[jira] [Created] (MESOS-7066) Allow permissive bit to be set for individual acls (in addition to the global level)

["Anindya Sinha (JIRA)" <ji...@apache.org>]

Anindya Sinha created MESOS-7066:
------------------------------------

             Summary: Allow permissive bit to be set for individual acls (in addition to the global level)
                 Key: MESOS-7066
                 URL: https://issues.apache.org/jira/browse/MESOS-7066
             Project: Mesos
          Issue Type: Improvement
          Components: security
            Reporter: Anindya Sinha
            Priority: Minor


Currently, while defining ACLs for master or agents, there is a boolean field  {{permissive}} that can be set on the global level that applies to all acls.

It defines the behavior when no ACL matches to the request made. If set to true (which is the default) it will allow by default all non-matching requests, if set to false it will reject all non-matching requests.

We should consider supporting a local {{permissive}} field specific to each ACL which would override the global {{permissive}} field if the local {{permissive}} field is set.

The use case is that if support for a new ACL is added to master or agent, and a cluster uses the global {{permissive}} field set to {{false}}, that would imply that the authorization for the newly added ACL shall fail unless the operator adds the corresponding entry for the newly added ACL, which leads to a upgrade issue.

If we have both the global as well as local {{permissive}} bit, then the global {{permissive}} bit can be set to {{true}}, whereas the local {{permissive}} bit can be set to true or false based on the use case. With this approach, it would not be mandatory to add an entry for the new ACL entry unless the operator chooses to do so.

That obviously also leads to the fact that maybe we should not have the global {{permissive}} bit in the first place.





--
This message was sent by Atlassian JIRA
(v6.3.15#6346)