You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by an...@apache.org on 2017/03/24 17:01:49 UTC
[2/6] mesos git commit: Added the '--authenticate_http_executors'
agent flag.
Added the '--authenticate_http_executors' agent flag.
This patch adds a new agent flag, `--authenticate_http_executors`,
which requires authentication on the V1 executor API and loads the
default JWT authenticator.
Review: https://reviews.apache.org/r/57666/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/ede79444
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/ede79444
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/ede79444
Branch: refs/heads/master
Commit: ede794446284c5a68dd0ca205e0fee12edfa501c
Parents: faf0c08
Author: Greg Mann <gr...@mesosphere.io>
Authored: Fri Mar 24 10:00:50 2017 -0700
Committer: Anand Mazumdar <an...@apache.org>
Committed: Fri Mar 24 10:01:33 2017 -0700
----------------------------------------------------------------------
docs/configuration.md | 14 ++++++++++++--
src/slave/flags.cpp | 13 ++++++++++---
src/slave/flags.hpp | 3 +++
3 files changed, 25 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/ede79444/docs/configuration.md
----------------------------------------------------------------------
diff --git a/docs/configuration.md b/docs/configuration.md
index 2e9b829..6f1675f 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -127,8 +127,7 @@ HTTP authenticator implementation to use when handling requests to
authenticated endpoints. Use the default
<code>basic</code>, or load an alternate
HTTP authenticator module using <code>--modules</code>.
-<p/>
-Currently there is no support for multiple HTTP authenticators. (default: basic)
+(default: basic, or basic and JWT if executor authentication is enabled)
</td>
</tr>
<tr>
@@ -1050,6 +1049,17 @@ Attributes of the agent machine, in the form:
</tr>
<tr>
<td>
+ --[no-]authenticate_http_executors
+ </td>
+ <td>
+If <code>true</code>, only authenticated requests for the HTTP executor API are
+allowed. If <code>false</code>, unauthenticated requests are also allowed. This
+flag is only available when Mesos is built with SSL support.
+(default: false)
+ </td>
+</tr>
+<tr>
+ <td>
--authenticatee=VALUE
</td>
<td>
http://git-wip-us.apache.org/repos/asf/mesos/blob/ede79444/src/slave/flags.cpp
----------------------------------------------------------------------
diff --git a/src/slave/flags.cpp b/src/slave/flags.cpp
index 3c3cbe0..8d2e2e3 100644
--- a/src/slave/flags.cpp
+++ b/src/slave/flags.cpp
@@ -877,9 +877,7 @@ mesos::internal::slave::Flags::Flags()
"HTTP authenticator implementation to use when handling requests to\n"
"authenticated endpoints. Use the default\n"
"`" + string(DEFAULT_BASIC_HTTP_AUTHENTICATOR) + "`, or load an\n"
- "alternate HTTP authenticator module using `--modules`.\n"
- "\n"
- "Currently there is no support for multiple HTTP authenticators.",
+ "alternate HTTP authenticator module using `--modules`.",
DEFAULT_BASIC_HTTP_AUTHENTICATOR);
add(&Flags::authenticate_http_readwrite,
@@ -896,6 +894,15 @@ mesos::internal::slave::Flags::Flags()
"requests to such HTTP endpoints are also allowed.",
false);
+#ifdef USE_SSL_SOCKET
+ add(&Flags::authenticate_http_executors,
+ "authenticate_http_executors",
+ "If `true`, only authenticated requests for the HTTP executor API are\n"
+ "allowed. If `false`, unauthenticated requests are also allowed. This\n"
+ "flag is only available when Mesos is built with SSL support.",
+ false);
+#endif // USE_SSL_SOCKET
+
add(&Flags::http_credentials,
"http_credentials",
"Path to a JSON-formatted file containing credentials used to\n"
http://git-wip-us.apache.org/repos/asf/mesos/blob/ede79444/src/slave/flags.hpp
----------------------------------------------------------------------
diff --git a/src/slave/flags.hpp b/src/slave/flags.hpp
index fec0354..2d982f9 100644
--- a/src/slave/flags.hpp
+++ b/src/slave/flags.hpp
@@ -147,6 +147,9 @@ public:
std::string http_authenticators;
bool authenticate_http_readonly;
bool authenticate_http_readwrite;
+#ifdef USE_SSL_SOCKET
+ bool authenticate_http_executors;
+#endif // USE_SSL_SOCKET
Option<Path> http_credentials;
Option<std::string> hooks;
Option<std::string> resource_estimator;