mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benjamin Bannier <benjamin.bann...@mesosphere.io>
Subject Re: Review Request 67501: Added authorization for storage operations.
Date Thu, 28 Jun 2018 07:52:39 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67501/#review205492
-----------------------------------------------------------




include/mesos/authorizer/acls.proto
Lines 542 (patched)
<https://reviews.apache.org/r/67501/#comment288405>

    I had some discussions around using principals to control these `DESTROY_*` operations
with Jie and Greg.
    
    The take-away was that using principals instead of roles (like e.g., already suggested
by Chun in this RR) is not something we should do going forward. It is already tech debt in
the destruction of persistent volumes (which is pretty hard to remove in a backwards-compatible
way), and we should not add it here.
    
    This is related to the fact that when a resource is reserved to a certain role, every
framework in that role already has access _to the data_ in that volume (they could e.g., read
and modify the data from a task). By using a principal to control destruction we protect the
metadata (_some volume `xyz` exists_) while we do not protect the actual data (access to the
data is based on roles). That means using principals to authorized `UNRESERVE` operations
is useful (it changes data visibility), but does not add real benefits for the `DESTROY_*`
operations.
    
    Could you use a `required Entity roles` here and below instead? We'd also need to update
the documentation and ACL validation.


- Benjamin Bannier


On June 27, 2018, 12:40 p.m., Jan Schlicht wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67501/
> -----------------------------------------------------------
> 
> (Updated June 27, 2018, 12:40 p.m.)
> 
> 
> Review request for mesos, Benjamin Bannier and Chun-Hung Hsiao.
> 
> 
> Bugs: MESOS-7329
>     https://issues.apache.org/jira/browse/MESOS-7329
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Framework operations `CREATE_VOLUME`, `DESTROY_VOLUME`, `CREATE_BLOCK`,
> `DESTROY_BLOCK` are authorized. Respective ACL actions have been added
> to the local authorizer. Currently access can only be given to either
> 'ANY' or 'NONE' resource providers.
> 
> 
> Diffs
> -----
> 
>   docs/authorization.md cd8622b9848b7a020c079cc1901e3933fa6eb0c0 
>   include/mesos/authorizer/acls.proto e4889939481dabe6c1c2876a54d654f98d00dec8 
>   include/mesos/authorizer/authorizer.proto bb1010d7eb97de17807b0a730ce16a4b28bc2aa3

>   src/authorizer/local/authorizer.cpp 61e9ab5ce9f1ce4eee4a3f8502c9b60140efcb7e 
>   src/master/master.hpp 4180341e2c7b16503a4376c501f611bb78ba901c 
>   src/master/master.cpp 4ade16f044f8a4fdafd5afaba4e6a23232f83a5a 
>   src/tests/authorization_tests.cpp f6f77692112d2299f3009fde4468f82bfd934c60 
> 
> 
> Diff: https://reviews.apache.org/r/67501/diff/5/
> 
> 
> Testing
> -------
> 
> make check
> 
> 
> Thanks,
> 
> Jan Schlicht
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message