> On March 14, 2016, 9:38 a.m., Adam B wrote:
> > src/authentication/http/basic_authenticator_factory.cpp, lines 63-64
> > <https://reviews.apache.org/r/44678/diff/3/?file=1296983#file1296983line63>
> >
> >     Seems like you're changing the meaning of the parameters in 
> > `BasicAuthenticatorFactory::create(Parameters)`. Before, `Parameters` was 
> > just a convenient protobuf for username/password key-value pairs. Now, 
> > you're interpreting the keys as module parameter names. Are you actually 
> > introducing a new "authentication_realm" module parameter to the 
> > Authenticator module interface?
> >     Why not just use `BasicAuthenticatorFactory::create(const string realm, 
> > const Parameters& parameters)`?
> 
> Greg Mann wrote:
>     One could certainly use the other overloads of `create` to specify a 
> realm, but if we don't provide a way to include the realm in the 
> `Parameters`, then we still need a default realm for this version of 
> `create`, and I was trying to eliminate the default realm from this file. 
> AFAICT, there isn't a well-defined interface for the HTTP authenticator 
> modules, with respect to their input parameters. I didn't find mention of it 
> in the [design 
> doc](https://docs.google.com/document/d/1kM3_f7DSqXcE2MuERrLTGp_XMC6ss2wmpkNYDCY5rOM/edit#heading=h.bbxx6wwg3tpe),
>  or in related JIRAs. I was working under the assumption that the structure 
> of the input parameters for any given HTTP authN module is defined 
> arbitrarily by the module's implementation, but perhaps that's not the case?

Per our recent discussion, I'm going to drop this one. Since we need to provide 
a constructor that accepts `Parameters` to comply with the authorizer module 
interface, this change seems necessary.


- Greg


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44678/#review123389
-----------------------------------------------------------


On March 17, 2016, 7:39 p.m., Greg Mann wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44678/
> -----------------------------------------------------------
> 
> (Updated March 17, 2016, 7:39 p.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rojas, Joerg Schad, and Till 
> Toenshoff.
> 
> 
> Bugs: MESOS-4850
>     https://issues.apache.org/jira/browse/MESOS-4850
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Modified basic HTTP authenticator creator to accept realm.
> 
> To accommodate different authentication realms for the master and agent, the 
> default basic HTTP authenticator needs to accept its authentication realm as 
> a parameter. This patch adds this parameter and modifies the HTTP 
> authentication tests to validate it appropriately. A new test was also added: 
> `HttpAuthenticationTest.BasicWithoutRealm`.
> 
> 
> Diffs
> -----
> 
>   include/mesos/authentication/http/basic_authenticator_factory.hpp 
> c11bb47c8e02f2e8645cf387d18eb64d1c8cb604 
>   src/authentication/http/basic_authenticator_factory.cpp 
> 62f851685db3b42c52bbcb7cff3e4f4703004ed7 
>   src/examples/test_http_authenticator_module.cpp 
> 459b7046bd76d3043d2484a2dd30c10d7deaedd4 
>   src/master/master.cpp e6290ea686ccf17813d6faeaf2f2012f79cf3b7f 
>   src/tests/http_authentication_tests.cpp 
> cf2bb762272fa38e04e5c26aef2858300bbd0459 
> 
> Diff: https://reviews.apache.org/r/44678/diff/
> 
> 
> Testing
> -------
> 
> HTTP authentication tests were updated to pass the authentication realm to 
> the basic HTTP authenticator, and to adhere to the new credentials format in 
> the module parameters. A new test was also added: 
> `HttpAuthenticationTest.BasicWithoutRealm`
> 
> `make check` was used to test on both OSX and CentOS 7.
> 
> 
> Thanks,
> 
> Greg Mann
> 
>

Reply via email to