> On Dec. 17, 2015, 1:17 a.m., Michael Park wrote: > > src/master/http.cpp, lines 1000-1006 > > <https://reviews.apache.org/r/41472/diff/1/?file=1167118#file1167118line1000> > > > > Hm, should this be added to `validation::operation::validate` instead? > > That way if/when we have frameworks reserving for specific roles, it'll > > just work? > > Neil Conway wrote: > I thought about that, but it would require passing either the role > whitelist or a pointer to the master itself into the > `validation::operation::validate()` -- both of which seemed like they would > be regrettable changes to make. What do you think? > > Adam B wrote: > I'm fine with it as is, but I'll wait for @mcypark to make the call. > > Michael Park wrote: > To me, it seems natural to have to pass whatever state is necessary to > perform validation properly. > The `offer` validation for example takes `Master*` since it needs some > information from the master. > > ```cpp > // Validates the given offers. > Option<Error> validate( > const google::protobuf::RepeatedPtrField<OfferID>& offerIds, > Master* master, > Framework* framework); > ``` > > Ideally, we would pass along something more constrained than "all of > master", similar to `CreateVolume` validation. > > ```cpp > // Validates the CREATE operation. We need slave's checkpointed > // resources so that we can validate persistence ID uniqueness. > Option<Error> validate( > const Offer::Operation::Create& create, > const Resources& checkpointedResources); > ``` > > Here, `checkpointedResources` is a part of the master state. Passing > along the role whitelist would be similar to this case. > > What do you think?
I started implementing this: https://gist.github.com/neilconway/b6dc7a3b6eb84f187923 However, it also requires changes to the tests in `ReserveOperationValidationTest`, which will be non-trivial. Personally, given that (a) making the check in `http.cpp` is functionally fine (b) we're going to remove the role whitelist in ~six months anyway, I'd vote for keeping the current approach and not moving the checking of the role whitelist into `::validate`. I'll add a TODO, although I suspect we'll remove all this code before anyone gets around to implementing it :) - Neil ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/41472/#review110830 ----------------------------------------------------------- On Dec. 16, 2015, 10:48 p.m., Neil Conway wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/41472/ > ----------------------------------------------------------- > > (Updated Dec. 16, 2015, 10:48 p.m.) > > > Review request for mesos, Adam B and Michael Park. > > > Bugs: MESOS-4143 > https://issues.apache.org/jira/browse/MESOS-4143 > > > Repository: mesos > > > Description > ------- > > Also added a test that dynamic reservations via the "/reserve" endpoint are > allowed when using implicit roles. > > > Diffs > ----- > > src/master/http.cpp 8dfd67f7d51b8395953d6beb77b2d71bc538eacd > src/tests/reservation_endpoints_tests.cpp > b8edd6fafedd4c2221a8d19c1ebc71254071a8c7 > > Diff: https://reviews.apache.org/r/41472/diff/ > > > Testing > ------- > > make check > > > Thanks, > > Neil Conway > >