mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Greg Mann (JIRA)" <j...@apache.org>
Subject [jira] [Created] (MESOS-4902) Add authentication to agent endpoints /files, /profiler, and /logging
Date Wed, 09 Mar 2016 18:49:40 GMT
Greg Mann created MESOS-4902:
--------------------------------

             Summary: Add authentication to agent endpoints /files, /profiler, and /logging
                 Key: MESOS-4902
                 URL: https://issues.apache.org/jira/browse/MESOS-4902
             Project: Mesos
          Issue Type: Improvement
          Components: HTTP API
            Reporter: Greg Mann


Adding HTTP authentication to these endpoints is a bit more complicated than is the case for
the existing authenticated endpoints. {{/profiler}} and {{/logging}} endpoints are defined
at the libprocess level, while {{/files}} is defined in code that is shared by the master
and agent.

While working on MESOS-4850, it became apparent that since our tests use the same instance
of libprocess for both master and agent, different default authentication realms must be used
for master/agent so that HTTP authentication can be independently enabled/disabled for each.

We should establish a mechanism for making an endpoint authenticated that allows us to:
1) Install an endpoint like {{/files}} with different authentication realms for the master
and agent
2) Avoid hard-coding a default authentication realm into libprocess, again to permit the use
of different authentication realms for the master and agent

Another option would be to use a single default authentication realm and always enable or
disable HTTP authentication for *both* the master and agent in tests. However, this wouldn't
allow us to test scenarios where HTTP authentication is enabled on one but disabled on the
other.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message