> On Feb. 3, 2017, 11:26 a.m., Adam B wrote: > > src/authorizer/local/authorizer.cpp, line 244 > > <https://reviews.apache.org/r/56178/diff/1/?file=1621348#file1621348line244> > > > > Seems like framework_info is always set, so how/why would we ever fall > > through to the other cases? > > Benjamin Bannier wrote: > Yes, this is currently dead code. I was also wondering whether it should > be removed, but decided against it since it provides some level of redundancy > as long as `value` still exists and code in the master and in authorizers > might not evolve consistently. > > Do you believe it should be removed?
The main reason the `object->value` is still there, is that the local authorizer is a reference implementation for module writers who want to build their own modules, as such, it does provide a reference. I myself will vote to remove the `value` field if possible. However, we makred as deprecated in November 2016 which means we need it there until June (at the same time it had said it is supposed to be removed on 1.2). - Alexander ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/56178/#review164109 ----------------------------------------------------------- On Feb. 3, 2017, 1:10 p.m., Benjamin Bannier wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/56178/ > ----------------------------------------------------------- > > (Updated Feb. 3, 2017, 1:10 p.m.) > > > Review request for mesos, Adam B, Alexander Rojas, and Benjamin Mahler. > > > Bugs: MESOS-7022 > https://issues.apache.org/jira/browse/MESOS-7022 > > > Repository: mesos > > > Description > ------- > > This updates the local authorizer so that MULTI_ROLE frameworks can be > authorized. > > For non-MULTI_ROLE frameworks we continue to support use of the > deprecated 'value' field in the authorization request's 'Object'; > however for MULTI_ROLE frameworks the 'value' field will not be set, > and authorizers still relying on it should be updated to instead use > the object's 'framework_info' field to extract roles to authorize > against from. > > > Diffs > ----- > > src/authorizer/local/authorizer.cpp > b98e1fcdf2ee5ec1f6ac0be6f8accdefaa390a09 > src/master/master.cpp 284566ca72bd5c6bd581db9b65d404f86aa7bf61 > > Diff: https://reviews.apache.org/r/56178/diff/ > > > Testing > ------- > > Tested on various configurations in internal CI. > > > Thanks, > > Benjamin Bannier > >
