[ https://issues.apache.org/jira/browse/MESOS-5851?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Zhitao Li updated MESOS-5851: ----------------------------- Description: All endpoints authentication is controlled by one single flag. We need this flag to be on so that `/reserve` `/unreserve` can get a principal. However, after 1.0, we cannot access important readonly endpoints `/master/state/` and `/metric/snapshot/` anymore w/o a password. The latter is detrimental on usability because many users don't have the supporting infra to distribute such metrics into every metrics collecting process yet. I'm looking towards a mechanism to at least allow unauthenticated access to selective whitelisted endpoints while keep endpoints requiring AuthN/AuthZ still protected. quoting Joseph Wu, "we want a `--authenticate_http=true, but don't check` option" Proposed endpoint to realm grouping by [~zhitao] {quote} ///////////// // Common realms shared by both master and agent //////////// FLAGS - /flags FILES - /files/browse - /files/browse.json - /files/debug - /files/debug.json - /files/download - /files/download.json - /files/read - /files/read.json LOGGING - /logging/toggle METRICS - /metrics/snapshot PROFILER - /profiler/start - /profiler/stop SYSTEMS - /system/stats.json VERSIONS - /version ///////////////// // Additional master only realms //////////////// MAINTENANCE - /machine/down - /machine/up - /maintenance/schedule - /maintenance/status OPERATORS - /api/v1 SCHEDULERS - /api/v1/scheduler REGISTRARS - /registrar(id)/registry RESERVATIONS - /reserve - /unreserve - /quota - /weights TEARDOWN - /teardown VIEWS - /frameworks - /roles - /roles.json - /slaves - /state - /state-summary - /state.json - /tasks - /tasks.json VOLUMES - /create-volumes - /destroy-volumes UNAUTHENTICATED - /health - /redirect //////////////// // Additional agent realms //////////////// OPERATORS - /api/v1 VIEWS - /containers - /monitor/statistics - /monitor/statistics.json - /state - /state.json UNAUTHENTICATED - /api/v1/executor - /health {quote} was: All endpoints authentication is controlled by one single flag. We need this flag to be on so that `/reserve` `/unreserve` can get a principal. However, after 1.0, we cannot access important readonly endpoints `/master/state/` and `/metric/snapshot/` anymore w/o a password. The latter is detrimental on usability because many users don't have the supporting infra to distribute such metrics into every metrics collecting process yet. I'm looking towards a mechanism to at least allow unauthenticated access to selective whitelisted endpoints while keep endpoints requiring AuthN/AuthZ still protected. quoting Joseph Wu, "we want a `--authenticate_http=true, but don't check` option" Proposed endpoint to realm grouping by [~zhitao] {quote} ============ Common realms shared by both master and agent ============ FLAGS - /flags FILES - /files/browse - /files/browse.json - /files/debug - /files/debug.json - /files/download - /files/download.json - /files/read - /files/read.json LOGGING - /logging/toggle METRICS - /metrics/snapshot PROFILER - /profiler/start - /profiler/stop SYSTEMS - /system/stats.json VERSIONS - /version ============== Additional master only realms ============== MAINTENANCE - /machine/down - /machine/up - /maintenance/schedule - /maintenance/status OPERATORS - /api/v1 SCHEDULERS - /api/v1/scheduler REGISTRARS - /registrar(id)/registry RESERVATIONS - /reserve - /unreserve - /quota - /weights TEARDOWN - /teardown VIEWS - /frameworks - /roles - /roles.json - /slaves - /state - /state-summary - /state.json - /tasks - /tasks.json VOLUMES - /create-volumes - /destroy-volumes UNAUTHENTICATED - /health - /redirect ============== Additional agent realms ============= OPERATORS - /api/v1 VIEWS - /containers - /monitor/statistics - /monitor/statistics.json - /state - /state.json UNAUTHENTICATED - /api/v1/executor - /health {quote} > Create mechanism to control authentication between different HTTP endpoints > --------------------------------------------------------------------------- > > Key: MESOS-5851 > URL: https://issues.apache.org/jira/browse/MESOS-5851 > Project: Mesos > Issue Type: Bug > Components: libprocess > Affects Versions: 1.0.0 > Reporter: Zhitao Li > Labels: mesosphere, security > Fix For: 1.0.0 > > > All endpoints authentication is controlled by one single flag. We need this > flag to be on so that `/reserve` `/unreserve` can get a principal. > However, after 1.0, we cannot access important readonly endpoints > `/master/state/` and `/metric/snapshot/` anymore w/o a password. The latter > is detrimental on usability because many users don't have the supporting > infra to distribute such metrics into every metrics collecting process yet. > I'm looking towards a mechanism to at least allow unauthenticated access to > selective whitelisted endpoints while keep endpoints requiring AuthN/AuthZ > still protected. > quoting Joseph Wu, "we want a `--authenticate_http=true, but don't check` > option" > Proposed endpoint to realm grouping by [~zhitao] > {quote} > ///////////// > // Common realms shared by both master and agent > //////////// > FLAGS > - /flags > > FILES > - /files/browse > - /files/browse.json > - /files/debug > - /files/debug.json > - /files/download > - /files/download.json > - /files/read > - /files/read.json > > LOGGING > - /logging/toggle > > METRICS > - /metrics/snapshot > > PROFILER > - /profiler/start > - /profiler/stop > > SYSTEMS > - /system/stats.json > > VERSIONS > - /version > > ///////////////// > // Additional master only realms > //////////////// > MAINTENANCE > - /machine/down > - /machine/up > - /maintenance/schedule > - /maintenance/status > > OPERATORS > - /api/v1 > > SCHEDULERS > - /api/v1/scheduler > > REGISTRARS > - /registrar(id)/registry > > RESERVATIONS > - /reserve > - /unreserve > - /quota > - /weights > > TEARDOWN > - /teardown > > VIEWS > - /frameworks > - /roles > - /roles.json > - /slaves > - /state > - /state-summary > - /state.json > - /tasks > - /tasks.json > > VOLUMES > - /create-volumes > - /destroy-volumes > > UNAUTHENTICATED > - /health > - /redirect > > //////////////// > // Additional agent realms > //////////////// > > OPERATORS > - /api/v1 > > VIEWS > - /containers > - /monitor/statistics > - /monitor/statistics.json > - /state > - /state.json > > UNAUTHENTICATED > - /api/v1/executor > - /health > {quote} -- This message was sent by Atlassian JIRA (v6.3.4#6332)