[MESOS-4772] TaskInfo/ExecutorInfo should include fine-grained ownership/namespacing - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Won't Fix
Affects Version/s: None
Fix Version/s: None
Component/s: security
Labels:

Epic Link:
Authorization based filtering for endpoints.
Sprint:
Mesosphere Sprint 30
Story Points:
2

Description

We need a way to assign fine-grained ownership to tasks/executors so that multi-user frameworks can tell Mesos to associate the task with a user identity (rather than just the framework principal+role). Then, when an HTTP user requests to view the task's sandbox contents, or kill the task, or list all tasks, the authorizer can determine whether to allow/deny/filter the request based on finer-grained, user-level ownership.
Some systems may want TaskInfo.owner to represent a group rather than an individual user. That's fine as long as the framework sets the field to the group ID in such a way that a group-aware authorizer can interpret it.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Adam B

Shepherd:: Adam B

Votes:: 0 Vote for this issue

Watchers:: 13 Start watching this issue

Dates

Created:: 25/Feb/16 07:00

Updated:: 29/Apr/19 09:25

Resolved:: 26/Nov/18 12:32