[
https://issues.apache.org/jira/browse/MESOS-5851?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Zhitao Li updated MESOS-5851:
-----------------------------
Description:
All endpoints authentication is controlled by one single flag. We need this
flag to be on so that `/reserve` `/unreserve` can get a principal.
However, after 1.0, we cannot access important readonly endpoints
`/master/state/` and `/metric/snapshot/` anymore w/o a password. The latter is
detrimental on usability because many users don't have the supporting infra to
distribute such metrics into every metrics collecting process yet.
I'm looking towards a mechanism to at least allow unauthenticated access to
selective whitelisted endpoints while keep endpoints requiring AuthN/AuthZ
still protected.
quoting Joseph Wu, "we want a `--authenticate_http=true, but don't check`
option"
Proposed endpoint to realm grouping by [~zhitao]
{quote}
/////////////
// Common realms shared by both master and agent
////////////
FLAGS
- /flags
FILES
- /files/browse
- /files/browse.json
- /files/debug
- /files/debug.json
- /files/download
- /files/download.json
- /files/read
- /files/read.json
LOGGING
- /logging/toggle
METRICS
- /metrics/snapshot
PROFILER
- /profiler/start
- /profiler/stop
SYSTEMS
- /system/stats.json
VERSIONS
- /version
/////////////////
// Additional master only realms
////////////////
MAINTENANCE
- /machine/down
- /machine/up
- /maintenance/schedule
- /maintenance/status
OPERATORS
- /api/v1
SCHEDULERS
- /api/v1/scheduler
REGISTRARS
- /registrar(id)/registry
RESERVATIONS
- /reserve
- /unreserve
- /quota
- /weights
TEARDOWN
- /teardown
VIEWS
- /frameworks
- /roles
- /roles.json
- /slaves
- /state
- /state-summary
- /state.json
- /tasks
- /tasks.json
VOLUMES
- /create-volumes
- /destroy-volumes
UNAUTHENTICATED
- /health
- /redirect
////////////////
// Additional agent realms
////////////////
OPERATORS
- /api/v1
VIEWS
- /containers
- /monitor/statistics
- /monitor/statistics.json
- /state
- /state.json
UNAUTHENTICATED
- /api/v1/executor
- /health
{quote}
was:
All endpoints authentication is controlled by one single flag. We need this
flag to be on so that `/reserve` `/unreserve` can get a principal.
However, after 1.0, we cannot access important readonly endpoints
`/master/state/` and `/metric/snapshot/` anymore w/o a password. The latter is
detrimental on usability because many users don't have the supporting infra to
distribute such metrics into every metrics collecting process yet.
I'm looking towards a mechanism to at least allow unauthenticated access to
selective whitelisted endpoints while keep endpoints requiring AuthN/AuthZ
still protected.
quoting Joseph Wu, "we want a `--authenticate_http=true, but don't check`
option"
Proposed endpoint to realm grouping by [~zhitao]
{quote}
============
Common realms shared by both master and agent
============
FLAGS
- /flags
FILES
- /files/browse
- /files/browse.json
- /files/debug
- /files/debug.json
- /files/download
- /files/download.json
- /files/read
- /files/read.json
LOGGING
- /logging/toggle
METRICS
- /metrics/snapshot
PROFILER
- /profiler/start
- /profiler/stop
SYSTEMS
- /system/stats.json
VERSIONS
- /version
==============
Additional master only realms
==============
MAINTENANCE
- /machine/down
- /machine/up
- /maintenance/schedule
- /maintenance/status
OPERATORS
- /api/v1
SCHEDULERS
- /api/v1/scheduler
REGISTRARS
- /registrar(id)/registry
RESERVATIONS
- /reserve
- /unreserve
- /quota
- /weights
TEARDOWN
- /teardown
VIEWS
- /frameworks
- /roles
- /roles.json
- /slaves
- /state
- /state-summary
- /state.json
- /tasks
- /tasks.json
VOLUMES
- /create-volumes
- /destroy-volumes
UNAUTHENTICATED
- /health
- /redirect
==============
Additional agent realms
=============
OPERATORS
- /api/v1
VIEWS
- /containers
- /monitor/statistics
- /monitor/statistics.json
- /state
- /state.json
UNAUTHENTICATED
- /api/v1/executor
- /health
{quote}
> Create mechanism to control authentication between different HTTP endpoints
> ---------------------------------------------------------------------------
>
> Key: MESOS-5851
> URL: https://issues.apache.org/jira/browse/MESOS-5851
> Project: Mesos
> Issue Type: Bug
> Components: libprocess
> Affects Versions: 1.0.0
> Reporter: Zhitao Li
> Labels: mesosphere, security
> Fix For: 1.0.0
>
>
> All endpoints authentication is controlled by one single flag. We need this
> flag to be on so that `/reserve` `/unreserve` can get a principal.
> However, after 1.0, we cannot access important readonly endpoints
> `/master/state/` and `/metric/snapshot/` anymore w/o a password. The latter
> is detrimental on usability because many users don't have the supporting
> infra to distribute such metrics into every metrics collecting process yet.
> I'm looking towards a mechanism to at least allow unauthenticated access to
> selective whitelisted endpoints while keep endpoints requiring AuthN/AuthZ
> still protected.
> quoting Joseph Wu, "we want a `--authenticate_http=true, but don't check`
> option"
> Proposed endpoint to realm grouping by [~zhitao]
> {quote}
> /////////////
> // Common realms shared by both master and agent
> ////////////
> FLAGS
> - /flags
>
> FILES
> - /files/browse
> - /files/browse.json
> - /files/debug
> - /files/debug.json
> - /files/download
> - /files/download.json
> - /files/read
> - /files/read.json
>
> LOGGING
> - /logging/toggle
>
> METRICS
> - /metrics/snapshot
>
> PROFILER
> - /profiler/start
> - /profiler/stop
>
> SYSTEMS
> - /system/stats.json
>
> VERSIONS
> - /version
>
> /////////////////
> // Additional master only realms
> ////////////////
> MAINTENANCE
> - /machine/down
> - /machine/up
> - /maintenance/schedule
> - /maintenance/status
>
> OPERATORS
> - /api/v1
>
> SCHEDULERS
> - /api/v1/scheduler
>
> REGISTRARS
> - /registrar(id)/registry
>
> RESERVATIONS
> - /reserve
> - /unreserve
> - /quota
> - /weights
>
> TEARDOWN
> - /teardown
>
> VIEWS
> - /frameworks
> - /roles
> - /roles.json
> - /slaves
> - /state
> - /state-summary
> - /state.json
> - /tasks
> - /tasks.json
>
> VOLUMES
> - /create-volumes
> - /destroy-volumes
>
> UNAUTHENTICATED
> - /health
> - /redirect
>
> ////////////////
> // Additional agent realms
> ////////////////
>
> OPERATORS
> - /api/v1
>
> VIEWS
> - /containers
> - /monitor/statistics
> - /monitor/statistics.json
> - /state
> - /state.json
>
> UNAUTHENTICATED
> - /api/v1/executor
> - /health
> {quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
