You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@mesos.apache.org by Alexander Rojas <al...@mesosphere.io> on 2016/12/12 14:35:56 UTC
Review Request 54661: Enable authorization for the GET_FLAGS API Call.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/54661/
-----------------------------------------------------------
Review request for mesos and Adam B.
Bugs: MESOS-6670
https://issues.apache.org/jira/browse/MESOS-6670
Repository: mesos
Description
-------
Adds the stub which allows for restriction of users when attempting
to access the `GET_FLAGS` API v1 call.
Diffs
-----
src/slave/http.cpp 8a71eadd8f26df147ddea800221b6f243280bf3b
Diff: https://reviews.apache.org/r/54661/diff/
Testing
-------
make check
Thanks,
Alexander Rojas
Re: Review Request 54661: Enable authorization for the GET_FLAGS API
Call.
Posted by Adam B <ad...@mesosphere.io>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/54661/#review159086
-----------------------------------------------------------
Fix it, then Ship it!
src/slave/http.cpp (line 775)
<https://reviews.apache.org/r/54661/#comment230041>
Looks like excessive `()` wrapping, but I can fix this before committing.
- Adam B
On Dec. 13, 2016, 6:49 a.m., Alexander Rojas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/54661/
> -----------------------------------------------------------
>
> (Updated Dec. 13, 2016, 6:49 a.m.)
>
>
> Review request for mesos and Adam B.
>
>
> Bugs: MESOS-6670
> https://issues.apache.org/jira/browse/MESOS-6670
>
>
> Repository: mesos
>
>
> Description
> -------
>
> Adds the stub which allows for restriction of users when attempting
> to access the `GET_FLAGS` API v1 call.
>
>
> Diffs
> -----
>
> src/slave/http.cpp 8a71eadd8f26df147ddea800221b6f243280bf3b
>
> Diff: https://reviews.apache.org/r/54661/diff/
>
>
> Testing
> -------
>
> make check
>
>
> Thanks,
>
> Alexander Rojas
>
>
Re: Review Request 54661: Enable authorization for the GET_FLAGS API
Call.
Posted by Alexander Rojas <al...@mesosphere.io>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/54661/
-----------------------------------------------------------
(Updated Dec. 13, 2016, 3:49 p.m.)
Review request for mesos and Adam B.
Bugs: MESOS-6670
https://issues.apache.org/jira/browse/MESOS-6670
Repository: mesos
Description
-------
Adds the stub which allows for restriction of users when attempting
to access the `GET_FLAGS` API v1 call.
Diffs (updated)
-----
src/slave/http.cpp 8a71eadd8f26df147ddea800221b6f243280bf3b
Diff: https://reviews.apache.org/r/54661/diff/
Testing
-------
make check
Thanks,
Alexander Rojas
Re: Review Request 54661: Enable authorization for the GET_FLAGS API
Call.
Posted by Mesos ReviewBot <re...@mesos.apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/54661/#review158905
-----------------------------------------------------------
Patch looks great!
Reviews applied: [54535, 54661]
Passed command: export OS='ubuntu:14.04' BUILDTOOL='autotools' COMPILER='gcc' CONFIGURATION='--verbose' ENVIRONMENT='GLOG_v=1 MESOS_VERBOSE=1'; ./support/docker_build.sh
- Mesos ReviewBot
On Dec. 12, 2016, 2:35 p.m., Alexander Rojas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/54661/
> -----------------------------------------------------------
>
> (Updated Dec. 12, 2016, 2:35 p.m.)
>
>
> Review request for mesos and Adam B.
>
>
> Bugs: MESOS-6670
> https://issues.apache.org/jira/browse/MESOS-6670
>
>
> Repository: mesos
>
>
> Description
> -------
>
> Adds the stub which allows for restriction of users when attempting
> to access the `GET_FLAGS` API v1 call.
>
>
> Diffs
> -----
>
> src/slave/http.cpp 8a71eadd8f26df147ddea800221b6f243280bf3b
>
> Diff: https://reviews.apache.org/r/54661/diff/
>
>
> Testing
> -------
>
> make check
>
>
> Thanks,
>
> Alexander Rojas
>
>
Re: Review Request 54661: Enable authorization for the GET_FLAGS API
Call.
Posted by Alexander Rojas <al...@mesosphere.io>.
> On Dec. 13, 2016, 10:44 a.m., Adam B wrote:
> > src/slave/http.cpp, line 766
> > <https://reviews.apache.org/r/54661/diff/1/?file=1581994#file1581994line766>
> >
> > Is the plan to move everything over to the ObjectApprover API?
> > I notice that the v0 /flags endpoint just calls `slave->authorizer.get()->authorized(authRequest)`
> > Should we update it too?
That has, indeed, been the plan since the introduction of the object approver concept. Though my original plan was to do a sweep clean of all the places where the `Authorizer::authorized()` calls exist.
- Alexander
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/54661/#review158973
-----------------------------------------------------------
On Dec. 13, 2016, 3:49 p.m., Alexander Rojas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/54661/
> -----------------------------------------------------------
>
> (Updated Dec. 13, 2016, 3:49 p.m.)
>
>
> Review request for mesos and Adam B.
>
>
> Bugs: MESOS-6670
> https://issues.apache.org/jira/browse/MESOS-6670
>
>
> Repository: mesos
>
>
> Description
> -------
>
> Adds the stub which allows for restriction of users when attempting
> to access the `GET_FLAGS` API v1 call.
>
>
> Diffs
> -----
>
> src/slave/http.cpp 8a71eadd8f26df147ddea800221b6f243280bf3b
>
> Diff: https://reviews.apache.org/r/54661/diff/
>
>
> Testing
> -------
>
> make check
>
>
> Thanks,
>
> Alexander Rojas
>
>
Re: Review Request 54661: Enable authorization for the GET_FLAGS API
Call.
Posted by Adam B <ad...@mesosphere.io>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/54661/#review158973
-----------------------------------------------------------
Looks like we don't ever return Forbidden in this new code path..
src/slave/http.cpp (line 766)
<https://reviews.apache.org/r/54661/#comment229870>
Is the plan to move everything over to the ObjectApprover API?
I notice that the v0 /flags endpoint just calls `slave->authorizer.get()->authorized(authRequest)`
Should we update it too?
src/slave/http.cpp (line 775)
<https://reviews.apache.org/r/54661/#comment229872>
Don't you need to check `approver->approved()` before you return OK or Forbidden?
- Adam B
On Dec. 12, 2016, 6:35 a.m., Alexander Rojas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/54661/
> -----------------------------------------------------------
>
> (Updated Dec. 12, 2016, 6:35 a.m.)
>
>
> Review request for mesos and Adam B.
>
>
> Bugs: MESOS-6670
> https://issues.apache.org/jira/browse/MESOS-6670
>
>
> Repository: mesos
>
>
> Description
> -------
>
> Adds the stub which allows for restriction of users when attempting
> to access the `GET_FLAGS` API v1 call.
>
>
> Diffs
> -----
>
> src/slave/http.cpp 8a71eadd8f26df147ddea800221b6f243280bf3b
>
> Diff: https://reviews.apache.org/r/54661/diff/
>
>
> Testing
> -------
>
> make check
>
>
> Thanks,
>
> Alexander Rojas
>
>