> On April 14, 2016, 5:10 p.m., Greg Mann wrote:
> > src/master/validation.hpp, line 47
> > <https://reviews.apache.org/r/46115/diff/2/?file=1344573#file1344573line47>
> >
> >     Do we really want to have a default value for an argument to a 
> > validation function? It makes me a bit uneasy; if the caller wants a `Call` 
> > message to be validated, shouldn't we require them to provide the exact 
> > data to validated, without making assumptions for them?

Unfortunately, this method is also used by the validation function in `receive` 
of master: 
https://github.com/apache/mesos/blob/master/src/master/master.cpp#L1952 by 
driver based frameworks.


> On April 14, 2016, 5:10 p.m., Greg Mann wrote:
> > src/master/validation.cpp, lines 79-81
> > <https://reviews.apache.org/r/46115/diff/2/?file=1344574#file1344574line79>
> >
> >     What about: `if (principal.isSome() && frameworkInfo.has_principal() && 
> > principal != frameworkInfo.principal())`?

My bad, the previous version had two `if` statements. But, I ended up moving 
one but forgot to clean this up.


- Anand


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46115/#review128914
-----------------------------------------------------------


On April 14, 2016, 5:46 p.m., Anand Mazumdar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46115/
> -----------------------------------------------------------
> 
> (Updated April 14, 2016, 5:46 p.m.)
> 
> 
> Review request for mesos, Greg Mann and Vinod Kone.
> 
> 
> Bugs: MESOS-3923
>     https://issues.apache.org/jira/browse/MESOS-3923
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This change adds AuthN support for HTTP based frameworks.
> 
> We allow AuthZ without AuthN for `/scheduler` endpoint. Also,
> we ensure that `FrameworkInfo.principal` (if present) equals
> the authenticated principal. We also allow a framework to
> omit specifying the `FrameworkInfo.principal` in case
> it is not interested in authorization or if it is disabled.
> We do log a warning for this cases similar to what driver
> based frameworks already do.
> 
> 
> Diffs
> -----
> 
>   src/master/http.cpp b8a83b58b60416f61610cad16fc6f70028a5ee10 
>   src/master/master.hpp 1f480f03900a0dc2996c2ed3a9534dfa8036940f 
>   src/master/master.cpp 781402c04fded159183e1ca28894e48355200f0c 
>   src/master/validation.hpp d1f2323172cbf3bb052942a119b8531f9ccad48d 
>   src/master/validation.cpp 13423436a4e6361fde6fa75133eebf5c02c8381f 
> 
> Diff: https://reviews.apache.org/r/46115/diff/
> 
> 
> Testing
> -------
> 
> make check. Enabled AuthN for all the tests later in the chain.
> 
> 
> Thanks,
> 
> Anand Mazumdar
> 
>

Reply via email to