You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Chun-Hung Hsiao (JIRA)" <ji...@apache.org> on 2017/10/16 22:47:00 UTC

[jira] [Created] (MESOS-8100) Authorize standalone container calls from local resource providers.

Chun-Hung Hsiao created MESOS-8100:
--------------------------------------

             Summary: Authorize standalone container calls from local resource providers.
                 Key: MESOS-8100
                 URL: https://issues.apache.org/jira/browse/MESOS-8100
             Project: Mesos
          Issue Type: Task
          Components: agent
            Reporter: Chun-Hung Hsiao
            Assignee: Chun-Hung Hsiao
             Fix For: 1.5.0


We need to add authorization for a local resource provider to call the standalone container API to prevent the provider from manipulating arbitrary containers. We can use the same JWT-based authN/authZ mechanism for executors, where the agent will create a auth token for each local resource provider instance:
{noformat}
class LecalResourceProvider
{
public:
  static Try<process::Owned<LocalResourceProvider>> create(
      const process::http::URL& url,
      const std::string& workDir,
      const mesos::ResourceProviderInfo& info,
      const Option<std::string>& authToken);

  ...
};
{noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)