> On April 11, 2017, 9:28 a.m., Adam B wrote: > > include/mesos/authorizer/authorizer.proto > > Lines 57 (patched) > > <https://reviews.apache.org/r/58253/diff/1/?file=1686347#file1686347line57> > > > > Good question. I wonder if there's a more generic data structure (not > > `ContainerInfo`, I guess) that we could use that still includes > > ContainerID. `ContainerState` looks promising, but I'm not sure if we have > > all of that when we're trying to authorize. > > Can you elaborate on what (new) action will use this object type, and > > how, and from where?
The LAUNCH_NESTED_CONTAINER, LAUNCH_NESTED_CONTAINER_SESSION, WAIT_NESTED_CONTAINER, KILL_NESTED_CONTAINER, and REMOVE_NESTED_CONTAINER actions will use this member. The `ContainerID` is added to the `authorization::Object` in the handlers for those actions in 'src/slave/http.cpp'. It looks like `ContainerState` is a message used only internally within the containerizer... there is a helper in the protobuf utils to generate one, but it takes a few arguments like the container's init process PID and sandbox directory that the handler would not easily have access to. I'm open to other ideas, but I don't think I see any other options that seem suitable. - Greg ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58253/#review171542 ----------------------------------------------------------- On April 7, 2017, 3:33 a.m., Greg Mann wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/58253/ > ----------------------------------------------------------- > > (Updated April 7, 2017, 3:33 a.m.) > > > Review request for mesos, Adam B, Alexander Rojas, Till Toenshoff, and Vinod > Kone. > > > Bugs: MESOS-7014 > https://issues.apache.org/jira/browse/MESOS-7014 > > > Repository: mesos > > > Description > ------- > > This patch adds a new member, `container_id` to the > `ObjectApprover::Object` to facilitate implicit executor > authorization. > > > Diffs > ----- > > include/mesos/authorizer/authorizer.hpp > 75801ccc753a60ce5e5979b6723fd2294ce7ffe5 > include/mesos/authorizer/authorizer.proto > 736f76d552956f2351ffd40fc51d088dff83f8c8 > src/authorizer/local/authorizer.cpp > e241edf4afa48d35dbbbb94d72e8e8690f5bedfc > > > Diff: https://reviews.apache.org/r/58253/diff/1/ > > > Testing > ------- > > Testing details can be found at the end of this chain. > > > Thanks, > > Greg Mann > >
