Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-8014

Provide HTTP authenticatee interface re/usable for the scheduler library.

    XMLWordPrintableJSON

    Details

    • Epic Name:
      http scheduler library authenticatee

      Description

      Motivation

      Authentication and authorization have been added to most Mesos APIs at this point. Schedulers making use of the Mesos HTTP scheduler library however, currently only support a hard wired basic HTTP authentication.

      To secure the master’s HTTP scheduler API, the /api/v1/scheduler endpoint must be authenticated. Without authentication, a malicious or buggy actor from within or outside the cluster could send requests to these master endpoints, potentially disrupting running schedulers or tasks, injecting harmful tasks, or exposing privileged information.

      Goals

      • Support custom authentication of schedulers based on the Mesos V1 HTTP scheduler API library /src/scheduler/scheduler.cpp.
      • Require minimal operator configuration when enabling scheduler authentication for a simple default use case.
      • Provide a thin, reusable layer of abstraction enabling any HTTP API consumer to authenticate.

        Attachments

          Activity

            People

            • Assignee:
              tillt Till Toenshoff
              Reporter:
              tillt Till Toenshoff
              Shepherd:
              Greg Mann
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: