> On April 15, 2016, 12:42 a.m., Vinod Kone wrote:
> > src/master/flags.cpp, line 482
> > <https://reviews.apache.org/r/46211/diff/1/?file=1344538#file1344538line482>
> >
> >     do we need a default here? we needed a default for 
> > `--http_authenticators` for backwards compatibility. since there is no 
> > backwards compatibility concern here, i think we should be ok with no 
> > default? having a default and not loading is a bit weird IMO.
> >     
> >     remove the default and mention in the description  that this flag is 
> > required iff `--authenticate_http_frameworks` is set.

FWIW, I do like the idea of having the default authenticator be `basic` i.e. 
have a default value. It becomes easier to get started with using AuthN. 
Otherwise, they have to first search around for the module JSON string 
documentation, populate the fields etc. to set up the module correctly. Even, 
we need to do it to wire up our test driver. I wonder if it’s worth the hassle 
for operators/framework developers to go through this extra step.

We can explicitly include in the documentation that the module (including 
default) is only loaded when `--authenticate_http_frameworks` is set. 

I updated the review diff based on the above proposal. Let me know what do you 
think?


> On April 15, 2016, 12:42 a.m., Vinod Kone wrote:
> > src/master/constants.hpp, line 132
> > <https://reviews.apache.org/r/46211/diff/1/?file=1344536#file1344536line132>
> >
> >     If and when we add AuthN support for agent <-> executor, what is that 
> > realm going to be? 'mesos-http-framework' or 'mesos-http-executor'? I guess 
> > it has to the latter because we bring up both master and agent in the same 
> > OS process in tests?
> >     
> >     so should this be called mesos-http-scheduler instead? it's kinda 
> > unfortunate that we sometimes equate framework with scheduler and sometimes 
> > with framework and executor.

Sounds good. Also, I don't like the idea of having the protocol name embedded 
in the realm. How about just: "mesos-scheduler"?


- Anand


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46211/#review129044
-----------------------------------------------------------


On April 15, 2016, 4:39 p.m., Anand Mazumdar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46211/
> -----------------------------------------------------------
> 
> (Updated April 15, 2016, 4:39 p.m.)
> 
> 
> Review request for mesos and Vinod Kone.
> 
> 
> Bugs: MESOS-3923
>     https://issues.apache.org/jira/browse/MESOS-3923
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This change introduces two new flags `authenticate_http_frameworks`
> and `http_framework_authenticators` to the master. This allows us
> to selectively turn on/off framework authentication and decouple
> them from authentication for operator endpoints.
> 
> 
> Diffs
> -----
> 
>   src/master/constants.hpp 7c7cc25fcc897dedb28001fbb944d2e50eca4713 
>   src/master/flags.hpp 83bb9088e595b393d610cc65479cb6a35fb31842 
>   src/master/flags.cpp e522499586b731d522180f171731a9dd38b8344c 
>   src/master/master.cpp 781402c04fded159183e1ca28894e48355200f0c 
> 
> Diff: https://reviews.apache.org/r/46211/diff/
> 
> 
> Testing
> -------
> 
> make check
> 
> 
> Thanks,
> 
> Anand Mazumdar
> 
>

Reply via email to