You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Alexander Rojas (JIRA)" <ji...@apache.org> on 2017/06/22 13:06:00 UTC
[jira] [Comment Edited] (MESOS-7414) Enable authorization for
master's logging API calls: GET_LOGGING_LEVEL and SET_LOGGING_LEVEL
[ https://issues.apache.org/jira/browse/MESOS-7414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16059310#comment-16059310 ]
Alexander Rojas edited comment on MESOS-7414 at 6/22/17 1:05 PM:
-----------------------------------------------------------------
{noformat}
commit 9ea7fae68477c7cb8e33e04fd32616a44ee9be2b
Author: Alexander Rojas alexander@mesosphere.io
Date: Fri Jun 16 20:29:50 2017 +0200
Adds authorization for the master's v1 API call SET_LOGGING_LEVEL.
Enables authorization in the v1 API call `SET_LOGGING_LEVEL` following
the existing implementation for the agent call with the same name.
Likewise it reuses the authorizer action `SET_LOG_LEVEL`.
Review: https://reviews.apache.org/r/58955/
{noformat}
was (Author: arojas):
{no-format}
commit 9ea7fae68477c7cb8e33e04fd32616a44ee9be2b
Author: Alexander Rojas alexander@mesosphere.io
Date: Fri Jun 16 20:29:50 2017 +0200
Adds authorization for the master's v1 API call SET_LOGGING_LEVEL.
Enables authorization in the v1 API call `SET_LOGGING_LEVEL` following
the existing implementation for the agent call with the same name.
Likewise it reuses the authorizer action `SET_LOG_LEVEL`.
Review: https://reviews.apache.org/r/58955/
{no-format}
> Enable authorization for master's logging API calls: GET_LOGGING_LEVEL and SET_LOGGING_LEVEL
> ---------------------------------------------------------------------------------------------
>
> Key: MESOS-7414
> URL: https://issues.apache.org/jira/browse/MESOS-7414
> Project: Mesos
> Issue Type: Task
> Components: HTTP API, master
> Reporter: Alexander Rojas
> Assignee: Alexander Rojas
> Labels: mesosphere, operator, security
> Fix For: 1.4.0
>
>
> The Operator API calls {{GET_LOGGING_LEVEL}} and {{SET_LOGGING_LEVEL}} lack authorization so any recognized user will be able to change the logging level of a given master.
> The v0 endpoint {{/logging/toggle}} has authorization through the {{GET_ENDPOINT_WITH_PATH}} action. We need to decide whether it should also use additional authorization.
> Note that there are already actions defined for authorization of these actions as they were already implemented in the agent.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)