> On March 23, 2015, 1:59 p.m., Joshua Cohen wrote:
> > Thanks, this is already much easier to follow.
> >
> > One general question on the overall approach: do you think the DRY benefits
> > of using composed `StructFieldGetter`s to generate the functions that allow
> > walking from the starting type to `JobKey` outweigh the readability
> > improvements of using a fully explicit mapping? I.e.
> >
> > Function<JobUpdateRequest, JobKey> UPDATE_REQUEST_TO_JOB_KEY = new
> > Function<...> {
> > @Override
> > public JobKey apply(JobUpdateRequest request) {
> > return request.getTaskConfig().getJobKey();
> > }
> > };
>
> Bill Farner wrote:
> I raised this question offline as well. It's not clear to me that this
> DRY-ness is worth the complexity. Required null checking in the call chain
> is one downside to the more direct approach you illustrated.
>
> Joshua Cohen wrote:
> Yeah, Kevin and I discussed offline and he mentioned the null checking.
> If that's really the only benefit, would it make sense to simply catch the
> NPE and return Optional.absent?
It's tricky as it doesn't generalize to TUnion (which will throw an
AssertionError rather than an NPE).
> On March 23, 2015, 1:59 p.m., Joshua Cohen wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/AuthorizingParam.java,
> > lines 22-23
> > <https://reviews.apache.org/r/32329/diff/2/?file=901781#file901781line22>
> >
> > nit: can re-wrap this after removing the package.
Done.
> On March 23, 2015, 1:59 p.m., Joshua Cohen wrote:
> > src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java,
> > line 110
> > <https://reviews.apache.org/r/32329/diff/2/?file=901793#file901793line110>
> >
> > should this be `DEPLOY_SERVICE.getUserName()` (same applies above if
> > so).
DRYed this up a bit.
> On March 23, 2015, 1:59 p.m., Joshua Cohen wrote:
> > src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java,
> > line 226
> > <https://reviews.apache.org/r/32329/diff/2/?file=901793#file901793line226>
> >
> > should we have a test that asserts we get `AUTH_FAILED` if a user other
> > than deploysvc tries to kill the ads job?
That case is covered immediately above.
> On March 23, 2015, 1:59 p.m., Joshua Cohen wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/AuthorizingParam.java,
> > line 22
> > <https://reviews.apache.org/r/32329/diff/3/?file=901954#file901954line22>
> >
> > Presumably this is the result of an automated rename of
> > ShiroThriftInterceptor, but I think we really want this to be
> > ShiroAuthorizingParamInterceptor now, right?
Yep, good catch.
> On March 23, 2015, 1:59 p.m., Joshua Cohen wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptor.java,
> > line 91
> > <https://reviews.apache.org/r/32329/diff/3/?file=901956#file901956line91>
> >
> > s/public//
Good catch.
> On March 23, 2015, 1:59 p.m., Joshua Cohen wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptor.java,
> > line 107
> > <https://reviews.apache.org/r/32329/diff/3/?file=901956#file901956line107>
> >
> > s/public// on all of these?
> >
> > (and add @VisibleForTesting presumably if not just make them private
> > obviously).
done.
> On March 23, 2015, 1:59 p.m., Joshua Cohen wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptor.java,
> > line 219
> > <https://reviews.apache.org/r/32329/diff/3/?file=901956#file901956line219>
> >
> > nit: can we rename the `key` param to be `method` to avoid confusion
> > with the job keys that we deal in elsewhere in this class?
Done.
> On March 23, 2015, 1:59 p.m., Joshua Cohen wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptor.java,
> > line 222
> > <https://reviews.apache.org/r/32329/diff/3/?file=901956#file901956line222>
> >
> > Would probably be helpful to add more detail to this exception (e.g.
> > "No parameter annotated with ... found on method " + method.getName())
Done.
> On March 23, 2015, 1:59 p.m., Joshua Cohen wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptor.java,
> > line 238
> > <https://reviews.apache.org/r/32329/diff/3/?file=901956#file901956line238>
> >
> > Is this the right value here? We want to log, e.g., "No path from
> > TaskConfigJobKey to JobKey"?
Good catch.
> On March 23, 2015, 1:59 p.m., Joshua Cohen wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptor.java,
> > line 304
> > <https://reviews.apache.org/r/32329/diff/3/?file=901956#file901956line304>
> >
> > As per the javadoc on this class, should we add validation that
> > authentication has happened and that the method returns a `Response`?
Added validation that the decorated method returns a Response. Shiro will fail
the isPermitted check if authentication hasn't happened, so a check here would
be redundant.
> On March 23, 2015, 1:59 p.m., Joshua Cohen wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptor.java,
> > line 313
> > <https://reviews.apache.org/r/32329/diff/3/?file=901956#file901956line313>
> >
> > s/invocation.getMethod()/method
Good catch.
> On March 23, 2015, 1:59 p.m., Joshua Cohen wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptor.java,
> > line 318
> > <https://reviews.apache.org/r/32329/diff/3/?file=901956#file901956line318>
> >
> > s/invocation.getMethod()/method
doubly good catch.
> On March 23, 2015, 1:59 p.m., Joshua Cohen wrote:
> > src/main/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterface.java,
> > lines 406-407
> > <https://reviews.apache.org/r/32329/diff/3/?file=901961#file901961line406>
> >
> > undo?
undone
> On March 23, 2015, 1:59 p.m., Joshua Cohen wrote:
> > src/main/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterface.java,
> > lines 533-536
> > <https://reviews.apache.org/r/32329/diff/3/?file=901961#file901961line533>
> >
> > undo?
undone
> On March 23, 2015, 1:59 p.m., Joshua Cohen wrote:
> > src/main/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterface.java,
> > lines 1009-1012
> > <https://reviews.apache.org/r/32329/diff/3/?file=901961#file901961line1009>
> >
> > undo?
undone.
> On March 23, 2015, 1:59 p.m., Joshua Cohen wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/StructGetter.java,
> > line 29
> > <https://reviews.apache.org/r/32329/diff/3/?file=901959#file901959line29>
> >
> > do we need javadoc here? (If so, should we update checkstyle to enforce
> > this?)
Added.
- Kevin
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/32329/#review77289
-----------------------------------------------------------
On March 27, 2015, 4:14 p.m., Kevin Sweeney wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/32329/
> -----------------------------------------------------------
>
> (Updated March 27, 2015, 4:14 p.m.)
>
>
> Review request for Aurora, Joshua Cohen and Bill Farner.
>
>
> Bugs: AURORA-1187
> https://issues.apache.org/jira/browse/AURORA-1187
>
>
> Repository: aurora
>
>
> Description
> -------
>
> Apologies for the large diff, this wound up needing to input validation at
> the AOP layer.
>
> Probably the best place to start reading this diff is ApiSecurityIT to see
> the feature this patch enables.
>
>
> Diffs
> -----
>
> config/pmd/custom.xml 521fd500146eb2e45f8e77c5c3c0cce330fedabb
> src/main/java/org/apache/aurora/scheduler/http/api/ApiBeta.java
> 827e85b6cac8bd52359610bbc2002973a769705c
> src/main/java/org/apache/aurora/scheduler/http/api/ApiModule.java
> 2408cd1f9af5f109a339f5c78134465cb117f7fc
>
> src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java
> ec6a02c4086ee0d5a7529083030d978ea889f677
>
> src/main/java/org/apache/aurora/scheduler/http/api/security/AuthorizingParam.java
> 808987939b2c4a850e488dc033b50b0178e95ba0
>
> src/main/java/org/apache/aurora/scheduler/http/api/security/FieldGetter.java
> PRE-CREATION
>
> src/main/java/org/apache/aurora/scheduler/http/api/security/FieldGetters.java
> PRE-CREATION
>
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthenticatingThriftInterceptor.java
> PRE-CREATION
>
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptor.java
> PRE-CREATION
>
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroThriftInterceptor.java
> 4e341e05c34b1be38f0040c26b671a0cc797a771
>
> src/main/java/org/apache/aurora/scheduler/http/api/security/ThriftFieldGetter.java
> PRE-CREATION
>
> src/main/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterface.java
> 5588d1793d6713ee4581ac9f938d9a8689acb315
> src/main/java/org/apache/aurora/scheduler/thrift/aop/AopModule.java
> bdd2185f3a7a94b39bcec3c73455e970d87f0c6a
> src/test/java/org/apache/aurora/scheduler/http/api/ApiBetaTest.java
> cafd10f6b705568588c1b92644b482003242fe2e
> src/test/java/org/apache/aurora/scheduler/http/api/ApiIT.java
> ed284f46ac8f01bd6d9e317f995f16d6e666a68d
>
> src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java
> 76cb691e6d7d4fada3a18fde73aceed7039bcaa4
>
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthenticatingThriftInterceptorTest.java
> PRE-CREATION
>
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java
> PRE-CREATION
>
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroThriftInterceptorTest.java
> d2ba2730c4509dc9a636fd32e9244b0d7fa2884f
>
> src/test/java/org/apache/aurora/scheduler/http/api/security/ThriftFieldGetterTest.java
> PRE-CREATION
> src/test/java/org/apache/aurora/scheduler/thrift/ThriftIT.java
> 1f24e7d47e1f777ffef19a73d01171fcacd31cdb
> src/test/java/org/apache/aurora/scheduler/thrift/aop/AopModuleTest.java
> d20c9da3c4944ec8c50fe8d48b7e459ff1c7082b
>
> Diff: https://reviews.apache.org/r/32329/diff/
>
>
> Testing
> -------
>
> ./gradlew -Pq build
>
>
> Thanks,
>
> Kevin Sweeney
>
>
