You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Alexander Rukletsov (JIRA)" <ji...@apache.org> on 2016/05/19 07:45:13 UTC

[jira] [Comment Edited] (MESOS-5336) Add authorization to GET /quota

    [ https://issues.apache.org/jira/browse/MESOS-5336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15286541#comment-15286541 ] 

Alexander Rukletsov edited comment on MESOS-5336 at 5/19/16 7:44 AM:
---------------------------------------------------------------------

{noformat}
Commit: 8e616a03cdba5dbc7975f003c2bd0d3dd5f4da19 [8e616a0]
Author: Zhitao Li <zh...@gmail.com>
Date: 17 May 2016 11:52:18 CEST
Committer: Alexander Rukletsov <al...@apache.org>
Commit Date: 17 May 2016 14:40:20 CEST

Added authorization for GET '/quota' master endpoint.

GET access to the '/quota' master endpoint is authorized using the
newly introduced 'GET_QUOTA_WITH_ROLE' action. The response JSON is
filtered on per-role basis.

Review: https://reviews.apache.org/r/47274/
{noformat}

{noformat}
Commit: 71e5099c55bb5fd064ef5efe59ed780ad1e93060 [71e5099]
Author: Zhitao Li zhitaoli.cs@gmail.com
Date: 19 May 2016 09:04:20 CEST
Committer: Alexander Rukletsov alexr@apache.org
Commit Date: 19 May 2016 09:39:37 CEST

Documented quota authorization changes.

Review: https://reviews.apache.org/r/47400/
{noformat}


was (Author: alexr):
{noformat}
Commit: 8e616a03cdba5dbc7975f003c2bd0d3dd5f4da19 [8e616a0]
Author: Zhitao Li <zh...@gmail.com>
Date: 17 May 2016 11:52:18 CEST
Committer: Alexander Rukletsov <al...@apache.org>
Commit Date: 17 May 2016 14:40:20 CEST

Added authorization for GET '/quota' master endpoint.

GET access to the '/quota' master endpoint is authorized using the
newly introduced 'GET_QUOTA_WITH_ROLE' action. The response JSON is
filtered on per-role basis.

Review: https://reviews.apache.org/r/47274/
{noformat}

> Add authorization to GET /quota
> -------------------------------
>
>                 Key: MESOS-5336
>                 URL: https://issues.apache.org/jira/browse/MESOS-5336
>             Project: Mesos
>          Issue Type: Improvement
>          Components: master, security
>            Reporter: Adam B
>            Assignee: Zhitao Li
>              Labels: mesosphere, security
>             Fix For: 0.29.0
>
>
> We already authorize which http users can set/remove quota for particular roles, but even knowing of the existence of these roles (let alone their quotas) may be sensitive information. We should add authz around GET operations on /quota.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)