> On May 9, 2019, 6:43 a.m., Alexander Rukletsov wrote: > > include/mesos/authorizer/authorizer.proto > > Lines 138-140 (original), 139-144 (patched) > > <https://reviews.apache.org/r/70549/diff/2/?file=2143530#file2143530line139> > > > > If my understanding is correct, both `UPDATE_QUOTA` and > > `UPDATE_QUOTA_CONFIG` are per role but use different objects in payload. > > Can we convert `QuotaConfig` to `QuotaInfo` for the purpose of > > authorization and spare extra action altogether? I see that authorization > > implementation is identical and does not rely on differences between > > `QuotaConfig` and `QuotaInfo`.
We cannot convert QuotaConfig to QuotaInfo without loss of information (e.g. limits). While the local authorizer only looks at the role field, it is not guaranteed that an external module could look into other info of the QuotaInfo. This is why a new authorization is needed. > On May 9, 2019, 6:43 a.m., Alexander Rukletsov wrote: > > include/mesos/authorizer/authorizer.proto > > Lines 143 (patched) > > <https://reviews.apache.org/r/70549/diff/2/?file=2143530#file2143530line143> > > > > If you do plan to keep this action, the naming convention in this file > > suggests: `UPDATE_QUOTA_WITH_CONFIG` or `UPDATE_QUOTA_WITH_QUOTA_CONFIG`. Sounds good. - Meng ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70549/#review215160 ----------------------------------------------------------- On May 22, 2019, 5:48 a.m., Meng Zhu wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/70549/ > ----------------------------------------------------------- > > (Updated May 22, 2019, 5:48 a.m.) > > > Review request for mesos, Alexander Rukletsov, Andrei Sekretenko, and > Benjamin Mahler. > > > Bugs: MESOS-9640 > https://issues.apache.org/jira/browse/MESOS-9640 > > > Repository: mesos > > > Description > ------- > > A new authorizable action `UPDATE_QUOTA_WITH_CONFIG` is added. > This disambiguates with the old action `UPDATE_QUOTA` which > are used for the old `SetQuota` and `RemoveQuota` calls. > `UPDATE_QUOTA` action requires `QuotaInfo` as the object while > the new `UpdatedQuota` call uses `QuotaConfig`. To keep it compatible > with any external authorization modules, a new action is introduced. > > > Diffs > ----- > > include/mesos/authorizer/authorizer.proto > e2740c402732bb37db991ec92b9301e58b33215b > src/master/master.hpp 5ad128d00d3cdf0dca89eb637ae196987bdce412 > src/master/quota_handler.cpp a18d8bafda5604d1844f7f7ed31d4ea80fbf6d04 > src/tests/master_authorization_tests.cpp > ee69910a34416728bf14ed23f4a6faae6c1204a0 > > > Diff: https://reviews.apache.org/r/70549/diff/3/ > > > Testing > ------- > > make check > > > Thanks, > > Meng Zhu > >
