Re: Review Request 18730: Implemented a basic Authorizer interface.

Tue, 04 Mar 2014 11:29:39 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/18730/#review36150
-----------------------------------------------------------



include/mesos/mesos.proto
<https://reviews.apache.org/r/18730/#comment67064>

    In line with Niklas' and Adam's comments, I agree we should be making ACLs 
more explicit. How about defining a message for each action? For example:
    
    message ACL {
      message RunAsUser {
        required string user = 1;
      }
    
      message AllocateFromRole {
        required string role = 1;
      }
    
      enum Action {
        RUN_AS_USER = 1,
        ALLOCATE_FROM_ROLE = 2
      };
    
      required string subject = 1;
      required Action action = 2;
    
      optional RunAsUser run_as_user = 3;
      optional AllocateFromRole allocate_from_role = 4;
    }
    
    This should still give us lots of flexibility while also being explicit 
(and type safe!).
    
    I can also imagine doing the same thing for 'subject', e.g.:
    
    message ACL {
      message Subject {
        optional string principal = 1;
        optional string user = 2;
        // Add more subjects as necessary.
      }
      required Subject subject = 1;
    ...
    }
    
    We could accomplish the same with another enum as well, but it's probably 
cleaner to use a nested message.
    
    Also, feel free to suggest different naming!


- Benjamin Hindman


On March 4, 2014, 7:09 a.m., Vinod Kone wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/18730/
> -----------------------------------------------------------
> 
> (Updated March 4, 2014, 7:09 a.m.)
> 
> 
> Review request for mesos, Adam B, Benjamin Hindman, and Niklas Nielsen.
> 
> 
> Bugs: MESOS-911
>     https://issues.apache.org/jira/browse/MESOS-911
> 
> 
> Repository: mesos-git
> 
> 
> Description
> -------
> 
> See summary.
> 
> 
> Diffs
> -----
> 
>   include/mesos/mesos.proto 37f8a7fcd23d467b1274c46c405b836510afbd49 
>   src/Makefile.am 61d832b89132be2cc5b8ae9bbf743685464f78a4 
>   src/authorizer/authorizer.hpp PRE-CREATION 
>   src/tests/authorization_tests.cpp PRE-CREATION 
>   src/tests/master_contender_detector_tests.cpp 
> 8da7420e18c7a960b566fae13a5975857eb777ee 
> 
> Diff: https://reviews.apache.org/r/18730/diff/
> 
> 
> Testing
> -------
> 
> make check
> 
> 
> Thanks,
> 
> Vinod Kone
> 
>

Reply via email to