The current HTTP authentication implementation in Mesos makes it difficult to properly authorize some operations when authentication is not enabled. The UNRESERVE and DESTROY operations use a principal field stored in ReservationInfo/DiskInfo for authorization. This means that in order to authorize properly, the principal responsible for the reservation/volume must be available when the RESERVE/CREATE operation is performed. However, if HTTP authentication is not enabled, then operators are not able to provide a principal.
In order to resolve this issue, a new --require_http_authentication field could be added. This flag would complement the --http_authenticators flag. The new behavior would be as follows:
- If --http_authenticators is set but --require_http_authentication is not set, the authenticators would be loaded as specified, but unauthenticated requests would be permitted. In the case of an HTTP request containing an Authorization header, the header would be used to construct a Principal to be passed to the handlers.
- If --http_authenticators is set and --require_http_authentication is also set, the Principal would be extracted and passed to handlers as before, but all requests without an authenticated principal would be rejected.