[
https://issues.apache.org/jira/browse/MESOS-5851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15385244#comment-15385244
]
Zhitao Li edited comment on MESOS-5851 at 7/20/16 3:14 AM:
-----------------------------------------------------------
[~greggomann] and [~vinodkone], I'd like to design the new flags from the
perspective of easy and consistent upgrade.
I believe all endpoints in READ_ONLY realm was not authenticated in 0.28.x,
then the existing {{\-\-authenticate_http}} flag only maps to endpoints in
READ_WRITE realm. We can introduce another flag
{{\-\-authenticate_http_read_only}}, which defaults to {{false}}. This allows
operator to upgrade to 1.0 with the same behavior.
For the sake of consistent, I think we should also create an alias flag
{{\-\-authenticate_http_read_write}} in favor of {{\-\-authenticate_http}}, and
explicitly call the latter deprecated from this cycle.
Given that making new flag required is very unfriendly during upgrade, I can't
really think of a good way to introduce new flag and making upgrade easy.
Please advise if you have better idea.
was (Author: zhitao):
[~greggomann] and [~vinodkone], I'd like to design the new flags from the
perspective of easy and consistent upgrade.
I believe all endpoints in READ_ONLY realm was not authenticated in 0.28.x,
then the existing --authenticate_http flag only maps to endpoints in READ_WRITE
realm. We can introduce another flag {{--authenticate_http_read_only}}, which
defaults to {{false}}. This allows operator to upgrade to 1.0 with the same
behavior.
For the sake of consistent, I think we should also create an alias flag
{{--authenticate_http_read_write}} in favor of {{--authenticate_http}}, and
explicitly call the latter deprecated from this cycle.
Given that making new flag required is very unfriendly during upgrade, I can't
really think of a good way to introduce new flag and making upgrade easy.
Please advise if you have better idea.
> Create mechanism to control authentication between different HTTP endpoints
> ---------------------------------------------------------------------------
>
> Key: MESOS-5851
> URL: https://issues.apache.org/jira/browse/MESOS-5851
> Project: Mesos
> Issue Type: Bug
> Components: libprocess
> Affects Versions: 1.0.0
> Reporter: Zhitao Li
> Labels: mesosphere, security
> Fix For: 1.0.0
>
>
> All endpoints authentication is controlled by one single flag. We need this
> flag to be on so that `/reserve` `/unreserve` can get a principal.
> However, after 1.0, we cannot access important readonly endpoints
> `/master/state/` and `/metric/snapshot/` anymore w/o a password. The latter
> is detrimental on usability because many users don't have the supporting
> infra to distribute such metrics into every metrics collecting process yet.
> I'm looking towards a mechanism to at least allow unauthenticated access to
> selective whitelisted endpoints while keep endpoints requiring AuthN/AuthZ
> still protected.
> quoting Joseph Wu, "we want a `--authenticate_http=true, but don't check`
> option"
> Proposed endpoint to realm grouping by [~zhitao]
> {quote}
> /////////////
> // Common realms shared by both master and agent
> ////////////
> FLAGS
> - /flags
>
> FILES
> - /files/browse
> - /files/browse.json
> - /files/debug
> - /files/debug.json
> - /files/download
> - /files/download.json
> - /files/read
> - /files/read.json
>
> LOGGING
> - /logging/toggle
>
> METRICS
> - /metrics/snapshot
>
> PROFILER
> - /profiler/start
> - /profiler/stop
>
> SYSTEMS
> - /system/stats.json
>
> VERSIONS
> - /version
>
> /////////////////
> // Additional master only realms
> ////////////////
> MAINTENANCE
> - /machine/down
> - /machine/up
> - /maintenance/schedule
> - /maintenance/status
>
> OPERATORS
> - /api/v1
>
> SCHEDULERS
> - /api/v1/scheduler
>
> REGISTRARS
> - /registrar(id)/registry
>
> RESERVATIONS
> - /reserve
> - /unreserve
> - /quota
> - /weights
>
> TEARDOWN
> - /teardown
>
> VIEWS
> - /frameworks
> - /roles
> - /roles.json
> - /slaves
> - /state
> - /state-summary
> - /state.json
> - /tasks
> - /tasks.json
>
> VOLUMES
> - /create-volumes
> - /destroy-volumes
>
> UNAUTHENTICATED
> - /health
> - /redirect
>
> ////////////////
> // Additional agent realms
> ////////////////
>
> OPERATORS
> - /api/v1
>
> VIEWS
> - /containers
> - /monitor/statistics
> - /monitor/statistics.json
> - /state
> - /state.json
>
> UNAUTHENTICATED
> - /api/v1/executor
> - /health
> {quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
