----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/47891/#review135380 -----------------------------------------------------------
include/mesos/authorizer/authorizer.proto (line 49) <https://reviews.apache.org/r/47891/#comment200389> This is a dangerous setting and should be removed as soon as we no longer need it. Please add a TODO comment to remove it when we remove the alias. Please add a top-level comment that actions in this enum should be kept in numerical order, to prevent accidental aliasing. include/mesos/authorizer/authorizer.proto (lines 91 - 92) <https://reviews.apache.org/r/47891/#comment200386> "// set. For backwards compatibility with the deprecated alias `RUN_TASK_WITH_USER`, the value will also be set to the operating system user." include/mesos/authorizer/authorizer.proto (line 93) <https://reviews.apache.org/r/47891/#comment200387> Put the deprecation TODO immediately above the deprecated field. include/mesos/authorizer/authorizer.proto (line 94) <https://reviews.apache.org/r/47891/#comment200388> Since this is numbered `2`, please put it between 1 and 3. src/master/master.cpp <https://reviews.apache.org/r/47891/#comment200394> Interesting that the previous logic favored the TaskInfo.command.user over the ExecutorInfo.command.user. I wonder if we should reverse our evaluation ordering in the local authorizer to maintain behavior, but I can't imagine a scenario where setting both would make a difference. src/master/master.cpp (line 3036) <https://reviews.apache.org/r/47891/#comment200395> FrameworkInfo.user is the wrong user to pass in. It should be the user calculated by the code you removed above. - Adam B On May 27, 2016, 2:51 p.m., Benjamin Bannier wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/47891/ > ----------------------------------------------------------- > > (Updated May 27, 2016, 2:51 p.m.) > > > Review request for mesos, Adam B, Alexander Rojas, Joerg Schad, and Michael > Park. > > > Bugs: MESOS-5459 > https://issues.apache.org/jira/browse/MESOS-5459 > > > Repository: mesos > > > Description > ------- > > Authorization requests for RUN_TASK actions can pass `SOME` > authorization object either in a `FrameworkInfo` holding a user, or a > `TaskInfo` with optionally a `CommandInfo` which can optionally hold a > user. If either of these fields is set it will be used as the object; > otherwise an `ANY` type authorization object will be created. > > `RUN_TASK` aliases `RUN_TASK_WITH_USER` which becomes deprecated with > 0.29. > > > Diffs > ----- > > include/mesos/authorizer/authorizer.proto > 3ff67858a99915e0215f3ffb9966f9ac4a3fba8c > src/authorizer/local/authorizer.cpp > 7ddb323df09a9b0ea46c6f9543c4af059d184308 > src/master/master.cpp 6442762c9fdfa368d5d9d7cd43b97f5addaf7f17 > src/tests/authorization_tests.cpp 54bfb46a807677f4a4a2bb88dcb78a358cf5121a > > Diff: https://reviews.apache.org/r/47891/diff/ > > > Testing > ------- > > Tested on a range of Linux configurations on internal CI. > > > Thanks, > > Benjamin Bannier > >
