mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adam B (JIRA)" <>
Subject [jira] [Updated] (MESOS-4902) Add authentication to agent endpoints /files, /profiler, and /logging
Date Wed, 09 Mar 2016 23:52:40 GMT


Adam B updated MESOS-4902:
    Labels: authentication http mesosphere security  (was: authentication http mesosphere)

> Add authentication to agent endpoints /files, /profiler, and /logging
> ---------------------------------------------------------------------
>                 Key: MESOS-4902
>                 URL:
>             Project: Mesos
>          Issue Type: Improvement
>          Components: HTTP API
>            Reporter: Greg Mann
>              Labels: authentication, http, mesosphere, security
> Adding HTTP authentication to these endpoints is a bit more complicated: {{/profiler}}
and {{/logging}} endpoints are defined at the libprocess level, while {{/files}} is defined
in code that is shared by the master and agent.
> While working on MESOS-4850, it became apparent that since our tests use the same instance
of libprocess for both master and agent, different default authentication realms must be used
for master/agent so that HTTP authentication can be independently enabled/disabled for each.
> We should establish a mechanism for making an endpoint authenticated that allows us to:
> 1) Install an endpoint like {{/files}} with different authentication realms for the master
and agent
> 2) Avoid hard-coding a default authentication realm into libprocess, again to permit
the use of different authentication realms for the master and agent
> Another option would be to use a single default authentication realm and always enable
or disable HTTP authentication for *both* the master and agent in tests. However, this wouldn't
allow us to test scenarios where HTTP authentication is enabled on one but disabled on the

This message was sent by Atlassian JIRA

View raw message