----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72448/#review221252 -----------------------------------------------------------
Thanks! Now this patch addresses the main issue. src/common/http.hpp Lines 428 (patched) <https://reviews.apache.org/r/72448/#comment310103> It would be highly beneficial to keep the error sending logic separate from `ObjectApprovers` and move it closer to `Subscribers`. `ObjectApprovers` by design are oblivious of the exact purpose for which they are called, and it is preferable to keep them decoupled from implementation details of the external APIs. Also, we have a related API issue https://issues.apache.org/jira/browse/MESOS-10099 which will requre handling authorization errors in a totally different way. If you want to avoid changing return type of the of the existing `approved(..)` method, I would suggest adding a general-purpose `ObjectApprovers` method that would return `Try<bool>`(something like `template<..> Try<bool> ObjectApprovers::tryApprove<>(..)`) **and to make the old method `bool ObjectApprovers::approved<..>(..)` into a thin wrapper around this method**, so that we don't need to care about the duplicated logic (especially the one in `approved<VIEW_ROLE>(..)`) in the future. To use the returned value of this method in `Subscriber::send()` you will probably want to wrap the calls to it into some callable that will return `bool` and write down the error. Something like ``` Option<Error> error; auto splitError = [&error](Try<bool>&& approved) { if (approved.isError()) { error = std::move(approved.error()); return false; } return *approved; } // Code that checks authorizations and composes the message to be sent ... if (splitError(approvers->approved<VIEW_FRAMEWORK>( event.framework_added().framework().framework_info()))){ ... } ... // At the end of send(), after all the authorizations have been checked if (error.isSome()) { // Send error event ... // Close connection ... return; } // All is OK, send the event ... ``` Note that my choice of names `tryApproved` and `splitError` is questionable, would be great if you come up with something better. src/common/http.hpp Lines 435 (patched) <https://reviews.apache.org/r/72448/#comment310104> If you implement the method returning `Try<bool>`, you will have this `TODO` addrerssed - dont forget to remove it and to adjust the `NOTE` above for your fix ;) - Andrei Sekretenko On July 14, 2020, 9:43 a.m., Dong Zhu wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72448/ > ----------------------------------------------------------- > > (Updated July 14, 2020, 9:43 a.m.) > > > Review request for mesos, Andrei Sekretenko and Benjamin Mahler. > > > Repository: mesos > > > Description > ------- > > This patch intends to fix issue MESOS-10085. > > When the authorization failed happens master return nothing to the > subscriber, subscriber isn't aware of what is happening, this issue > can lead to inconsistencies in Event stream. > > > Diffs > ----- > > include/mesos/master/master.proto 021dadcea026da41347b3aaee5ddd12f4f14fa29 > include/mesos/v1/master/master.proto > 488fe294e8bfe8e0c6fc23c88f06c0d41169b96d > src/common/http.hpp 02633e175c0848ee622cb5108a2e18db5e030641 > src/master/master.cpp a8cca622ff0bd172300b9a2717b4860ed06b620c > src/tests/master/mock_master_api_subscriber.cpp > 893d3e366164ccebd2847ed4c2874ab00e0e5b7b > > > Diff: https://reviews.apache.org/r/72448/diff/2/ > > > Testing > ------- > > - Manually tested > - make check > > > Thanks, > > Dong Zhu > >
