[ https://issues.apache.org/jira/browse/MESOS-7066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15872638#comment-15872638 ]
Yan Xu commented on MESOS-7066: ------------------------------- I may be misunderstanding something but I thought it's not about allowing people to use a {{permissive}} bit as syntactical sugar for {{subject=ANY,object=ANY}} and {{subject=NONE,object=NONE}} but rather, if I, an operator, only care about one ACL in a non-permissive form, I shouldn't have to fill in all possible ACLs on the process today and watch closely for all future additions? > Allow permissive bit to be set for individual acls (in addition to the global > level) > ------------------------------------------------------------------------------------ > > Key: MESOS-7066 > URL: https://issues.apache.org/jira/browse/MESOS-7066 > Project: Mesos > Issue Type: Improvement > Components: security > Reporter: Anindya Sinha > Assignee: Adam B > Priority: Minor > Labels: acl > > Currently, while defining ACLs for master or agents, there is a boolean field > {{permissive}} that can be set on the global level that applies to all acls. > It defines the behavior when no ACL matches to the request made. If set to > true (which is the default) it will allow by default all non-matching > requests, if set to false it will reject all non-matching requests. > We should consider supporting a local {{permissive}} field specific to each > ACL which would override the global {{permissive}} field if the local > {{permissive}} field is set. > The use case is that if support for a new ACL is added to master or agent, > and a cluster uses the global {{permissive}} field set to {{false}}, that > would imply that the authorization for the newly added ACL shall fail unless > the operator adds the corresponding entry for the newly added ACL, which > leads to a upgrade issue. > If we have both the global as well as local {{permissive}} bit, then the > global {{permissive}} bit can be set to {{true}}, whereas the local > {{permissive}} bit can be set to true or false based on the use case. With > this approach, it would not be mandatory to add an entry for the new ACL > entry unless the operator chooses to do so. > That obviously also leads to the fact that maybe we should not have the > global {{permissive}} bit in the first place. -- This message was sent by Atlassian JIRA (v6.3.15#6346)