[jira] [Commented] (MESOS-5405) Make fields in authorization::Request protobuf optional.

[Adam B (JIRA)]

    [ 
https://issues.apache.org/jira/browse/MESOS-5405?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15305242#comment-15305242
 ] 

Adam B commented on MESOS-5405:
-------------------------------

[~tillt] I think I'm favoring [~alexr]'s approach of making subject and object 
optional (to handle object-less requests, like ACCESS_MESOS_LOG), leaving their 
values optional (to handle union-like objects), and then fixing all the 
accesses to handle missing subject/object/value correctly.
But maybe missing object doesn't mean the same as a missing object.value (even 
if the other fields are also missing). We could allow each action to define 
whether or not it requires an object, since some like ACCESS_MESOS_LOG might 
actually want to check that there is never an object set. And then, if the 
action allows/requires an object, we can define an object with no fields set 
(including no optional FrameworkInfo/ExecutorInfo/TaskInfo fields) as an ANY 
object.

> Make fields in authorization::Request protobuf optional.
> --------------------------------------------------------
>
>                 Key: MESOS-5405
>                 URL: https://issues.apache.org/jira/browse/MESOS-5405
>             Project: Mesos
>          Issue Type: Bug
>            Reporter: Alexander Rukletsov
>            Assignee: Till Toenshoff
>            Priority: Blocker
>              Labels: mesosphere, security
>             Fix For: 0.29.0
>
>
> Currently {{authorization::Request}} protobuf declares {{subject}} and 
> {{object}} as required fields. However, in the codebase we not always set 
> them, which renders the message in the uninitialized state, for example:
>  * 
> https://github.com/apache/mesos/blob/0bfd6999ebb55ddd45e2c8566db17ab49bc1ffec/src/common/http.cpp#L603
>  * 
> https://github.com/apache/mesos/blob/0bfd6999ebb55ddd45e2c8566db17ab49bc1ffec/src/master/http.cpp#L2057
> I believe that the reason why we don't see issues related to this is because 
> we never send authz requests over the wire, i.e., never serialize/deserialize 
> them. However, they are still invalid protobuf messages. Moreover, some 
> external authorizers may serialize these messages.
> We can either ensure all required fields are set or make both {{subject}} and 
> {{object}} fields optional. This will also require updating local authorizer, 
> which should properly handle the situation when these fields are absent. We 
> may also want to notify authors of external authorizers to update their code 
> accordingly.
> It looks like no deprecation is necessary, mainly because we 
> already—erroneously!—treat these fields as optional.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)