Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-3065

Add framework authorization for persistent volume

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Target Version/s:
    • Epic Link:
    • Sprint:
      Mesosphere Sprint 16, Mesosphere Sprint 22, Mesosphere Sprint 24
    • Story Points:
      5

      Description

      This is the third in a series of tickets that adds authorization support to persistent volumes.

      When a framework creates a persistent volume, "create" ACLs are checked to see if the framework (FrameworkInfo.principal) or the operator (Credential.user) is authorized to create persistent volumes. If not authorized, the create operation is rejected.

      When a framework destroys a persistent volume, "destroy" ACLs are checked to see if the framework (FrameworkInfo.principal) or the operator (Credential.user) is authorized to destroy the persistent volume created by a framework or operator (Resource.DiskInfo.principal). If not authorized, the destroy operation is rejected.

      A separate ticket will use the structures created here to enable authorization of the "/create" and "/destroy" HTTP endpoints: https://issues.apache.org/jira/browse/MESOS-3903

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                greggomann Greg Mann
                Reporter:
                mcypark Michael Park
                Shepherd:
                Jie Yu
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: