Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-3062

Add authorization for dynamic reservation

    Details

    • Sprint:
      Mesosphere Sprint 16, Mesosphere Sprint 17, Mesosphere Sprint 18, Mesosphere Sprint 21, Mesosphere Sprint 22, Mesosphere Sprint 23
    • Story Points:
      2

      Description

      Dynamic reservations should be authorized with the principal of the reserving entity (framework or master). The idea is to introduce Reserve and Unreserve into the ACL.

        message Reserve {
          // Subjects.
          required Entity principals = 1;
      
          // Objects.  MVP: Only possible values = ANY, NONE
          required Entity resources = 1;
        }
      
        message Unreserve {
          // Subjects.
          required Entity principals = 1;
      
          // Objects.
          required Entity reserver_principals = 2;
        }
      

      When a framework/operator reserves resources, "reserve" ACLs are checked to see if the framework (FrameworkInfo.principal) or the operator (Credential.user) is authorized to reserve the specified resources. If not authorized, the reserve operation is rejected.

      When a framework/operator unreserves resources, "unreserve" ACLs are checked to see if the framework (FrameworkInfo.principal) or the operator (Credential.user) is authorized to unreserve the resources reserved by a framework or operator (Resource.ReservationInfo.principal). If not authorized, the unreserve operation is rejected.

        Attachments

          Activity

            People

            • Assignee:
              greggomann Greg Mann
              Reporter:
              mcypark Michael Park
              Shepherd:
              Jie Yu
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: