Re: Review Request 39988: [4/5] Added authorization for dynamic reservation master endpoints.

Fri, 13 Nov 2015 15:39:06 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/39988/#review106526
-----------------------------------------------------------



src/master/http.cpp (line 853)
<https://reviews.apache.org/r/39988/#comment165230>

    This looks problematic to me. 'this' will become invalid once this function 
returns. That means when `_reserve` is actually called after the authorization 
is done, it might be a dangling pointer.
    
    Instead, you can try to copy the http object (something like below):
    
    ```
    lambda::function<Future<Response>(bool)> _reserve =
      lambda::bind(
          &Master::Http::_operation,
          *this,
          slaveId,
          resources.flatten(),
          operation,
          lambda::_1);
    
    return master->authorizeReserveResources(operation.reserve(), principal)
      .then(defer(master->self(), _reserve));
    ```



src/master/http.cpp (lines 2037 - 2046)
<https://reviews.apache.org/r/39988/#comment165231>

    Ditto here.



src/tests/reservation_endpoints_tests.cpp (lines 1038 - 1062)
<https://reviews.apache.org/r/39988/#comment165236>

    Can you use createRequestBody and createBasicAuthHeaders like other tests?


- Jie Yu


On Nov. 13, 2015, 11:16 p.m., Greg Mann wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/39988/
> -----------------------------------------------------------
> 
> (Updated Nov. 13, 2015, 11:16 p.m.)
> 
> 
> Review request for mesos, Adam B, Jie Yu, Michael Park, and Till Toenshoff.
> 
> 
> Bugs: MESOS-3062
>     https://issues.apache.org/jira/browse/MESOS-3062
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Added authorization for dynamic reservation master endpoints.
> Note: this review is continued from https://reviews.apache.org/r/37126/
> 
> 
> Diffs
> -----
> 
>   src/master/http.cpp f4ec23d74e203b2a8f2af187f0e56fbde7d9b3e5 
>   src/master/master.hpp ead8520b7108a0f2c3a0bb11ae7b543897d111a2 
>   src/tests/reservation_endpoints_tests.cpp 
> 1552e4537c4f4d79bfa4bc17ccab2df630bc32a4 
> 
> Diff: https://reviews.apache.org/r/39988/diff/
> 
> 
> Testing
> -------
> 
> This is the fourth in a chain of 5 patches. Added new reservation endpoints 
> tests to validate authorization of reserve and unreserve operations using 
> ACLs. `make check` was run to test after all patches were applied.
> 
> 
> Thanks,
> 
> Greg Mann
> 
>

Reply via email to