Hi, thanks for the pointer. For people having the same problem, it seems that you have to actually provide six new ACL rules to restore the previous behaviour:
get_endpoints, view_frameworks, view_tasks, view_executors, access_sandboxes, and access_mesos_logs. On 03.06.2016 21:59, Michael Park wrote: > Hello, I'm not exactly sure about whether the behavior is undesired or not. > > But I think the ACL that you're missing is `GetEndpoint`: > https://github.com/apache/mesos/blob/master/include/mesos/authorizer/acls.proto#L183-L190 > > Hope that helps, > > MPark > > On 3 June 2016 at 12:36, Evers Benno <ben...@yandex-team.ru> wrote: > >> >> I just tried building and running the 1.0.0-rc1, and it seems that the >> web UI is broken due to /metrics/snapshot returning a 403. (There's a >> popup continously displaying "Failed to connect to >> mesos-master.example.org:5050!" >> >> I'm running mesos-master with options `--no-authenticate_http >> --acls={"permissive": "false", [...]}`, so I'm not completely sure if >> this behaviour is as desired or not. (although its certainly unexpected) >> >> Regardless, I looked around for a while, but I couldn't figure out what >> to add to the ACL to restore unauthorized viewing access for everyone? >> >> Best regards, >> Benno >> >
