You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Alexander Rojas (JIRA)" <ji...@apache.org> on 2017/05/03 11:17:04 UTC

[jira] [Commented] (MESOS-7415) Add authorization to master's operator maintenance API in v0 and v1

    [ https://issues.apache.org/jira/browse/MESOS-7415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15994679#comment-15994679 ] 

Alexander Rojas commented on MESOS-7415:
----------------------------------------

h2. Analysis

Each of the API v1 calls can be paired to one of the API v0 endpoints, that means that after some transformations, the handler of both API's ultimately call the same method. The pairing works as follows:

* {{GET_MAINTENANCE_SCHEDULE}} pairs with {{/maintenance/schedule}} if the second's method is {{GET}}.
* {{UPDATE_MAINTENANCE_SCHEDULE}} pairs with {{/maintenance/schedule}} if the second's method is {{POST}}.
* {{GET_MAINTENANCE_STATUS}} pairs with {{/maintenance/status}} and only accepts {{GET}}.
* {{START_MAINTENANCE}} pairs with {{/machine/down}} and only accepts {{POST}}.
* {{STOP_MAINTENANCE}} pairs with {{/machine/up}} and only accepts {{POST}}.

h3. Objects

The most likely candidates to be used as authorization objects are the machine ids, if we resolve that an administrator only has control over a subset of the machines, likewise one can assume that the operator is a super user across the whole cluster in which case the object will only be used to define global ACLs (like {{ANY}} or {{NONE}}).

I also suggest to leave {{GET_MAINTENANCE_SCHEDULE}} without authorization since it is something relevant for all kinds of users thinking of make use of resource in certain machines (One can think of a scheduler verifying the schedule before accepting an offer).

> Add authorization to master's operator maintenance API in v0 and v1
> -------------------------------------------------------------------
>
>                 Key: MESOS-7415
>                 URL: https://issues.apache.org/jira/browse/MESOS-7415
>             Project: Mesos
>          Issue Type: Task
>          Components: c++ api, HTTP API, master
>            Reporter: Alexander Rojas
>            Assignee: Alexander Rojas
>              Labels: authorization, mesosphere, security
>
> None of the maintenance primitives in either API v0 or API v1 have any kind of authorization, which allows any user with valid credentials to do things such as shutting down a machine, schedule time off on an agent, modify maintenance schedule, etc.
> The authorization support needs to be added to the v0 endpoints:
> * {{/master/machine/up}}
> * {{/master/machine/down}}
> * {{/master/maintenance/schedule}}
> * {{/master/maintenance/status}}
> as well as to the v1 calls:
> * {{GET_MAINTENANCE_STATUS}}
> * {{GET_MAINTENANCE_SCHEDULE}}
> * {{UPDATE_MAINTENANCE_SCHEDULE}}
> * {{START_MAINTENANCE}}
> * {{STOP_MAINTENANCE}}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)