mesos-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject mesos git commit: Added authorizer interface changes and to the CHANGELOG.
Date Wed, 01 Jun 2016 05:53:11 GMT
Repository: mesos
Updated Branches:
  refs/heads/master 5fc9f2478 -> 9e612c21e

Added authorizer interface changes and to the CHANGELOG.



Branch: refs/heads/master
Commit: 9e612c21eb0fc06de1cc56115107a637642cc3d0
Parents: 5fc9f24
Author: Joerg Schad <>
Authored: Tue May 31 23:52:29 2016 -0600
Committer: Vinod Kone <>
Committed: Tue May 31 23:53:21 2016 -0600

 CHANGELOG | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
index 4b680ff..8564507 100644
@@ -27,6 +27,20 @@ This release contains the following new features:
     container to different types of IP networks by invoking network drivers
     called CNI plugins.
+  * [MESOS-2948, MESOS-5403] - The authorizer interface has been refactored in
+    order to decouple the ACLs definition language from the interface.
+    It additionally includes the option of retrieving `ObjectApprover`. An
+    `ObjectApprover` can be used to synchronously check authorizations for a
+    given object and is hence useful when authorizing a large number of objects
+    and/or large objects (which need to be copied using request based
+    authorization). NOTE: This is a **breaking change** for authorizer modules.
+  * [MESOS-4931] - Authorization based HTTP endpoint filtering enables operators
+    to restrict what part of the cluster state a user is authorized to see.
+    Consider for example the `/state` master endpoint: an operator can now
+    authorize users to only see a subset of the running frameworks, tasks, or
+    executors.
   * [MESOS-4909] - Tasks can now specify a kill policy. They are best-effort,
     because machine failures or forcible terminations may occur. Currently, the
     only available kill policy is how long to wait between graceful and forcible

View raw message