[MESOS-2948] Generalize authorizer interface in order to allow for arbitrary Subjects, Actions and Objects - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Epic
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.0.0
Component/s: master, security
Labels:
- acl
- mesosphere
- security

Epic Name:
Generalize authorizer

Description

The current mesos::Authorizer API has one method for each of the actions supported (Register Framework, Launch Task and Shutdown Framework), and each of these actions themselves define the objects on which they operate.

Currently, in case a new action needs to be authorized it is necessary to modify the mesos::Authorizer interface and all its implementations (currently only mesos::LocalAuthorizer), and add a new nested message to the ACL message in mesos.proto.

An update to the API should allow for new actions and objects to be added without the need to change the mesos::Authorizer interface while encapsulating implementation details on how the authorization process is performed.

Attachments

Issue Links

is related to

MESOS-4931 Authorization based filtering for endpoints.

Resolved

Activity

People

Assignee:: Alexander Rojas

Reporter:: Alexander Rojas

Shepherd:: Vinod Kone

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 26/Jun/15 13:56

Updated:: 29/Apr/19 09:26

Resolved:: 31/May/16 20:07