> On Feb. 14, 2017, 3:12 p.m., Jan Schlicht wrote: > > src/common/http.hpp, line 133 > > <https://reviews.apache.org/r/56618/diff/1/?file=1632574#file1632574line133> > > > > How about using an `Option<AuthenticationContext>` here and returning > > `Subject()` in the case of `context.isNone()`? > > All calls to this functions in the following patch are either > > ``` > > authorization::Subject subject = context.isSome() > > ? createAuthorizationSubject(context.get()) > > : authorization::Subject(); > > ``` > > or > > ``` > > if (context.isSome()) { > > > > request.mutable_subject()->CopyFrom(createAuthorizationSubject(context.get())); > > } > > ``` > > At least the first form would look much simpler and concise when > > changing the function signature this way: > > ``` > > authorization::Subject subject = createAuthorizationSubject(context) > > ``` > > What do you think? > > Alexander Rojas wrote: > We discussed this, and the semantics of a default created > `authorization::Subject` are different from that of a non setted subject, > therefore this is a bad idea. However, there may be a related bug already > inside Mesos authorizer for not paying attention to the different semantics. > We still need to build a test for it. > > Jan Schlicht wrote: > Okay, so the first example wouldn't be concerned by this, because it is > always creating an `authorization::Subject`. Of course, this is true for the > second example, we want to differ between `Request::subject` being set or > not. Still, changing the signature and doing > ``` > if (context.isSome()) { > > request.mutable_subject()->CopyFrom(createAuthorizationSubject(context)); > } > ``` > would make sure of that.
After looking at the callsites in our handlers a bit more, I think we have the following two cases: 1) We want to call `getObjectApprover`, which accepts an `Option<authorization::Subject>` 2) We want to set the `subject` of an authorization request conditionally, only when `context.isSome()` To accommodate these two cases, I think it's actually beneficial to have two different helpers; one of which returns an `authorization::Subject`, while the other returns `Option<authorization::Subject>`. I've updated the patches to include two functions, `createSubject` and `createOptionalSubject`, to handle these cases. Let me know what you guys think! - Greg ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/56618/#review165511 ----------------------------------------------------------- On Feb. 17, 2017, 10:34 p.m., Greg Mann wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/56618/ > ----------------------------------------------------------- > > (Updated Feb. 17, 2017, 10:34 p.m.) > > > Review request for mesos, Adam B, Alexander Rojas, Jan Schlicht, Till > Toenshoff, and Vinod Kone. > > > Bugs: MESOS-7003 > https://issues.apache.org/jira/browse/MESOS-7003 > > > Repository: mesos > > > Description > ------- > > This patch updates common Mesos HTTP-related helpers, > as well as the `authorization::Subject` protobuf > message, to make use of the `AuthenticationContext` > type instead of an `Option<string> principal`. > > > Diffs > ----- > > include/mesos/authorizer/authorizer.proto > 9cc75b0db17b2d0bab3f449f795cbf505c5b0f15 > src/common/http.hpp 3d5ab59ddc4dce4d791c1b439f5e1459d1a724a4 > src/common/http.cpp abfbf7248beb2d4068be06b7f5f829d7617f943e > > Diff: https://reviews.apache.org/r/56618/diff/ > > > Testing > ------- > > Testing information can be found at the end of this review chain. > > > Thanks, > > Greg Mann > >
