mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adam B (JIRA)" <>
Subject [jira] [Commented] (MESOS-5150) Authorize Agent HTTP Endpoints
Date Thu, 23 Jun 2016 12:31:16 GMT


Adam B commented on MESOS-5150:

Missed one: /state was only being filtered on the master.

> Authorize Agent HTTP Endpoints
> ------------------------------
>                 Key: MESOS-5150
>                 URL:
>             Project: Mesos
>          Issue Type: Epic
>          Components: security, slave
>            Reporter: Adam B
>            Assignee: Alexander Rojas
>              Labels: agent, authorization, mesosphere, security, slave
>             Fix For: 1.0.0
> As we add authentication in agent http endpoint handlers in MESOS-4847, we now have the
opportunity to perform ACL-based authorization on these endpoints.
> Most important is the authorization of the /files endpoints, as those allow access to
executor sandboxes (and agent logs), and the operator may wish to control which users may
access which sandboxes.
> Similarly, the operator may only want certain users to be able to view agent flags, change
logging level, enable the profiler, etc.

This message was sent by Atlassian JIRA

View raw message