[jira] [Commented] (MESOS-7066) Allow permissive bit to be set for individual acls (in addition to the global level)

Fri, 17 Feb 2017 14:57:11 -0800 

    [ 
https://issues.apache.org/jira/browse/MESOS-7066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15872691#comment-15872691
 ] 

Greg Mann commented on MESOS-7066:
----------------------------------

[~xujyan] if I understand the situation you mentioned correctly, the operator 
could do this:
* Set the global permissive bit to true
* In the specification of the single ACL that you want to behave as 
non-permissive, provide {{subject=ANY, object=NONE}} as the _last_ item in its 
list. This will have the effect of {{permissive=false}} for that ACL only.

Would that satisfy the use case you're thinking of?

> Allow permissive bit to be set for individual acls (in addition to the global 
> level)
> ------------------------------------------------------------------------------------
>
>                 Key: MESOS-7066
>                 URL: https://issues.apache.org/jira/browse/MESOS-7066
>             Project: Mesos
>          Issue Type: Improvement
>          Components: security
>            Reporter: Anindya Sinha
>            Assignee: Adam B
>            Priority: Minor
>              Labels: acl
>
> Currently, while defining ACLs for master or agents, there is a boolean field 
>  {{permissive}} that can be set on the global level that applies to all acls.
> It defines the behavior when no ACL matches to the request made. If set to 
> true (which is the default) it will allow by default all non-matching 
> requests, if set to false it will reject all non-matching requests.
> We should consider supporting a local {{permissive}} field specific to each 
> ACL which would override the global {{permissive}} field if the local 
> {{permissive}} field is set.
> The use case is that if support for a new ACL is added to master or agent, 
> and a cluster uses the global {{permissive}} field set to {{false}}, that 
> would imply that the authorization for the newly added ACL shall fail unless 
> the operator adds the corresponding entry for the newly added ACL, which 
> leads to a upgrade issue.
> If we have both the global as well as local {{permissive}} bit, then the 
> global {{permissive}} bit can be set to {{true}}, whereas the local 
> {{permissive}} bit can be set to true or false based on the use case. With 
> this approach, it would not be mandatory to add an entry for the new ACL 
> entry unless the operator chooses to do so.
> That obviously also leads to the fact that maybe we should not have the 
> global {{permissive}} bit in the first place.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to