----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/46203/#review130736 -----------------------------------------------------------
Mostly minor nits and a couple of questions about url->acl matching. src/slave/http.cpp (line 785) <https://reviews.apache.org/r/46203/#comment194604> `s/request_/httpRequest/`, for readability? Those are two very different kinds of requests. src/slave/http.cpp (lines 813 - 816) <https://reviews.apache.org/r/46203/#comment194607> Can you put this further down, just above the call to `authorized(request)`? I'd prefer to keep the request construction logic together, where we set subject/action/object src/slave/slave.hpp (line 473) <https://reviews.apache.org/r/46203/#comment194608> s/method/`method`/ so it's obvious that you're talking about an actual variable/protobuf/field named 'method' src/authorizer/local/authorizer.cpp (line 213) <https://reviews.apache.org/r/46203/#comment194609> Does this only match exact strings, or endpoints nested under this path as well? For example, could I set an ACL that allows Dan to access "/monitor", and then he's implicitly allowed to access "/monitor/statistics"? Maybe not necessary for LocalAuthorizer MVP, but seems valuable. src/slave/flags.cpp (line 464) <https://reviews.apache.org/r/46203/#comment194610> Update these to match configuration.md src/slave/http.cpp (lines 374 - 377) <https://reviews.apache.org/r/46203/#comment194616> Yikes! A 20 char indent is intense, and this wrapping seems extreme. Can we do `using flags::Flag` or `s/slaveFlags/flags/` or even split it out into a named function rather than an anonymous inline lambda? Something to make this fit on one line src/slave/http.cpp (line 795) <https://reviews.apache.org/r/46203/#comment194618> What happens if the request is for `/slave(0)/flags/`? Does the trailing slash get removed before comparing against the ACL, or will it fail to match? This should be clearly documented. src/tests/slave_authorization_tests.cpp (line 11) <https://reviews.apache.org/r/46203/#comment194619> s/writiDng/writing/ src/tests/slave_authorization_tests.cpp (lines 58 - 66) <https://reviews.apache.org/r/46203/#comment194623> Isn't this literally the same code in authorization_tests.cpp? Can we factor this into a common header? (And fix the `Parameter *` wherever it lands.) - Adam B On April 27, 2016, 2:20 a.m., Jan Schlicht wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/46203/ > ----------------------------------------------------------- > > (Updated April 27, 2016, 2:20 a.m.) > > > Review request for mesos, Adam B, Alexander Rojas, and Benjamin Bannier. > > > Bugs: MESOS-5142 > https://issues.apache.org/jira/browse/MESOS-5142 > > > Repository: mesos > > > Description > ------- > > See summary. > > > Diffs > ----- > > docs/configuration.md 2796a812b72f2089999b1ae2d65a4ba843b50d70 > include/mesos/authorizer/acls.proto > c50deeb5565dfd5b3e5e7210283d9a36a3bfd579 > include/mesos/authorizer/authorizer.proto > 40d93ea257d1df8d22eee8a21667db90d579a8fe > src/Makefile.am e024c6d65608a55765e527a8668c415723dcfcca > src/authorizer/local/authorizer.cpp > 0a3805fe4ce8eb89e096e8cd4326035513ba892b > src/slave/flags.cpp a319d60c006d1104836c1c40f3617ceac9cb7b1e > src/slave/http.cpp 537736d1fe42e8150bad91326299ef9a17041a8e > src/slave/slave.hpp 57b18882e30e44dcc40449b0e3be8ee970c45bc8 > src/tests/slave_authorization_tests.cpp PRE-CREATION > > Diff: https://reviews.apache.org/r/46203/diff/ > > > Testing > ------- > > make check > > > Thanks, > > Jan Schlicht > >
