[jira] [Commented] (MESOS-7415) Add authorization to master's operator maintenance API in v0 and v1

Wed, 03 May 2017 04:17:57 -0700 

    [ 
https://issues.apache.org/jira/browse/MESOS-7415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15994679#comment-15994679
 ] 

Alexander Rojas commented on MESOS-7415:
----------------------------------------

h2. Analysis

Each of the API v1 calls can be paired to one of the API v0 endpoints, that 
means that after some transformations, the handler of both API's ultimately 
call the same method. The pairing works as follows:

* {{GET_MAINTENANCE_SCHEDULE}} pairs with {{/maintenance/schedule}} if the 
second's method is {{GET}}.
* {{UPDATE_MAINTENANCE_SCHEDULE}} pairs with {{/maintenance/schedule}} if the 
second's method is {{POST}}.
* {{GET_MAINTENANCE_STATUS}} pairs with {{/maintenance/status}} and only 
accepts {{GET}}.
* {{START_MAINTENANCE}} pairs with {{/machine/down}} and only accepts {{POST}}.
* {{STOP_MAINTENANCE}} pairs with {{/machine/up}} and only accepts {{POST}}.

h3. Objects

The most likely candidates to be used as authorization objects are the machine 
ids, if we resolve that an administrator only has control over a subset of the 
machines, likewise one can assume that the operator is a super user across the 
whole cluster in which case the object will only be used to define global ACLs 
(like {{ANY}} or {{NONE}}).

I also suggest to leave {{GET_MAINTENANCE_SCHEDULE}} without authorization 
since it is something relevant for all kinds of users thinking of make use of 
resource in certain machines (One can think of a scheduler verifying the 
schedule before accepting an offer).

> Add authorization to master's operator maintenance API in v0 and v1
> -------------------------------------------------------------------
>
>                 Key: MESOS-7415
>                 URL: https://issues.apache.org/jira/browse/MESOS-7415
>             Project: Mesos
>          Issue Type: Task
>          Components: c++ api, HTTP API, master
>            Reporter: Alexander Rojas
>            Assignee: Alexander Rojas
>              Labels: authorization, mesosphere, security
>
> None of the maintenance primitives in either API v0 or API v1 have any kind 
> of authorization, which allows any user with valid credentials to do things 
> such as shutting down a machine, schedule time off on an agent, modify 
> maintenance schedule, etc.
> The authorization support needs to be added to the v0 endpoints:
> * {{/master/machine/up}}
> * {{/master/machine/down}}
> * {{/master/maintenance/schedule}}
> * {{/master/maintenance/status}}
> as well as to the v1 calls:
> * {{GET_MAINTENANCE_STATUS}}
> * {{GET_MAINTENANCE_SCHEDULE}}
> * {{UPDATE_MAINTENANCE_SCHEDULE}}
> * {{START_MAINTENANCE}}
> * {{STOP_MAINTENANCE}}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to