----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/45922/#review129694 -----------------------------------------------------------
Looks great. So very close! Just an unnecessary slave::start() parameter in cluster.hpp, and dubious error when authorization is completely disabled in a test. I'll review the /flags authz now, so I can see how these flags/APIs will be used. docs/configuration.md (line 889) <https://reviews.apache.org/r/45922/#comment193214> `s/flag --authorizer/--authorizer flag/` docs/configuration.md (line 890) <https://reviews.apache.org/r/45922/#comment193213> s/different/other/ docs/configuration.md (line 932) <https://reviews.apache.org/r/45922/#comment193215> `s/flag --authorizer/--authorizer flag/` docs/configuration.md (line 933) <https://reviews.apache.org/r/45922/#comment193222> s/different/other/ docs/configuration.md (line 935) <https://reviews.apache.org/r/45922/#comment193219> "See the ACLs protobuf in authorizer.proto for the expected format." (like in the flags) Or is this really "acls.proto" now? src/slave/flags.cpp (line 453) <https://reviews.apache.org/r/45922/#comment193217> `s/flag --authorizer/--authorizer flag/` src/slave/flags.cpp (line 454) <https://reviews.apache.org/r/45922/#comment193218> s/different/other/ src/slave/flags.cpp (line 457) <https://reviews.apache.org/r/45922/#comment193229> Isn't this acls.proto now? src/slave/flags.cpp (line 733) <https://reviews.apache.org/r/45922/#comment193220> `--authorizer flag` src/slave/flags.cpp (line 734) <https://reviews.apache.org/r/45922/#comment193221> s/different/other/ src/slave/main.cpp (line 291) <https://reviews.apache.org/r/45922/#comment193223> `s/flag --foo/--foo flag/g` src/slave/main.cpp (line 292) <https://reviews.apache.org/r/45922/#comment193224> "non-default" s/it will be used and // src/tests/cluster.hpp (line 151) <https://reviews.apache.org/r/45922/#comment193225> Why do you even need the overload for the authorizer here? Seems like most tests will either provide --acls and use the default, or set the modules/authorizer flags. We can leave this part out until a test needs it. src/tests/cluster.cpp (lines 406 - 412) <https://reviews.apache.org/r/45922/#comment193228> Why is it an error to start an agent with no authorizer and no ACLs? What if I don't want to do any authorization? src/tests/mesos.cpp (line 179) <https://reviews.apache.org/r/45922/#comment193226> "Set default (permissive) ACLs." src/tests/mesos.cpp (line 180) <https://reviews.apache.org/r/45922/#comment193227> This assumes we separate master and agent ACLs in the local authorizer, which your next patch seems to ignore - Adam B On April 18, 2016, 2:49 a.m., Jan Schlicht wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/45922/ > ----------------------------------------------------------- > > (Updated April 18, 2016, 2:49 a.m.) > > > Review request for mesos, Adam B and Alexander Rojas. > > > Bugs: MESOS-5142 > https://issues.apache.org/jira/browse/MESOS-5142 > > > Repository: mesos > > > Description > ------- > > See summary. > > > Diffs > ----- > > docs/configuration.md cd9733002a0940f44edd4e56593a0ca3fe9f77f5 > src/local/local.cpp df72ac52110b75d63df1076496b48e63d06d42ce > src/slave/constants.hpp 9978c11fec40055dd42f19c20cd3e9fef4e78cea > src/slave/flags.hpp ee520acc459564fe68272950948fc80c5e24513a > src/slave/flags.cpp 10d2974bd2b6e79255fc894979607f0d2d00c315 > src/slave/main.cpp 38bd00584dd9c6a872398678b2288edeed1cd2a4 > src/slave/slave.hpp f78c1b4e4d5378ef7223c6eb3ea45491c30fb4c1 > src/slave/slave.cpp d82dec2b10d496065013eb4ad6a35dc054b72553 > src/tests/cluster.hpp 887342acc72b33b4c904d610da47394f9a7d7188 > src/tests/cluster.cpp 31d2556a078429dd45315aa74cd21ad436372d31 > src/tests/mesos.hpp e4b63d41d883807ac39846799468b80e88c84e0b > src/tests/mesos.cpp b5937af7713e1ee2af475518b3e968b2defa8beb > > Diff: https://reviews.apache.org/r/45922/diff/ > > > Testing > ------- > > make check > > > Thanks, > > Jan Schlicht > >
