Re: Review Request 18381: Added authentication support for slaves.

Mon, 10 Mar 2014 11:20:13 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/18381/
-----------------------------------------------------------

(Updated March 10, 2014, 11:19 a.m.)


Review request for mesos and Vinod Kone.


Changes
-------

Updated in response to more of Vinod's feedback.
+ Removed --authenticate_frameworks in favor of keeping --authenticate and 
adding a TODO.
+ Merged frameworks/slaves into common 
authenticating/authenticated/authenticators collections, removed duplicate code.
+ Moved credentials file reading/parsing into sasl/common.hpp.
+ Fixed authenticatee.hpp refactoring with 'inline'.

Remaining issues:
- Move deactivate(Slave) changes into a new review; make this one dependent on 
that.
- File new JIRAs for doxygen and new authentication bug.


Bugs: MESOS-804
    https://issues.apache.org/jira/browse/MESOS-804


Repository: mesos-git


Description
-------

Added authentication support for slaves.
Fixes MESOS-804.

Open Issues:
- Should AuthenticateMessage be replaced with AuthenticateFrameworkMessage, or 
specify an Authenticatee type as coded here?
- removeSlave vs. deactivate(Slave): Some uses of removeSlave might benefit 
from just deactivating if checkpointing is enabled.
- We currently deactivate a registered slave/framework when a new authenticate 
message comes in, even if the new authentication message is a failure/fake. 
Will file a new JIRA for this security hole.
- When multiple entries for the same principal exist in the credentials file, 
only the last entry is used. Acceptable behavior, but shouldn't this be 
documented?


Diffs (updated)
-----

  src/master/flags.hpp 159b2de 
  src/master/master.hpp 49a3e15 
  src/master/master.cpp f7ba9aa 
  src/messages/messages.proto c26a3d0 
  src/sasl/authenticatee.hpp 42a4eba 
  src/sasl/common.hpp PRE-CREATION 
  src/sched/sched.cpp 00f6307 
  src/slave/flags.hpp e4d98a5 
  src/slave/slave.hpp 01b80df 
  src/slave/slave.cpp b350df4 
  src/tests/authentication_tests.cpp 127c5e6 
  src/tests/cluster.hpp d1bf680 
  src/tests/mesos.cpp 96adeac 
  src/tests/sasl_tests.cpp 945426d 
  src/tests/slave_recovery_tests.cpp 40a9599 

Diff: https://reviews.apache.org/r/18381/diff/


Testing
-------

make check; manually tested flatfile slave authentication success/failure.
Added new slave authentication unit tests in authentication_tests.cpp.


Thanks,

Adam B

Reply via email to