[jira] [Commented] (MESOS-5406) Validate ACLs on creating an instance of local authorizer.

Tue, 24 May 2016 05:52:42 -0700 

    [ 
https://issues.apache.org/jira/browse/MESOS-5406?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15298126#comment-15298126
 ] 

Jay Guo commented on MESOS-5406:
--------------------------------

That's true, unless explicit restrictiveness is enforced on one action and an 
exception is being made. Consider following case:
{code}
Permissive = true
ANY update_quota on NONE
foo update_quota on ANY
{code}
In this case, the last ANY is not redundant. See test case 
{{AuthorizationTest.UpdateQuota}}.

With that being said, some obvious redundancies and conflicts can be caught 
with following rules:
# Iff one ACL can be allowed by another when treated as request, it is 
considered to be *redundant*. e.g. {{'foo' update_quota on 'ANY'}} and {{'foo' 
update_quota on 'qux'}}
# If *subjects* of two ACLs are of type +SOME+, and one of them is _subset_ of 
another, and *objects* of these two ACLs are +ANY+ and +NONE+ respectively, 
they are considered to be conflicting each other. e.g. {{'foo', 'bar' 
update_quota on 'ANY'}} and {{'foo' update_quota on 'NONE'}}

Here's the RR with above rules: https://reviews.apache.org/r/47771/
Please take a look.

One question: Should we have a generic interface for all actions, which makes 
it easier to iterate? Or we simply enumerate all of them like _update_quota_ in 
the RR.

> Validate ACLs on creating an instance of local authorizer.
> ----------------------------------------------------------
>
>                 Key: MESOS-5406
>                 URL: https://issues.apache.org/jira/browse/MESOS-5406
>             Project: Mesos
>          Issue Type: Improvement
>          Components: security
>            Reporter: Alexander Rukletsov
>            Assignee: Jay Guo
>              Labels: mesosphere, security
>
> Some combinations of ACLs are not allowed, for example, specifying both 
> {{SetQuota}} and {{UpdateQuota}}. We should capture such issues and error out 
> early. 
> This ticket aims to add as many validations as possible to a dedicated 
> {{validate()}} routine, instead of having them implicitly in the codebase.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to