[MESOS-5150] Authorize Agent HTTP Endpoints - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Epic
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.0.0
Component/s: agent, security
Labels:
- agent
- authorization
- mesosphere
- security
- slave

Epic Name:
Agent HTTP Authz

Description

As we add authentication in agent http endpoint handlers in ~~MESOS-4847~~, we now have the opportunity to perform ACL-based authorization on these endpoints.

Most important is the authorization of the /files endpoints, as those allow access to executor sandboxes (and agent logs), and the operator may wish to control which users may access which sandboxes.

Similarly, the operator may only want certain users to be able to view agent flags, change logging level, enable the profiler, etc.

Attachments

Activity

People

Assignee:: Alexander Rojas

Reporter:: Adam B

Shepherd:: Adam B

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 08/Apr/16 08:19

Updated:: 29/Apr/19 09:26

Resolved:: 24/Jun/16 11:55