mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Rojas <alexan...@mesosphere.io>
Subject Re: Review Request 48920: Updated the HTTP result returned by failures of authn/authz.
Date Mon, 20 Jun 2016 08:08:07 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/48920/#review138547
-----------------------------------------------------------




3rdparty/libprocess/src/process.cpp (line 3337)
<https://reviews.apache.org/r/48920/#comment203743>

    As I mentioned in the previous review, one of the reason the original code did not write
the contents of `authentication.failure()` as the body of the response is that you may be
bleeding details that you may not want to share with a third party trying to access your cluster,
but may be useful when debugging the failure (for example, the failure message could include
details of the data base containing the credentials you are trying to connect to).
    
    Please return instead something like: _Authentication Failed_, _Could not connect to authentication
service_, etc.



3rdparty/libprocess/src/process.cpp (lines 3398 - 3400)
<https://reviews.apache.org/r/48920/#comment203744>

    Same as above.


- Alexander Rojas


On June 20, 2016, 7:49 a.m., Till Toenshoff wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/48920/
> -----------------------------------------------------------
> 
> (Updated June 20, 2016, 7:49 a.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rukletsov, Anand Mazumdar, Alexander Rojas,
Benjamin Mahler, Greg Mann, and Kapil Arya.
> 
> 
> Bugs: MESOS-5637
>     https://issues.apache.org/jira/browse/MESOS-5637
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Changes authentication and authorization happening on the libprocess
> level to be in line with failures possibly returned by Mesos
> authorization as currently implemented by the HTTPProxy::process
> function. The HTTP result returned on failures has changed from
> InternalServerError (500) towards ServiceNotAvailable (503) and now
> contains a message describing the problem.
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/src/process.cpp 703f673a98102958c5e2b0c1833efad2ddc53ef8 
> 
> Diff: https://reviews.apache.org/r/48920/diff/
> 
> 
> Testing
> -------
> 
> make check (OSX and some Linux distros) & functional testing.
> 
> 
> Thanks,
> 
> Till Toenshoff
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message