You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Greg Mann (JIRA)" <ji...@apache.org> on 2017/10/24 15:48:00 UTC

[jira] [Commented] (MESOS-8126) Consider decoupling the authorization logic from response creation.

    [ https://issues.apache.org/jira/browse/MESOS-8126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16217127#comment-16217127 ] 

Greg Mann commented on MESOS-8126:
----------------------------------

Agreed - I think breaking the authorization code out of {{createAgentResponse}} would clean things up.

If we use a helper which modifies the {{GetAgents::Agent}} in-place, like we do in {{convertResourceFormat}}, then we could avoid extra copies as a result of the refactor.

> Consider decoupling the authorization logic from response creation.
> -------------------------------------------------------------------
>
>                 Key: MESOS-8126
>                 URL: https://issues.apache.org/jira/browse/MESOS-8126
>             Project: Mesos
>          Issue Type: Task
>            Reporter: Michael Park
>
> Currently the {{createAgentResponse}} function performs some authorization,
> given an optional {{rolesAcceptor}}. {{_getAgents}} function uses this helper
> *with* a {{rolesAcceptor}}. {{createAgentAdded}} on the other hand uses the
> helper *without* a {{rolesAcceptor}} and is passed to {{Master::Subscriber::send}}
> for authorization post-hoc.
> From first glance, it seemed like there were 2 authorizations being done for no
> reason, and it seems like it could be beneficial to actually pull the authorization
> logic out of the response creation logic, rather than coupling them and by-passing
> authorization when we want a *custom* authorization logic.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)