You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by me...@apache.org on 2016/07/22 09:43:28 UTC
[4/6] mesos git commit: Updated upgrades.md for new HTTP
authentication flags.
Updated upgrades.md for new HTTP authentication flags.
Review: https://reviews.apache.org/r/50333/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/6009b314
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/6009b314
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/6009b314
Branch: refs/heads/1.0.x
Commit: 6009b3143a47eefff717103f1c094dc914f26fce
Parents: be1b249
Author: Greg Mann <gr...@mesosphere.io>
Authored: Fri Jul 22 01:51:01 2016 -0700
Committer: Adam B <ad...@mesosphere.io>
Committed: Fri Jul 22 02:02:25 2016 -0700
----------------------------------------------------------------------
docs/upgrades.md | 5 +++++
1 file changed, 5 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/6009b314/docs/upgrades.md
----------------------------------------------------------------------
diff --git a/docs/upgrades.md b/docs/upgrades.md
index 80aa8f4..82b9e26 100644
--- a/docs/upgrades.md
+++ b/docs/upgrades.md
@@ -64,6 +64,7 @@ We categorize the changes as follows:
<li>C <a href="#1-0-x-slave">Slave to Agent rename</a></li>
<li>R <a href="#1-0-x-workdir">work_dir default value</a></li>
<li>D <a href="#1-0-x-deprecated-ssl-env-variables">SSL environment variables</a></li>
+ <li>ACD <a href="#1-0-x-http-authentication-flags">HTTP authentication</a></li>
</ul>
</td>
<td style="word-wrap: break-word; overflow-wrap: break-word;"><!--Framework API-->
@@ -277,6 +278,10 @@ We categorize the changes as follows:
* When a task is run as a particular user, the fetcher now fetches files as that user also. Note, this means that filesystem permissions for that user will be enforced when fetching local files.
+<a name="1-0-x-http-authentication-flags"></a>
+
+* The `--authenticate_http` flag has been deprecated in favor of `--authenticate_http_readwrite`. Setting `--authenticate_http_readwrite` will now enable authentication for all endpoints which previously had authentication support. These happen to be the endpoints which allow modifiication of the cluster state, or "read-write" endpoints. Note that `/logging/toggle`, `/profiler/start`, `/profiler/stop`, `/maintenance/schedule`, `/machine/up`, and `/machine/down` previously did not have authentication support, but in 1.0 if either `--authenticate_http` or `--authenticate_http_readwrite` is set, those endpoints will now require authentication. A new flag has also been introduced, `--authenticate_http_readonly`, which enables authentication for endpoints which support authentication and do not allow modification of the state of the cluster, like `/state` or `/flags`.
+
<a name="1-0-x-endpoint-authorization"></a>
* Mesos 1.0 introduces authorization support for several HTTP endpoints. Note that some of these endpoints are used by the web UI, and thus using the web UI in a cluster with authorization enabled will require that ACLs be set appropriately. Please refer to the [authorization documentation](authorization.md) for details.