> On March 19, 2016, 3:03 a.m., Joerg Schad wrote: > > src/slave/slave.cpp, line 373 > > <https://reviews.apache.org/r/44515/diff/11/?file=1306306#file1306306line373> > > > > Do we actually have to get the authenticator above if this flag is not > > set? > > Greg Mann wrote: > The code directly above this line performs error checking on the value of > the `--http_authenticators` flag, which is necessary before this `if` block > uses that input. However, we also have the code that reads the > `--http_credentials` flag, which only needs to be executed if the user is > using the basic HTTP authenticator, so I've moved that code into the > appropriate scope. > > Greg Mann wrote: > However, moving this code means that we won't perform error checking on > the value of the `--http_credentials` flag when `--authenticate_http` is not > set. Arguably, we should always fail hard and tell a user if they've given us > invalid input for a flag. I'm going to move this code back to its original > location for now; let me know what you think. > > We should also probably fail hard if a user attempts to set > `--http_credentials` when `--authenticate_http` is not set. I've added an > `else if` to handle this case just after the `if` block associated with this > comment.
So now we EXIT if the user specifies `--http_credentials` but not `--authenticate_http`, but we'll EXIT for invalid credentials (or authenticator name) first. I suppose since we're only showing 1 error at a time, it doesn't matter what order we tell them to fix it in (i.e. which error we exit with first). But I do think that all the code referencing `httpAuthenticator` (including its definition) could go inside the `if (flags.authenticate_http)` block. - Adam ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/44515/#review124392 ----------------------------------------------------------- On March 20, 2016, 9:50 p.m., Greg Mann wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/44515/ > ----------------------------------------------------------- > > (Updated March 20, 2016, 9:50 p.m.) > > > Review request for mesos, Adam B, Alexander Rojas, Joerg Schad, and Till > Toenshoff. > > > Bugs: MESOS-4849 > https://issues.apache.org/jira/browse/MESOS-4849 > > > Repository: mesos > > > Description > ------- > > Added agent flags for HTTP authentication. > > Three command-line flags have been added to the agent to enable HTTP > authentication: `--authenticate_http`, `--http_credentials`, and > `--http_authenticators`. > > > Diffs > ----- > > src/slave/constants.hpp 4189c07dbad754e51f1a067ecbb4c99ae42a386f > src/slave/flags.hpp feb095da4521f678c96f4cc53bdfda262d350388 > src/slave/flags.cpp b77afa956834bb5b1f85301d7a5f386ab9da41e3 > src/slave/slave.cpp 840534ff0687e82ed063c386e36bbabada230697 > src/tests/mesos.cpp 90aef6bfe619dc0acdb4ccba6a7180482dd13ce5 > > Diff: https://reviews.apache.org/r/44515/diff/ > > > Testing > ------- > > `sudo make check` was used to test on both OSX and Ubuntu 14.04. > > > Thanks, > > Greg Mann > >