You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@aurora.apache.org by "Joshua Cohen (JIRA)" <ji...@apache.org> on 2017/01/26 22:17:24 UTC

[jira] [Created] (AURORA-1883) Support access control on arbitrary constraints

Joshua Cohen created AURORA-1883:
------------------------------------

             Summary: Support access control on arbitrary constraints
                 Key: AURORA-1883
                 URL: https://issues.apache.org/jira/browse/AURORA-1883
             Project: Aurora
          Issue Type: Task
          Components: Scheduler
            Reporter: Joshua Cohen
            Priority: Minor


We currently have support for enforcing role-based access control for dedicated constraints. I'd propose that broader support for access control on constraints would be useful. In my specific case, given the heterogenous nature of hardware in our Mesos clusters, I'd like to allow users to constrain tasks to run on specific hardware platforms. However, if this were broadly available, there would be nothing to stop all users from trying to run exclusively on the newest hardware platforms causing contention and potentially an inability to schedule. I'd like to see us add support for rejecting tasks with certain constraints unless the authenticated user belongs to a role that has been granted access to that constraint.

This is aspirational, we can work around this for the time being with a dedicated cluster, but that comes with operational overhead (e.g. ensuring the makeup of that cluster matches the makeup of the shared cluster), thus this ticket as a longer term, generalized mechanism to solve this problem.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)