Re: Review Request 36049: Added support for modularized Authorizer

Till Toenshoff Tue, 07 Jul 2015 15:13:27 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/36049/#review90774
-----------------------------------------------------------



There are some nits and slight inconsistencies but overall I think we are in 
good shape here.


src/local/local.cpp (line 217)
<https://reviews.apache.org/r/36049/#comment143899>

    Capital "The" please.



src/local/local.cpp (line 220)
<https://reviews.apache.org/r/36049/#comment143898>

    Please start with a capital "Add" after that colon.



src/local/local.cpp (lines 227 - 228)
<https://reviews.apache.org/r/36049/#comment143900>

    I think we should rephrase the message here;
    
    ```
    "Could not create '" << flags.authorizers << "' authorizer: " << 
create.error()
    ```



src/local/local.cpp (line 232)
<https://reviews.apache.org/r/36049/#comment143903>

    For validating the configuration, I always found it very helpful that we 
were showing the activated authenticator name/s in the master log -- hence I 
would like to suggest to do the same here as well;
    
    ```
    LOG(INFO) << "Using '" << flags.authorizers << "' authorizer";
    ```



src/local/local.cpp (line 234)
<https://reviews.apache.org/r/36049/#comment143909>

    I am assuming that the `LocalAuthorizer` should be considered unusable 
should its initialize function ever fail.
    
    My most favored solution here would be to log the failure and make sure 
that `authorizer` remains unset so that we can operate without any 
authorization. That would be following the approach of the authenticator 
`initialize` failure handling.
    
    ```
     Try<Nothing> initialize = authorizer.get()->initialize(flags.acls.get());
     
     if (initialize.isError()) {
      // A failure to initialize the authorizer does lead to unusable 
authorization
      // but allows actions to skip authorization.
      LOG(WARNING) << "Authorization is disabled: Failed to initialize '"
                   << flags.authorizers << "' authorizer: " << 
initialize.error();
      delete authorizer.get();
      authorizer = None();
    }
    ```
    
    Inherited from  
https://github.com/apache/mesos/blob/master/src/master/master.cpp#L484



src/master/flags.cpp (line 230)
<https://reviews.apache.org/r/36049/#comment143910>

    s/authorizer/authorizers/



src/master/flags.cpp (line 231)
<https://reviews.apache.org/r/36049/#comment143911>

    Lets make sure we match the flag name and also replace that "default" by 
the actual  implementation name.
    
    ```
      "Note that if the flag --authorizers is provided with a value different\n"
      "than '" + DEFAULT_AUTHORIZER + "', the ACLs contents will be ignored.\n"
      "\n"
    ```



src/master/flags.cpp (line 421)
<https://reviews.apache.org/r/36049/#comment143912>

    s/authorizer/authorizers/
    
    Please sure you check if you properly renamed that flag in all references. 
Thanks Alexander :)



src/master/flags.cpp (lines 423 - 424)
<https://reviews.apache.org/r/36049/#comment143913>

    That looks like weird wrapping to me.



src/master/main.cpp (lines 301 - 317)
<https://reviews.apache.org/r/36049/#comment143916>

    See my comments on local.cpp starting at line 217 ff. regarding this entire 
block.


- Till Toenshoff


On July 7, 2015, 7:34 a.m., Alexander Rojas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/36049/
> -----------------------------------------------------------
> 
> (Updated July 7, 2015, 7:34 a.m.)
> 
> 
> Review request for mesos, Adam B and Till Toenshoff.
> 
> 
> Bugs: MESOS-2947
>     https://issues.apache.org/jira/browse/MESOS-2947
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Adds and integrates helper classes needed to support an `Authorizer` module. 
> Also adds a flag to the master, allowing the selection of an `Authorizer` 
> module.
> 
> 
> Diffs
> -----
> 
>   include/mesos/authorizer/authorizer.hpp PRE-CREATION 
>   include/mesos/module/authorizer.hpp PRE-CREATION 
>   src/Makefile.am addb63f615f16ae6b25f745b2e79fd9fc0e27851 
>   src/authorizer/authorizer.cpp PRE-CREATION 
>   src/local/local.cpp 1953d84c75a83f4ace944d6243456235d8a193ff 
>   src/master/constants.hpp 7cec18b7fdfd3b96cde42a30d217c026b2695dce 
>   src/master/constants.cpp fbcae60c43e835f96ec061bd0e9f7961e31fc341 
>   src/master/flags.hpp f2cd19a6edfaa4e5bb31f024ef8d5beda32fbc2f 
>   src/master/flags.cpp 60ac64d98d53f74f904846b27a3833a7c44a9756 
>   src/master/main.cpp 2624b7ea4920a534c98f5dfbf9286c54c50f11a9 
>   src/module/manager.cpp 909ca56eea85d365cb9ebe1b3cce43051cabb670 
>   src/tests/cluster.hpp cfe7ef0c7a6dc62cddc3e5f5b5b28c8bcb2bed26 
> 
> Diff: https://reviews.apache.org/r/36049/diff/
> 
> 
> Testing
> -------
> 
> make check
> 
> 
> Thanks,
> 
> Alexander Rojas
> 
>

Re: Review Request 36049: Added support for modularized Authorizer

Reply via email to