Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
-
Mesosphere Sprint 24
-
1
Description
This ticket is the first in a series that adds authorization support for persistent volume creation and destruction.
Persistent volumes should be authorized with the principal of the reserving entity (framework or master). The idea is to introduce Create and Destroy into the ACL.
message Create { // Subjects. required Entity principals = 1; // Objects? Perhaps the kind of volume? allowed permissions? } message Destroy { // Subjects. required Entity principals = 1; // Objects. required Entity creator_principals = 2; }
ACLs for volume creation and destruction must be added to authorizer.proto, and the appropriate function overloads must be added to the Authorizer.
Attachments
Issue Links
- is depended upon by
-
MESOS-4179 Extend `Master` to authorize persistent volumes
- Resolved