  src/common/http.cpp 5d75ecd8b6d2e288bebac50e7de738712858f74d 

Diff: https://reviews.apache.org/r/56618/diff/


Testing
-------

Testing information can be found at the end of this review chain.


Thanks,

Greg Mann

Re: Review Request 56618: Updated common Mesos code to use 'AuthenticationContext'.

Posted by Vinod Kone <vi...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/#review166631
-----------------------------------------------------------


Ship it!




Ship It!

- Vinod Kone


On Feb. 22, 2017, 1:15 a.m., Greg Mann wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56618/
> -----------------------------------------------------------
> 
> (Updated Feb. 22, 2017, 1:15 a.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
> 
> 
> Bugs: MESOS-7003
>     https://issues.apache.org/jira/browse/MESOS-7003
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This patch updates common Mesos HTTP-related helpers,
> as well as the `authorization::Subject` protobuf
> message, to make use of the `AuthenticationContext`
> type instead of an `Option<string> principal`.
> 
> 
> Diffs
> -----
> 
>   include/mesos/authorizer/authorizer.proto 9cc75b0db17b2d0bab3f449f795cbf505c5b0f15 
>   src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4 
>   src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e 
> 
> Diff: https://reviews.apache.org/r/56618/diff/
> 
> 
> Testing
> -------
> 
> Testing information can be found at the end of this review chain.
> 
> 
> Thanks,
> 
> Greg Mann
> 
>

Re: Review Request 56618: Updated common Mesos code to use 'AuthenticationContext'.

Posted by Greg Mann <gr...@mesosphere.io>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/
-----------------------------------------------------------

(Updated Feb. 22, 2017, 1:15 a.m.)


Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.


Changes
-------

Changed `context` to `authContext`.


Bugs: MESOS-7003
    https://issues.apache.org/jira/browse/MESOS-7003


Repository: mesos


Description
-------

This patch updates common Mesos HTTP-related helpers,
as well as the `authorization::Subject` protobuf
message, to make use of the `AuthenticationContext`
type instead of an `Option<string> principal`.


Diffs (updated)
-----

  include/mesos/authorizer/authorizer.proto 9cc75b0db17b2d0bab3f449f795cbf505c5b0f15 
  src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4 
  src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e 

Diff: https://reviews.apache.org/r/56618/diff/


Testing
-------

Testing information can be found at the end of this review chain.


Thanks,

Greg Mann

Re: Review Request 56618: Updated common Mesos code to use 'AuthenticationContext'.

Posted by Greg Mann <gr...@mesosphere.io>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/
-----------------------------------------------------------

(Updated Feb. 17, 2017, 10:34 p.m.)


Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.


Bugs: MESOS-7003
    https://issues.apache.org/jira/browse/MESOS-7003


Repository: mesos


Description
-------

This patch updates common Mesos HTTP-related helpers,
as well as the `authorization::Subject` protobuf
message, to make use of the `AuthenticationContext`
type instead of an `Option<string> principal`.


Diffs (updated)
-----

  include/mesos/authorizer/authorizer.proto 9cc75b0db17b2d0bab3f449f795cbf505c5b0f15 
  src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4 
  src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e 

Diff: https://reviews.apache.org/r/56618/diff/


Testing
-------

Testing information can be found at the end of this review chain.


Thanks,

Greg Mann

Re: Review Request 56618: Updated common Mesos code to use 'AuthenticationContext'.

Posted by Greg Mann <gr...@mesosphere.io>.


> On Feb. 16, 2017, 10:56 a.m., Alexander Rojas wrote:
> > src/common/http.cpp, line 708
> > <https://reviews.apache.org/r/56618/diff/1/?file=1632575#file1632575line708>
> >
> >     I have the feeling that `extractAuthorizationSubject` may be a better way of describing what is happening here.
> >     
> >     I wonder if there is a way of introducing this to the protobuf generated `Subject` class so this is not a free function.

I'm not really a fan of `extractAuthorizationSubject`, since there isn't an actual `authorization::Subject` within the context type, we're constructing a new one and returning it.

I don't think it's worth messing with the protobuf classes to avoid a free function. I'll namespace the creation functions to improve the isolation.


- Greg


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/#review165825
-----------------------------------------------------------


On Feb. 13, 2017, 11:46 p.m., Greg Mann wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56618/
> -----------------------------------------------------------
> 
> (Updated Feb. 13, 2017, 11:46 p.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
> 
> 
> Bugs: MESOS-7003
>     https://issues.apache.org/jira/browse/MESOS-7003
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This patch updates common Mesos HTTP-related helpers,
> as well as the `authorization::Subject` protobuf
> message, to make use of the `AuthenticationContext`
> type instead of an `Option<string> principal`.
> 
> 
> Diffs
> -----
> 
>   include/mesos/authorizer/authorizer.proto 8b860a3e8e0b1c660a8fefc97f10f5acc0501920 
>   src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4 
>   src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e 
> 
> Diff: https://reviews.apache.org/r/56618/diff/
> 
> 
> Testing
> -------
> 
> Testing information can be found at the end of this review chain.
> 
> 
> Thanks,
> 
> Greg Mann
> 
>

Re: Review Request 56618: Updated common Mesos code to use 'AuthenticationContext'.

Posted by Alexander Rojas <al...@mesosphere.io>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/#review165825
-----------------------------------------------------------




src/common/http.hpp (line 133)
<https://reviews.apache.org/r/56618/#comment237668>

    Given that we always use the complete name `http::authentication::AuthenticationContext` I was wondering if it makes any sense of calling this type `AuthenticationContext`  or if it is redundant given its namespace.
    
    I'm not asking you to change it, but to think about it.



src/common/http.cpp (line 708)
<https://reviews.apache.org/r/56618/#comment237669>

    I have the feeling that `extractAuthorizationSubject` may be a better way of describing what is happening here.
    
    I wonder if there is a way of introducing this to the protobuf generated `Subject` class so this is not a free function.


- Alexander Rojas


On Feb. 14, 2017, 12:46 a.m., Greg Mann wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56618/
> -----------------------------------------------------------
> 
> (Updated Feb. 14, 2017, 12:46 a.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
> 
> 
> Bugs: MESOS-7003
>     https://issues.apache.org/jira/browse/MESOS-7003
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This patch updates common Mesos HTTP-related helpers,
> as well as the `authorization::Subject` protobuf
> message, to make use of the `AuthenticationContext`
> type instead of an `Option<string> principal`.
> 
> 
> Diffs
> -----
> 
>   include/mesos/authorizer/authorizer.proto 8b860a3e8e0b1c660a8fefc97f10f5acc0501920 
>   src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4 
>   src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e 
> 
> Diff: https://reviews.apache.org/r/56618/diff/
> 
> 
> Testing
> -------
> 
> Testing information can be found at the end of this review chain.
> 
> 
> Thanks,
> 
> Greg Mann
> 
>

Re: Review Request 56618: Updated common Mesos code to use 'AuthenticationContext'.

Posted by Alexander Rojas <al...@mesosphere.io>.


> On Feb. 14, 2017, 4:12 p.m., Jan Schlicht wrote:
> > src/common/http.hpp, line 132
> > <https://reviews.apache.org/r/56618/diff/1/?file=1632574#file1632574line132>
> >
> >     Why `const` when you're returning a value?

so you cannot assign to the returned value, i.e. you cannot do `createAuthorizationObject() = somethingelse`. It is a common C++ idiom.


- Alexander


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/#review165511
-----------------------------------------------------------


On Feb. 14, 2017, 12:46 a.m., Greg Mann wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56618/
> -----------------------------------------------------------
> 
> (Updated Feb. 14, 2017, 12:46 a.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
> 
> 
> Bugs: MESOS-7003
>     https://issues.apache.org/jira/browse/MESOS-7003
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This patch updates common Mesos HTTP-related helpers,
> as well as the `authorization::Subject` protobuf
> message, to make use of the `AuthenticationContext`
> type instead of an `Option<string> principal`.
> 
> 
> Diffs
> -----
> 
>   include/mesos/authorizer/authorizer.proto 8b860a3e8e0b1c660a8fefc97f10f5acc0501920 
>   src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4 
>   src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e 
> 
> Diff: https://reviews.apache.org/r/56618/diff/
> 
> 
> Testing
> -------
> 
> Testing information can be found at the end of this review chain.
> 
> 
> Thanks,
> 
> Greg Mann
> 
>

Re: Review Request 56618: Updated common Mesos code to use 'AuthenticationContext'.

Posted by Jan Schlicht <ja...@mesosphere.io>.


> On Feb. 14, 2017, 4:12 p.m., Jan Schlicht wrote:
> > src/common/http.hpp, line 133
> > <https://reviews.apache.org/r/56618/diff/1/?file=1632574#file1632574line133>
> >
> >     How about using an `Option<AuthenticationContext>` here and returning `Subject()` in the case of `context.isNone()`?
> >     All calls to this functions in the following patch are either
> >     ```
> >     authorization::Subject subject = context.isSome()
> >       ? createAuthorizationSubject(context.get())
> >       : authorization::Subject();
> >     ```
> >     or
> >     ```
> >     if (context.isSome()) {
> >       request.mutable_subject()->CopyFrom(createAuthorizationSubject(context.get()));
> >     }
> >     ```
> >     At least the first form would look much simpler and concise when changing the function signature this way:
> >     ```
> >     authorization::Subject subject = createAuthorizationSubject(context)
> >     ```
> >     What do you think?
> 
> Alexander Rojas wrote:
>     We discussed this, and the semantics of a default created `authorization::Subject` are different from that of a non setted subject, therefore this is a bad idea. However, there may be a related bug already inside Mesos authorizer for not paying attention to the different semantics. We still need to build a test for it.

Okay, so the first example wouldn't be concerned by this, because it is always creating an `authorization::Subject`. Of course, this is true for the second example, we want to differ between `Request::subject` being set or not. Still, changing the signature and doing
```
if (context.isSome()) {
  request.mutable_subject()->CopyFrom(createAuthorizationSubject(context));
}
```
would make sure of that.


- Jan


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/#review165511
-----------------------------------------------------------


On Feb. 14, 2017, 12:46 a.m., Greg Mann wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56618/
> -----------------------------------------------------------
> 
> (Updated Feb. 14, 2017, 12:46 a.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
> 
> 
> Bugs: MESOS-7003
>     https://issues.apache.org/jira/browse/MESOS-7003
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This patch updates common Mesos HTTP-related helpers,
> as well as the `authorization::Subject` protobuf
> message, to make use of the `AuthenticationContext`
> type instead of an `Option<string> principal`.
> 
> 
> Diffs
> -----
> 
>   include/mesos/authorizer/authorizer.proto 8b860a3e8e0b1c660a8fefc97f10f5acc0501920 
>   src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4 
>   src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e 
> 
> Diff: https://reviews.apache.org/r/56618/diff/
> 
> 
> Testing
> -------
> 
> Testing information can be found at the end of this review chain.
> 
> 
> Thanks,
> 
> Greg Mann
> 
>

Re: Review Request 56618: Updated common Mesos code to use 'AuthenticationContext'.

Posted by Greg Mann <gr...@mesosphere.io>.


> On Feb. 14, 2017, 3:12 p.m., Jan Schlicht wrote:
> > src/common/http.hpp, line 133
> > <https://reviews.apache.org/r/56618/diff/1/?file=1632574#file1632574line133>
> >
> >     How about using an `Option<AuthenticationContext>` here and returning `Subject()` in the case of `context.isNone()`?
> >     All calls to this functions in the following patch are either
> >     ```
> >     authorization::Subject subject = context.isSome()
> >       ? createAuthorizationSubject(context.get())
> >       : authorization::Subject();
> >     ```
> >     or
> >     ```
> >     if (context.isSome()) {
> >       request.mutable_subject()->CopyFrom(createAuthorizationSubject(context.get()));
> >     }
> >     ```
> >     At least the first form would look much simpler and concise when changing the function signature this way:
> >     ```
> >     authorization::Subject subject = createAuthorizationSubject(context)
> >     ```
> >     What do you think?
> 
> Alexander Rojas wrote:
>     We discussed this, and the semantics of a default created `authorization::Subject` are different from that of a non setted subject, therefore this is a bad idea. However, there may be a related bug already inside Mesos authorizer for not paying attention to the different semantics. We still need to build a test for it.
> 
> Jan Schlicht wrote:
>     Okay, so the first example wouldn't be concerned by this, because it is always creating an `authorization::Subject`. Of course, this is true for the second example, we want to differ between `Request::subject` being set or not. Still, changing the signature and doing
>     ```
>     if (context.isSome()) {
>       request.mutable_subject()->CopyFrom(createAuthorizationSubject(context));
>     }
>     ```
>     would make sure of that.

After looking at the callsites in our handlers a bit more, I think we have the following two cases:

1) We want to call `getObjectApprover`, which accepts an `Option<authorization::Subject>`
2) We want to set the `subject` of an authorization request conditionally, only when `context.isSome()`

To accommodate these two cases, I think it's actually beneficial to have two different helpers; one of which returns an `authorization::Subject`, while the other returns `Option<authorization::Subject>`. I've updated the patches to include two functions, `createSubject` and `createOptionalSubject`, to handle these cases. Let me know what you guys think!


- Greg


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/#review165511
-----------------------------------------------------------


On Feb. 17, 2017, 10:34 p.m., Greg Mann wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56618/
> -----------------------------------------------------------
> 
> (Updated Feb. 17, 2017, 10:34 p.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
> 
> 
> Bugs: MESOS-7003
>     https://issues.apache.org/jira/browse/MESOS-7003
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This patch updates common Mesos HTTP-related helpers,
> as well as the `authorization::Subject` protobuf
> message, to make use of the `AuthenticationContext`
> type instead of an `Option<string> principal`.
> 
> 
> Diffs
> -----
> 
>   include/mesos/authorizer/authorizer.proto 9cc75b0db17b2d0bab3f449f795cbf505c5b0f15 
>   src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4 
>   src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e 
> 
> Diff: https://reviews.apache.org/r/56618/diff/
> 
> 
> Testing
> -------
> 
> Testing information can be found at the end of this review chain.
> 
> 
> Thanks,
> 
> Greg Mann
> 
>

Re: Review Request 56618: Updated common Mesos code to use 'AuthenticationContext'.

Posted by Alexander Rojas <al...@mesosphere.io>.


> On Feb. 14, 2017, 4:12 p.m., Jan Schlicht wrote:
> > src/common/http.hpp, line 133
> > <https://reviews.apache.org/r/56618/diff/1/?file=1632574#file1632574line133>
> >
> >     How about using an `Option<AuthenticationContext>` here and returning `Subject()` in the case of `context.isNone()`?
> >     All calls to this functions in the following patch are either
> >     ```
> >     authorization::Subject subject = context.isSome()
> >       ? createAuthorizationSubject(context.get())
> >       : authorization::Subject();
> >     ```
> >     or
> >     ```
> >     if (context.isSome()) {
> >       request.mutable_subject()->CopyFrom(createAuthorizationSubject(context.get()));
> >     }
> >     ```
> >     At least the first form would look much simpler and concise when changing the function signature this way:
> >     ```
> >     authorization::Subject subject = createAuthorizationSubject(context)
> >     ```
> >     What do you think?

We discussed this, and the semantics of a default created `authorization::Subject` are different from that of a non setted subject, therefore this is a bad idea. However, there may be a related bug already inside Mesos authorizer for not paying attention to the different semantics. We still need to build a test for it.


- Alexander


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/#review165511
-----------------------------------------------------------


On Feb. 14, 2017, 12:46 a.m., Greg Mann wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56618/
> -----------------------------------------------------------
> 
> (Updated Feb. 14, 2017, 12:46 a.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
> 
> 
> Bugs: MESOS-7003
>     https://issues.apache.org/jira/browse/MESOS-7003
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This patch updates common Mesos HTTP-related helpers,
> as well as the `authorization::Subject` protobuf
> message, to make use of the `AuthenticationContext`
> type instead of an `Option<string> principal`.
> 
> 
> Diffs
> -----
> 
>   include/mesos/authorizer/authorizer.proto 8b860a3e8e0b1c660a8fefc97f10f5acc0501920 
>   src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4 
>   src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e 
> 
> Diff: https://reviews.apache.org/r/56618/diff/
> 
> 
> Testing
> -------
> 
> Testing information can be found at the end of this review chain.
> 
> 
> Thanks,
> 
> Greg Mann
> 
>

Re: Review Request 56618: Updated common Mesos code to use 'AuthenticationContext'.

Posted by Jan Schlicht <ja...@mesosphere.io>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56618/#review165511
-----------------------------------------------------------



This look great already. But I'll need more time to deeply review this, e.g. I'll do another round, this are the few things I found while quickly looking over the patch.


src/common/http.hpp (line 132)
<https://reviews.apache.org/r/56618/#comment237353>

    Why `const` when you're returning a value?



src/common/http.hpp (line 133)
<https://reviews.apache.org/r/56618/#comment237352>

    How about using an `Option<AuthenticationContext>` here and returning `Subject()` in the case of `context.isNone()`?
    All calls to this functions in the following patch are either
    ```
    authorization::Subject subject = context.isSome()
      ? createAuthorizationSubject(context.get())
      : authorization::Subject();
    ```
    or
    ```
    if (context.isSome()) {
      request.mutable_subject()->CopyFrom(createAuthorizationSubject(context.get()));
    }
    ```
    At least the first form would look much simpler and concise when changing the function signature this way:
    ```
    authorization::Subject subject = createAuthorizationSubject(context)
    ```
    What do you think?


- Jan Schlicht


On Feb. 14, 2017, 12:46 a.m., Greg Mann wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56618/
> -----------------------------------------------------------
> 
> (Updated Feb. 14, 2017, 12:46 a.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
> 
> 
> Bugs: MESOS-7003
>     https://issues.apache.org/jira/browse/MESOS-7003
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This patch updates common Mesos HTTP-related helpers,
> as well as the `authorization::Subject` protobuf
> message, to make use of the `AuthenticationContext`
> type instead of an `Option<string> principal`.
> 
> 
> Diffs
> -----
> 
>   include/mesos/authorizer/authorizer.proto 8b860a3e8e0b1c660a8fefc97f10f5acc0501920 
>   src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4 
>   src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e 
> 
> Diff: https://reviews.apache.org/r/56618/diff/
> 
> 
> Testing
> -------
> 
> Testing information can be found at the end of this review chain.
> 
> 
> Thanks,
> 
> Greg Mann
> 
>