> On June 20, 2016, 8:08 a.m., Alexander Rojas wrote: > > 3rdparty/libprocess/src/process.cpp, line 3337 > > <https://reviews.apache.org/r/48920/diff/2/?file=1423755#file1423755line3337> > > > > As I mentioned in the previous review, one of the reason the original > > code did not write the contents of `authentication.failure()` as the body > > of the response is that you may be bleeding details that you may not want > > to share with a third party trying to access your cluster, but may be > > useful when debugging the failure (for example, the failure message could > > include details of the data base containing the credentials you are trying > > to connect to). > > > > > > Please return instead something like: _Authentication Failed_, _Could > > not connect to authentication service_, etc.
I would love to but we can not consistently do this due to the way the futures fall back to the HTTPProxy in many cases. At that point we dont have any hint about the failure reason anymore, but the message itself. - Till ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/48920/#review138547 ----------------------------------------------------------- On June 20, 2016, 5:49 a.m., Till Toenshoff wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/48920/ > ----------------------------------------------------------- > > (Updated June 20, 2016, 5:49 a.m.) > > > Review request for mesos, Adam B, Alexander Rukletsov, Anand Mazumdar, > Alexander Rojas, Benjamin Mahler, Greg Mann, and Kapil Arya. > > > Bugs: MESOS-5637 > https://issues.apache.org/jira/browse/MESOS-5637 > > > Repository: mesos > > > Description > ------- > > Changes authentication and authorization happening on the libprocess > level to be in line with failures possibly returned by Mesos > authorization as currently implemented by the HTTPProxy::process > function. The HTTP result returned on failures has changed from > InternalServerError (500) towards ServiceNotAvailable (503) and now > contains a message describing the problem. > > > Diffs > ----- > > 3rdparty/libprocess/src/process.cpp > 703f673a98102958c5e2b0c1833efad2ddc53ef8 > > Diff: https://reviews.apache.org/r/48920/diff/ > > > Testing > ------- > > make check (OSX and some Linux distros) & functional testing. > > > Thanks, > > Till Toenshoff > >
