subject:"Re\: Review Request 59141\: Added Secret\:\:Value to the URI fetcher interface."

Re: Review Request 59141: Added Secret::Value to the URI fetcher interface.

2017-05-10 Thread Chun-Hung Hsiao



> On May 10, 2017, 7:36 p.m., Chun-Hung Hsiao wrote:
> > include/mesos/uri/fetcher.hpp
> > Lines 78 (patched)
> > 
> >
> > I'm thinking about what is a proper interface extension for this 
> > fetcher plugin. Instead of having a `Secret::Value`, how about a more 
> > general `config` or some session info parameter for the fetcher, which may 
> > or may not come from a secret?
> 
> Gilbert Song wrote:
> This new parameter in URI fetcher should be used for authentication, no 
> matter which plugin it is. And it means this parameter represents sensitive 
> information. By introducing an optinal field secretValue, we are expecting 
> this sensitive information is always from our new secret resolver infterface 
> (Secret::Value).
> 
> So I think the assumption that the URI fetcher is expecting a resolved 
> secret sounds reasonable.
> 
> ```
>   virtual process::Future resolve(
>   const Secret& secret) const = 0;
> ```
> 
> Thoughts?

I was wondering if there would be a scenario that we might what to have a 
plugin that could use some extra dynamic input for more than just 
authentication in the future. This is more of a design choice about how 
flexible this plugin interface could/should be.


- Chun-Hung


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59141/#review174535
---


On May 10, 2017, 12:48 p.m., Gilbert Song wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/59141/
> ---
> 
> (Updated May 10, 2017, 12:48 p.m.)
> 
> 
> Review request for mesos, Adam B, Chun-Hung Hsiao, Jie Yu, Kapil Arya, Till 
> Toenshoff, and Vinod Kone.
> 
> 
> Bugs: MESOS-7088
> https://issues.apache.org/jira/browse/MESOS-7088
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Added Secret::Value to the URI fetcher interface.
> 
> 
> Diffs
> -
> 
>   include/mesos/uri/fetcher.hpp ebf86c78b794a6ef46332df788a1317bbec5d983 
>   src/slave/containerizer/mesos/provisioner/docker/registry_puller.cpp 
> 6db788dd0c582deadf3e91c4d21bb9c20cf94e6b 
>   src/uri/fetcher.cpp f4d1a4c69e910260dc536aa42ae03fd17403b060 
>   src/uri/fetchers/copy.hpp f4a2fb3d5156e5ebfdf7c4202f8dc9b1cd1d6ac7 
>   src/uri/fetchers/copy.cpp 5e1470503f4fa0e543680c93b2ad3e36351afc1c 
>   src/uri/fetchers/curl.hpp 083f155092d159cd83069bfdfd905d679e9ab57c 
>   src/uri/fetchers/curl.cpp 24b53c77946170cba45152c458d85b6fddfce9f8 
>   src/uri/fetchers/docker.hpp 65e01cba1d41688a8ee5da73d1d6f57515fbc7f5 
>   src/uri/fetchers/docker.cpp 44169bf5f22f0ffd9fad7bb3b8f7d2a4989c6415 
>   src/uri/fetchers/hadoop.hpp 4923dc6491d7cc6efc6ced4f5356af9f945ba5d2 
>   src/uri/fetchers/hadoop.cpp 3c5ffe607c92ea1ab66ba261bd70031f2907cea6 
> 
> 
> Diff: https://reviews.apache.org/r/59141/diff/1/
> 
> 
> Testing
> ---
> 
> make check
> 
> 
> Thanks,
> 
> Gilbert Song
> 
>

Re: Review Request 59141: Added Secret::Value to the URI fetcher interface.

2017-05-10 Thread Gilbert Song



> On May 10, 2017, 12:36 p.m., Chun-Hung Hsiao wrote:
> > include/mesos/uri/fetcher.hpp
> > Lines 78 (patched)
> > 
> >
> > I'm thinking about what is a proper interface extension for this 
> > fetcher plugin. Instead of having a `Secret::Value`, how about a more 
> > general `config` or some session info parameter for the fetcher, which may 
> > or may not come from a secret?

This new parameter in URI fetcher should be used for authentication, no matter 
which plugin it is. And it means this parameter represents sensitive 
information. By introducing an optinal field secretValue, we are expecting this 
sensitive information is always from our new secret resolver infterface 
(Secret::Value).

So I think the assumption that the URI fetcher is expecting a resolved secret 
sounds reasonable.

```
  virtual process::Future resolve(
  const Secret& secret) const = 0;
```

Thoughts?


- Gilbert


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59141/#review174535
---


On May 10, 2017, 5:48 a.m., Gilbert Song wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/59141/
> ---
> 
> (Updated May 10, 2017, 5:48 a.m.)
> 
> 
> Review request for mesos, Adam B, Chun-Hung Hsiao, Jie Yu, Kapil Arya, Till 
> Toenshoff, and Vinod Kone.
> 
> 
> Bugs: MESOS-7088
> https://issues.apache.org/jira/browse/MESOS-7088
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Added Secret::Value to the URI fetcher interface.
> 
> 
> Diffs
> -
> 
>   include/mesos/uri/fetcher.hpp ebf86c78b794a6ef46332df788a1317bbec5d983 
>   src/slave/containerizer/mesos/provisioner/docker/registry_puller.cpp 
> 6db788dd0c582deadf3e91c4d21bb9c20cf94e6b 
>   src/uri/fetcher.cpp f4d1a4c69e910260dc536aa42ae03fd17403b060 
>   src/uri/fetchers/copy.hpp f4a2fb3d5156e5ebfdf7c4202f8dc9b1cd1d6ac7 
>   src/uri/fetchers/copy.cpp 5e1470503f4fa0e543680c93b2ad3e36351afc1c 
>   src/uri/fetchers/curl.hpp 083f155092d159cd83069bfdfd905d679e9ab57c 
>   src/uri/fetchers/curl.cpp 24b53c77946170cba45152c458d85b6fddfce9f8 
>   src/uri/fetchers/docker.hpp 65e01cba1d41688a8ee5da73d1d6f57515fbc7f5 
>   src/uri/fetchers/docker.cpp 44169bf5f22f0ffd9fad7bb3b8f7d2a4989c6415 
>   src/uri/fetchers/hadoop.hpp 4923dc6491d7cc6efc6ced4f5356af9f945ba5d2 
>   src/uri/fetchers/hadoop.cpp 3c5ffe607c92ea1ab66ba261bd70031f2907cea6 
> 
> 
> Diff: https://reviews.apache.org/r/59141/diff/1/
> 
> 
> Testing
> ---
> 
> make check
> 
> 
> Thanks,
> 
> Gilbert Song
> 
>

Re: Review Request 59141: Added Secret::Value to the URI fetcher interface.

2017-05-10 Thread Chun-Hung Hsiao


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59141/#review174535
---




include/mesos/uri/fetcher.hpp
Lines 78 (patched)


I'm thinking about what is a proper interface extension for this fetcher 
plugin. Instead of having a `Secret::Value`, how about a more general `config` 
or some session info parameter for the fetcher, which may or may not come from 
a secret?


- Chun-Hung Hsiao


On May 10, 2017, 12:48 p.m., Gilbert Song wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/59141/
> ---
> 
> (Updated May 10, 2017, 12:48 p.m.)
> 
> 
> Review request for mesos, Adam B, Chun-Hung Hsiao, Jie Yu, Kapil Arya, Till 
> Toenshoff, and Vinod Kone.
> 
> 
> Bugs: MESOS-7088
> https://issues.apache.org/jira/browse/MESOS-7088
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Added Secret::Value to the URI fetcher interface.
> 
> 
> Diffs
> -
> 
>   include/mesos/uri/fetcher.hpp ebf86c78b794a6ef46332df788a1317bbec5d983 
>   src/slave/containerizer/mesos/provisioner/docker/registry_puller.cpp 
> 6db788dd0c582deadf3e91c4d21bb9c20cf94e6b 
>   src/uri/fetcher.cpp f4d1a4c69e910260dc536aa42ae03fd17403b060 
>   src/uri/fetchers/copy.hpp f4a2fb3d5156e5ebfdf7c4202f8dc9b1cd1d6ac7 
>   src/uri/fetchers/copy.cpp 5e1470503f4fa0e543680c93b2ad3e36351afc1c 
>   src/uri/fetchers/curl.hpp 083f155092d159cd83069bfdfd905d679e9ab57c 
>   src/uri/fetchers/curl.cpp 24b53c77946170cba45152c458d85b6fddfce9f8 
>   src/uri/fetchers/docker.hpp 65e01cba1d41688a8ee5da73d1d6f57515fbc7f5 
>   src/uri/fetchers/docker.cpp 44169bf5f22f0ffd9fad7bb3b8f7d2a4989c6415 
>   src/uri/fetchers/hadoop.hpp 4923dc6491d7cc6efc6ced4f5356af9f945ba5d2 
>   src/uri/fetchers/hadoop.cpp 3c5ffe607c92ea1ab66ba261bd70031f2907cea6 
> 
> 
> Diff: https://reviews.apache.org/r/59141/diff/1/
> 
> 
> Testing
> ---
> 
> make check
> 
> 
> Thanks,
> 
> Gilbert Song
> 
>

Re: Review Request 59141: Added Secret::Value to the URI fetcher interface.

Re: Review Request 59141: Added Secret::Value to the URI fetcher interface.

Re: Review Request 59141: Added Secret::Value to the URI fetcher interface.

3 matches

Site Navigation

Mail list logo

Footer information