Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-7415

Add authorization to master's operator maintenance API in v0 and v1

    Details

    • Sprint:
      Mesosphere Sprint 56, Mesosphere Sprint 57, Mesosphere Sprint 58
    • Story Points:
      3

      Description

      None of the maintenance primitives in either API v0 or API v1 have any kind of authorization, which allows any user with valid credentials to do things such as shutting down a machine, schedule time off on an agent, modify maintenance schedule, etc.

      The authorization support needs to be added to the v0 endpoints:

      • /master/machine/up
      • /master/machine/down
      • /master/maintenance/schedule
      • /master/maintenance/status

      as well as to the v1 calls:

      • GET_MAINTENANCE_STATUS
      • GET_MAINTENANCE_SCHEDULE
      • UPDATE_MAINTENANCE_SCHEDULE
      • START_MAINTENANCE
      • STOP_MAINTENANCE

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                arojas Alexander Rojas
                Reporter:
                arojas Alexander Rojas
                Shepherd:
                Till Toenshoff
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: