[ 
https://issues.apache.org/jira/browse/MESOS-5851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15385307#comment-15385307
 ] 

Zhitao Li edited comment on MESOS-5851 at 7/20/16 4:38 AM:
-----------------------------------------------------------

[~adam-mesos] I'll start to work on RR drafts from master side.

About `\-\-http_authenticators` flag change: do we expect people use different 
authenticator implementations between `READ_ONLY` and `READ_WRITE`? It seems 
very strange anyone would actually do that. If not, we can probably reduce the 
changes we need for this. (If you think it's definitely necessary, then I 
propose we make the flags symmetric to `\-\-authenticate_http_readonly` by 
adding `--http_authenticators_readonly`)


was (Author: zhitao):
[~adam-mesos] I'll start to work on RR drafts from master side.

About `--http_authenticators` flag change: do we expect people use different 
authenticator implementations between `READ_ONLY` and `READ_WRITE`? It seems 
very strange anyone would actually do that. If not, we can probably reduce the 
changes we need for this. (If you think it's definitely necessary, then I 
propose we make the flags symmetric to `--authenticate_http_readonly` by adding 
`--http_authenticators_readonly`)

> Create mechanism to control authentication between different HTTP endpoints
> ---------------------------------------------------------------------------
>
>                 Key: MESOS-5851
>                 URL: https://issues.apache.org/jira/browse/MESOS-5851
>             Project: Mesos
>          Issue Type: Bug
>          Components: libprocess
>    Affects Versions: 1.0.0
>            Reporter: Zhitao Li
>            Assignee: Zhitao Li
>              Labels: mesosphere, security
>             Fix For: 1.0.0
>
>
> All endpoints authentication is controlled by one single flag. We need this 
> flag to be on so that `/reserve` `/unreserve` can get a principal.
> However, after 1.0, we cannot access important readonly endpoints 
> `/master/state/` and `/metric/snapshot/` anymore w/o a password. The latter 
> is detrimental on usability because many users don't have the supporting 
> infra to distribute such metrics into every metrics collecting process yet.
> I'm looking towards a mechanism to at least allow unauthenticated access to 
> selective whitelisted endpoints while keep endpoints requiring AuthN/AuthZ 
> still protected.
> quoting Joseph Wu, "we want a `--authenticate_http=true, but don't check` 
> option"
> Proposed endpoint to realm grouping by [~zhitao]
> {quote}
> /////////////
> // Common realms shared by both master and agent
> ​////////////
> FLAGS
> - /flags
> ​
> FILES
> - /files/browse
> - /files/browse.json
> - /files/debug
> - /files/debug.json
> - /files/download
> - /files/download.json
> - /files/read
> - /files/read.json
> ​
> LOGGING
> - /logging/toggle
> ​
> METRICS
> - /metrics/snapshot
> ​
> PROFILER
> - /profiler/start
> - /profiler/stop
> ​
> SYSTEMS
> - /system/stats.json
> ​
> VERSIONS
> - /version
> ​
> /////////////////
> // Additional master only realms
> ​////////////////
> MAINTENANCE
> - /machine/down
> - /machine/up
> - /maintenance/schedule
> - /maintenance/status
> ​
> OPERATORS
> - /api/v1
> ​
> SCHEDULERS
> - /api/v1/scheduler
> ​
> REGISTRARS
> - /registrar(id)/registry
> ​
> RESERVATIONS
> - /reserve
> - /unreserve
> - /quota
> - /weights
> ​
> TEARDOWN
> - /teardown
> ​
> VIEWS
> - /frameworks
> - /roles
> - /roles.json
> - /slaves
> - /state
> - /state-summary
> - /state.json
> - /tasks
> - /tasks.json
> ​
> VOLUMES
> - /create-volumes
> - /destroy-volumes
> ​
> UNAUTHENTICATED
> - /health
> - /redirect
> ​
> ////////////////
> // Additional agent realms
> ////////////////
> ​
> OPERATORS
> - /api/v1
> ​
> VIEWS
> - /containers
> - /monitor/statistics
> - /monitor/statistics.json
> - /state
> - /state.json
> ​
> UNAUTHENTICATED
> - /api/v1/executor
> - /health
> {quote}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to