Re: Review Request 30178: Avoid performing RPC authentication while holding the write lock.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30178/ --- (Updated Jan. 26, 2015, 11:42 p.m.) Review request for Aurora, Kevin Sweeney and Maxim Khutornenko. Changes --- People -= Steve People += Maxim Bugs: AURORA-1045 https://issues.apache.org/jira/browse/AURORA-1045 Repository: aurora Description --- The primary metric for success with this patch is to never interact with `sessionValidator` within a `storage.write` closure. This had two outcomes: 1. collapsing update-related RPC implementations for better DRY behavior 2. refactoring `killTasks` (2) has a behavioral change, though i think it's the correct behavior. For example, before this patch you could successfully kill all `PENDING` tasks, as long as you happened to own those tasks. The new behavior denies these requests for non-admin users regardless of the result of the query. Diffs - src/main/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterface.java ac92959f34a3b0962d6aa018dc82a5ac72ea1b34 src/test/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterfaceTest.java ad9126c32893080e128d086ea3bfd7ad23d27b89 Diff: https://reviews.apache.org/r/30178/diff/ Testing --- Thanks, Bill Farner
Re: Review Request 30178: Avoid performing RPC authentication while holding the write lock.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30178/#review69236 --- Ship it! Master (116ee2d) is green with this patch. ./build-support/jenkins/build.sh I will refresh this build result if you post a review containing @ReviewBot retry - Aurora ReviewBot On Jan. 22, 2015, 7:25 p.m., Bill Farner wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30178/ --- (Updated Jan. 22, 2015, 7:25 p.m.) Review request for Aurora, Kevin Sweeney and Steve Niemitz. Bugs: AURORA-1045 https://issues.apache.org/jira/browse/AURORA-1045 Repository: aurora Description --- The primary metric for success with this patch is to never interact with `sessionValidator` within a `storage.write` closure. This had two outcomes: 1. collapsing update-related RPC implementations for better DRY behavior 2. refactoring `killTasks` (2) has a behavioral change, though i think it's the correct behavior. For example, before this patch you could successfully kill all `PENDING` tasks, as long as you happened to own those tasks. The new behavior denies these requests for non-admin users regardless of the result of the query. Diffs - src/main/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterface.java ac92959f34a3b0962d6aa018dc82a5ac72ea1b34 src/test/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterfaceTest.java ad9126c32893080e128d086ea3bfd7ad23d27b89 Diff: https://reviews.apache.org/r/30178/diff/ Testing --- Thanks, Bill Farner
Re: Review Request 30178: Avoid performing RPC authentication while holding the write lock.
On Jan. 22, 2015, 7:43 p.m., Kevin Sweeney wrote: We've explored this in the past, but how about moving the authentication code to a decorator class and delegating the behavior-once-authenticated. Maxim Khutornenko wrote: We have a TODO tracking this: ``` // TODO(Sathya): Remove this after AOP-style session validation passes in a SessionContext. ``` I'd rather see this addressed separately as it will pollute this diff too much. I agree. I also think it would be a waste of effort with AURORA-809 on the horizon. - Bill --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30178/#review69232 --- On Jan. 22, 2015, 7:25 p.m., Bill Farner wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30178/ --- (Updated Jan. 22, 2015, 7:25 p.m.) Review request for Aurora, Kevin Sweeney and Steve Niemitz. Bugs: AURORA-1045 https://issues.apache.org/jira/browse/AURORA-1045 Repository: aurora Description --- The primary metric for success with this patch is to never interact with `sessionValidator` within a `storage.write` closure. This had two outcomes: 1. collapsing update-related RPC implementations for better DRY behavior 2. refactoring `killTasks` (2) has a behavioral change, though i think it's the correct behavior. For example, before this patch you could successfully kill all `PENDING` tasks, as long as you happened to own those tasks. The new behavior denies these requests for non-admin users regardless of the result of the query. Diffs - src/main/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterface.java ac92959f34a3b0962d6aa018dc82a5ac72ea1b34 src/test/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterfaceTest.java ad9126c32893080e128d086ea3bfd7ad23d27b89 Diff: https://reviews.apache.org/r/30178/diff/ Testing --- Thanks, Bill Farner
Re: Review Request 30178: Avoid performing RPC authentication while holding the write lock.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30178/#review69232 --- We've explored this in the past, but how about moving the authentication code to a decorator class and delegating the behavior-once-authenticated. - Kevin Sweeney On Jan. 22, 2015, 11:25 a.m., Bill Farner wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30178/ --- (Updated Jan. 22, 2015, 11:25 a.m.) Review request for Aurora, Kevin Sweeney and Steve Niemitz. Bugs: AURORA-1045 https://issues.apache.org/jira/browse/AURORA-1045 Repository: aurora Description --- The primary metric for success with this patch is to never interact with `sessionValidator` within a `storage.write` closure. This had two outcomes: 1. collapsing update-related RPC implementations for better DRY behavior 2. refactoring `killTasks` (2) has a behavioral change, though i think it's the correct behavior. For example, before this patch you could successfully kill all `PENDING` tasks, as long as you happened to own those tasks. The new behavior denies these requests for non-admin users regardless of the result of the query. Diffs - src/main/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterface.java ac92959f34a3b0962d6aa018dc82a5ac72ea1b34 src/test/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterfaceTest.java ad9126c32893080e128d086ea3bfd7ad23d27b89 Diff: https://reviews.apache.org/r/30178/diff/ Testing --- Thanks, Bill Farner
Re: Review Request 30178: Avoid performing RPC authentication while holding the write lock.
On Jan. 22, 2015, 7:43 p.m., Kevin Sweeney wrote: We've explored this in the past, but how about moving the authentication code to a decorator class and delegating the behavior-once-authenticated. We have a TODO tracking this: ``` // TODO(Sathya): Remove this after AOP-style session validation passes in a SessionContext. ``` I'd rather see this addressed separately as it will pollute this diff too much. - Maxim --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30178/#review69232 --- On Jan. 22, 2015, 7:25 p.m., Bill Farner wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30178/ --- (Updated Jan. 22, 2015, 7:25 p.m.) Review request for Aurora, Kevin Sweeney and Steve Niemitz. Bugs: AURORA-1045 https://issues.apache.org/jira/browse/AURORA-1045 Repository: aurora Description --- The primary metric for success with this patch is to never interact with `sessionValidator` within a `storage.write` closure. This had two outcomes: 1. collapsing update-related RPC implementations for better DRY behavior 2. refactoring `killTasks` (2) has a behavioral change, though i think it's the correct behavior. For example, before this patch you could successfully kill all `PENDING` tasks, as long as you happened to own those tasks. The new behavior denies these requests for non-admin users regardless of the result of the query. Diffs - src/main/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterface.java ac92959f34a3b0962d6aa018dc82a5ac72ea1b34 src/test/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterfaceTest.java ad9126c32893080e128d086ea3bfd7ad23d27b89 Diff: https://reviews.apache.org/r/30178/diff/ Testing --- Thanks, Bill Farner
Re: Review Request 30178: Avoid performing RPC authentication while holding the write lock.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30178/#review69243 --- Ship it! Ship It! - Kevin Sweeney On Jan. 22, 2015, 11:25 a.m., Bill Farner wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30178/ --- (Updated Jan. 22, 2015, 11:25 a.m.) Review request for Aurora, Kevin Sweeney and Steve Niemitz. Bugs: AURORA-1045 https://issues.apache.org/jira/browse/AURORA-1045 Repository: aurora Description --- The primary metric for success with this patch is to never interact with `sessionValidator` within a `storage.write` closure. This had two outcomes: 1. collapsing update-related RPC implementations for better DRY behavior 2. refactoring `killTasks` (2) has a behavioral change, though i think it's the correct behavior. For example, before this patch you could successfully kill all `PENDING` tasks, as long as you happened to own those tasks. The new behavior denies these requests for non-admin users regardless of the result of the query. Diffs - src/main/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterface.java ac92959f34a3b0962d6aa018dc82a5ac72ea1b34 src/test/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterfaceTest.java ad9126c32893080e128d086ea3bfd7ad23d27b89 Diff: https://reviews.apache.org/r/30178/diff/ Testing --- Thanks, Bill Farner
Re: Review Request 30178: Avoid performing RPC authentication while holding the write lock.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30178/ --- (Updated Jan. 22, 2015, 7:25 p.m.) Review request for Aurora, Kevin Sweeney and Steve Niemitz. Bugs: AURORA-1045 https://issues.apache.org/jira/browse/AURORA-1045 Repository: aurora Description --- The primary metric for success with this patch is to never interact with `sessionValidator` within a `storage.write` closure. This had two outcomes: 1. collapsing update-related RPC implementations for better DRY behavior 2. refactoring `killTasks` (2) has a behavioral change, though i think it's the correct behavior. For example, before this patch you could successfully kill all `PENDING` tasks, as long as you happened to own those tasks. The new behavior denies these requests for non-admin users regardless of the result of the query. Diffs - src/main/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterface.java ac92959f34a3b0962d6aa018dc82a5ac72ea1b34 src/test/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterfaceTest.java ad9126c32893080e128d086ea3bfd7ad23d27b89 Diff: https://reviews.apache.org/r/30178/diff/ Testing --- Thanks, Bill Farner
Re: Review Request 30178: Avoid performing RPC authentication while holding the write lock.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30178/#review69231 --- Ship it! src/main/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterface.java https://reviews.apache.org/r/30178/#comment113859 This is only used in one place, inline? - Maxim Khutornenko On Jan. 22, 2015, 7:25 p.m., Bill Farner wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30178/ --- (Updated Jan. 22, 2015, 7:25 p.m.) Review request for Aurora, Kevin Sweeney and Steve Niemitz. Bugs: AURORA-1045 https://issues.apache.org/jira/browse/AURORA-1045 Repository: aurora Description --- The primary metric for success with this patch is to never interact with `sessionValidator` within a `storage.write` closure. This had two outcomes: 1. collapsing update-related RPC implementations for better DRY behavior 2. refactoring `killTasks` (2) has a behavioral change, though i think it's the correct behavior. For example, before this patch you could successfully kill all `PENDING` tasks, as long as you happened to own those tasks. The new behavior denies these requests for non-admin users regardless of the result of the query. Diffs - src/main/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterface.java ac92959f34a3b0962d6aa018dc82a5ac72ea1b34 src/test/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterfaceTest.java ad9126c32893080e128d086ea3bfd7ad23d27b89 Diff: https://reviews.apache.org/r/30178/diff/ Testing --- Thanks, Bill Farner
Re: Review Request 30178: Avoid performing RPC authentication while holding the write lock.
On Jan. 22, 2015, 7:38 p.m., Maxim Khutornenko wrote: src/main/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterface.java, line 711 https://reviews.apache.org/r/30178/diff/1/?file=830099#file830099line711 This is only used in one place, inline? I pulled this out because a `final` variable was needed due to it being accessed from an anonymous inner class. I extracted the method as a compromise to avoid an awkward variable rename due to the reassignment. - Bill --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30178/#review69231 --- On Jan. 22, 2015, 7:25 p.m., Bill Farner wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30178/ --- (Updated Jan. 22, 2015, 7:25 p.m.) Review request for Aurora, Kevin Sweeney and Steve Niemitz. Bugs: AURORA-1045 https://issues.apache.org/jira/browse/AURORA-1045 Repository: aurora Description --- The primary metric for success with this patch is to never interact with `sessionValidator` within a `storage.write` closure. This had two outcomes: 1. collapsing update-related RPC implementations for better DRY behavior 2. refactoring `killTasks` (2) has a behavioral change, though i think it's the correct behavior. For example, before this patch you could successfully kill all `PENDING` tasks, as long as you happened to own those tasks. The new behavior denies these requests for non-admin users regardless of the result of the query. Diffs - src/main/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterface.java ac92959f34a3b0962d6aa018dc82a5ac72ea1b34 src/test/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterfaceTest.java ad9126c32893080e128d086ea3bfd7ad23d27b89 Diff: https://reviews.apache.org/r/30178/diff/ Testing --- Thanks, Bill Farner
Re: Review Request 30178: Avoid performing RPC authentication while holding the write lock.
On Jan. 22, 2015, 11:43 a.m., Kevin Sweeney wrote: We've explored this in the past, but how about moving the authentication code to a decorator class and delegating the behavior-once-authenticated. Maxim Khutornenko wrote: We have a TODO tracking this: ``` // TODO(Sathya): Remove this after AOP-style session validation passes in a SessionContext. ``` I'd rather see this addressed separately as it will pollute this diff too much. Bill Farner wrote: I agree. I also think it would be a waste of effort with AURORA-809 on the horizon. I think it would be complimentary to AURORA-809. - Kevin --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30178/#review69232 --- On Jan. 22, 2015, 11:25 a.m., Bill Farner wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30178/ --- (Updated Jan. 22, 2015, 11:25 a.m.) Review request for Aurora, Kevin Sweeney and Steve Niemitz. Bugs: AURORA-1045 https://issues.apache.org/jira/browse/AURORA-1045 Repository: aurora Description --- The primary metric for success with this patch is to never interact with `sessionValidator` within a `storage.write` closure. This had two outcomes: 1. collapsing update-related RPC implementations for better DRY behavior 2. refactoring `killTasks` (2) has a behavioral change, though i think it's the correct behavior. For example, before this patch you could successfully kill all `PENDING` tasks, as long as you happened to own those tasks. The new behavior denies these requests for non-admin users regardless of the result of the query. Diffs - src/main/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterface.java ac92959f34a3b0962d6aa018dc82a5ac72ea1b34 src/test/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterfaceTest.java ad9126c32893080e128d086ea3bfd7ad23d27b89 Diff: https://reviews.apache.org/r/30178/diff/ Testing --- Thanks, Bill Farner
Re: Review Request 30178: Avoid performing RPC authentication while holding the write lock.
On Jan. 22, 2015, 7:43 p.m., Kevin Sweeney wrote: We've explored this in the past, but how about moving the authentication code to a decorator class and delegating the behavior-once-authenticated. Maxim Khutornenko wrote: We have a TODO tracking this: ``` // TODO(Sathya): Remove this after AOP-style session validation passes in a SessionContext. ``` I'd rather see this addressed separately as it will pollute this diff too much. Bill Farner wrote: I agree. I also think it would be a waste of effort with AURORA-809 on the horizon. Kevin Sweeney wrote: I think it would be complimentary to AURORA-809. You're probably right - but i would really prefer to keep this diff tactical. - Bill --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30178/#review69232 --- On Jan. 22, 2015, 7:25 p.m., Bill Farner wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30178/ --- (Updated Jan. 22, 2015, 7:25 p.m.) Review request for Aurora, Kevin Sweeney and Steve Niemitz. Bugs: AURORA-1045 https://issues.apache.org/jira/browse/AURORA-1045 Repository: aurora Description --- The primary metric for success with this patch is to never interact with `sessionValidator` within a `storage.write` closure. This had two outcomes: 1. collapsing update-related RPC implementations for better DRY behavior 2. refactoring `killTasks` (2) has a behavioral change, though i think it's the correct behavior. For example, before this patch you could successfully kill all `PENDING` tasks, as long as you happened to own those tasks. The new behavior denies these requests for non-admin users regardless of the result of the query. Diffs - src/main/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterface.java ac92959f34a3b0962d6aa018dc82a5ac72ea1b34 src/test/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterfaceTest.java ad9126c32893080e128d086ea3bfd7ad23d27b89 Diff: https://reviews.apache.org/r/30178/diff/ Testing --- Thanks, Bill Farner