Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-6741

Authorize v1 SET_LOGGING_LEVEL call

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.2.0
    • Component/s: agent, security
    • Labels:

      Description

      We need to add authz to this call to prevent unauthorized users from cranking the log level way up to take down an agent/master.
      In the v0 API, we protected the /logging/toggle endpoint with a "coarse-grained" GET_ENDPOINT_WITH_PATH ACL, but that cannot be reused (directly) in the v1 API.
      We could add an analagous coarse-grained V1_CALL_WITH_ACTION ACL, but we're probably better off just adding a trivial SET_LOG_LEVEL Authorization::Action and ACL.

        Attachments

          Activity

            People

            • Assignee:
              arojas Alexander Rojas
              Reporter:
              adam-mesos Adam B
              Shepherd:
              Adam B
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: