You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Greg Mann (JIRA)" <ji...@apache.org> on 2017/03/07 22:06:37 UTC

[jira] [Commented] (MESOS-7003) Introduce a 'Principal' type

    [ https://issues.apache.org/jira/browse/MESOS-7003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15900260#comment-15900260 ] 

Greg Mann commented on MESOS-7003:
----------------------------------

{code}
commit 072638d252bff6df6d89c2d3d0cf2220c98e677f
Author: Greg Mann <gr...@mesosphere.io>
Date:   Mon Mar 6 12:40:11 2017 -0800

    Added default parameter value to master validation function.

    The master's validation function for RESERVE operations previously
    did not set a default parameter value for its final optional
    parameter, requiring callsites to explicitly specify `None()`. This
    patch adds the default value.

    Review: https://reviews.apache.org/r/57158/
{code}

{code}
commit 17ef4ddf9b10ec0e86782489bf8dcbb1b47f020b
Author: Greg Mann <gr...@mesosphere.io>
Date:   Mon Mar 6 12:40:06 2017 -0800

    Updated Mesos tests to use the 'Principal' type.

    This patch updates the Mesos tests to use authenticated
    handlers which accept the `Principal` type instead of an
    `Option<string> principal`.

    Review: https://reviews.apache.org/r/56621/
{code}

{code}
commit e71f957a15c2d4e126e987bacfe64aae7f37a7dd
Author: Greg Mann <gr...@mesosphere.io>
Date:   Mon Mar 6 12:40:01 2017 -0800

    Added a new libprocess test for invalid principals.

    This patch adds `HttpAuthenticationTest.InvalidPrincipal` to
    libprocess to verify that requests return a 500 status code
    when the authenticator fails to return a valid principal.

    Review: https://reviews.apache.org/r/57298/
{code}

{code}
commit 602c9db732faa85d73987f3f51ab0e376ba3d18f
Author: Greg Mann <gr...@mesosphere.io>
Date:   Mon Mar 6 12:39:55 2017 -0800

    Updated libprocess tests to use the 'Principal' type.

    This patch updates the HTTP-related libprocess
    tests to use authenticated handlers which accept
    the `Principal` type instead of an
    `Option<string> principal`.

    Review: https://reviews.apache.org/r/56624/
{code}

{code}
commit da47646e22d5294ce48de57424bfa9b6562a6896
Author: Greg Mann <gr...@mesosphere.io>
Date:   Mon Mar 6 12:39:45 2017 -0800

    Updated master handlers to use the 'Principal' type.

    This patch updates the HTTP endpoint handlers in the
    master process to accept the `Principal` type instead
    of an `Option<string>& principal`.

    Review: https://reviews.apache.org/r/56813/
{code}

{code}
commit 8da4d6ff4adfd72dc33d56302af1eeb0d13e83f1
Author: Greg Mann <gr...@mesosphere.io>
Date:   Mon Mar 6 12:39:29 2017 -0800

    Updated agent handlers to use the 'Principal' type.

    This patch updates the HTTP endpoint handlers in the
    agent process to accept the `Principal` type instead
    of an `Option<string>& principal`.

    Review: https://reviews.apache.org/r/56812/
{code}

{code}
commit a7a84a87ff4fef8e3062b72bf795fa9540ab5325
Author: Greg Mann <gr...@mesosphere.io>
Date:   Mon Mar 6 12:39:25 2017 -0800

    Updated 'Files' handlers to use the 'Principal' type.

    This patch updates the HTTP endpoint handlers in the
    Mesos `Files` process to accept the `Principal` type
    instead of an `Option<string>& principal`.

    Review: https://reviews.apache.org/r/56619/
{code}

{code}
commit dc202578a6ba8dd096a1f0a6ad9f3af4d6247819
Author: Greg Mann <gr...@mesosphere.io>
Date:   Mon Mar 6 12:39:20 2017 -0800

    Removed unnecessary 'using' statement in master HTTP code.

    `MetricsProcess` was previously declared in 'src/master/http.cpp',
    but it is not currently used in that file. This patch removes the
    declaration.

    Review: https://reviews.apache.org/r/57153/
{code}

{code}
commit 30cbe95ca3739d88fd2b6e969b30ff7481452f20
Author: Greg Mann <gr...@mesosphere.io>
Date:   Mon Mar 6 12:39:13 2017 -0800

    Fixed a bug in master and agent handler authorization logic.

    This patch fixes a bug where endpoint handlers would not
    correctly handle the case in which authorization is enabled
    when authentication is disabled. In this case, the handlers
    would send a default-constructed `authorization::Subject` to
    the authorizer, leading to an empty-string principal being
    evaluated as the subject.

    This patch updates the handlers to correctly send `NONE` as
    the subject in this case.

    Review: https://reviews.apache.org/r/57054/
{code}

{code}
commit 91d0ce45dfb9f97130d99e4bff90044fe2225033
Author: Greg Mann <gr...@mesosphere.io>
Date:   Mon Mar 6 12:39:09 2017 -0800

    Updated master validation code to use the 'Principal' type.

    This patch updates master validation code to
    make use of the `Principal` type instead of an
    `Option<string> principal`.

    Review: https://reviews.apache.org/r/56901/
{code}

{code}
commit 1b4f33fa2cdc0cfeab4cba1795e9d89e4bdae71e
Author: Greg Mann <gr...@mesosphere.io>
Date:   Mon Mar 6 12:39:04 2017 -0800

    Updated common Mesos code to use the 'Principal' type.

    This patch updates common Mesos HTTP-related helpers,
    as well as the `authorization::Subject` protobuf
    message, to make use of the `Principal` type instead
    of an `Option<string> principal`.

    Review: https://reviews.apache.org/r/56618/
{code}

{code}
commit 66193c882356c03f2cb8342b4cab98644dfa46a2
Author: Greg Mann <gr...@mesosphere.io>
Date:   Mon Mar 6 12:39:00 2017 -0800

    Updated libprocess handlers to use the 'Principal' type.

    This patch updates the HTTP endpoint handlers in libprocess
    to make use of the `Principal` type instead of an
    `Option<string>& principal`.

    Review: https://reviews.apache.org/r/56617/
{code}

{code}
commit 81cbc395295fe9922473b12b1c966d01fe298341
Author: Greg Mann <gr...@mesosphere.io>
Date:   Mon Mar 6 12:38:52 2017 -0800

    Implemented the 'Principal' type in libprocess.

    This patch adds a new struct, `Principal`, to libprocess
    to represent an authenticated entity in the system.
    The new type contains a string `value` and a map containing
    arbitrary key-value pairs.

    Review: https://reviews.apache.org/r/56623/
{code}

> Introduce a 'Principal' type
> ----------------------------
>
>                 Key: MESOS-7003
>                 URL: https://issues.apache.org/jira/browse/MESOS-7003
>             Project: Mesos
>          Issue Type: Task
>          Components: executor, security
>            Reporter: Greg Mann
>            Assignee: Greg Mann
>              Labels: executor, security
>             Fix For: 1.3.0
>
>
> We will introduce a new type to represent the identity of an authenticated entity in Mesos: the {{Principal}}. To accomplish this, the following should be done:
> * Add the new {{Principal}} type
> * Update the {{AuthenticationResult}} to use {{Principal}}
> * Update all authenticated endpoint handlers to handle this new type
> * Update the default authenticator modules to use the new type



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)