[jira] [Commented] (MESOS-9668) Add authorization support for the new `GET_QUOTA` call.

Tue, 23 Jul 2019 15:36:46 -0700 


    [ 
https://issues.apache.org/jira/browse/MESOS-9668?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16891427#comment-16891427
 ] 

Meng Zhu commented on MESOS-9668:
---------------------------------

{noformat}
commit 756e212ee91f9b65fb5f90d627b41c9b8c22a319 (HEAD -> master, origin/master, 
apache/master)
Author: Meng Zhu <m...@mesosphere.io>
Date:   Mon Jul 22 14:36:47 2019 -0700

    Removed `quota_info` in the `GET_QUOTA` authorization object.

    Currently, the `GET_QUOTA` authorizable action set both  `value`
    and `quota_info` fields. The `value` field is set due to
    backward compatibility for the `GET_QUOTA_WITH_ROLE` action.

    This patch makes the `GET_QUOTA` action only set the `value`
    field with the role name. Since the `quota.QuotaInfo` field
    is being deprecated, it is no longer set (the local authorizer
    only looks at the `value` field, it is also probably the case
    for any external authorizer modules).

    Also refactored `QuotaHandler::status`.

    Review: https://reviews.apache.org/r/71139
{noformat}


> Add authorization support for the new `GET_QUOTA` call.
> -------------------------------------------------------
>
>                 Key: MESOS-9668
>                 URL: https://issues.apache.org/jira/browse/MESOS-9668
>             Project: Mesos
>          Issue Type: Improvement
>            Reporter: Meng Zhu
>            Assignee: Meng Zhu
>            Priority: Major
>              Labels: mesosphere, resource-management
>
> The new `GET_QUOTA` call will return QUOTA_CONFIGS:
> // Used in GET_QUOTA and returned by GET /quota
> //
> // Overall cluster quota status, including all roles, their quota 
> configurations and current state (e.g. consumed and effective limits)
> message QuotaStatus {
>        repeated QuotaInfo infos [deprecated = true];
>        repeated QuotaConfig configs; 
> }
> Currently, the GET_QUOTA authorizable action set both value
> and quota_info fields. The value field is set due to
> backward compatibility for the GET_QUOTA_WITH_ROLE action.
> We should make the GET_QUOTA action only set the value
> field with the role name. Since the quota.QuotaInfo field
> is being deprecated, it should not be set (the local authorizer
> only looks at the value field, it is also probably the case
> for any external authorizer modules).



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

Reply via email to