-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46203/#review130736
-----------------------------------------------------------



Mostly minor nits and a couple of questions about url->acl matching.


src/slave/http.cpp (line 785)
<https://reviews.apache.org/r/46203/#comment194604>

    `s/request_/httpRequest/`, for readability? Those are two very different 
kinds of requests.



src/slave/http.cpp (lines 813 - 816)
<https://reviews.apache.org/r/46203/#comment194607>

    Can you put this further down, just above the call to 
`authorized(request)`? I'd prefer to keep the request construction logic 
together, where we set subject/action/object



src/slave/slave.hpp (line 473)
<https://reviews.apache.org/r/46203/#comment194608>

    s/method/`method`/ so it's obvious that you're talking about an actual 
variable/protobuf/field named 'method'



src/authorizer/local/authorizer.cpp (line 213)
<https://reviews.apache.org/r/46203/#comment194609>

    Does this only match exact strings, or endpoints nested under this path as 
well?
    For example, could I set an ACL that allows Dan to access "/monitor", and 
then he's implicitly allowed to access "/monitor/statistics"?
    Maybe not necessary for LocalAuthorizer MVP, but seems valuable.



src/slave/flags.cpp (line 464)
<https://reviews.apache.org/r/46203/#comment194610>

    Update these to match configuration.md



src/slave/http.cpp (lines 374 - 377)
<https://reviews.apache.org/r/46203/#comment194616>

    Yikes! A 20 char indent is intense, and this wrapping seems extreme. Can we 
do `using flags::Flag` or `s/slaveFlags/flags/` or even split it out into a 
named function rather than an anonymous inline lambda? Something to make this 
fit on one line



src/slave/http.cpp (line 795)
<https://reviews.apache.org/r/46203/#comment194618>

    What happens if the request is for `/slave(0)/flags/`? Does the trailing 
slash get removed before comparing against the ACL, or will it fail to match?
    This should be clearly documented.



src/tests/slave_authorization_tests.cpp (line 11)
<https://reviews.apache.org/r/46203/#comment194619>

    s/writiDng/writing/



src/tests/slave_authorization_tests.cpp (lines 58 - 66)
<https://reviews.apache.org/r/46203/#comment194623>

    Isn't this literally the same code in authorization_tests.cpp? Can we 
factor this into a common header?
    (And fix the `Parameter *` wherever it lands.)


- Adam B


On April 27, 2016, 2:20 a.m., Jan Schlicht wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46203/
> -----------------------------------------------------------
> 
> (Updated April 27, 2016, 2:20 a.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rojas, and Benjamin Bannier.
> 
> 
> Bugs: MESOS-5142
>     https://issues.apache.org/jira/browse/MESOS-5142
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> See summary.
> 
> 
> Diffs
> -----
> 
>   docs/configuration.md 2796a812b72f2089999b1ae2d65a4ba843b50d70 
>   include/mesos/authorizer/acls.proto 
> c50deeb5565dfd5b3e5e7210283d9a36a3bfd579 
>   include/mesos/authorizer/authorizer.proto 
> 40d93ea257d1df8d22eee8a21667db90d579a8fe 
>   src/Makefile.am e024c6d65608a55765e527a8668c415723dcfcca 
>   src/authorizer/local/authorizer.cpp 
> 0a3805fe4ce8eb89e096e8cd4326035513ba892b 
>   src/slave/flags.cpp a319d60c006d1104836c1c40f3617ceac9cb7b1e 
>   src/slave/http.cpp 537736d1fe42e8150bad91326299ef9a17041a8e 
>   src/slave/slave.hpp 57b18882e30e44dcc40449b0e3be8ee970c45bc8 
>   src/tests/slave_authorization_tests.cpp PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/46203/diff/
> 
> 
> Testing
> -------
> 
> make check
> 
> 
> Thanks,
> 
> Jan Schlicht
> 
>

Reply via email to