> On March 9, 2016, 10:31 p.m., Adam B wrote: > > src/master/validation.cpp, line 381 > > <https://reviews.apache.org/r/44570/diff/3/?file=1293312#file1293312line381> > > > > It may be sufficient to only check `if (task.has_owner() && > > task.has_executor())` since a custom executor should set the owner on the > > ExecutorInfo not the TaskInfo. > > Jan Schlicht wrote: > That is if the `ExecutorInfo` is reused in a `TaskInfo` it's sufficient > to check for that? That makes sense because the `ExecutorInfo` validation > compares the `ExecutorId` against the ones of existing `ExecutorInfo`s. But > how'd we make sure that the owner is set in `ExecutorInfo` if that executor > isn't existing yet?
Well, we can't enforce that the owner field has to be set, since that would break backwards compatibility. It's an optional field, so even if a custom ExecutorInfo is provided, the owner field may not be set. Here's what's allowed: a) !task.has_executor() && (task.has_owner() || !task.has_owner()) // Default executor, may or may not have owner set. b) task.has_executor() && !task.has_owner() && (task.executor().has_owner() || !task.executor().has_owner()) // Custom executor, may or may not have owner set; taskInfo does not have an owner set. Here's what's not allowed: x) task.has_executor() && task.has_owner() && task.executor().has_owner() // How can the task have a different owner than the executor? y) task.has_executor() && task.has_owner() && !task.executor().has_owner() // Why would the task have an owner but the executor doesn't? - Adam ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/44570/#review122887 ----------------------------------------------------------- On March 10, 2016, 4:49 a.m., Jan Schlicht wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/44570/ > ----------------------------------------------------------- > > (Updated March 10, 2016, 4:49 a.m.) > > > Review request for mesos, Adam B and Joerg Schad. > > > Bugs: MESOS-4772 > https://issues.apache.org/jira/browse/MESOS-4772 > > > Repository: mesos > > > Description > ------- > > To be able to authenticate HTTP requests for tasks, the authorizer has to > determine who owns the tasks. This is achieved by adding an owner field to > TaskInfo and ExecutorInfo. > > > Diffs > ----- > > include/mesos/mesos.proto 3d22ec32655dca741169e1f0e382303e061c38b7 > include/mesos/v1/mesos.proto 31960a52061f70d80528fb8326522ae1d6f75b2c > src/master/validation.hpp 29dbdf1da540db4966ff9e86037badde06e69a4b > src/master/validation.cpp 820a9faee6fde09a98317854b181fe897167e2ca > src/tests/master_validation_tests.cpp > c9bc38ce604d2d44d6e6b1286507d1c45e5e9e25 > > Diff: https://reviews.apache.org/r/44570/diff/ > > > Testing > ------- > > make check > > > Thanks, > > Jan Schlicht > >