You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Alexander Rojas (JIRA)" <ji...@apache.org> on 2017/06/22 13:06:00 UTC

[jira] [Comment Edited] (MESOS-7414) Enable authorization for master's logging API calls: GET_LOGGING_LEVEL and SET_LOGGING_LEVEL

    [ https://issues.apache.org/jira/browse/MESOS-7414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16059310#comment-16059310 ] 

Alexander Rojas edited comment on MESOS-7414 at 6/22/17 1:05 PM:
-----------------------------------------------------------------

{noformat}
commit 9ea7fae68477c7cb8e33e04fd32616a44ee9be2b
Author: Alexander Rojas alexander@mesosphere.io
Date:   Fri Jun 16 20:29:50 2017 +0200

Adds authorization for the master's v1 API call SET_LOGGING_LEVEL.

Enables authorization in the v1 API call `SET_LOGGING_LEVEL` following
the existing implementation for the agent call with the same name.
Likewise it reuses the authorizer action `SET_LOG_LEVEL`.

Review: https://reviews.apache.org/r/58955/
{noformat}




was (Author: arojas):
{no-format}
commit 9ea7fae68477c7cb8e33e04fd32616a44ee9be2b
Author: Alexander Rojas alexander@mesosphere.io
Date:   Fri Jun 16 20:29:50 2017 +0200

Adds authorization for the master's v1 API call SET_LOGGING_LEVEL.

Enables authorization in the v1 API call `SET_LOGGING_LEVEL` following
the existing implementation for the agent call with the same name.
Likewise it reuses the authorizer action `SET_LOG_LEVEL`.

Review: https://reviews.apache.org/r/58955/
{no-format}



> Enable authorization for master's logging API calls: GET_LOGGING_LEVEL  and SET_LOGGING_LEVEL
> ---------------------------------------------------------------------------------------------
>
>                 Key: MESOS-7414
>                 URL: https://issues.apache.org/jira/browse/MESOS-7414
>             Project: Mesos
>          Issue Type: Task
>          Components: HTTP API, master
>            Reporter: Alexander Rojas
>            Assignee: Alexander Rojas
>              Labels: mesosphere, operator, security
>             Fix For: 1.4.0
>
>
> The Operator API calls {{GET_LOGGING_LEVEL}}  and {{SET_LOGGING_LEVEL}} lack authorization so any recognized user will be able to change the logging level of a given master.
> The v0 endpoint {{/logging/toggle}} has authorization through the {{GET_ENDPOINT_WITH_PATH}} action. We need to decide whether it should also use additional authorization.
> Note that there are already actions defined for authorization of these actions as they were already implemented in the agent.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)