aurora-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill Farner <wfar...@apache.org>
Subject Re: Review Request 45042: Add ACL support for announcer
Date Wed, 30 Mar 2016 01:56:48 GMT


> On March 28, 2016, 4:46 p.m., Bill Farner wrote:
> > examples/vagrant/announcer-auth.json, line 11
> > <https://reviews.apache.org/r/45042/diff/5/?file=1317202#file1317202line11>
> >
> >     I now have to backpedal on my advice to store the encrypted credentials here.
 Since our hand is forced to store plaintext for the auth section, we might as well make this
part plaintext too.  That leaves us with the burden of handling the digest step, but that
shouldn't be too bad.
> 
> Kunal Thakar wrote:
>     I'd prefer to keep the burden on the configuration provider to keep it simple.

I'm still a -1 to that, but willing to be out-voted by Zameer.

In my opinion, requiring the user to configure the same data (passwords) in 2 different ways
(encrypted and plaintext) introduces unnecessary burden and a class of misconfiguration that
mere mortals should not be subjected to :-)


- Bill


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45042/#review125773
-----------------------------------------------------------


On March 29, 2016, 5:17 p.m., Kunal Thakar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45042/
> -----------------------------------------------------------
> 
> (Updated March 29, 2016, 5:17 p.m.)
> 
> 
> Review request for Aurora, Bill Farner and Zameer Manji.
> 
> 
> Repository: aurora
> 
> 
> Description
> -------
> 
> Add ACL support for announcer
> https://issues.apache.org/jira/browse/AURORA-1643
> 
> Adding support for service discovery ZK authentication. ZK authentication secrets should
be stored in a file as json (as follows):
> (Updated JSON format for config file)
> ```json
> {
>   "auth": [
>     {
>       "scheme": "<scheme>",
>       "credential": "<plain_credential>"
>     }
>   ],
>   "acls": [
>     {
>       "scheme": "<scheme>",
>       "credential": "<encrypted_credential>",
>       "permissions": {
>         "read": <bool>,
>         "write": <bool>,
>         "create": <bool>,
>         "delete": <bool>,
>         "admin": <bool>,
>         "all": <bool>
>       }
>     }
>   ]
> }
> ```
> 
> 
> Diffs
> -----
> 
>   RELEASE-NOTES.md 34f28a165aae4ae24fa95ef19b4972e088fd63a0 
>   docs/operations/security.md 1a3d9b7e7ba4ec1952dc886d5fbeb6b85d994fb9 
>   examples/vagrant/announcer-auth.json PRE-CREATION 
>   examples/vagrant/upstart/aurora-scheduler.conf 120b89a1dc10a259940cb9527eb2517f19d04471

>   src/main/python/apache/aurora/executor/bin/thermos_executor_main.py 6634506108c346f8c23b2da7cc8d20d09d07d590

>   src/main/python/apache/aurora/executor/common/announcer.py 79a9cfb6ac3a8444f09fb3658e6e859e06941ba4

>   src/main/python/apache/aurora/executor/common/announcer_zkauth_schema.py PRE-CREATION

>   src/test/python/apache/aurora/executor/bin/test_thermos_executor_entry_point.py e9f7851292aef3a36da5da9b0fc333a7e7750cf3

>   src/test/python/apache/aurora/executor/common/test_announcer.py 142b58d5e577c9f4b8e2ae8473cffdea94eba21f

>   src/test/sh/org/apache/aurora/e2e/validate_serverset.py fca1137bd2e7b1306a03dc2a54d2ef15b59af6a8

> 
> Diff: https://reviews.apache.org/r/45042/diff/
> 
> 
> Testing
> -------
> 
> /vagrant/src/test/sh/org/apache/aurora/e2e/test_announcer_auth_end_to_end.sh
> /vagrant/src/test/sh/org/apache/aurora/e2e/test_end_to_end.sh
> 
> 
> Thanks,
> 
> Kunal Thakar
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message