You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Kapil Arya (JIRA)" <ji...@apache.org> on 2016/02/28 00:04:18 UTC

[jira] [Commented] (MESOS-4253) Provide a minimalist "runtime context" to an Anonymous Module

    [ https://issues.apache.org/jira/browse/MESOS-4253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15170754#comment-15170754 ] 

Kapil Arya commented on MESOS-4253:
-----------------------------------

While discussing these RRs, a few security concerns came up. What this means is that I have to retract the ship-it to discuss it further. Sorry!

One of the most important issues was the fact that exposing all Master/Agent flags could also mean sharing things like credentials and password info, and any other "sensitive" information that might part of other modules' module.json parameters. 

On a more detailed note, there are two main avenues that we can pursue. One, have the modules explicitly request the flags that are needed by them in order to work. At which point, these flags will be merged with Master/Agent flags and the operator can pass in these flags as part of Master/Agent command line and they will be forwarded to the respective modules. Second, we can come up with a minimal set of Master/Agent flags that we consider "safe" and always pass to all modules as part of the `create` call along with Parameters. There is already a precedence in the way SSL flags are passed on via Master/Agent command line.

This would also mean that we can remove some of the existing Master/Agent flags that are specific to some modules (e.g., flags related to perf isolator). The modules would then request their flags to be accepted as part of Master/Agent commandline (and be visible at places like --help).

Finally, given the nature of the concerns, it might be a good idea to further involve the rest of the community to discuss the security consideration surrounding anonymous modules to get some feedback. 

> Provide a minimalist "runtime context" to an Anonymous Module
> -------------------------------------------------------------
>
>                 Key: MESOS-4253
>                 URL: https://issues.apache.org/jira/browse/MESOS-4253
>             Project: Mesos
>          Issue Type: Improvement
>          Components: modules
>            Reporter: Marco Massenzio
>            Assignee: Marco Massenzio
>
> Currently, {{Anonymous}} modules only receive at creation a copy of the {{"parameters"}} passed in the JSON configuration file.
> However, at runtime, it would be useful to also have a "runtime context" for the module developer to use, when implementing the functionality.
> I would suggest to pass in the {{Flags}} object from the Master/Agent inside an {{setRuntimeContext(const Flags&)}}[0] method, called immediately post-{{create(const Parameters&)}}[1].
> Also, I would suggest adding a {{teardown()}} method too, in case the module needs to release resources / conduct cleanup before exiting (there is a TODO in the code to this effect, and adding this in this patch would be close to trivial).
> [0] In practice, it won't be this trivial, as Master/Agent {{Flags}} are of a different compile-time type - probably use something like variadic templates or something (suggestions appreciated!).
> [1] In fact, the ideal solution would be to add the {{const Flags&}} to {{create()}}, but that would, alas, break everyone's modules; so that's probably a no-go (ideas welcome here too).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)