You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by me...@apache.org on 2016/03/25 10:00:50 UTC
mesos git commit: Deprecated the plain text credential format.
Repository: mesos
Updated Branches:
refs/heads/master 3af01d6f8 -> 775c8c183
Deprecated the plain text credential format.
Review: https://reviews.apache.org/r/44846/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/775c8c18
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/775c8c18
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/775c8c18
Branch: refs/heads/master
Commit: 775c8c183c9a77d99c85bf5c4e1c3bb21dece97d
Parents: 3af01d6
Author: Jan Schlicht <ja...@mesosphere.io>
Authored: Thu Mar 24 23:50:03 2016 -0700
Committer: Adam B <ad...@mesosphere.io>
Committed: Thu Mar 24 23:55:32 2016 -0700
----------------------------------------------------------------------
CHANGELOG | 3 +++
docs/authentication.md | 24 ++++++++++++++++++------
docs/configuration.md | 14 ++++----------
docs/upgrades.md | 5 +++++
src/credentials/credentials.hpp | 6 ++++--
src/master/flags.cpp | 13 ++++---------
src/slave/flags.cpp | 7 ++-----
7 files changed, 40 insertions(+), 32 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/775c8c18/CHANGELOG
----------------------------------------------------------------------
diff --git a/CHANGELOG b/CHANGELOG
index e28dbb6..fef0cbf 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -22,6 +22,9 @@ This release contains the following new features:
flexibility around how to clean up tasks and executors.
Deprecations:
+ * [MESOS-2281] - Deprecated the plain text format for credentials in favor of
+ the JSON format.
+
* [MESOS-5001] - The 'allocator/event_queue_dispatches' metric is now
deprecated in favor 'of allocator/mesos/event_queue_dispatches'.
http://git-wip-us.apache.org/repos/asf/mesos/blob/775c8c18/docs/authentication.md
----------------------------------------------------------------------
diff --git a/docs/authentication.md b/docs/authentication.md
index 9f64f65..dfdd28c 100644
--- a/docs/authentication.md
+++ b/docs/authentication.md
@@ -64,9 +64,8 @@ Mesos master and slave processes. For more information, refer to the
The default is `basic` (basic HTTP authentication), but additional modules can
be added using the `--modules` option.
-* `--credentials` - The path to a text file which contains a list (in plaintext
- or JSON format) of accepted credentials. This may be optional depending on
- the authenticator being used.
+* `--credentials` - The path to a text file which contains a list of accepted
+ credentials. This may be optional depending on the authenticator being used.
### Slave
@@ -106,8 +105,18 @@ the `Credential.principal` into `FrameworkInfo.principal` when registering.
1. Create the master's credentials file with the following content:
- principal1 secret1
- principal2 secret2
+ {
+ "credentials" : [
+ {
+ "principal": "principal1",
+ "secret": "secret1"
+ },
+ {
+ "principal": "principal2",
+ "secret": "secret2"
+ }
+ ]
+ }
2. Start the master using the credentials file (assuming the file is `~/credentials`):
@@ -115,7 +124,10 @@ the `Credential.principal` into `FrameworkInfo.principal` when registering.
3. Create another file with a single credential in it (`~/slave_credential`):
- principal1 secret1
+ {
+ "principal": "principal1",
+ "secret": "secret1"
+ }
4. Start the slave:
http://git-wip-us.apache.org/repos/asf/mesos/blob/775c8c18/docs/configuration.md
----------------------------------------------------------------------
diff --git a/docs/configuration.md b/docs/configuration.md
index b0f9cb5..9ad0c2a 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -515,11 +515,9 @@ Human readable name for the cluster, displayed in the webui.
--credentials=VALUE
</td>
<td>
-Either a path to a text file with a list of credentials,
-each line containing <code>principal</code> and <code>secret</code> separated by whitespace,
-or, a path to a JSON-formatted file containing credentials.
+Path to a JSON-formatted file containing credentials.
Path can be of the form <code>file:///path/to/file</code> or <code>/path/to/file</code>.
-JSON file Example:
+Example:
<pre><code>{
"credentials": [
{
@@ -528,8 +526,6 @@ JSON file Example:
}
]
}</code></pre>
-Text file Example:
-<pre><code>username secret</code></pre>
</td>
</tr>
<tr>
@@ -991,10 +987,8 @@ are specified is the order they are tried.
--credential=VALUE
</td>
<td>
-Either a path to a text with a single line
-containing <code>principal</code> and <code>secret</code> separated by whitespace.
-Or a path containing the JSON-formatted information used for one credential.
-This credential is used to identify the slave to the master.
+Path to a JSON-formatted file containing the credential
+to use to authenticate with the master.
Path could be of the form <code>file:///path/to/file</code> or <code>/path/to/file</code>.
Example:
<pre><code>{
http://git-wip-us.apache.org/repos/asf/mesos/blob/775c8c18/docs/upgrades.md
----------------------------------------------------------------------
diff --git a/docs/upgrades.md b/docs/upgrades.md
index 85d0292..1b683b5 100644
--- a/docs/upgrades.md
+++ b/docs/upgrades.md
@@ -48,6 +48,7 @@ We categorize the changes as follows:
<td style="word-wrap: break-word; overflow-wrap: break-word;"><!--Mesos Core-->
<ul style="padding-left:10px;">
<li>CD <a href="#0-29-x-allocator-metrics">Allocator Metrics</a></li>
+ <li>D <a href="#0-29-x-credentials">--credential(s) (plain text format)</a></li>
</ul>
</td>
<td style="word-wrap: break-word; overflow-wrap: break-word;"><!--Flags-->
@@ -158,6 +159,10 @@ We categorize the changes as follows:
* The allocator metric named <code>allocator/event_queue_dispatches</code> is now deprecated and will be removed with 0.30. The new name is <code>allocator/mesos/event_queue_dispatches</code> to better support metrics for alternative allocator implementations.
+<a name="0-29-x-credentials"></a>
+
+* Mesos 0.29 deprecates the use of plain text credential files in favor of JSON-formatted credential files.
+
## Upgrading from 0.27.x to 0.28.x ##
<a name="0-28-x-resource-precision"></a>
http://git-wip-us.apache.org/repos/asf/mesos/blob/775c8c18/src/credentials/credentials.hpp
----------------------------------------------------------------------
diff --git a/src/credentials/credentials.hpp b/src/credentials/credentials.hpp
index aad17c2..32492f2 100644
--- a/src/credentials/credentials.hpp
+++ b/src/credentials/credentials.hpp
@@ -52,7 +52,8 @@ inline Result<Credentials> read(const Path& path)
<< "credentials file is NOT accessible by others.";
}
- // TODO(ijimenez): Deprecate text and support only JSON like ACLs.
+ // TODO(nfnt): Remove text format support at the end of the deprecation cycle
+ // which started with version 0.29.
Try<JSON::Object> json = JSON::parse<JSON::Object>(read.get());
if (!json.isError()) {
Try<Credentials> credentials = ::protobuf::parse<Credentials>(json.get());
@@ -100,7 +101,6 @@ inline Result<Credential> readCredential(const Path& path)
<< "credential file is NOT accessible by others.";
}
- // TODO(ijimenez): Deprecate text support for only JSON ACLs.
Try<JSON::Object> json = JSON::parse<JSON::Object>(read.get());
if (!json.isError()) {
Try<Credential> credential = ::protobuf::parse<Credential>(json.get());
@@ -109,6 +109,8 @@ inline Result<Credential> readCredential(const Path& path)
}
}
+ // TODO(nfnt): Remove text format support at the end of the deprecation cycle
+ // which started with version 0.29.
Credential credential;
const std::vector<std::string>& line = strings::tokenize(read.get(), "\n");
if (line.size() != 1) {
http://git-wip-us.apache.org/repos/asf/mesos/blob/775c8c18/src/master/flags.cpp
----------------------------------------------------------------------
diff --git a/src/master/flags.cpp b/src/master/flags.cpp
index 9b65dee..06852c9 100644
--- a/src/master/flags.cpp
+++ b/src/master/flags.cpp
@@ -221,13 +221,10 @@ mesos::internal::master::Flags::Flags()
add(&Flags::credentials,
"credentials",
- "Either a path to a text file with a list of credentials,\n"
- "each line containing `principal` and `secret` separated by "
- "whitespace,\n"
- "or, a path to a JSON-formatted file containing credentials.\n"
- "Path can be of the form `file:///path/to/file` or `/path/to/file`."
+ "Path to a JSON-formatted file containing credentials.\n"
+ "Path could be of the form `file:///path/to/file` or `/path/to/file`."
"\n"
- "JSON file Example:\n"
+ "Example:\n"
"{\n"
" \"credentials\": [\n"
" {\n"
@@ -235,9 +232,7 @@ mesos::internal::master::Flags::Flags()
" \"secret\": \"kitesurf\"\n"
" }\n"
" ]\n"
- "}\n"
- "Text file Example:\n"
- "username secret");
+ "}");
add(&Flags::acls,
"acls",
http://git-wip-us.apache.org/repos/asf/mesos/blob/775c8c18/src/slave/flags.cpp
----------------------------------------------------------------------
diff --git a/src/slave/flags.cpp b/src/slave/flags.cpp
index e831ce7..fd9fbba 100644
--- a/src/slave/flags.cpp
+++ b/src/slave/flags.cpp
@@ -431,11 +431,8 @@ mesos::internal::slave::Flags::Flags()
add(&Flags::credential,
"credential",
- "Either a path to a text with a single line\n"
- "containing `principal` and `secret` separated by whitespace.\n"
- "Or a path containing the JSON-formatted "
- "information used for one credential.\n"
- "This credential is used to identify the slave to the master.\n"
+ "Path to a JSON-formatted file containing the credential\n"
+ "to use to authenticate with the master.\n"
"Path could be of the form `file:///path/to/file` or `/path/to/file`."
"\n"
"Example:\n"