mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Till Toenshoff <toensh...@me.com>
Subject Re: Review Request 48920: Updated the HTTP result returned by failures of authn/authz.
Date Mon, 20 Jun 2016 13:37:47 GMT


> On June 20, 2016, 8:08 a.m., Alexander Rojas wrote:
> > 3rdparty/libprocess/src/process.cpp, line 3337
> > <https://reviews.apache.org/r/48920/diff/2/?file=1423755#file1423755line3337>
> >
> >     As I mentioned in the previous review, one of the reason the original code did
not write the contents of `authentication.failure()` as the body of the response is that you
may be bleeding details that you may not want to share with a third party trying to access
your cluster, but may be useful when debugging the failure (for example, the failure message
could include details of the data base containing the credentials you are trying to connect
to).
> >     
> >     
> >     Please return instead something like: _Authentication Failed_, _Could not connect
to authentication service_, etc.

I would love to but we can not consistently do this due to the way the futures fall back to
the HTTPProxy in many cases. At that point we dont have any hint about the failure reason
anymore, but the message itself.


- Till


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/48920/#review138547
-----------------------------------------------------------


On June 20, 2016, 5:49 a.m., Till Toenshoff wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/48920/
> -----------------------------------------------------------
> 
> (Updated June 20, 2016, 5:49 a.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rukletsov, Anand Mazumdar, Alexander Rojas,
Benjamin Mahler, Greg Mann, and Kapil Arya.
> 
> 
> Bugs: MESOS-5637
>     https://issues.apache.org/jira/browse/MESOS-5637
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Changes authentication and authorization happening on the libprocess
> level to be in line with failures possibly returned by Mesos
> authorization as currently implemented by the HTTPProxy::process
> function. The HTTP result returned on failures has changed from
> InternalServerError (500) towards ServiceNotAvailable (503) and now
> contains a message describing the problem.
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/src/process.cpp 703f673a98102958c5e2b0c1833efad2ddc53ef8 
> 
> Diff: https://reviews.apache.org/r/48920/diff/
> 
> 
> Testing
> -------
> 
> make check (OSX and some Linux distros) & functional testing.
> 
> 
> Thanks,
> 
> Till Toenshoff
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message