You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@mesos.apache.org by Andrei Sekretenko <as...@mesosphere.io> on 2020/02/03 17:54:21 UTC

Review Request 72077: Factored out common code for building URIs on a repository host.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72077/
-----------------------------------------------------------

Review request for mesos, Andrei Budnik and Qian Zhang.


Bugs: MESOS-10092
    https://issues.apache.org/jira/browse/MESOS-10092


Repository: mesos


Description
-------

This is a prerequisite for adding fallback authorization server URI
generation (see MESOS-10092) in the next patches, which will need one
more URI extractor similar to `getManifestUri()`/`getBlobUri()`.


Diffs
-----

  src/uri/fetchers/docker.cpp 75df80bfd59323e06bf563d15a98af244b5b1874 


Diff: https://reviews.apache.org/r/72077/diff/1/


Testing
-------


Thanks,

Andrei Sekretenko

Re: Review Request 72077: Factored out common code for building URIs on a registry host.

Posted by Qian Zhang <zh...@gmail.com>.


> On Feb. 4, 2020, 3 p.m., Qian Zhang wrote:
> > I see you mentioned `authorization server` in the commit message for the patches in this patch chain, I think it should be `authentication server`, right?
> 
> Andrei Sekretenko wrote:
>     Well, I try to follow conventions they use in the "Docker Registry v2 authentication" spec: https://docs.docker.com/registry/spec/auth/token/
>     Throughout that spec, this entity is called `authorization` server/service.
>     
>     Your question is perfectly valid: in reality, that service is responsible both for authenticating and authorizing. 
>     A bearer of the returned Bearer token is both authenticated (it is what it claims it is) and authorized (it is allowed to access the realm-scopes-service used in the request to authorization server).
>     
>     However, I suggest that we stick to the name from the spec, despite the fact that it might cause confusion.

Agree.


- Qian


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72077/#review219480
-----------------------------------------------------------


On Feb. 4, 2020, 8:07 p.m., Andrei Sekretenko wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72077/
> -----------------------------------------------------------
> 
> (Updated Feb. 4, 2020, 8:07 p.m.)
> 
> 
> Review request for mesos, Andrei Budnik and Qian Zhang.
> 
> 
> Bugs: MESOS-10092
>     https://issues.apache.org/jira/browse/MESOS-10092
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This is a prerequisite for adding fallback authorization server URI
> generation (see MESOS-10092) in the next patches, which will need one
> more URI extractor similar to `getManifestUri()`/`getBlobUri()`.
> 
> 
> Diffs
> -----
> 
>   src/uri/fetchers/docker.cpp 75df80bfd59323e06bf563d15a98af244b5b1874 
> 
> 
> Diff: https://reviews.apache.org/r/72077/diff/3/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Andrei Sekretenko
> 
>

Re: Review Request 72077: Factored out common code for building URIs on a repository host.

Posted by Andrei Sekretenko <as...@mesosphere.io>.

> On Feb. 4, 2020, 7 a.m., Qian Zhang wrote:
> > I see you mentioned `authorization server` in the commit message for the patches in this patch chain, I think it should be `authentication server`, right?

Well, I try to follow conventions they use in the "Docker Registry v2 authentication" spec: https://docs.docker.com/registry/spec/auth/token/
Throughout that spec, this entity is called `authorization` server/service.

Your question is perfectly valid: in reality, that service is responsible both for authenticating and authorizing. 
A bearer of the returned Bearer token is both authenticated (it is what it claims it is) and authorized (it is allowed to access the realm-scopes-service used in the request to authorization server).

However, I suggest that we stick to the name from the spec, despite the fact that it might cause confusion.

- Andrei

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72077/#review219480
-----------------------------------------------------------

On Feb. 3, 2020, 5:54 p.m., Andrei Sekretenko wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72077/
> -----------------------------------------------------------
> 
> (Updated Feb. 3, 2020, 5:54 p.m.)
> 
> 
> Review request for mesos, Andrei Budnik and Qian Zhang.
> 
> 
> Bugs: MESOS-10092
>     https://issues.apache.org/jira/browse/MESOS-10092
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This is a prerequisite for adding fallback authorization server URI
> generation (see MESOS-10092) in the next patches, which will need one
> more URI extractor similar to `getManifestUri()`/`getBlobUri()`.
> 
> 
> Diffs
> -----
> 
>   src/uri/fetchers/docker.cpp 75df80bfd59323e06bf563d15a98af244b5b1874 
> 
> 
> Diff: https://reviews.apache.org/r/72077/diff/1/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Andrei Sekretenko
> 
>

Re: Review Request 72077: Factored out common code for building URIs on a repository host.

Posted by Qian Zhang <zh...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72077/#review219480
-----------------------------------------------------------



I see you mentioned `authorization server` in the commit message for the patches in this patch chain, I think it should be `authentication server`, right?

- Qian Zhang


On Feb. 4, 2020, 1:54 a.m., Andrei Sekretenko wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72077/
> -----------------------------------------------------------
> 
> (Updated Feb. 4, 2020, 1:54 a.m.)
> 
> 
> Review request for mesos, Andrei Budnik and Qian Zhang.
> 
> 
> Bugs: MESOS-10092
>     https://issues.apache.org/jira/browse/MESOS-10092
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This is a prerequisite for adding fallback authorization server URI
> generation (see MESOS-10092) in the next patches, which will need one
> more URI extractor similar to `getManifestUri()`/`getBlobUri()`.
> 
> 
> Diffs
> -----
> 
>   src/uri/fetchers/docker.cpp 75df80bfd59323e06bf563d15a98af244b5b1874 
> 
> 
> Diff: https://reviews.apache.org/r/72077/diff/1/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Andrei Sekretenko
> 
>

Re: Review Request 72077: Factored out common code for building URIs on a repository host.

Posted by Qian Zhang <zh...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72077/#review219477
-----------------------------------------------------------




src/uri/fetchers/docker.cpp
Lines 633-660 (patched)
<https://reviews.apache.org/r/72077/#comment307641>

    I would suggest to move these static methods to the beginning of this file alone with other static methods, like: `getAuthHeaderBasic()`, `getAuthHeaderBearer()`, etc.



src/uri/fetchers/docker.cpp
Lines 633-634 (patched)
<https://reviews.apache.org/r/72077/#comment307642>

    `"{"` should be in a newline.


- Qian Zhang


On Feb. 4, 2020, 1:54 a.m., Andrei Sekretenko wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72077/
> -----------------------------------------------------------
> 
> (Updated Feb. 4, 2020, 1:54 a.m.)
> 
> 
> Review request for mesos, Andrei Budnik and Qian Zhang.
> 
> 
> Bugs: MESOS-10092
>     https://issues.apache.org/jira/browse/MESOS-10092
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This is a prerequisite for adding fallback authorization server URI
> generation (see MESOS-10092) in the next patches, which will need one
> more URI extractor similar to `getManifestUri()`/`getBlobUri()`.
> 
> 
> Diffs
> -----
> 
>   src/uri/fetchers/docker.cpp 75df80bfd59323e06bf563d15a98af244b5b1874 
> 
> 
> Diff: https://reviews.apache.org/r/72077/diff/1/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Andrei Sekretenko
> 
>

Re: Review Request 72077: Factored out common code for building URIs on a registry host.

Posted by Qian Zhang <zh...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72077/#review219499
-----------------------------------------------------------


Ship it!




Ship It!

- Qian Zhang


On Feb. 4, 2020, 8:07 p.m., Andrei Sekretenko wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72077/
> -----------------------------------------------------------
> 
> (Updated Feb. 4, 2020, 8:07 p.m.)
> 
> 
> Review request for mesos, Andrei Budnik and Qian Zhang.
> 
> 
> Bugs: MESOS-10092
>     https://issues.apache.org/jira/browse/MESOS-10092
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This is a prerequisite for adding fallback authorization server URI
> generation (see MESOS-10092) in the next patches, which will need one
> more URI extractor similar to `getManifestUri()`/`getBlobUri()`.
> 
> 
> Diffs
> -----
> 
>   src/uri/fetchers/docker.cpp 75df80bfd59323e06bf563d15a98af244b5b1874 
> 
> 
> Diff: https://reviews.apache.org/r/72077/diff/3/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Andrei Sekretenko
> 
>

Re: Review Request 72077: Factored out common code for building URIs on a registry host.

Posted by Andrei Sekretenko <as...@mesosphere.io>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72077/
-----------------------------------------------------------

(Updated Feb. 4, 2020, 12:07 p.m.)


Review request for mesos, Andrei Budnik and Qian Zhang.


Summary (updated)
-----------------

Factored out common code for building URIs on a registry host.


Bugs: MESOS-10092
    https://issues.apache.org/jira/browse/MESOS-10092


Repository: mesos


Description
-------

This is a prerequisite for adding fallback authorization server URI
generation (see MESOS-10092) in the next patches, which will need one
more URI extractor similar to `getManifestUri()`/`getBlobUri()`.


Diffs (updated)
-----

  src/uri/fetchers/docker.cpp 75df80bfd59323e06bf563d15a98af244b5b1874 


Diff: https://reviews.apache.org/r/72077/diff/2/

Changes: https://reviews.apache.org/r/72077/diff/1-2/


Testing
-------


Thanks,

Andrei Sekretenko