> On March 28, 2016, 11:46 p.m., Bill Farner wrote:
> > examples/vagrant/announcer-auth.json, line 11
> > <https://reviews.apache.org/r/45042/diff/5/?file=1317202#file1317202line11>
> >
> >     I now have to backpedal on my advice to store the encrypted credentials 
> > here.  Since our hand is forced to store plaintext for the auth section, we 
> > might as well make this part plaintext too.  That leaves us with the burden 
> > of handling the digest step, but that shouldn't be too bad.
> 
> Kunal Thakar wrote:
>     I'd prefer to keep the burden on the configuration provider to keep it 
> simple.
> 
> Bill Farner wrote:
>     I'm still a -1 to that, but willing to be out-voted by Zameer.
>     
>     In my opinion, requiring the user to configure the same data (passwords) 
> in 2 different ways (encrypted and plaintext) introduces unnecessary burden 
> and a class of misconfiguration that mere mortals should not be subjected to 
> :-)

Okay. I have special cased 'digest' scheme to generate the credential.


- Kunal


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45042/#review125773
-----------------------------------------------------------


On March 30, 2016, 12:17 a.m., Kunal Thakar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45042/
> -----------------------------------------------------------
> 
> (Updated March 30, 2016, 12:17 a.m.)
> 
> 
> Review request for Aurora, Bill Farner and Zameer Manji.
> 
> 
> Repository: aurora
> 
> 
> Description
> -------
> 
> Add ACL support for announcer
> https://issues.apache.org/jira/browse/AURORA-1643
> 
> Adding support for service discovery ZK authentication. ZK authentication 
> secrets should be stored in a file as json (as follows):
> (Updated JSON format for config file)
> ```json
> {
>   "auth": [
>     {
>       "scheme": "<scheme>",
>       "credential": "<plain_credential>"
>     }
>   ],
>   "acls": [
>     {
>       "scheme": "<scheme>",
>       "credential": "<encrypted_credential>",
>       "permissions": {
>         "read": <bool>,
>         "write": <bool>,
>         "create": <bool>,
>         "delete": <bool>,
>         "admin": <bool>,
>         "all": <bool>
>       }
>     }
>   ]
> }
> ```
> 
> 
> Diffs
> -----
> 
>   RELEASE-NOTES.md 34f28a165aae4ae24fa95ef19b4972e088fd63a0 
>   docs/operations/security.md 1a3d9b7e7ba4ec1952dc886d5fbeb6b85d994fb9 
>   examples/vagrant/announcer-auth.json PRE-CREATION 
>   examples/vagrant/upstart/aurora-scheduler.conf 
> 120b89a1dc10a259940cb9527eb2517f19d04471 
>   src/main/python/apache/aurora/executor/bin/thermos_executor_main.py 
> 6634506108c346f8c23b2da7cc8d20d09d07d590 
>   src/main/python/apache/aurora/executor/common/announcer.py 
> 79a9cfb6ac3a8444f09fb3658e6e859e06941ba4 
>   src/main/python/apache/aurora/executor/common/announcer_zkauth_schema.py 
> PRE-CREATION 
>   
> src/test/python/apache/aurora/executor/bin/test_thermos_executor_entry_point.py
>  e9f7851292aef3a36da5da9b0fc333a7e7750cf3 
>   src/test/python/apache/aurora/executor/common/test_announcer.py 
> 142b58d5e577c9f4b8e2ae8473cffdea94eba21f 
>   src/test/sh/org/apache/aurora/e2e/validate_serverset.py 
> fca1137bd2e7b1306a03dc2a54d2ef15b59af6a8 
> 
> Diff: https://reviews.apache.org/r/45042/diff/
> 
> 
> Testing
> -------
> 
> /vagrant/src/test/sh/org/apache/aurora/e2e/test_announcer_auth_end_to_end.sh
> /vagrant/src/test/sh/org/apache/aurora/e2e/test_end_to_end.sh
> 
> 
> Thanks,
> 
> Kunal Thakar
> 
>

Reply via email to