----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/43199/#review118611 -----------------------------------------------------------
Fix it, then Ship it! Just a few clarification questions, but it looks good to me. docs/authorization.md (line 83) <https://reviews.apache.org/r/43199/#comment179893> I was surprised by this new part of the scenario, since you introduce the original only as a "scenario in which the accounting department launches a framework". Please introduce it as an extension of the previous scenario and start a new bullet list. Or say "scenario in which the accounting department launches a framework and then tries to destroy a persistent volume" docs/authorization.md (line 89) <https://reviews.apache.org/r/43199/#comment179896> "operating system user" still isn't quite right to me, especially in light of the abstraction of a "datacenter operating system", in which case this is not the "dcos user", but the linux(/windows) user on the local machine where the task is actually run. I'd prefer something more like the "agent machine's operating system userid", but that's so long. I was thinking "agent linux user" but I suppose it could be a windows user. "Agent local userid"? docs/authorization.md (line 185) <https://reviews.apache.org/r/43199/#comment179897> Does this mean that no other principal can register a framework at all? Or can they still register a framework with role '*'? docs/authorization.md (lines 220 - 221) <https://reviews.apache.org/r/43199/#comment179898> Would be kinda nice if the permissive bit could apply per-action instead of only globally. Amirite? docs/authorization.md (line 233) <https://reviews.apache.org/r/43199/#comment179899> What about unauthenticated frameworks that don't have principals? - Adam B On Feb. 9, 2016, 4:32 p.m., Greg Mann wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/43199/ > ----------------------------------------------------------- > > (Updated Feb. 9, 2016, 4:32 p.m.) > > > Review request for mesos, Neil Conway and Vinod Kone. > > > Bugs: MESOS-4452 > https://issues.apache.org/jira/browse/MESOS-4452 > > > Repository: mesos > > > Description > ------- > > Updated authorization documentation. > > Added information about the distinction between roles and principals, as well > as a real-world authorization example. > > > Diffs > ----- > > docs/authorization.md dbbfd60cb35cbb67e47b6a468d4f4ab824981e5d > > Diff: https://reviews.apache.org/r/43199/diff/ > > > Testing > ------- > > Viewed in the mesos website container: > https://github.com/mesosphere/mesos-website-container > > > Thanks, > > Greg Mann > >
