Return-Path: 
 <reviews-return-12412-apmail-aurora-reviews-archive=aurora.apache.org@aurora.apache.org>
X-Original-To: apmail-aurora-reviews-archive@minotaur.apache.org
Delivered-To: apmail-aurora-reviews-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id D81AC18022
	for <apmail-aurora-reviews-archive@minotaur.apache.org>;
 Thu, 17 Dec 2015 22:08:38 +0000 (UTC)
Received: (qmail 95522 invoked by uid 500); 17 Dec 2015 22:08:38 -0000
Delivered-To: apmail-aurora-reviews-archive@aurora.apache.org
Received: (qmail 95468 invoked by uid 500); 17 Dec 2015 22:08:38 -0000
Mailing-List: contact reviews-help@aurora.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:reviews-help@aurora.apache.org>
List-Unsubscribe: <mailto:reviews-unsubscribe@aurora.apache.org>
List-Post: <mailto:reviews@aurora.apache.org>
List-Id: <reviews.aurora.apache.org>
Reply-To: reviews@aurora.apache.org
Delivered-To: mailing list reviews@aurora.apache.org
Received: (qmail 95446 invoked by uid 99); 17 Dec 2015 22:08:38 -0000
Received: from reviews-vm.apache.org (HELO reviews.apache.org) (140.211.11.40)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 17 Dec 2015 22:08:38 +0000
Received: from reviews.apache.org (localhost [127.0.0.1])
	by reviews.apache.org (Postfix) with ESMTP id E77E9294B6B;
	Thu, 17 Dec 2015 22:08:37 +0000 (UTC)
Content-Type: multipart/alternative;
 boundary="===============7472978596727585019=="
MIME-Version: 1.0
Subject: Re: Review Request 41525: Add flag to set FrameworkInfo.principal
From: "Bill Farner" <wfarner@apache.org>
To: "Joshua Cohen" <jcohen@apache.org>, "Bill Farner" <wfarner@apache.org>
Cc: "R.B. Boyer" <arebee@nexusvector.net>,
 "Aurora" <reviews@aurora.apache.org>
Date: Thu, 17 Dec 2015 22:08:37 -0000
Message-ID: <20151217220837.1673.84599@reviews.apache.org>
X-ReviewBoard-URL: https://reviews.apache.org/
Auto-Submitted: auto-generated
Sender: "Bill Farner" <noreply@reviews.apache.org>
X-ReviewGroup: Aurora
X-Auto-Response-Suppress: DR, RN, OOF, AutoReply
X-ReviewRequest-URL: https://reviews.apache.org/r/41525/
X-Sender: "Bill Farner" <noreply@reviews.apache.org>
References: <20151217214810.1673.79252@reviews.apache.org>
In-Reply-To: <20151217214810.1673.79252@reviews.apache.org>
Reply-To: "Bill Farner" <wfarner@apache.org>
X-ReviewRequest-Repository: aurora

--===============7472978596727585019==
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/41525/#review111074
-----------------------------------------------------------


Sorry for the hassle - we had a few patches just land that caused a merge conflict on NEWS.  I tried to step in post the rebased patch.  Despite the fact that i can post a patch, ReviewBoard doesn't give me the UI to hit publish.  Can you check that you're okay with the latest draft and hit publish?

- Bill Farner


On Dec. 17, 2015, 1:48 p.m., R.B. Boyer wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/41525/
> -----------------------------------------------------------
> 
> (Updated Dec. 17, 2015, 1:48 p.m.)
> 
> 
> Review request for Aurora, Joshua Cohen and Bill Farner.
> 
> 
> Bugs: AURORA-687
>     https://issues.apache.org/jira/browse/AURORA-687
> 
> 
> Repository: aurora
> 
> 
> Description
> -------
> 
> Bugs closed: AURORA-687
> 
> Copying the intent from one of the trailing comments:
> 
> """
> There are several situations to consider:
> 
> 1. fresh installs that will not have authN/authZ (may want to add authN/authZ later)
> 2. fresh installs that will begin life with authN/authZ (no problems in the future unless the principal is changed)
> 3. existing installs that have authN (may want to add authZ later)
> 
> The current defaults are friendly for (1) above, where the typical test-driver won't be turning any flavor of Auth on in their mesos cluster. These defaults are good.
> 
> If someone elects to go down (2) above, the defaults you get from -framework_authentication_file are not awesome, as this is where the misstep lies.
> 
> If someone went down (3) above already, and used the -framework_authentication_file non-awesome setting, you also don't want _them_ to break their cluster.
> 
> The bare minimum change to be the least breaking would be to introduce a new setting like -framework_announce_principal or something so that (2) can be happy without breaking (3).
> 
> Similarly to the mesos checkpoint breaking change, you could roll this out as opt-in and then in a future release make it opt-out when setting -framework_authentication_file and announce it as a breaking change in the changelogs for the poor folks in group (3).
> """
> 
> 
> Diffs
> -----
> 
>   NEWS 7a80f32465736de4fbdc7d2c7a3dbf790be31e16 
>   src/main/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModule.java 68aeda1692271841d10e5f29d439806576bd691c 
>   src/test/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModuleTest.java 513391ff82c3e985bf9f673d35414e9245807b4a 
> 
> Diff: https://reviews.apache.org/r/41525/diff/
> 
> 
> Testing
> -------
> 
> Ran normal unit tests.
> 
> Built the patched scheduler and deployed it in an authN+authZ mesos cluster (3 control plane boxes, 2 execution plane boxes) and the framework could actually register with mesos.
> 
> 
> Thanks,
> 
> R.B. Boyer
> 
>


--===============7472978596727585019==--