You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Greg Mann (JIRA)" <ji...@apache.org> on 2017/03/03 16:19:45 UTC
[jira] [Updated] (MESOS-7202) Allow 'principal.value' to be NONE in
master handlers
[ https://issues.apache.org/jira/browse/MESOS-7202?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Greg Mann updated MESOS-7202:
-----------------------------
Description:
The {{Principal}} type was recently introduced in libprocess to facilitate executor authentication (MESOS-6365). Currently, we do not allow {{Principal.value}} to be {{NONE}} in the master handler code for the following reasons:
* The master's internal structures (i.e. {{frameworks.principals}}) associate each framework with a {{string principal}}
* The {{ReservationInfo}} and {{DiskInfo}} messages store a {{string principal}} for the purpose of authorizing {{UNRESERVE}} and {{DESTROY}} operations
We should migrate the master's internal structures, as well as the {{ReservationInfo}} and {{DiskInfo}} messages, to make use of an object similar to {{process::http::authentication::Principal}}.
When implementing this for {{ReservationInfo}} and {{DiskInfo}}, we should consider including the principal in the Mesos internal message representations, while omitting the principal from the external user-facing messages. This would eliminate the need for the user to duplicate their principal in the contents of their {{RESERVE}}/{{CREATE}} request, when they must already supply it in the request's authorization header.
Note that resolving this ticket will also involve removing the conditional checks within {{src/master/http.cpp}} which currently enforce this constraint, as well as updating the master validation code.
was:
The {{Principal}} type was recently introduced in libprocess to facilitate executor authentication (MESOS-6365). Currently, we do not allow {{Principal.value}} to be {{NONE}} in the master handler code for the following reasons:
* The master's internal structures (i.e. {{frameworks.principals}}) associate each framework with a {{string principal}}
* The {{ReservationInfo}} and {{DiskInfo}} messages store a {{string principal}} for the purpose of authorizing {{UNRESERVE}} and {{DESTROY}} operations
We should migrate the master's internal structures, as well as the {{ReservationInfo}} and {{DiskInfo}} messages, to make use of an object similar to {{process::http::authentication::Principal}}.
When implementing this for {{ReservationInfo}} and {{DiskInfo}}, we should consider including the principal in the Mesos internal message representations, while omitting the principal from the external user-facing messages. This would eliminate the need for the user to duplicate their principal in the contents of their {{RESERVE}}/{{CREATE}} request, when they must already supply it in the request's authorization header.
> Allow 'principal.value' to be NONE in master handlers
> -----------------------------------------------------
>
> Key: MESOS-7202
> URL: https://issues.apache.org/jira/browse/MESOS-7202
> Project: Mesos
> Issue Type: Improvement
> Reporter: Greg Mann
> Labels: authentication, authorization, mesosphere, security
>
> The {{Principal}} type was recently introduced in libprocess to facilitate executor authentication (MESOS-6365). Currently, we do not allow {{Principal.value}} to be {{NONE}} in the master handler code for the following reasons:
> * The master's internal structures (i.e. {{frameworks.principals}}) associate each framework with a {{string principal}}
> * The {{ReservationInfo}} and {{DiskInfo}} messages store a {{string principal}} for the purpose of authorizing {{UNRESERVE}} and {{DESTROY}} operations
> We should migrate the master's internal structures, as well as the {{ReservationInfo}} and {{DiskInfo}} messages, to make use of an object similar to {{process::http::authentication::Principal}}.
> When implementing this for {{ReservationInfo}} and {{DiskInfo}}, we should consider including the principal in the Mesos internal message representations, while omitting the principal from the external user-facing messages. This would eliminate the need for the user to duplicate their principal in the contents of their {{RESERVE}}/{{CREATE}} request, when they must already supply it in the request's authorization header.
> Note that resolving this ticket will also involve removing the conditional checks within {{src/master/http.cpp}} which currently enforce this constraint, as well as updating the master validation code.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)