Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-4843

Authorize Master Operator Endpoints

    XMLWordPrintableJSON

Details

    • Authorize Master Operator Endpoints

    Description

      In a secure, multi-tenant cluster, the operator doesn't want to give every user access to read or modify cluster state/config, nor to perform administrative actions. As such, we need to make sure that all such endpoints are authenticated and authorized.

      We've already added authorization to some operator endpoints (/teardown, /reserve, etc.), but many remain unsecured.

      • /roles, /observe, /registrar, /state-summary
      • /maintenance, /machine,
      • /logging, /profiler, /metrics, /flags, /system/stats.json
      • Leave open? /redirect, /health, /version

      See http://mesos.apache.org/documentation/latest/endpoints/ for a more complete list. Some endpoints (e.g. state.json) will need a finer-grained authz.

      Attachments

        Issue Links

          is blocked by

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. MESOS-4931 Authorization based filtering for endpoints.

          • Blocker - Blocks development and/or testing work, production could not run
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. MESOS-5335 Add authorization to GET /weights.

          • Major - Major loss of function.
          • Resolved
          mentioned in

          Page Loading...

          Activity

            People

              Unassigned Unassigned
              adam-mesos Adam B
              Adam B Adam B
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: