[
https://issues.apache.org/jira/browse/MESOS-5705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15350314#comment-15350314
]
Adam B commented on MESOS-5705:
-------------------------------
The more I think about it, there's no good reason (besides backwards
compatibility) to show the flags in /state when they're already available in
/flags. Anything that's important enough to belong in /state should be pulled
up into /state proper, rather than getting dragged in with the rest of the
flags.
We obviously can't just stop showing flags in /state, but we could add a
`--hide_flags` flag (or protect_flags, etc.) that is disabled by default, so
that clusters upgrading aren't hit by the behavior change, and they can
explicitly set the legacy mode if they want it to survive the future upgrade
(>6mo) when we change to hiding flags by default. Eventually (2.0?) we can
change to an API where we only have a dedicated endpoint for flags.
Note that this means that MESOS-5706 would no longer be needed, as we can
recommend that users hide_flags, and then use GET_ENDPOINT_WITH_PATH=/flags to
protect their master/agent flags.
> ZK credential is exposed in /flags and /state
> ---------------------------------------------
>
> Key: MESOS-5705
> URL: https://issues.apache.org/jira/browse/MESOS-5705
> Project: Mesos
> Issue Type: Task
> Components: master, security
> Reporter: Adam B
> Priority: Critical
> Labels: mesosphere, security
> Fix For: 1.0.0
>
>
> Mesos allows zk credentials to be embedded in the zk url, but exposes these
> credentials in the /flags and /state endpoint. Even though /state is
> authorized, it only filters out frameworks/tasks, so the top-level flags are
> shown to any authenticated user.
> "zk": "zk://dcos_mesos_master:[email protected]:2181/mesos",
> We need to find some way to hide this data, or even add a first-class
> VIEW_FLAGS acl that applies to any endpoint that exposes flags.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
