Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-5709

Authorization for /roles

    XMLWordPrintableJSON

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.0.0
    • Component/s: security

      Description

      The /roles endpoint exposes the list of all roles and their weights, as well as the list of all frameworkIds registered with each role. This is a superset of the information exposed on GET /weights, which we already protect. We should protect the data in /roles the same way.

      • Should we reuse VIEW_FRAMEWORK with role (from /state)?
      • Should we add a new VIEW_ROLE and adapt GET_WEIGHTS to use it?

        Attachments

          Activity

            People

            • Assignee:
              js84 Jörg Schad
              Reporter:
              adam-mesos Adam B
              Shepherd:
              Vinod Kone
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: