You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Gavin (JIRA)" <ji...@apache.org> on 2019/04/29 09:27:26 UTC
[jira] [Issue Comment Deleted] (MESOS-2948) Generalize authorizer
interface in order to allow for arbitrary Subjects, Actions and Objects
[ https://issues.apache.org/jira/browse/MESOS-2948?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gavin updated MESOS-2948:
-------------------------
Comment: was deleted
(was: www.rtat.net)
> Generalize authorizer interface in order to allow for arbitrary Subjects, Actions and Objects
> ---------------------------------------------------------------------------------------------
>
> Key: MESOS-2948
> URL: https://issues.apache.org/jira/browse/MESOS-2948
> Project: Mesos
> Issue Type: Epic
> Components: master, security
> Reporter: Alexander Rojas
> Assignee: Alexander Rojas
> Priority: Blocker
> Labels: acl, mesosphere, security
> Fix For: 1.0.0
>
>
> The current [{{mesos::Authorizer}}|https://github.com/apache/mesos/blob/40b596402521be25b93b9ef4edd8f5c727c9d20e/src/authorizer/authorizer.hpp] API has one method for each of the _actions_ supported (Register Framework, Launch Task and Shutdown Framework), and each of these _actions_ themselves define the _objects_ on which they operate.
> Currently, in case a new action needs to be authorized it is necessary to modify the {{mesos::Authorizer}} interface and all its implementations (currently only {{mesos::LocalAuthorizer}}), and add a new nested message to the {{ACL}} message in {{mesos.proto}}.
> An update to the API should allow for new _actions_ and _objects_ to be added without the need to change the {{mesos::Authorizer}} interface while encapsulating implementation details on how the authorization process is performed.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)