-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43199/#review118611
-----------------------------------------------------------


Fix it, then Ship it!




Just a few clarification questions, but it looks good to me.


docs/authorization.md (line 83)
<https://reviews.apache.org/r/43199/#comment179893>

    I was surprised by this new part of the scenario, since you introduce the 
original only as a "scenario in which the accounting department launches a 
framework".
    Please introduce it as an extension of the previous scenario and start a 
new bullet list.
    Or say "scenario in which the accounting department launches a framework 
and then tries to destroy a persistent volume"



docs/authorization.md (line 89)
<https://reviews.apache.org/r/43199/#comment179896>

    "operating system user" still isn't quite right to me, especially in light 
of the abstraction of a "datacenter operating system", in which case this is 
not the "dcos user", but the linux(/windows) user on the local machine where 
the task is actually run. I'd prefer something more like the "agent machine's 
operating system userid", but that's so long. I was thinking "agent linux user" 
but I suppose it could be a windows user. "Agent local userid"?



docs/authorization.md (line 185)
<https://reviews.apache.org/r/43199/#comment179897>

    Does this mean that no other principal can register a framework at all? Or 
can they still register a framework with role '*'?



docs/authorization.md (lines 220 - 221)
<https://reviews.apache.org/r/43199/#comment179898>

    Would be kinda nice if the permissive bit could apply per-action instead of 
only globally. Amirite?



docs/authorization.md (line 233)
<https://reviews.apache.org/r/43199/#comment179899>

    What about unauthenticated frameworks that don't have principals?


- Adam B


On Feb. 9, 2016, 4:32 p.m., Greg Mann wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/43199/
> -----------------------------------------------------------
> 
> (Updated Feb. 9, 2016, 4:32 p.m.)
> 
> 
> Review request for mesos, Neil Conway and Vinod Kone.
> 
> 
> Bugs: MESOS-4452
>     https://issues.apache.org/jira/browse/MESOS-4452
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Updated authorization documentation.
> 
> Added information about the distinction between roles and principals, as well 
> as a real-world authorization example.
> 
> 
> Diffs
> -----
> 
>   docs/authorization.md dbbfd60cb35cbb67e47b6a468d4f4ab824981e5d 
> 
> Diff: https://reviews.apache.org/r/43199/diff/
> 
> 
> Testing
> -------
> 
> Viewed in the mesos website container: 
> https://github.com/mesosphere/mesos-website-container
> 
> 
> Thanks,
> 
> Greg Mann
> 
>

Reply via email to