mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Mann <g...@mesosphere.io>
Subject Re: Review Request 44515: Added agent flags for HTTP authentication.
Date Thu, 10 Mar 2016 15:20:08 GMT


> On March 10, 2016, 8:45 a.m., Adam B wrote:
> > src/slave/slave.cpp, line 372
> > <https://reviews.apache.org/r/44515/diff/2/?file=1293631#file1293631line372>
> >
> >     So we only load the authenticators and even allow authentication if --authenticate_http
is set? My understanding is that --authenticate_http=false means that both authenticated and
unauthenticated requests will be allowed, but --authenticate_http=true means that we /require/
all requests to be authenticated. That's what the flag help seems to imply.
> >     Maybe that behavior's only really true for authenticate_frameworks and authenticate_slaves

You're correct, if authenticate_http == false, we accept both unauthenticated requests as
well as requests that attempt to authenticate. If no authenticator has been installed, the
requests for authentication-enabled endpoints are simply forwarded to their handlers, regardless
of the presence of authentication headers in the request.


> On March 10, 2016, 8:45 a.m., Adam B wrote:
> > src/tests/mesos.cpp, lines 182-184
> > <https://reviews.apache.org/r/44515/diff/2/?file=1293632#file1293632line182>
> >
> >     Any reason you can't reuse the previous `path` and `fd` variables?

We could do that; reusing the variables does improve efficiency, but also reduces readability.
Especially in tests, I would consider readability to be the priority, so I decided to declare
new variables for these. I've received feedback in the past to declare new variables in similar
situations, but I would be interested to hear if you prefer reuse here.


> On March 10, 2016, 8:45 a.m., Adam B wrote:
> > src/slave/flags.cpp, line 684
> > <https://reviews.apache.org/r/44515/diff/2/?file=1293630#file1293630line684>
> >
> >     I wonder if/when we'll ever deprecate one of these formats.
> >     https://issues.apache.org/jira/browse/MESOS-2281

Ah yea; looks like one will be deprecated soon.


- Greg


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44515/#review122892
-----------------------------------------------------------


On March 9, 2016, 8:47 p.m., Greg Mann wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44515/
> -----------------------------------------------------------
> 
> (Updated March 9, 2016, 8:47 p.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rojas, and Till Toenshoff.
> 
> 
> Bugs: MESOS-4849
>     https://issues.apache.org/jira/browse/MESOS-4849
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Added agent flags for HTTP authentication.
> 
> Three command-line flags have been added to the agent to enable HTTP authentication:
`--authenticate_http`, `--http_credentials`, and `--http_authenticators`.
> 
> 
> Diffs
> -----
> 
>   src/slave/constants.hpp bcbb1401aa8f9f04c4f9256bb4f560e18d8994e0 
>   src/slave/constants.cpp 0f0d8e4b079d136d250f83cfc768de8c98b8bee2 
>   src/slave/flags.hpp feb095da4521f678c96f4cc53bdfda262d350388 
>   src/slave/flags.cpp eb470154f30634b3db439be1c122ff93d3147afe 
>   src/slave/slave.cpp 840534ff0687e82ed063c386e36bbabada230697 
>   src/tests/mesos.cpp 577072136415191334c74b69a1c0b7eed8e77e8b 
> 
> Diff: https://reviews.apache.org/r/44515/diff/
> 
> 
> Testing
> -------
> 
> `sudo make check` was used to test on both OSX and Ubuntu 14.04.
> 
> 
> Thanks,
> 
> Greg Mann
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message