Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-4902

Add authentication to libprocess endpoints

    XMLWordPrintableJSON

    Details

      Description

      In addition to the endpoints addressed by MESOS-4850 and MESOS-5152, the following endpoints would also benefit from HTTP authentication:

      • /profiler/*
      • /logging/toggle
      • /metrics/snapshot

      Adding HTTP authentication to these endpoints is a bit more complicated because they are defined at the libprocess level.

      While working on MESOS-4850, it became apparent that since our tests use the same instance of libprocess for both master and agent, different default authentication realms must be used for master/agent so that HTTP authentication can be independently enabled/disabled for each.

      We should establish a mechanism for making an endpoint authenticated that allows us to:
      1) Install an endpoint like /files, whose code is shared by the master and agent, with different authentication realms for the master and agent
      2) Avoid hard-coding a default authentication realm into libprocess, to permit the use of different authentication realms for the master and agent and to keep application-level concerns from leaking into libprocess

      Another option would be to use a single default authentication realm and always enable or disable HTTP authentication for both the master and agent in tests. However, this wouldn't allow us to test scenarios where HTTP authentication is enabled on one but disabled on the other.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                greggomann Greg Mann
                Reporter:
                greggomann Greg Mann
                Shepherd:
                Kapil Arya
              • Votes:
                1 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: