> On April 27, 2016, 11:29 a.m., Adam B wrote: > > src/authorizer/local/authorizer.cpp, line 213 > > <https://reviews.apache.org/r/46203/diff/18/?file=1362273#file1362273line213> > > > > Does this only match exact strings, or endpoints nested under this path > > as well? > > For example, could I set an ACL that allows Dan to access "/monitor", > > and then he's implicitly allowed to access "/monitor/statistics"? > > Maybe not necessary for LocalAuthorizer MVP, but seems valuable. > > Jan Schlicht wrote: > It only matches exact strings. Doing matching of "layers" like you're > suggesting above would require more effort and IMO shouldn't be part of this > patch. > > Jan Schlicht wrote: > Had a discussion with @arojas about this. It seems not that hard to > implement, but I'm still confident that we shouldn't do it in this patch but > in a separate one. I'll add a TODO in the file. > > Alexander Rukletsov wrote: > Please file a JIRA as well.
JIRA: [MESOS-5299](https://issues.apache.org/jira/browse/MESOS-5299) - Jan ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/46203/#review130736 ----------------------------------------------------------- On April 27, 2016, 4:32 p.m., Jan Schlicht wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/46203/ > ----------------------------------------------------------- > > (Updated April 27, 2016, 4:32 p.m.) > > > Review request for mesos, Adam B, Alexander Rojas, and Benjamin Bannier. > > > Bugs: MESOS-5142 > https://issues.apache.org/jira/browse/MESOS-5142 > > > Repository: mesos > > > Description > ------- > > See summary. > > > Diffs > ----- > > docs/configuration.md 2796a812b72f2089999b1ae2d65a4ba843b50d70 > include/mesos/authorizer/acls.proto > c50deeb5565dfd5b3e5e7210283d9a36a3bfd579 > include/mesos/authorizer/authorizer.proto > 40d93ea257d1df8d22eee8a21667db90d579a8fe > src/Makefile.am e024c6d65608a55765e527a8668c415723dcfcca > src/authorizer/local/authorizer.cpp > 0a3805fe4ce8eb89e096e8cd4326035513ba892b > src/slave/flags.cpp a319d60c006d1104836c1c40f3617ceac9cb7b1e > src/slave/http.cpp 537736d1fe42e8150bad91326299ef9a17041a8e > src/slave/slave.hpp 57b18882e30e44dcc40449b0e3be8ee970c45bc8 > src/tests/authorization_tests.cpp d4ef0f94c86b1287c98671c5d478ce6ac3d90636 > src/tests/mesos.hpp 78edab89e6c13ff0892b2f3b5cb6886f08b02c82 > src/tests/slave_authorization_tests.cpp PRE-CREATION > > Diff: https://reviews.apache.org/r/46203/diff/ > > > Testing > ------- > > ./bin/mesos-tests.sh --gtest_shuffle > ./bin/mesos-tests.sh --gtest_shuffle --gtest_repeat=100 > --gtest_filter=*SlaveAuthorization* > > > Thanks, > > Jan Schlicht > >