You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@mesos.apache.org by Marc Roos <M....@f1-outsourcing.eu> on 2020/07/30 21:03:07 UTC
mesos master default drop acl
Currently I am running on a testing environment with some default acl I
found[1]. I have configured mesos-credentials, and afaik everything
agents/marathon framework is authenticating. So I thought about
converting the acl to default drop/deny. However I see there are quite a
few options.
Is it advicable to even set the all to deny? Is there an example how to
set the url for GetEndpoint?
[2]
https://github.com/apache/mesos/blob/master/include/mesos/authorizer/acls.proto
http://mesos.apache.org/documentation/latest/configuration/master/
[1]
{
"run_tasks": [
{
"principals": {
"type": "ANY"
},
"users": {
"type": "ANY"
}
}
],
"register_frameworks": [
{
"principals": {
"type": "ANY"
},
"roles": {
"type": "ANY"
}
}
]
}
Re: mesos master default drop acl
Posted by Vinod Kone <vi...@apache.org>.
Not sure if you came across
http://mesos.apache.org/documentation/latest/authorization/ but I hope it
can answer your questions.
On Thu, Jul 30, 2020 at 4:03 PM Marc Roos <M....@f1-outsourcing.eu> wrote:
>
>
> Currently I am running on a testing environment with some default acl I
> found[1]. I have configured mesos-credentials, and afaik everything
> agents/marathon framework is authenticating. So I thought about
> converting the acl to default drop/deny. However I see there are quite a
> few options.
>
> Is it advicable to even set the all to deny? Is there an example how to
> set the url for GetEndpoint?
>
> [2]
>
> https://github.com/apache/mesos/blob/master/include/mesos/authorizer/acls.proto
> http://mesos.apache.org/documentation/latest/configuration/master/
>
> [1]
> {
> "run_tasks": [
> {
> "principals": {
> "type": "ANY"
> },
> "users": {
> "type": "ANY"
> }
> }
> ],
> "register_frameworks": [
> {
> "principals": {
> "type": "ANY"
> },
> "roles": {
> "type": "ANY"
> }
> }
> ]
> }
>