You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by an...@apache.org on 2017/03/24 17:01:49 UTC

[2/6] mesos git commit: Added the '--authenticate_http_executors' agent flag.

Added the '--authenticate_http_executors' agent flag.

This patch adds a new agent flag, `--authenticate_http_executors`,
which requires authentication on the V1 executor API and loads the
default JWT authenticator.

Review: https://reviews.apache.org/r/57666/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/ede79444
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/ede79444
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/ede79444

Branch: refs/heads/master
Commit: ede794446284c5a68dd0ca205e0fee12edfa501c
Parents: faf0c08
Author: Greg Mann <gr...@mesosphere.io>
Authored: Fri Mar 24 10:00:50 2017 -0700
Committer: Anand Mazumdar <an...@apache.org>
Committed: Fri Mar 24 10:01:33 2017 -0700

----------------------------------------------------------------------
 docs/configuration.md | 14 ++++++++++++--
 src/slave/flags.cpp   | 13 ++++++++++---
 src/slave/flags.hpp   |  3 +++
 3 files changed, 25 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/ede79444/docs/configuration.md
----------------------------------------------------------------------
diff --git a/docs/configuration.md b/docs/configuration.md
index 2e9b829..6f1675f 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -127,8 +127,7 @@ HTTP authenticator implementation to use when handling requests to
 authenticated endpoints. Use the default
 <code>basic</code>, or load an alternate
 HTTP authenticator module using <code>--modules</code>.
-<p/>
-Currently there is no support for multiple HTTP authenticators. (default: basic)
+(default: basic, or basic and JWT if executor authentication is enabled)
   </td>
 </tr>
 <tr>
@@ -1050,6 +1049,17 @@ Attributes of the agent machine, in the form:
 </tr>
 <tr>
   <td>
+    --[no-]authenticate_http_executors
+  </td>
+  <td>
+If <code>true</code>, only authenticated requests for the HTTP executor API are
+allowed. If <code>false</code>, unauthenticated requests are also allowed. This
+flag is only available when Mesos is built with SSL support.
+(default: false)
+  </td>
+</tr>
+<tr>
+  <td>
     --authenticatee=VALUE
   </td>
   <td>

http://git-wip-us.apache.org/repos/asf/mesos/blob/ede79444/src/slave/flags.cpp
----------------------------------------------------------------------
diff --git a/src/slave/flags.cpp b/src/slave/flags.cpp
index 3c3cbe0..8d2e2e3 100644
--- a/src/slave/flags.cpp
+++ b/src/slave/flags.cpp
@@ -877,9 +877,7 @@ mesos::internal::slave::Flags::Flags()
       "HTTP authenticator implementation to use when handling requests to\n"
       "authenticated endpoints. Use the default\n"
       "`" + string(DEFAULT_BASIC_HTTP_AUTHENTICATOR) + "`, or load an\n"
-      "alternate HTTP authenticator module using `--modules`.\n"
-      "\n"
-      "Currently there is no support for multiple HTTP authenticators.",
+      "alternate HTTP authenticator module using `--modules`.",
       DEFAULT_BASIC_HTTP_AUTHENTICATOR);
 
   add(&Flags::authenticate_http_readwrite,
@@ -896,6 +894,15 @@ mesos::internal::slave::Flags::Flags()
       "requests to such HTTP endpoints are also allowed.",
       false);
 
+#ifdef USE_SSL_SOCKET
+  add(&Flags::authenticate_http_executors,
+      "authenticate_http_executors",
+      "If `true`, only authenticated requests for the HTTP executor API are\n"
+      "allowed. If `false`, unauthenticated requests are also allowed. This\n"
+      "flag is only available when Mesos is built with SSL support.",
+      false);
+#endif // USE_SSL_SOCKET
+
   add(&Flags::http_credentials,
       "http_credentials",
       "Path to a JSON-formatted file containing credentials used to\n"

http://git-wip-us.apache.org/repos/asf/mesos/blob/ede79444/src/slave/flags.hpp
----------------------------------------------------------------------
diff --git a/src/slave/flags.hpp b/src/slave/flags.hpp
index fec0354..2d982f9 100644
--- a/src/slave/flags.hpp
+++ b/src/slave/flags.hpp
@@ -147,6 +147,9 @@ public:
   std::string http_authenticators;
   bool authenticate_http_readonly;
   bool authenticate_http_readwrite;
+#ifdef USE_SSL_SOCKET
+  bool authenticate_http_executors;
+#endif // USE_SSL_SOCKET
   Option<Path> http_credentials;
   Option<std::string> hooks;
   Option<std::string> resource_estimator;