mesos-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vinodk...@apache.org
Subject mesos git commit: Added authorizer interface changes and to the CHANGELOG.
Date Wed, 01 Jun 2016 05:53:11 GMT
Repository: mesos
Updated Branches:
  refs/heads/master 5fc9f2478 -> 9e612c21e


Added authorizer interface changes and to the CHANGELOG.

Review: https://reviews.apache.org/r/48092


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/9e612c21
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/9e612c21
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/9e612c21

Branch: refs/heads/master
Commit: 9e612c21eb0fc06de1cc56115107a637642cc3d0
Parents: 5fc9f24
Author: Joerg Schad <joerg@mesosphere.io>
Authored: Tue May 31 23:52:29 2016 -0600
Committer: Vinod Kone <vinodkone@gmail.com>
Committed: Tue May 31 23:53:21 2016 -0600

----------------------------------------------------------------------
 CHANGELOG | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/9e612c21/CHANGELOG
----------------------------------------------------------------------
diff --git a/CHANGELOG b/CHANGELOG
index 4b680ff..8564507 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -27,6 +27,20 @@ This release contains the following new features:
     container to different types of IP networks by invoking network drivers
     called CNI plugins.
 
+  * [MESOS-2948, MESOS-5403] - The authorizer interface has been refactored in
+    order to decouple the ACLs definition language from the interface.
+    It additionally includes the option of retrieving `ObjectApprover`. An
+    `ObjectApprover` can be used to synchronously check authorizations for a
+    given object and is hence useful when authorizing a large number of objects
+    and/or large objects (which need to be copied using request based
+    authorization). NOTE: This is a **breaking change** for authorizer modules.
+
+  * [MESOS-4931] - Authorization based HTTP endpoint filtering enables operators
+    to restrict what part of the cluster state a user is authorized to see.
+    Consider for example the `/state` master endpoint: an operator can now
+    authorize users to only see a subset of the running frameworks, tasks, or
+    executors.
+
   * [MESOS-4909] - Tasks can now specify a kill policy. They are best-effort,
     because machine failures or forcible terminations may occur. Currently, the
     only available kill policy is how long to wait between graceful and forcible


Mime
View raw message