Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-5709

Authorization for /roles

Agile BoardAttach filesAttach ScreenshotVotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Task
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • None
    • 1.0.0
    • security

    Description

      The /roles endpoint exposes the list of all roles and their weights, as well as the list of all frameworkIds registered with each role. This is a superset of the information exposed on GET /weights, which we already protect. We should protect the data in /roles the same way.

      • Should we reuse VIEW_FRAMEWORK with role (from /state)?
      • Should we add a new VIEW_ROLE and adapt GET_WEIGHTS to use it?

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            js84 Jörg Schad
            adam-mesos Adam B
            Vinod Kone Vinod Kone
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Agile

                Completed Sprint:
                Mesosphere Sprint 38 ended 08/Jul/16
                View on Board

                Slack

                  Issue deployment