mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [mesos] asekretenko commented on a change in pull request #383: Add mesos authentication to the mesos cli
Date Sun, 02 May 2021 15:14:39 GMT

asekretenko commented on a change in pull request #383:
URL: https://github.com/apache/mesos/pull/383#discussion_r624698872



##########
File path: src/python/cli_new/lib/cli/config.py
##########
@@ -119,6 +119,65 @@ def master(self):
 
         return master
 
+    def principal(self):
+        """
+        Return the principal in the configuration file
+        """
+        if "principal" not in self.data["master"]:
+            return None

Review comment:
       `return self.data["master"].get("principal")` would be a bit less verbose and less
error-prone
   
   same applies to similar locations below

##########
File path: src/python/cli_new/lib/cli/mesos.py
##########
@@ -504,13 +508,23 @@ def _attach_container_output(self):
         client from the agent.
         """
 
+        # Set authentication header
+        auth = None
+        # pylint: disable=line-too-long
+        if self.config.agent_principal() is not None and self.config.agent_secret() is not
None:
+            auth = requests.auth.HTTPBasicAuth(
+                self.config.agent_principal(),
+                self.config.agent_secret()
+            )
+

Review comment:
       Given that this code occurs three times, it is definitely worth extracting into a dedicated
function.

##########
File path: src/python/cli_new/lib/cli/http.py
##########
@@ -64,7 +73,7 @@ def get_json(addr, endpoint, condition=None, timeout=5, query=None):
         data = None
 
         try:
-            data = read_endpoint(addr, endpoint, query)
+            data = read_endpoint(addr, endpoint, config, query)
         except Exception as exception:

Review comment:
       Well, I understand that this code used to silently drop arbitrary errors since time
immemorial, but probably now it is the right time to fix this:)

##########
File path: src/python/cli_new/lib/cli/http.py
##########
@@ -38,20 +38,29 @@ def read_endpoint(addr, endpoint, query=None):
     except Exception as exception:
         raise CLIException("Unable to sanitize address '{addr}': {error}"
                            .format(addr=addr, error=str(exception)))
-
     try:
         url = "{addr}/{endpoint}".format(addr=addr, endpoint=endpoint)
         if query is not None:
-            url += "?{query}".format(query=urllib.parse.urlencode(query))
-        http_response = urllib.request.urlopen(url).read().decode("utf-8")
+            url += "?{query}".format(query=urlencode(query))
+        if config.principal() is not None and config.secret() is not None:
+            headers = urllib3.make_headers(
+                basic_auth=config.principal() + ":" + config.secret()
+            )
+        else:
+            headers = None
+        http = urllib3.PoolManager()
+        http_response = http.request('GET', url, headers=headers)
     except Exception as exception:
+        print(exception)

Review comment:
       The call site in `get_json()` might be a better place to print the exception.
   
   For example, if `http_response.data.decode('utf-8')` in this function fails for some reason
on every attempt, `get_json()` will be silently crashlooping. 

##########
File path: src/python/cli_new/lib/cli/mesos.py
##########
@@ -539,6 +554,16 @@ def _launch_nested_container_session(self):
         nested container and attach to its output stream.
         The output stream is then sent back in the response.
         """
+
+        # Set authentication header
+        # pylint: disable=line-too-long
+        auth = None
+        if self.config.agent_principal() is not None and self.config.agent_secret() is not
None:

Review comment:
       You can just wrap the line instead of suppressing pylint warnings:
   ```
   if self.config.agent_principal() is not None and \
       self.config.agent_secret() is not None:
   ```




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



Mime
View raw message