> On March 10, 2016, 8:45 a.m., Adam B wrote: > > src/slave/slave.cpp, line 372 > > <https://reviews.apache.org/r/44515/diff/2/?file=1293631#file1293631line372> > > > > So we only load the authenticators and even allow authentication if > > --authenticate_http is set? My understanding is that > > --authenticate_http=false means that both authenticated and unauthenticated > > requests will be allowed, but --authenticate_http=true means that we > > /require/ all requests to be authenticated. That's what the flag help seems > > to imply. > > Maybe that behavior's only really true for authenticate_frameworks and > > authenticate_slaves
You're correct, if authenticate_http == false, we accept both unauthenticated requests as well as requests that attempt to authenticate. If no authenticator has been installed, the requests for authentication-enabled endpoints are simply forwarded to their handlers, regardless of the presence of authentication headers in the request. > On March 10, 2016, 8:45 a.m., Adam B wrote: > > src/tests/mesos.cpp, lines 182-184 > > <https://reviews.apache.org/r/44515/diff/2/?file=1293632#file1293632line182> > > > > Any reason you can't reuse the previous `path` and `fd` variables? We could do that; reusing the variables does improve efficiency, but also reduces readability. Especially in tests, I would consider readability to be the priority, so I decided to declare new variables for these. I've received feedback in the past to declare new variables in similar situations, but I would be interested to hear if you prefer reuse here. > On March 10, 2016, 8:45 a.m., Adam B wrote: > > src/slave/flags.cpp, line 684 > > <https://reviews.apache.org/r/44515/diff/2/?file=1293630#file1293630line684> > > > > I wonder if/when we'll ever deprecate one of these formats. > > https://issues.apache.org/jira/browse/MESOS-2281 Ah yea; looks like one will be deprecated soon. - Greg ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/44515/#review122892 ----------------------------------------------------------- On March 9, 2016, 8:47 p.m., Greg Mann wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/44515/ > ----------------------------------------------------------- > > (Updated March 9, 2016, 8:47 p.m.) > > > Review request for mesos, Adam B, Alexander Rojas, and Till Toenshoff. > > > Bugs: MESOS-4849 > https://issues.apache.org/jira/browse/MESOS-4849 > > > Repository: mesos > > > Description > ------- > > Added agent flags for HTTP authentication. > > Three command-line flags have been added to the agent to enable HTTP > authentication: `--authenticate_http`, `--http_credentials`, and > `--http_authenticators`. > > > Diffs > ----- > > src/slave/constants.hpp bcbb1401aa8f9f04c4f9256bb4f560e18d8994e0 > src/slave/constants.cpp 0f0d8e4b079d136d250f83cfc768de8c98b8bee2 > src/slave/flags.hpp feb095da4521f678c96f4cc53bdfda262d350388 > src/slave/flags.cpp eb470154f30634b3db439be1c122ff93d3147afe > src/slave/slave.cpp 840534ff0687e82ed063c386e36bbabada230697 > src/tests/mesos.cpp 577072136415191334c74b69a1c0b7eed8e77e8b > > Diff: https://reviews.apache.org/r/44515/diff/ > > > Testing > ------- > > `sudo make check` was used to test on both OSX and Ubuntu 14.04. > > > Thanks, > > Greg Mann > >
