Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-5299

Support hierarchy based matching of HTTP endpoint authorization requests.

    XMLWordPrintableJSON

Details

    Description

      The current HTTP endpoint authorization (e.g. the GET_ENDPOINT_WITH_PATH action) works by matching the request's object with entries in the ACL. This could be loosened to support hierarchies, for example a principal trying to access "/monitor/statistics" could be authorized to do so if an ACL rule exists that allows this principal to access "/monitor" (and hence all subpaths of it).

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. MESOS-5369 Coarse-grained authorization of endpoints is supported only for short url paths.

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Accepted

          Activity

            People

              Unassigned Unassigned
              nfnt Jan Schlicht
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: