mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zhitao Li (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MESOS-5851) Create mechanism to control authentication between different HTTP endpoints
Date Wed, 20 Jul 2016 03:12:21 GMT

    [ https://issues.apache.org/jira/browse/MESOS-5851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15385244#comment-15385244
] 

Zhitao Li commented on MESOS-5851:
----------------------------------

[~greggomann] and [~vinodkone], I'd like to design the new flags from the perspective of easy
and consistent upgrade.

I believe all endpoints in READ_ONLY realm was not authenticated in 0.28.x, then the existing
{{--authenticate_http}} flag only maps to endpoints in READ_WRITE realm. We can introduce
another flag {{--authenticate_http_read_only}}, which defaults to {{false}}. This allows operator
to upgrade to 1.0 with the same behavior.

For the sake of consistent, I think we should also create an alias flag {{--authenticate_http_read_write}}
in favor of {{--authenticate_http}}, and explicitly call the latter deprecated from this cycle.

Given that making new flag required is very unfriendly during upgrade, I can't really think
of a good way to introduce new flag and making upgrade easy. Please advise if you have better
idea.

> Create mechanism to control authentication between different HTTP endpoints
> ---------------------------------------------------------------------------
>
>                 Key: MESOS-5851
>                 URL: https://issues.apache.org/jira/browse/MESOS-5851
>             Project: Mesos
>          Issue Type: Bug
>          Components: libprocess
>    Affects Versions: 1.0.0
>            Reporter: Zhitao Li
>              Labels: mesosphere, security
>             Fix For: 1.0.0
>
>
> All endpoints authentication is controlled by one single flag. We need this flag to be
on so that `/reserve` `/unreserve` can get a principal.
> However, after 1.0, we cannot access important readonly endpoints `/master/state/` and
`/metric/snapshot/` anymore w/o a password. The latter is detrimental on usability because
many users don't have the supporting infra to distribute such metrics into every metrics collecting
process yet.
> I'm looking towards a mechanism to at least allow unauthenticated access to selective
whitelisted endpoints while keep endpoints requiring AuthN/AuthZ still protected.
> quoting Joseph Wu, "we want a `--authenticate_http=true, but don't check` option"
> Proposed endpoint to realm grouping by [~zhitao]
> {quote}
> /////////////
> // Common realms shared by both master and agent
> ​////////////
> FLAGS
> - /flags
> ​
> FILES
> - /files/browse
> - /files/browse.json
> - /files/debug
> - /files/debug.json
> - /files/download
> - /files/download.json
> - /files/read
> - /files/read.json
> ​
> LOGGING
> - /logging/toggle
> ​
> METRICS
> - /metrics/snapshot
> ​
> PROFILER
> - /profiler/start
> - /profiler/stop
> ​
> SYSTEMS
> - /system/stats.json
> ​
> VERSIONS
> - /version
> ​
> /////////////////
> // Additional master only realms
> ​////////////////
> MAINTENANCE
> - /machine/down
> - /machine/up
> - /maintenance/schedule
> - /maintenance/status
> ​
> OPERATORS
> - /api/v1
> ​
> SCHEDULERS
> - /api/v1/scheduler
> ​
> REGISTRARS
> - /registrar(id)/registry
> ​
> RESERVATIONS
> - /reserve
> - /unreserve
> - /quota
> - /weights
> ​
> TEARDOWN
> - /teardown
> ​
> VIEWS
> - /frameworks
> - /roles
> - /roles.json
> - /slaves
> - /state
> - /state-summary
> - /state.json
> - /tasks
> - /tasks.json
> ​
> VOLUMES
> - /create-volumes
> - /destroy-volumes
> ​
> UNAUTHENTICATED
> - /health
> - /redirect
> ​
> ////////////////
> // Additional agent realms
> ////////////////
> ​
> OPERATORS
> - /api/v1
> ​
> VIEWS
> - /containers
> - /monitor/statistics
> - /monitor/statistics.json
> - /state
> - /state.json
> ​
> UNAUTHENTICATED
> - /api/v1/executor
> - /health
> {quote}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message