mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Rojas <alexan...@mesosphere.io>
Subject Re: Review Request 56474: Added support for multiple authenticators to libprocess.
Date Mon, 13 Feb 2017 15:01:28 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56474/#review165328
-----------------------------------------------------------



So now I remembered why originally it didn't support multiple authenticators. In my original
design I favored composition of authenticators, in facto, I think one of the first iteration
of the patches included an `AndAuthenticator` and an `OrAuthenticator`. Just consider that
instead of implementing this inside libprocess, Mesos implement a combiner authenticator which
works more or less like this:

```c++
class CombinedAuthenticator : public Authenticator
{
public:
  CombinedAuthenticator(const std::string &realm, const std::vector<Authenticator*>
&authenticators);

  virtual Future<AuthenticationResult> authenticate(const Request& request) override;

private:
  std::vector<Owned<Authenticator>> authenticators_;
  std::string realm_;
};

CombinedAuthenticator::CombinedAuthenticator(const std::string &realm, const std::vector<Authenticator*>
&authenticators)
  : authenticators_(), realm_(realm)
{
  for (const Authenticator* authenticator, authenticators) {
    authenticators_.push_back(Owned<Authenticator>(authenticator));
  }
}

Future<AuthenticationResult> CombinedAuthenticator::authenticate(const Request&
request)
{
  // ... The code inside AuthenticatorManagerProcess::authenticate()
}
```

I personally would prefer this approach since it keeps the separation of [mechanism and policy](https://en.wikipedia.org/wiki/Separation_of_mechanism_and_policy),
leaving users of libprocess to decide exactly how to perform authentication while the library
itself only cares about a single interface.

This is however just a peek in the considerations I had when I designed the multiple authenticators
problem and I would suggest to only giving it a thought.

- Alexander Rojas


On Feb. 11, 2017, 1:44 a.m., Greg Mann wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56474/
> -----------------------------------------------------------
> 
> (Updated Feb. 11, 2017, 1:44 a.m.)
> 
> 
> Review request for mesos, Alexander Rojas, Jan Schlicht, Till Toenshoff, and Vinod Kone.
> 
> 
> Bugs: MESOS-7004
>     https://issues.apache.org/jira/browse/MESOS-7004
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This patch updates the `AuthenticatorManager` to allow
> multiple authenticators to be set for a single realm.
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/src/authenticator_manager.cpp a22acd026a001788dc39b8005a56577e33c6800b

> 
> Diff: https://reviews.apache.org/r/56474/diff/
> 
> 
> Testing
> -------
> 
> Testing information can be found in the subsequent patch in this chain.
> 
> 
> Thanks,
> 
> Greg Mann
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message