-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/18381/
-----------------------------------------------------------
(Updated March 4, 2014, 1:37 a.m.)
Review request for mesos and Vinod Kone.
Changes
-------
assigning to myself @vinodkone for shepherding this.
Bugs: MESOS-804
https://issues.apache.org/jira/browse/MESOS-804
Repository: mesos-git
Description
-------
Added authentication support for slaves.
Fixes MESOS-804.
Open Issues:
- Should AuthenticateMessage be replaced with AuthenticateFrameworkMessage, or
specify an Authenticatee type as coded here?
- removeSlave vs. deactivate(Slave): Some uses of removeSlave might benefit
from just deactivating if checkpointing is enabled.
- We currently deactivate a registered slave/framework when a new authenticate
message comes in, even if the new authentication message is a failure/fake.
Will file a new JIRA for this security hole.
- When multiple entries for the same principal exist in the credentials file,
only the last entry is used. Acceptable behavior, but shouldn't this be
documented?
Diffs
-----
src/master/flags.hpp 159b2de
src/master/master.hpp 768dc3d
src/master/master.cpp de40884
src/messages/messages.proto 922a8c4
src/sasl/authenticatee.hpp 42a4eba
src/sched/sched.cpp dcb3158
src/slave/flags.hpp e4d98a5
src/slave/main.cpp 8aba4ed
src/slave/slave.hpp d82d4e9
src/slave/slave.cpp 7ad8232
src/tests/authentication_tests.cpp 127c5e6
src/tests/mesos.cpp 96adeac
src/tests/sasl_tests.cpp 945426d
Diff: https://reviews.apache.org/r/18381/diff/
Testing
-------
make check; manually tested flatfile slave authentication success/failure.
Unit test pending.
Thanks,
Adam B
