----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/47558/#review134295 -----------------------------------------------------------
include/mesos/authorizer/authorizer.hpp (line 35) <https://reviews.apache.org/r/47558/#comment199096> How about we move this inside `ObjectAllower` and just call it `Object`? include/mesos/authorizer/authorizer.hpp (line 51) <https://reviews.apache.org/r/47558/#comment199097> I'm leaning towards calling this `ObjectAuthorizer`. We would effectively have `authorized(subject, action, object)` and `object_authorizer = authorized(subject, action); object_authorizer.authorized(object);`. What do you think? include/mesos/authorizer/authorizer.hpp (line 54) <https://reviews.apache.org/r/47558/#comment199098> If we go with `ObjectAuthorizer`, we should call this `authorized`, but at the least we should call it `allow` if we were to keep `ObjectAllower`. include/mesos/authorizer/authorizer.hpp (line 137) <https://reviews.apache.org/r/47558/#comment199100> I think we should call this `authorized`. include/mesos/authorizer/authorizer.hpp (line 138) <https://reviews.apache.org/r/47558/#comment199099> Since `Request` is `Subject`, `Action`, `Object`, I think it would be better for this function to take `Subject` and `Action`. This way we can constrain the effected part to be: `Object` -> `ObjectAllower::Object`. src/authorizer/local/authorizer.cpp (line 59) <https://reviews.apache.org/r/47558/#comment199102> Is this WIP? Are we actually planning to only handle `VIEW_FRAMEWORKS`? src/authorizer/local/authorizer.cpp (lines 62 - 63) <https://reviews.apache.org/r/47558/#comment199105> ``` LocalAuthorizerFrameworkObjectAllower( const ACLs _acls, const Option<string>& _subject) : acls(_acls), subject(_subject) {} ``` src/authorizer/local/authorizer.cpp (line 65) <https://reviews.apache.org/r/47558/#comment199104> `s/override{/override {/` src/authorizer/local/authorizer.cpp (line 73) <https://reviews.apache.org/r/47558/#comment199103> This is unused. src/authorizer/local/authorizer.cpp (lines 75 - 76) <https://reviews.apache.org/r/47558/#comment199101> Please let's do this now. `matches` and `allows` doesn't even use internal state and could have been declared `static`. Shouldn't be hard to pull them out. - Michael Park On May 22, 2016, 9:25 p.m., Joerg Schad wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/47558/ > ----------------------------------------------------------- > > (Updated May 22, 2016, 9:25 p.m.) > > > Review request for mesos, Michael Park and Vinod Kone. > > > Bugs: MESOS-5403 > https://issues.apache.org/jira/browse/MESOS-5403 > > > Repository: mesos > > > Description > ------- > > Added allower interface to authorizer. > > > Diffs > ----- > > include/mesos/authorizer/authorizer.hpp > ed5f9e73661e25a83722cf1e408ae61023cd4a21 > src/authorizer/local/authorizer.hpp > 61388454025211fd7d53e71a86983fd8479950b6 > src/authorizer/local/authorizer.cpp > dc53bc4374aea98b5ed41ade5617374d2447229b > src/tests/mesos.hpp 79bf1ff16412ce2a510a9b75ab1ac91c1c182653 > src/tests/mesos.cpp 629135f0dc59346f0fcddb2cbe65ca5770fad34e > > Diff: https://reviews.apache.org/r/47558/diff/ > > > Testing > ------- > > tested entire chain. > > > Thanks, > > Joerg Schad > >
