You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Greg Mann (JIRA)" <ji...@apache.org> on 2017/04/13 23:51:41 UTC

[jira] [Comment Edited] (MESOS-6999) Add agent support for generating and passing executor secrets

    [ https://issues.apache.org/jira/browse/MESOS-6999?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15968404#comment-15968404 ] 

Greg Mann edited comment on MESOS-6999 at 4/13/17 11:50 PM:
------------------------------------------------------------

{code}
commit 0b7a40102a33ab46c2794963d9a0133b9e76b880
Author: Greg Mann <gr...@mesosphere.io>
Date:   Thu Apr 13 15:44:19 2017 -0700

    Changed '--executor_secret_key' agent flag to accept a path.

    This patch changes the agent flag '--executor_secret_key' to accept
    a path, so that the secret will not be leaked in logs.

    Review: https://reviews.apache.org/r/58327/
{code}
{code}
commit 8bbe700411298b7b17219f9521820b9dcc7ef2c8
Author: Greg Mann <gr...@mesosphere.io>
Date:   Thu Apr 13 15:44:28 2017 -0700

    Updated tests to set '--executor_secret_key' as a path.

    This patch updates the test code to generate a secret key file
    and set the agent '--executor_secret_key' flag with its path.

    Review: https://reviews.apache.org/r/58328/
{code}


was (Author: greggomann):
{code}
commit 0b7a40102a33ab46c2794963d9a0133b9e76b880
Author: Greg Mann <gr...@mesosphere.io>
Date:   Thu Apr 13 15:44:19 2017 -0700

    Changed '--executor_secret_key' agent flag to accept a path.

    This patch changes the agent flag '--executor_secret_key' to accept
    a path, so that the secret will not be leaked in logs.

    Review: https://reviews.apache.org/r/58327/
{code}
commit 8bbe700411298b7b17219f9521820b9dcc7ef2c8
Author: Greg Mann <gr...@mesosphere.io>
Date:   Thu Apr 13 15:44:28 2017 -0700

    Updated tests to set '--executor_secret_key' as a path.

    This patch updates the test code to generate a secret key file
    and set the agent '--executor_secret_key' flag with its path.

    Review: https://reviews.apache.org/r/58328/
{code}

> Add agent support for generating and passing executor secrets
> -------------------------------------------------------------
>
>                 Key: MESOS-6999
>                 URL: https://issues.apache.org/jira/browse/MESOS-6999
>             Project: Mesos
>          Issue Type: Task
>          Components: agent, security
>            Reporter: Greg Mann
>            Assignee: Greg Mann
>              Labels: agent, executor, flags, mesosphere, security
>             Fix For: 1.3.0
>
>
> The agent must generate and pass executor secrets to all executors using the V1 API. For MVP, the agent will have this behavior by default when compiled with SSL support. To accomplish this, the agent must:
> * load the default {{SecretGenerator}} module
> * call the secret generator when launching an executor
> * pass the generated secret into the executor's environment



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)