mesos-reviews mailing list archives

Site index · List index

Message view	« Date » · « Thread »
Top	« Date » · « Thread »
From	Greg Mann <g...@mesosphere.io>
Subject	Re: Review Request 56474: Added support for multiple authenticators to libprocess.
Date	Wed, 01 Mar 2017 18:13:39 GMT
> On Feb. 13, 2017, 3:01 p.m., Alexander Rojas wrote: > > So now I remembered why originally it didn't support multiple authenticators. In my original design I favored composition of authenticators, in facto, I think one of the first iteration of the patches included an `AndAuthenticator` and an `OrAuthenticator`. Just consider that instead of implementing this inside libprocess, Mesos implement a combiner authenticator which works more or less like this: > > > > ```c++ > > class CombinedAuthenticator : public Authenticator > > { > > public: > > CombinedAuthenticator(const std::string &realm, const std::vector<Authenticator> &authenticators); > > > > virtual Future<AuthenticationResult> authenticate(const Request& request) override; > > > > private: > > std::vector<Owned<Authenticator>> authenticators_; > > std::string realm_; > > }; > > > > CombinedAuthenticator::CombinedAuthenticator(const std::string &realm, const std::vector<Authenticator> &authenticators) > > : authenticators_(), realm_(realm) > > { > > for (const Authenticator* authenticator, authenticators) { > > authenticators_.push_back(Owned<Authenticator>(authenticator)); > > } > > } > > > > Future<AuthenticationResult> CombinedAuthenticator::authenticate(const Request& request) > > { > > // ... The code inside AuthenticatorManagerProcess::authenticate() > > } > > ``` > > > > I personally would prefer this approach since it keeps the separation of [mechanism and policy](https://en.wikipedia.org/wiki/Separation_of_mechanism_and_policy), leaving users of libprocess to decide exactly how to perform authentication while the library itself only cares about a single interface. > > > > This is however just a peek in the considerations I had when I designed the multiple authenticators problem and I would suggest to only giving it a thought. I like this approach - I'll update the review chain to reflect it. Thanks Alexander!!! - Greg ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/56474/#review165328 ----------------------------------------------------------- On Feb. 11, 2017, 12:44 a.m., Greg Mann wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/56474/ > ----------------------------------------------------------- > > (Updated Feb. 11, 2017, 12:44 a.m.) > > > Review request for mesos, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone. > > > Bugs: MESOS-7004 > https://issues.apache.org/jira/browse/MESOS-7004 > > > Repository: mesos > > > Description > ------- > > This patch updates the `AuthenticatorManager` to allow > multiple authenticators to be set for a single realm. > > > Diffs > ----- > > 3rdparty/libprocess/src/authenticator_manager.cpp a22acd026a001788dc39b8005a56577e33c6800b > > > Diff: https://reviews.apache.org/r/56474/diff/2/ > > > Testing > ------- > > Testing information can be found in the subsequent patch in this chain. > > > Thanks, > > Greg Mann > >
Mime	Unnamed multipart/alternative (inline, None, 0 bytes) Unnamed text/plain (inline, 7-Bit, 3169 bytes)
	View raw message