You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Chun-Hung Hsiao (JIRA)" <ji...@apache.org> on 2017/10/16 22:47:00 UTC
[jira] [Created] (MESOS-8100) Authorize standalone container calls
from local resource providers.
Chun-Hung Hsiao created MESOS-8100:
--------------------------------------
Summary: Authorize standalone container calls from local resource providers.
Key: MESOS-8100
URL: https://issues.apache.org/jira/browse/MESOS-8100
Project: Mesos
Issue Type: Task
Components: agent
Reporter: Chun-Hung Hsiao
Assignee: Chun-Hung Hsiao
Fix For: 1.5.0
We need to add authorization for a local resource provider to call the standalone container API to prevent the provider from manipulating arbitrary containers. We can use the same JWT-based authN/authZ mechanism for executors, where the agent will create a auth token for each local resource provider instance:
{noformat}
class LecalResourceProvider
{
public:
static Try<process::Owned<LocalResourceProvider>> create(
const process::http::URL& url,
const std::string& workDir,
const mesos::ResourceProviderInfo& info,
const Option<std::string>& authToken);
...
};
{noformat}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)