Re: Review Request 49313: Added the VIEW_FLAGS authorization action.

Wed, 29 Jun 2016 11:54:37 -0700 


> On June 29, 2016, 12:51 a.m., Vinod Kone wrote:
> > src/master/http.cpp, lines 1241-1262
> > <https://reviews.apache.org/r/49313/diff/1/?file=1431790#file1431790line1241>
> >
> >     flags specific authorization should be done in `_flags()` so that the 
> > v1 API can get the benefit automatically. 
> >     
> >     please move this logic inside `_flags()`. you might need to adjust its 
> > return type and add a `__flags()`.
> 
> Alexander Rojas wrote:
>     The main problem with this suggestion is, `_flags` return type is 
> `JSON::Object`, which means it is supposed to be called synchronously by both 
> `flags()` and `getFlags()`.
>     
>     If I were to make `_flags()` async, the return type would be 
> `Future<JSON::Object>` but then, how do I encode the fact that I must return 
> `Forbidden`? I could make `_flags()` return a `Future<Response>` but then it 
> would not be different from `flags()`, moreover `getFlags()` expects a 
> `JSON::Object` since it evolves it to a `v1::master::Response`, so it 
> shouldn't take a `Future<Response>`.
>     
>     My solution would be to use the same code in `getFlags()` to perform 
> authorization.
> 
> Alexander Rojas wrote:
>     I added a patch implementing the solution I described 
> [r/49363/](https://reviews.apache.org/r/49363/)
> 
> Vinod Kone wrote:
>     `_flags()` returning `Future<Response>` is fine. `flags()` still needs to 
> deal with the REST specific things like METHOD check and jsonp. I prefer that 
> than duplicating authz code in `flags()` and `getFlags()`.

my point was, the returned response in both cases, `flags()` and `getFlags()` 
is different, in the first case you return `OK(_flags(), 
request.url.query.get("jsonp"));`, in the second case you return 
`OK(serialize(contentType, evolve<v1::master::Response::GET_FLAGS>(_flags())), 
stringify(contentType));`. 

If we go with `_flags()` returning a future response, which one should that one 
be? the first response or the second one?


- Alexander


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/49313/#review139886
-----------------------------------------------------------


On June 29, 2016, 10:44 a.m., Alexander Rojas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/49313/
> -----------------------------------------------------------
> 
> (Updated June 29, 2016, 10:44 a.m.)
> 
> 
> Review request for mesos, Adam B, Joerg Schad, Till Toenshoff, and Vinod Kone.
> 
> 
> Bugs: MESOS-5705
>     https://issues.apache.org/jira/browse/MESOS-5705
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Adds again authorization for flags. Instead of being part of
> `get_endpoints` it uses its own action `VIEW_TASKS` which is
> used to restrict access to the `/flags` endpoint, as well as
> to filter the results of the `/state` endpoint on both master
> and agents.
> 
> 
> Diffs
> -----
> 
>   include/mesos/authorizer/acls.proto 
> a6d93cd2cb9161a98565b22e50b06aac4931a671 
>   include/mesos/authorizer/authorizer.proto 
> fc76796022a6fa3d36a1447c476980868d42c2d0 
>   src/authorizer/local/authorizer.cpp 
> 3fade4168face1cb80b30c9b69b31d9eb4126222 
>   src/common/http.hpp 55bd0ac81af80c656a4a80766a3e4b21db9cf0cf 
>   src/common/http.cpp 95e8fb672b49a00860c64f818cc734fa22cf3516 
>   src/master/http.cpp 311db1a9400ab533f4536e7a7412122275a7044d 
>   src/slave/http.cpp 44d8cc98c0c1ada9d5313a3fe5c66029c9c373c6 
>   src/tests/authorization_tests.cpp 9b99da138fa27a725738d70bd99e889b108b44ae 
>   src/tests/master_authorization_tests.cpp 
> 9088d7df901ad9e0b3c43a3ea61882054f55ee93 
>   src/tests/slave_authorization_tests.cpp 
> 78221e200d9b7880cc474f1acef92c5dec1c8e25 
> 
> Diff: https://reviews.apache.org/r/49313/diff/
> 
> 
> Testing
> -------
> 
> - `make check`
> - manual tests with browsers.
> - Used the script:
>  
> ```sh
> #! /usr/bin/env bash
> 
> rm -rf /tmp/mesos/*
> 
> cat <<EOF > /tmp/credentials.txt
> foo bar
> baz bar
> EOF
> 
> cat <<EOF > /tmp/acls.json
> {
>   "permissive": false,
>   "view_flags" : [
>    {
>      "principals" : { "values" : ["foo"] },
>      "flags" : { "type" : "ANY" }
>    },
>    {
>      "principals" : { "values" : ["foo"] },
>      "flags" : { "type" : "NONE" }
>    }
>   ]
> }
> EOF
> 
> ./bin/mesos-master.sh --work_dir=/tmp/mesos/master \
>                      --authenticate_http \
>                      --log_dir=/tmp/mesos/logs/master \
>                      --http_credentials=file:///tmp/credentials.txt \
>                      --acls=file:///tmp/acls.json &
> ./bin/mesos-slave.sh --work_dir=/tmp/mesos/slave \
>                      --master=127.0.0.1:5050 \
>                      --authenticate_http \
>                      --http_credentials=file:///tmp/credentials.txt \
>                      --acls=file:///tmp/acls.json &
> 
> # Returns a 200 OK Response with the contents of the flags
> # in JSON object
> http GET http://127.0.0.1:5050/flags -a foo:bar
> http GET http://127.0.0.1:5051/flags -a foo:bar
> 
> # Returned JSON contains a `flags` entry with all the flags.
> http GET http://127.0.0.1:5050/state -a foo:bar
> http GET http://127.0.0.1:5051/state -a foo:bar
> 
> # 403 Forbidden response
> http GET http://127.0.0.1:5050/flags -a baz:bar
> http GET http://127.0.0.1:5051/flags -a baz:bar
> 
> # Returned JSON doesn't include flags information.
> http GET http://127.0.0.1:5050/state -a baz:bar
> http GET http://127.0.0.1:5051/state -a baz:bar
> ```
> 
> 
> Thanks,
> 
> Alexander Rojas
> 
>

Reply via email to