mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Mann <g...@mesosphere.io>
Subject Re: Review Request 56474: Added support for multiple authenticators to libprocess.
Date Wed, 01 Mar 2017 18:13:39 GMT


> On Feb. 13, 2017, 3:01 p.m., Alexander Rojas wrote:
> > So now I remembered why originally it didn't support multiple authenticators. In
my original design I favored composition of authenticators, in facto, I think one of the first
iteration of the patches included an `AndAuthenticator` and an `OrAuthenticator`. Just consider
that instead of implementing this inside libprocess, Mesos implement a combiner authenticator
which works more or less like this:
> > 
> > ```c++
> > class CombinedAuthenticator : public Authenticator
> > {
> > public:
> >   CombinedAuthenticator(const std::string &realm, const std::vector<Authenticator*>
&authenticators);
> > 
> >   virtual Future<AuthenticationResult> authenticate(const Request& request)
override;
> > 
> > private:
> >   std::vector<Owned<Authenticator>> authenticators_;
> >   std::string realm_;
> > };
> > 
> > CombinedAuthenticator::CombinedAuthenticator(const std::string &realm, const
std::vector<Authenticator*> &authenticators)
> >   : authenticators_(), realm_(realm)
> > {
> >   for (const Authenticator* authenticator, authenticators) {
> >     authenticators_.push_back(Owned<Authenticator>(authenticator));
> >   }
> > }
> > 
> > Future<AuthenticationResult> CombinedAuthenticator::authenticate(const Request&
request)
> > {
> >   // ... The code inside AuthenticatorManagerProcess::authenticate()
> > }
> > ```
> > 
> > I personally would prefer this approach since it keeps the separation of [mechanism
and policy](https://en.wikipedia.org/wiki/Separation_of_mechanism_and_policy), leaving users
of libprocess to decide exactly how to perform authentication while the library itself only
cares about a single interface.
> > 
> > This is however just a peek in the considerations I had when I designed the multiple
authenticators problem and I would suggest to only giving it a thought.

I like this approach - I'll update the review chain to reflect it. Thanks Alexander!!!


- Greg


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56474/#review165328
-----------------------------------------------------------


On Feb. 11, 2017, 12:44 a.m., Greg Mann wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56474/
> -----------------------------------------------------------
> 
> (Updated Feb. 11, 2017, 12:44 a.m.)
> 
> 
> Review request for mesos, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
> 
> 
> Bugs: MESOS-7004
>     https://issues.apache.org/jira/browse/MESOS-7004
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This patch updates the `AuthenticatorManager` to allow
> multiple authenticators to be set for a single realm.
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/src/authenticator_manager.cpp a22acd026a001788dc39b8005a56577e33c6800b

> 
> 
> Diff: https://reviews.apache.org/r/56474/diff/2/
> 
> 
> Testing
> -------
> 
> Testing information can be found in the subsequent patch in this chain.
> 
> 
> Thanks,
> 
> Greg Mann
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message