Hi Evers, Thanks for testing this out! We should have called out this change more explicitly in the changelog; I've posted a patch here <https://reviews.apache.org/r/48380/> to do that.
Adding documentation with guidance on how to set ACLs to accomplish particular tasks (i.e., full use of the web UI) would be beneficial as well, but seems out of scope for the release notes. I've created a JIRA to update the authorization documentation here <https://issues.apache.org/jira/browse/MESOS-5564>. Cheers, Greg On Mon, Jun 6, 2016 at 2:28 AM, Evers Benno <ben...@yandex-team.ru> wrote: > Hi, > > thanks for the pointer. For people having the same problem, it seems > that you have to actually provide six new ACL rules to restore the > previous behaviour: > > get_endpoints, view_frameworks, view_tasks, view_executors, > access_sandboxes, and access_mesos_logs. > > On 03.06.2016 21:59, Michael Park wrote: > > Hello, I'm not exactly sure about whether the behavior is undesired or > not. > > > > But I think the ACL that you're missing is `GetEndpoint`: > > > https://github.com/apache/mesos/blob/master/include/mesos/authorizer/acls.proto#L183-L190 > > > > Hope that helps, > > > > MPark > > > > On 3 June 2016 at 12:36, Evers Benno <ben...@yandex-team.ru> wrote: > > > >> > >> I just tried building and running the 1.0.0-rc1, and it seems that the > >> web UI is broken due to /metrics/snapshot returning a 403. (There's a > >> popup continously displaying "Failed to connect to > >> mesos-master.example.org:5050!" > >> > >> I'm running mesos-master with options `--no-authenticate_http > >> --acls={"permissive": "false", [...]}`, so I'm not completely sure if > >> this behaviour is as desired or not. (although its certainly unexpected) > >> > >> Regardless, I looked around for a while, but I couldn't figure out what > >> to add to the ACL to restore unauthorized viewing access for everyone? > >> > >> Best regards, > >> Benno > >> > > >
