[
https://issues.apache.org/jira/browse/MESOS-4253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15170754#comment-15170754
]
Kapil Arya commented on MESOS-4253:
-----------------------------------
While discussing these RRs, a few security concerns came up. What this means is
that I have to retract the ship-it to discuss it further. Sorry!
One of the most important issues was the fact that exposing all Master/Agent
flags could also mean sharing things like credentials and password info, and
any other "sensitive" information that might part of other modules' module.json
parameters.
On a more detailed note, there are two main avenues that we can pursue. One,
have the modules explicitly request the flags that are needed by them in order
to work. At which point, these flags will be merged with Master/Agent flags and
the operator can pass in these flags as part of Master/Agent command line and
they will be forwarded to the respective modules. Second, we can come up with a
minimal set of Master/Agent flags that we consider "safe" and always pass to
all modules as part of the `create` call along with Parameters. There is
already a precedence in the way SSL flags are passed on via Master/Agent
command line.
This would also mean that we can remove some of the existing Master/Agent flags
that are specific to some modules (e.g., flags related to perf isolator). The
modules would then request their flags to be accepted as part of Master/Agent
commandline (and be visible at places like --help).
Finally, given the nature of the concerns, it might be a good idea to further
involve the rest of the community to discuss the security consideration
surrounding anonymous modules to get some feedback.
> Provide a minimalist "runtime context" to an Anonymous Module
> -------------------------------------------------------------
>
> Key: MESOS-4253
> URL: https://issues.apache.org/jira/browse/MESOS-4253
> Project: Mesos
> Issue Type: Improvement
> Components: modules
> Reporter: Marco Massenzio
> Assignee: Marco Massenzio
>
> Currently, {{Anonymous}} modules only receive at creation a copy of the
> {{"parameters"}} passed in the JSON configuration file.
> However, at runtime, it would be useful to also have a "runtime context" for
> the module developer to use, when implementing the functionality.
> I would suggest to pass in the {{Flags}} object from the Master/Agent inside
> an {{setRuntimeContext(const Flags&)}}[0] method, called immediately
> post-{{create(const Parameters&)}}[1].
> Also, I would suggest adding a {{teardown()}} method too, in case the module
> needs to release resources / conduct cleanup before exiting (there is a TODO
> in the code to this effect, and adding this in this patch would be close to
> trivial).
> [0] In practice, it won't be this trivial, as Master/Agent {{Flags}} are of a
> different compile-time type - probably use something like variadic templates
> or something (suggestions appreciated!).
> [1] In fact, the ideal solution would be to add the {{const Flags&}} to
> {{create()}}, but that would, alas, break everyone's modules; so that's
> probably a no-go (ideas welcome here too).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
