Re: mesos master default drop acl

2020-08-07 Thread Vinod Kone 
Not sure if you came across
http://mesos.apache.org/documentation/latest/authorization/ but I hope it
can answer your questions.

On Thu, Jul 30, 2020 at 4:03 PM Marc Roos  wrote:

>
>
> Currently I am running on a testing environment with some default acl I
> found[1]. I have configured  mesos-credentials, and afaik everything
> agents/marathon framework is authenticating. So I thought about
> converting the acl to default drop/deny. However I see there are quite a
> few options.
>
> Is it advicable to even set the all to deny? Is there an example how to
> set the url for GetEndpoint?
>
> [2]
>
> https://github.com/apache/mesos/blob/master/include/mesos/authorizer/acls.proto
> http://mesos.apache.org/documentation/latest/configuration/master/
>
> [1]
> {
>   "run_tasks": [
> {
>   "principals": {
> "type": "ANY"
>   },
>   "users": {
> "type": "ANY"
>   }
> }
>   ],
>   "register_frameworks": [
> {
>   "principals": {
> "type": "ANY"
>   },
>   "roles": {
> "type": "ANY"
>   }
> }
>   ]
> }
>

mesos master default drop acl

2020-07-30 Thread Marc Roos 



Currently I am running on a testing environment with some default acl I 
found[1]. I have configured  mesos-credentials, and afaik everything 
agents/marathon framework is authenticating. So I thought about 
converting the acl to default drop/deny. However I see there are quite a 
few options.

Is it advicable to even set the all to deny? Is there an example how to 
set the url for GetEndpoint?

[2]
https://github.com/apache/mesos/blob/master/include/mesos/authorizer/acls.proto
http://mesos.apache.org/documentation/latest/configuration/master/

[1]
{
  "run_tasks": [
{
  "principals": {
"type": "ANY"
  },
  "users": {
"type": "ANY"
  }
}
  ],
  "register_frameworks": [
{
  "principals": {
"type": "ANY"
  },
  "roles": {
"type": "ANY"
  }
}
  ]
}