[jira] [Commented] (MESOS-7066) Allow permissive bit to be set for individual acls (in addition to the global level)

Fri, 17 Feb 2017 14:19:58 -0800 

    [ 
https://issues.apache.org/jira/browse/MESOS-7066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15872638#comment-15872638
 ] 

Yan Xu commented on MESOS-7066:
-------------------------------

I may be misunderstanding something but I thought it's not about allowing 
people to use a {{permissive}} bit as syntactical sugar for 
{{subject=ANY,object=ANY}} and {{subject=NONE,object=NONE}} but rather, if I, 
an operator, only care about one ACL in a non-permissive form, I shouldn't have 
to fill in all possible ACLs on the process today and watch closely for all 
future additions?

> Allow permissive bit to be set for individual acls (in addition to the global 
> level)
> ------------------------------------------------------------------------------------
>
>                 Key: MESOS-7066
>                 URL: https://issues.apache.org/jira/browse/MESOS-7066
>             Project: Mesos
>          Issue Type: Improvement
>          Components: security
>            Reporter: Anindya Sinha
>            Assignee: Adam B
>            Priority: Minor
>              Labels: acl
>
> Currently, while defining ACLs for master or agents, there is a boolean field 
>  {{permissive}} that can be set on the global level that applies to all acls.
> It defines the behavior when no ACL matches to the request made. If set to 
> true (which is the default) it will allow by default all non-matching 
> requests, if set to false it will reject all non-matching requests.
> We should consider supporting a local {{permissive}} field specific to each 
> ACL which would override the global {{permissive}} field if the local 
> {{permissive}} field is set.
> The use case is that if support for a new ACL is added to master or agent, 
> and a cluster uses the global {{permissive}} field set to {{false}}, that 
> would imply that the authorization for the newly added ACL shall fail unless 
> the operator adds the corresponding entry for the newly added ACL, which 
> leads to a upgrade issue.
> If we have both the global as well as local {{permissive}} bit, then the 
> global {{permissive}} bit can be set to {{true}}, whereas the local 
> {{permissive}} bit can be set to true or false based on the use case. With 
> this approach, it would not be mandatory to add an entry for the new ACL 
> entry unless the operator chooses to do so.
> That obviously also leads to the fact that maybe we should not have the 
> global {{permissive}} bit in the first place.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to