[GitHub] spark pull request: [SPARK-6284][MESOS] Add mesos role, principal ...

Mon, 06 Jul 2015 17:59:42 -0700 

Github user adam-mesos commented on a diff in the pull request:

    https://github.com/apache/spark/pull/4960#discussion_r33999677
  
    --- Diff: 
core/src/main/scala/org/apache/spark/scheduler/cluster/mesos/MesosSchedulerUtils.scala
 ---
    @@ -38,14 +41,51 @@ private[mesos] trait MesosSchedulerUtils extends 
Logging {
       // Driver for talking to Mesos
       protected var mesosDriver: MesosSchedulerDriver = null
     
    +  protected def createSchedulerDriver(
    +      masterUrl: String,
    +      scheduler: Scheduler,
    +      sparkUser: String,
    +      appName: String,
    +      conf: SparkConf,
    +      webuiUrl: Option[String] = None,
    +      checkpoint: Option[Boolean] = None,
    +      failoverTimeout: Option[Double] = None,
    +      frameworkId: Option[String] = None): MesosSchedulerDriver = {
    +    val fwInfoBuilder = 
FrameworkInfo.newBuilder().setUser(sparkUser).setName(appName)
    +    val credBuilder = Credential.newBuilder()
    +    webuiUrl.foreach { url => fwInfoBuilder.setWebuiUrl(url) }
    +    checkpoint.foreach { checkpoint => 
fwInfoBuilder.setCheckpoint(checkpoint) }
    +    failoverTimeout.foreach { timeout => 
fwInfoBuilder.setFailoverTimeout(timeout) }
    +    frameworkId.foreach { id =>
    +      fwInfoBuilder.setId(FrameworkID.newBuilder().setValue(id).build())
    +    }
    +    conf.getOption("spark.mesos.principal").foreach { principal =>
    +      fwInfoBuilder.setPrincipal(principal)
    +      credBuilder.setPrincipal(principal)
    +    }
    +    conf.getOption("spark.mesos.secret").foreach { secret =>
    +      credBuilder.setSecret(ByteString.copyFromUtf8(secret))
    +    }
    +    if (credBuilder.hasSecret && !fwInfoBuilder.hasPrincipal) {
    --- End diff --
    
    Imagine a ticket-based authentication mechanism, like Kerberos, where the 
principal is specified, and then the authenticator and authenticatee 
communicate out-of-band with the ticket-granting server to verify the 
authenticatee's identity. In cases like this, it is up to the authenticator to 
decide which authn mechanisms are allowed, which principals are granted which 
permissions, and therefore who is allowed to authenticate as what principal and 
how.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to