You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Benjamin Bannier (JIRA)" <ji...@apache.org> on 2016/05/26 12:19:12 UTC

[jira] [Assigned] (MESOS-5459) Update RUN_TASK_WITH_USER to use additional metadata

     [ https://issues.apache.org/jira/browse/MESOS-5459?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Benjamin Bannier reassigned MESOS-5459:
---------------------------------------

    Assignee: Benjamin Bannier

> Update RUN_TASK_WITH_USER to use additional metadata
> ----------------------------------------------------
>
>                 Key: MESOS-5459
>                 URL: https://issues.apache.org/jira/browse/MESOS-5459
>             Project: Mesos
>          Issue Type: Improvement
>          Components: security
>            Reporter: Adam B
>            Assignee: Benjamin Bannier
>              Labels: mesosphere, security
>             Fix For: 0.29.0
>
>
> Currently, the `authorization::Action` `RUN_TASK_WITH_USER` will pass the user as its `Object.value` string, but some authorizers may want to make authorization decisions based on additional task attributes, like role, resources, labels, container type, etc.
> We should create a new Action `RUN_TASK` that passes FrameworkInfo and TaskInfo in its Object, and the LocalAuthorizer's RunTaskWithUser ACL can be implemented using the user found in TaskInfo/FrameworkInfo.
> We may need to leave the old _WITH_USER action around, but it's arguable whether we should call the authorizer once for RUN_TASK and once for RUN_TASK_WITH_USER, or only use the new action and deprecate the old one?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)