Hi Klaus, Thanks for your feedback.
On Mon, Nov 30, 2015 at 10:01 PM, Klaus Ma <[email protected]> wrote: > @Neil, just want to confirm about ACL, do you mean we will load role info > from 3rd part application, e.g. LDAP? I mean ACLs as in the authorization subsystem in Mesos: https://mesos.apache.org/documentation/latest/authorization/ > And as I mentioned in both design doc, why not build a RoleManager as > plugin for them? Both features are required following operator: > 1. check: check whether role is available > 2. create: create role in Master > 3. update: update role info > 4. destroy: delete the role > 5. persist: > 6. query: query from role manager. > master/allocator need role info during the operation Adam and I replied to your suggestion of a plugin API in the comments attached to the design doc. To recap: if we have implicit roles, I don't think we don't need dynamic roles, and vice versa. I don't think we need to support n possible ways to implement this functionality, along with the complexity of supporting a general-purpose plugin API for a core Mesos concept like roles. If there are use-cases for dynamic roles that aren't met by the combination of implicit roles, dynamic weights, and dynamic ACLs, I'd love to hear about them. Neil
