mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Mann <g...@mesosphere.io>
Subject Re: Review Request 44678: Modified basic HTTP authenticator creator to accept realm.
Date Fri, 18 Mar 2016 19:51:08 GMT


> On March 18, 2016, 8:55 a.m., Adam B wrote:
> > src/authentication/http/basic_authenticator_factory.cpp, lines 87-91
> > <https://reviews.apache.org/r/44678/diff/7/?file=1304582#file1304582line87>
> >
> >     Is it ok to specify a realm but no credentials? Does that just mean that nobody
can authenticate? Is that still a valid authenticator?
> 
> Greg Mann wrote:
>     We have a test that explicitly tests for this case (`HttpAuthenticationTest.BasicWithoutCredentialsTest`),
so it seems to be valid? I could imagine it as a way for an operator to turn off all authenticated
endpoints. Not sure how relevant of a real-world use case this is, but I was following the
lead of the existing tests. Perhaps this was discussed in the previous HTTP authentication
reviews; I'll have a look.

I browsed through the HTTP authentication reviews (including the one where the `BasicWithoutCredentialsTest`
test is introduced, https://reviews.apache.org/r/38950/), and didn't find any discussion of
this point.


- Greg


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44678/#review124151
-----------------------------------------------------------


On March 18, 2016, 5:28 p.m., Greg Mann wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44678/
> -----------------------------------------------------------
> 
> (Updated March 18, 2016, 5:28 p.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rojas, Joerg Schad, and Till Toenshoff.
> 
> 
> Bugs: MESOS-4850
>     https://issues.apache.org/jira/browse/MESOS-4850
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Modified basic HTTP authenticator creator to accept realm.
> 
> To accommodate different authentication realms for the master and agent, the default
basic HTTP authenticator needs to accept its authentication realm as a parameter. This patch
adds this parameter and modifies the HTTP authentication tests to validate it appropriately.
A new test was also added: `HttpAuthenticationTest.BasicWithoutRealm`.
> 
> 
> Diffs
> -----
> 
>   include/mesos/authentication/http/basic_authenticator_factory.hpp c11bb47c8e02f2e8645cf387d18eb64d1c8cb604

>   src/authentication/http/basic_authenticator_factory.cpp 62f851685db3b42c52bbcb7cff3e4f4703004ed7

>   src/examples/test_http_authenticator_module.cpp 459b7046bd76d3043d2484a2dd30c10d7deaedd4

>   src/master/master.cpp e6290ea686ccf17813d6faeaf2f2012f79cf3b7f 
>   src/tests/http_authentication_tests.cpp cf2bb762272fa38e04e5c26aef2858300bbd0459 
> 
> Diff: https://reviews.apache.org/r/44678/diff/
> 
> 
> Testing
> -------
> 
> HTTP authentication tests were updated to pass the authentication realm to the basic
HTTP authenticator, and to adhere to the new credentials format in the module parameters.
A new test was also added: `HttpAuthenticationTest.BasicWithoutRealm`
> 
> `make check` was used to test on both OSX and CentOS 7.
> 
> 
> Thanks,
> 
> Greg Mann
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message