mesos-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Neil Conway <>
Subject Re: WebUI authentication in 1.0.0-rc1
Date Wed, 08 Jun 2016 14:43:41 GMT
On Wed, Jun 8, 2016 at 4:27 PM, Alexander Rojas <> wrote:
> I think we should also think more thoroughly about the expected behaviour
> when we introduce new authorizable actions (and we most certainly will).
> Since things may break particularly if users set the `permissive` ACL field
> to false.
> Perhaps initially, if no ACL is given for the new action we print a warning
> message and behave as if the field had an ACL such as
> ```
> {
>   "principals": {"type": "ANY"}
>   "action":{"type": "ANY"}
> }
> ```

An ACL configuration that omits any rules for a particular action is
not an invalid way to configure the system. e.g., suppose we added the
"/teardown" endpoint in Mesos 1.1, along with the
"teardown_frameworks" ACL. A perfectly reasonable way to configure the
behavior "no one should be allowed to use the /teardown endpoint" is
an ACL configuration that has "permissive: false" and doesn't
otherwise mention "teardown_frameworks".

The situation here is a little unusual, because we're introducing ACLs
for behavior that was previously not covered by the authorization
system, rather than new functionality. But overall, I think the
situation can be addressed by documenting the new behavior
*prominently* in the release notes / upgrade docs -- anyone upgrading
to a non-patch release should be reading that document anyway, and the
required changes will usually be straightforward.


View raw message