Re: Review Request 39988: [4/5] Added authorization for dynamic reservation master endpoints.

Mon, 30 Nov 2015 13:44:50 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/39988/#review108397
-----------------------------------------------------------



src/master/http.cpp (line 2255)
<https://reviews.apache.org/r/39988/#comment167862>

    s/authorized/future/
    
    Since it could be the future returned from `_unreserve`



src/master/http.cpp (line 2307)
<https://reviews.apache.org/r/39988/#comment167856>

    Instead of adding a new parameter to `_operation`. Can we put the logics of 
checking authorization result to `_reserve` and `_unreserve`? It's wiered to me 
that `_operation` needs to check authorization result.
    
    ```
    auto _unreserve = [=](bool authorized) {
      if (!authorized) {
        return Unauthorized("Mesos master");
      }
      
      return _operation(slaveId, resources, operation);
    };
    
    return master->authorizeUnreserveResources(...)
      .then(defer(master->self(), _unreserve))
      .repair([](const Future<Response>& future) {
        return BadRequest("Invalid UNRESERVE operation: " + future.failure());
      });
    ```



src/master/http.cpp (lines 2309 - 2321)
<https://reviews.apache.org/r/39988/#comment167868>

    As I suggested above, no need for this anymore.


- Jie Yu


On Nov. 30, 2015, 8:46 p.m., Greg Mann wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/39988/
> -----------------------------------------------------------
> 
> (Updated Nov. 30, 2015, 8:46 p.m.)
> 
> 
> Review request for mesos, Adam B, Jie Yu, Michael Park, and Till Toenshoff.
> 
> 
> Bugs: MESOS-3062
>     https://issues.apache.org/jira/browse/MESOS-3062
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Added authorization for dynamic reservation master endpoints.
> Note: this review is continued from https://reviews.apache.org/r/37126/
> 
> 
> Diffs
> -----
> 
>   src/master/http.cpp 9d729ef7f7d7ad6185934648f833e4f8a4f0a123 
>   src/master/master.hpp 96951e766de32842197506504e5ac67a2caa3efe 
>   src/tests/reservation_endpoints_tests.cpp 
> f30ff8bc6a3e9773437fa7fd7c8f569b7d7e2d9d 
> 
> Diff: https://reviews.apache.org/r/39988/diff/
> 
> 
> Testing
> -------
> 
> This is the fourth in a chain of 5 patches. Added new reservation endpoints 
> tests to validate authorization of reserve and unreserve operations using 
> ACLs. `make check` was run to test after all patches were applied.
> 
> 
> Thanks,
> 
> Greg Mann
> 
>

Reply via email to