mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anand Mazumdar <mazumdar.an...@gmail.com>
Subject Re: Review Request 46115: Added AuthN for HTTP based frameworks.
Date Thu, 14 Apr 2016 17:46:18 GMT


> On April 14, 2016, 5:10 p.m., Greg Mann wrote:
> > src/master/validation.hpp, line 47
> > <https://reviews.apache.org/r/46115/diff/2/?file=1344573#file1344573line47>
> >
> >     Do we really want to have a default value for an argument to a validation function?
It makes me a bit uneasy; if the caller wants a `Call` message to be validated, shouldn't
we require them to provide the exact data to validated, without making assumptions for them?

Unfortunately, this method is also used by the validation function in `receive` of master:
https://github.com/apache/mesos/blob/master/src/master/master.cpp#L1952 by driver based frameworks.


> On April 14, 2016, 5:10 p.m., Greg Mann wrote:
> > src/master/validation.cpp, lines 79-81
> > <https://reviews.apache.org/r/46115/diff/2/?file=1344574#file1344574line79>
> >
> >     What about: `if (principal.isSome() && frameworkInfo.has_principal()
&& principal != frameworkInfo.principal())`?

My bad, the previous version had two `if` statements. But, I ended up moving one but forgot
to clean this up.


- Anand


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46115/#review128914
-----------------------------------------------------------


On April 14, 2016, 5:46 p.m., Anand Mazumdar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46115/
> -----------------------------------------------------------
> 
> (Updated April 14, 2016, 5:46 p.m.)
> 
> 
> Review request for mesos, Greg Mann and Vinod Kone.
> 
> 
> Bugs: MESOS-3923
>     https://issues.apache.org/jira/browse/MESOS-3923
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This change adds AuthN support for HTTP based frameworks.
> 
> We allow AuthZ without AuthN for `/scheduler` endpoint. Also,
> we ensure that `FrameworkInfo.principal` (if present) equals
> the authenticated principal. We also allow a framework to
> omit specifying the `FrameworkInfo.principal` in case
> it is not interested in authorization or if it is disabled.
> We do log a warning for this cases similar to what driver
> based frameworks already do.
> 
> 
> Diffs
> -----
> 
>   src/master/http.cpp b8a83b58b60416f61610cad16fc6f70028a5ee10 
>   src/master/master.hpp 1f480f03900a0dc2996c2ed3a9534dfa8036940f 
>   src/master/master.cpp 781402c04fded159183e1ca28894e48355200f0c 
>   src/master/validation.hpp d1f2323172cbf3bb052942a119b8531f9ccad48d 
>   src/master/validation.cpp 13423436a4e6361fde6fa75133eebf5c02c8381f 
> 
> Diff: https://reviews.apache.org/r/46115/diff/
> 
> 
> Testing
> -------
> 
> make check. Enabled AuthN for all the tests later in the chain.
> 
> 
> Thanks,
> 
> Anand Mazumdar
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message