mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Greg Mann (JIRA)" <>
Subject [jira] [Created] (MESOS-4902) Add authentication to agent endpoints /files, /profiler, and /logging
Date Wed, 09 Mar 2016 18:49:40 GMT
Greg Mann created MESOS-4902:

             Summary: Add authentication to agent endpoints /files, /profiler, and /logging
                 Key: MESOS-4902
             Project: Mesos
          Issue Type: Improvement
          Components: HTTP API
            Reporter: Greg Mann

Adding HTTP authentication to these endpoints is a bit more complicated than is the case for
the existing authenticated endpoints. {{/profiler}} and {{/logging}} endpoints are defined
at the libprocess level, while {{/files}} is defined in code that is shared by the master
and agent.

While working on MESOS-4850, it became apparent that since our tests use the same instance
of libprocess for both master and agent, different default authentication realms must be used
for master/agent so that HTTP authentication can be independently enabled/disabled for each.

We should establish a mechanism for making an endpoint authenticated that allows us to:
1) Install an endpoint like {{/files}} with different authentication realms for the master
and agent
2) Avoid hard-coding a default authentication realm into libprocess, again to permit the use
of different authentication realms for the master and agent

Another option would be to use a single default authentication realm and always enable or
disable HTTP authentication for *both* the master and agent in tests. However, this wouldn't
allow us to test scenarios where HTTP authentication is enabled on one but disabled on the

This message was sent by Atlassian JIRA

View raw message