----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/61189/#review182380 -----------------------------------------------------------
There is a weakness in the implementation here. If the ACLs of a user change after subscribing, a subscriber could end with an inconsistent view of the state. For example, when a user subscribes to the event stream at T0, he has no right to see framework _foo_, so it is filtered out of the response. Then at T1 he is granted access to _foo_ but he still cannot see it since we don’t react to changes to ACLs, later at T2 _foo_ launches a task which the subscriber can see, then he receives the event of a new task from a framework he doesn’t know. What we discussed would be the best solution is to cache the set of approves a subscriber used when it did so and use the same ACLs for the life of the connection. - Alexander Rojas On July 27, 2017, 8:25 p.m., Quinn Leng wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/61189/ > ----------------------------------------------------------- > > (Updated July 27, 2017, 8:25 p.m.) > > > Review request for mesos, Anand Mazumdar, Alexander Rojas, and Greg Mann. > > > Bugs: MESOS-7785 > https://issues.apache.org/jira/browse/MESOS-7785 > > > Repository: mesos > > > Description > ------- > > Added authorization filtering for V1 streaming events, the > subscriber should only receive events that are authorized > based on their principal and ACLs. > > > Diffs > ----- > > src/master/http.cpp 9df086c417a9392f62d600c7a6486be0a1cf7e70 > src/master/master.hpp 84465af782d4024f22463d981ef9d0ef7827d043 > src/master/master.cpp e12c997dad04f8a4ddb47a993a84b2b05c9e2f32 > src/tests/api_tests.cpp f22ca28c819712d8797e0c0c69dc1ebf1fe5ac1f > > > Diff: https://reviews.apache.org/r/61189/diff/2/ > > > Testing > ------- > > make check > GLOG_v=2 ./bin/mesos-tests.sh > --gtest_filter="ContentType/MasterAPITest.EventsAuthorizationFiltering*" > --verbose --gtest_repeat=100 --gtest_break_on_failure > > > Thanks, > > Quinn Leng > >
