subject:"Re\: Review Request 46115\: Added AuthN for HTTP based frameworks."

Re: Review Request 46115: Added AuthN for HTTP based frameworks.

2016-04-15 Thread Anand Mazumdar


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46115/
---

(Updated April 15, 2016, 6:07 p.m.)


Review request for mesos, Greg Mann and Vinod Kone.


Changes
---

Made the log message consistent with driver based framework


Bugs: MESOS-3923
https://issues.apache.org/jira/browse/MESOS-3923


Repository: mesos


Description
---

This change adds AuthN support for HTTP based frameworks.

We allow AuthZ without AuthN for `/scheduler` endpoint. Also,
we ensure that `FrameworkInfo.principal` (if present) equals
the authenticated principal. We also allow a framework to
omit specifying the `FrameworkInfo.principal` in case
it is not interested in authorization or if it is disabled.
We do log a warning for this cases similar to what driver
based frameworks already do.


Diffs (updated)
-

  src/master/http.cpp b8a83b58b60416f61610cad16fc6f70028a5ee10 
  src/master/master.hpp 1f480f03900a0dc2996c2ed3a9534dfa8036940f 
  src/master/master.cpp 781402c04fded159183e1ca28894e48355200f0c 
  src/master/validation.hpp d1f2323172cbf3bb052942a119b8531f9ccad48d 
  src/master/validation.cpp 13423436a4e6361fde6fa75133eebf5c02c8381f 

Diff: https://reviews.apache.org/r/46115/diff/


Testing
---

make check. Enabled AuthN for all the tests later in the chain.


Thanks,

Anand Mazumdar

Re: Review Request 46115: Added AuthN for HTTP based frameworks.

2016-04-15 Thread Vinod Kone


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46115/#review129051
---


Fix it, then Ship it!





src/master/http.cpp (lines 437 - 439)


Update this warning message per my comment in the other review.


- Vinod Kone


On April 14, 2016, 5:46 p.m., Anand Mazumdar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46115/
> ---
> 
> (Updated April 14, 2016, 5:46 p.m.)
> 
> 
> Review request for mesos, Greg Mann and Vinod Kone.
> 
> 
> Bugs: MESOS-3923
> https://issues.apache.org/jira/browse/MESOS-3923
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> This change adds AuthN support for HTTP based frameworks.
> 
> We allow AuthZ without AuthN for `/scheduler` endpoint. Also,
> we ensure that `FrameworkInfo.principal` (if present) equals
> the authenticated principal. We also allow a framework to
> omit specifying the `FrameworkInfo.principal` in case
> it is not interested in authorization or if it is disabled.
> We do log a warning for this cases similar to what driver
> based frameworks already do.
> 
> 
> Diffs
> -
> 
>   src/master/http.cpp b8a83b58b60416f61610cad16fc6f70028a5ee10 
>   src/master/master.hpp 1f480f03900a0dc2996c2ed3a9534dfa8036940f 
>   src/master/master.cpp 781402c04fded159183e1ca28894e48355200f0c 
>   src/master/validation.hpp d1f2323172cbf3bb052942a119b8531f9ccad48d 
>   src/master/validation.cpp 13423436a4e6361fde6fa75133eebf5c02c8381f 
> 
> Diff: https://reviews.apache.org/r/46115/diff/
> 
> 
> Testing
> ---
> 
> make check. Enabled AuthN for all the tests later in the chain.
> 
> 
> Thanks,
> 
> Anand Mazumdar
> 
>

Re: Review Request 46115: Added AuthN for HTTP based frameworks.

2016-04-14 Thread Anand Mazumdar



> On April 14, 2016, 5:10 p.m., Greg Mann wrote:
> > src/master/validation.hpp, line 47
> > 
> >
> > Do we really want to have a default value for an argument to a 
> > validation function? It makes me a bit uneasy; if the caller wants a `Call` 
> > message to be validated, shouldn't we require them to provide the exact 
> > data to validated, without making assumptions for them?

Unfortunately, this method is also used by the validation function in `receive` 
of master: 
https://github.com/apache/mesos/blob/master/src/master/master.cpp#L1952 by 
driver based frameworks.


> On April 14, 2016, 5:10 p.m., Greg Mann wrote:
> > src/master/validation.cpp, lines 79-81
> > 
> >
> > What about: `if (principal.isSome() && frameworkInfo.has_principal() && 
> > principal != frameworkInfo.principal())`?

My bad, the previous version had two `if` statements. But, I ended up moving 
one but forgot to clean this up.


- Anand


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46115/#review128914
---


On April 14, 2016, 5:46 p.m., Anand Mazumdar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46115/
> ---
> 
> (Updated April 14, 2016, 5:46 p.m.)
> 
> 
> Review request for mesos, Greg Mann and Vinod Kone.
> 
> 
> Bugs: MESOS-3923
> https://issues.apache.org/jira/browse/MESOS-3923
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> This change adds AuthN support for HTTP based frameworks.
> 
> We allow AuthZ without AuthN for `/scheduler` endpoint. Also,
> we ensure that `FrameworkInfo.principal` (if present) equals
> the authenticated principal. We also allow a framework to
> omit specifying the `FrameworkInfo.principal` in case
> it is not interested in authorization or if it is disabled.
> We do log a warning for this cases similar to what driver
> based frameworks already do.
> 
> 
> Diffs
> -
> 
>   src/master/http.cpp b8a83b58b60416f61610cad16fc6f70028a5ee10 
>   src/master/master.hpp 1f480f03900a0dc2996c2ed3a9534dfa8036940f 
>   src/master/master.cpp 781402c04fded159183e1ca28894e48355200f0c 
>   src/master/validation.hpp d1f2323172cbf3bb052942a119b8531f9ccad48d 
>   src/master/validation.cpp 13423436a4e6361fde6fa75133eebf5c02c8381f 
> 
> Diff: https://reviews.apache.org/r/46115/diff/
> 
> 
> Testing
> ---
> 
> make check. Enabled AuthN for all the tests later in the chain.
> 
> 
> Thanks,
> 
> Anand Mazumdar
> 
>

Re: Review Request 46115: Added AuthN for HTTP based frameworks.

2016-04-14 Thread Anand Mazumdar


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46115/
---

(Updated April 14, 2016, 5:46 p.m.)


Review request for mesos, Greg Mann and Vinod Kone.


Changes
---

Review comments from Greg


Bugs: MESOS-3923
https://issues.apache.org/jira/browse/MESOS-3923


Repository: mesos


Description
---

This change adds AuthN support for HTTP based frameworks.

We allow AuthZ without AuthN for `/scheduler` endpoint. Also,
we ensure that `FrameworkInfo.principal` (if present) equals
the authenticated principal. We also allow a framework to
omit specifying the `FrameworkInfo.principal` in case
it is not interested in authorization or if it is disabled.
We do log a warning for this cases similar to what driver
based frameworks already do.


Diffs (updated)
-

  src/master/http.cpp b8a83b58b60416f61610cad16fc6f70028a5ee10 
  src/master/master.hpp 1f480f03900a0dc2996c2ed3a9534dfa8036940f 
  src/master/master.cpp 781402c04fded159183e1ca28894e48355200f0c 
  src/master/validation.hpp d1f2323172cbf3bb052942a119b8531f9ccad48d 
  src/master/validation.cpp 13423436a4e6361fde6fa75133eebf5c02c8381f 

Diff: https://reviews.apache.org/r/46115/diff/


Testing
---

make check. Enabled AuthN for all the tests later in the chain.


Thanks,

Anand Mazumdar

Re: Review Request 46115: Added AuthN for HTTP based frameworks.

2016-04-14 Thread Greg Mann


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46115/#review128914
---



Looks good! A couple small things below.


src/master/http.cpp (lines 431 - 436)


What about instead:

`if (principal.isSome() && 
!call.subscribe().framework_info().has_principal())`?



src/master/validation.hpp (line 47)


Do we really want to have a default value for an argument to a validation 
function? It makes me a bit uneasy; if the caller wants a `Call` message to be 
validated, shouldn't we require them to provide the exact data to validated, 
without making assumptions for them?



src/master/validation.cpp (lines 79 - 81)


What about: `if (principal.isSome() && frameworkInfo.has_principal() && 
principal != frameworkInfo.principal())`?


- Greg Mann


On April 14, 2016, 3:35 p.m., Anand Mazumdar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46115/
> ---
> 
> (Updated April 14, 2016, 3:35 p.m.)
> 
> 
> Review request for mesos, Greg Mann and Vinod Kone.
> 
> 
> Bugs: MESOS-3923
> https://issues.apache.org/jira/browse/MESOS-3923
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> This change adds AuthN support for HTTP based frameworks.
> 
> We allow AuthZ without AuthN for `/scheduler` endpoint. Also,
> we ensure that `FrameworkInfo.principal` (if present) equals
> the authenticated principal. We also allow a framework to
> omit specifying the `FrameworkInfo.principal` in case
> it is not interested in authorization or if it is disabled.
> We do log a warning for this cases similar to what driver
> based frameworks already do.
> 
> 
> Diffs
> -
> 
>   src/master/http.cpp b8a83b58b60416f61610cad16fc6f70028a5ee10 
>   src/master/master.hpp 1f480f03900a0dc2996c2ed3a9534dfa8036940f 
>   src/master/master.cpp 781402c04fded159183e1ca28894e48355200f0c 
>   src/master/validation.hpp d1f2323172cbf3bb052942a119b8531f9ccad48d 
>   src/master/validation.cpp 13423436a4e6361fde6fa75133eebf5c02c8381f 
> 
> Diff: https://reviews.apache.org/r/46115/diff/
> 
> 
> Testing
> ---
> 
> make check. Enabled AuthN for all the tests later in the chain.
> 
> 
> Thanks,
> 
> Anand Mazumdar
> 
>

Re: Review Request 46115: Added AuthN for HTTP based frameworks.

2016-04-14 Thread Anand Mazumdar


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46115/
---

(Updated April 14, 2016, 3:35 p.m.)


Review request for mesos, Greg Mann and Vinod Kone.


Changes
---

Review comments from Vinod


Bugs: MESOS-3923
https://issues.apache.org/jira/browse/MESOS-3923


Repository: mesos


Description
---

This change adds AuthN support for HTTP based frameworks.

We allow AuthZ without AuthN for `/scheduler` endpoint. Also,
we ensure that `FrameworkInfo.principal` (if present) equals
the authenticated principal. We also allow a framework to
omit specifying the `FrameworkInfo.principal` in case
it is not interested in authorization or if it is disabled.
We do log a warning for this cases similar to what driver
based frameworks already do.


Diffs (updated)
-

  src/master/http.cpp b8a83b58b60416f61610cad16fc6f70028a5ee10 
  src/master/master.hpp 1f480f03900a0dc2996c2ed3a9534dfa8036940f 
  src/master/master.cpp 781402c04fded159183e1ca28894e48355200f0c 
  src/master/validation.hpp d1f2323172cbf3bb052942a119b8531f9ccad48d 
  src/master/validation.cpp 13423436a4e6361fde6fa75133eebf5c02c8381f 

Diff: https://reviews.apache.org/r/46115/diff/


Testing
---

make check. Enabled AuthN for all the tests later in the chain.


Thanks,

Anand Mazumdar

Re: Review Request 46115: Added AuthN for HTTP based frameworks.

2016-04-13 Thread Vinod Kone


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46115/#review128731
---




src/master/master.cpp (line 850)


As discussed lets have a different REALM for http frameworks.



src/master/validation.cpp (lines 80 - 81)


After master sets FrameworkInfo.principal to the authenticating principal, 
please update this comment.


- Vinod Kone


On April 12, 2016, 10:26 p.m., Anand Mazumdar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46115/
> ---
> 
> (Updated April 12, 2016, 10:26 p.m.)
> 
> 
> Review request for mesos, Greg Mann and Vinod Kone.
> 
> 
> Bugs: MESOS-3923
> https://issues.apache.org/jira/browse/MESOS-3923
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> This change adds AuthN support for HTTP based frameworks.
> 
> We allow AuthZ without AuthN for `/scheduler` endpoint. Also,
> we ensure that `FrameworkInfo.principal` (if present) equals
> the authenticated principal. We also allow a framework to
> omit specifying the `FrameworkInfo.principal` in case
> it is not interested in authorization or if it is disabled.
> We do log a warning for this cases similar to what driver
> based frameworks already do.
> 
> 
> Diffs
> -
> 
>   src/master/http.cpp b8a83b58b60416f61610cad16fc6f70028a5ee10 
>   src/master/master.hpp 1f480f03900a0dc2996c2ed3a9534dfa8036940f 
>   src/master/master.cpp 781402c04fded159183e1ca28894e48355200f0c 
>   src/master/validation.hpp d1f2323172cbf3bb052942a119b8531f9ccad48d 
>   src/master/validation.cpp 13423436a4e6361fde6fa75133eebf5c02c8381f 
> 
> Diff: https://reviews.apache.org/r/46115/diff/
> 
> 
> Testing
> ---
> 
> make check. Enabled AuthN for all the tests later in the chain.
> 
> 
> Thanks,
> 
> Anand Mazumdar
> 
>

Re: Review Request 46115: Added AuthN for HTTP based frameworks.

Re: Review Request 46115: Added AuthN for HTTP based frameworks.

Re: Review Request 46115: Added AuthN for HTTP based frameworks.

Re: Review Request 46115: Added AuthN for HTTP based frameworks.

Re: Review Request 46115: Added AuthN for HTTP based frameworks.

Re: Review Request 46115: Added AuthN for HTTP based frameworks.

Re: Review Request 46115: Added AuthN for HTTP based frameworks.

7 matches

Site Navigation

Mail list logo

Footer information