You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@mesos.apache.org by Chun-Hung Hsiao <ch...@mesosphere.io> on 2017/10/16 23:15:47 UTC
Re: Review Request 62637: Added an object approver to authorize
requests from resource providers.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62637/
-----------------------------------------------------------
(Updated Oct. 16, 2017, 11:15 p.m.)
Review request for mesos, Alexander Rojas, Greg Mann, Jie Yu, and Joseph Wu.
Summary (updated)
-----------------
Added an object approver to authorize requests from resource providers.
Bugs: MESOS-8100
https://issues.apache.org/jira/browse/MESOS-8100
Repository: mesos
Description
-------
This patch adds `LocalImplicitResourceProviderObjectApprover`, which
authorize standalone container calls from a resource provider if the
container IDs are prefixed with the namespace string.
Diffs
-----
src/authorizer/local/authorizer.cpp 2fe7b879e649b13322cfcb300c21ef1ed0fea410
Diff: https://reviews.apache.org/r/62637/diff/2/
Testing
-------
make
Thanks,
Chun-Hung Hsiao
Re: Review Request 62637: Added an object approver to authorize
requests from resource providers.
Posted by Joseph Wu <jo...@mesosphere.io>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62637/#review191084
-----------------------------------------------------------
src/authorizer/local/authorizer.cpp
Lines 558-567 (patched)
<https://reviews.apache.org/r/62637/#comment268677>
Note that the committed iteration of the standalone AuthZ code does not pass anything to the Approver.
It should be easy enough to:
1) Create an `ObjectApprover` object that takes an `ContainerID` i.e. Part of this discarded change: https://reviews.apache.org/r/62144/
2) Modify the 4 APIs with `s/!authorizer->accept()/!authorizer->accept(containerId)/`
- Joseph Wu
On Oct. 16, 2017, 4:15 p.m., Chun-Hung Hsiao wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62637/
> -----------------------------------------------------------
>
> (Updated Oct. 16, 2017, 4:15 p.m.)
>
>
> Review request for mesos, Alexander Rojas, Greg Mann, Jie Yu, and Joseph Wu.
>
>
> Bugs: MESOS-8100
> https://issues.apache.org/jira/browse/MESOS-8100
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This patch adds `LocalImplicitResourceProviderObjectApprover`, which
> authorize standalone container calls from a resource provider if the
> container IDs are prefixed with the namespace string.
>
>
> Diffs
> -----
>
> src/authorizer/local/authorizer.cpp 2fe7b879e649b13322cfcb300c21ef1ed0fea410
>
>
> Diff: https://reviews.apache.org/r/62637/diff/2/
>
>
> Testing
> -------
>
> make
>
>
> Thanks,
>
> Chun-Hung Hsiao
>
>
Re: Review Request 62637: Added an object approver to authorize
requests from resource providers.
Posted by Alexander Rojas <al...@mesosphere.io>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62637/#review191714
-----------------------------------------------------------
Please add unit tests.
- Alexander Rojas
On Nov. 21, 2017, 2:14 a.m., Chun-Hung Hsiao wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62637/
> -----------------------------------------------------------
>
> (Updated Nov. 21, 2017, 2:14 a.m.)
>
>
> Review request for mesos, Alexander Rojas, Greg Mann, Jie Yu, and Joseph Wu.
>
>
> Bugs: MESOS-8100
> https://issues.apache.org/jira/browse/MESOS-8100
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This patch adds `LocalImplicitResourceProviderObjectApprover`, which
> authorize standalone container calls from a resource provider if the
> container IDs are prefixed with the namespace string.
>
>
> Diffs
> -----
>
> include/mesos/authorizer/authorizer.hpp 40790f5801bdde8df0e2823fc8949d00b1eaa2fb
> src/authorizer/local/authorizer.cpp 35bf03cfd4264e27235b355c1c7c3ff07f91af94
> src/slave/http.cpp 394e91013dc11e0a79e2e00534864281cc74ad2f
>
>
> Diff: https://reviews.apache.org/r/62637/diff/3/
>
>
> Testing
> -------
>
> make
>
>
> Thanks,
>
> Chun-Hung Hsiao
>
>
Re: Review Request 62637: Added an object approver to authorize
requests from resource providers.
Posted by Jie Yu <yu...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62637/#review191817
-----------------------------------------------------------
Ship it!
THis LGTM. We should have tests in the chain.
- Jie Yu
On Nov. 21, 2017, 1:14 a.m., Chun-Hung Hsiao wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62637/
> -----------------------------------------------------------
>
> (Updated Nov. 21, 2017, 1:14 a.m.)
>
>
> Review request for mesos, Alexander Rojas, Greg Mann, Jie Yu, and Joseph Wu.
>
>
> Bugs: MESOS-8100
> https://issues.apache.org/jira/browse/MESOS-8100
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This patch adds `LocalImplicitResourceProviderObjectApprover`, which
> authorize standalone container calls from a resource provider if the
> container IDs are prefixed with the namespace string.
>
>
> Diffs
> -----
>
> include/mesos/authorizer/authorizer.hpp 40790f5801bdde8df0e2823fc8949d00b1eaa2fb
> src/authorizer/local/authorizer.cpp 35bf03cfd4264e27235b355c1c7c3ff07f91af94
> src/slave/http.cpp 394e91013dc11e0a79e2e00534864281cc74ad2f
>
>
> Diff: https://reviews.apache.org/r/62637/diff/3/
>
>
> Testing
> -------
>
> make
>
>
> Thanks,
>
> Chun-Hung Hsiao
>
>
Re: Review Request 62637: Added an object approver to authorize
requests from resource providers.
Posted by Jie Yu <yu...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62637/#review192190
-----------------------------------------------------------
Two tests has been added:
https://reviews.apache.org/r/64176
https://reviews.apache.org/r/64177
- Jie Yu
On Nov. 21, 2017, 1:14 a.m., Chun-Hung Hsiao wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62637/
> -----------------------------------------------------------
>
> (Updated Nov. 21, 2017, 1:14 a.m.)
>
>
> Review request for mesos, Alexander Rojas, Greg Mann, Jie Yu, and Joseph Wu.
>
>
> Bugs: MESOS-8100
> https://issues.apache.org/jira/browse/MESOS-8100
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This patch adds `LocalImplicitResourceProviderObjectApprover`, which
> authorize standalone container calls from a resource provider if the
> container IDs are prefixed with the namespace string.
>
>
> Diffs
> -----
>
> include/mesos/authorizer/authorizer.hpp 40790f5801bdde8df0e2823fc8949d00b1eaa2fb
> src/authorizer/local/authorizer.cpp 35bf03cfd4264e27235b355c1c7c3ff07f91af94
> src/slave/http.cpp 394e91013dc11e0a79e2e00534864281cc74ad2f
>
>
> Diff: https://reviews.apache.org/r/62637/diff/3/
>
>
> Testing
> -------
>
> make
>
>
> Thanks,
>
> Chun-Hung Hsiao
>
>
Re: Review Request 62637: Added an object approver to authorize
requests from resource providers.
Posted by Chun-Hung Hsiao <ch...@mesosphere.io>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62637/
-----------------------------------------------------------
(Updated Nov. 21, 2017, 1:14 a.m.)
Review request for mesos, Alexander Rojas, Greg Mann, Jie Yu, and Joseph Wu.
Changes
-------
Addressed kaysoky's comments.
Bugs: MESOS-8100
https://issues.apache.org/jira/browse/MESOS-8100
Repository: mesos
Description
-------
This patch adds `LocalImplicitResourceProviderObjectApprover`, which
authorize standalone container calls from a resource provider if the
container IDs are prefixed with the namespace string.
Diffs (updated)
-----
include/mesos/authorizer/authorizer.hpp 40790f5801bdde8df0e2823fc8949d00b1eaa2fb
src/authorizer/local/authorizer.cpp 35bf03cfd4264e27235b355c1c7c3ff07f91af94
src/slave/http.cpp 394e91013dc11e0a79e2e00534864281cc74ad2f
Diff: https://reviews.apache.org/r/62637/diff/3/
Changes: https://reviews.apache.org/r/62637/diff/2-3/
Testing
-------
make
Thanks,
Chun-Hung Hsiao