You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Adam B (JIRA)" <ji...@apache.org> on 2017/06/08 16:17:18 UTC
[jira] [Assigned] (MESOS-7415) Add authorization to master's
operator maintenance API in v0 and v1
[ https://issues.apache.org/jira/browse/MESOS-7415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Adam B reassigned MESOS-7415:
-----------------------------
Assignee: Adam B (was: Alexander Rojas)
> Add authorization to master's operator maintenance API in v0 and v1
> -------------------------------------------------------------------
>
> Key: MESOS-7415
> URL: https://issues.apache.org/jira/browse/MESOS-7415
> Project: Mesos
> Issue Type: Task
> Components: c++ api, HTTP API, master
> Reporter: Alexander Rojas
> Assignee: Adam B
> Labels: authorization, mesosphere, security
>
> None of the maintenance primitives in either API v0 or API v1 have any kind of authorization, which allows any user with valid credentials to do things such as shutting down a machine, schedule time off on an agent, modify maintenance schedule, etc.
> The authorization support needs to be added to the v0 endpoints:
> * {{/master/machine/up}}
> * {{/master/machine/down}}
> * {{/master/maintenance/schedule}}
> * {{/master/maintenance/status}}
> as well as to the v1 calls:
> * {{GET_MAINTENANCE_STATUS}}
> * {{GET_MAINTENANCE_SCHEDULE}}
> * {{UPDATE_MAINTENANCE_SCHEDULE}}
> * {{START_MAINTENANCE}}
> * {{STOP_MAINTENANCE}}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)