[MESOS-8014] Provide HTTP authenticatee interface re/usable for the scheduler library. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Epic
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: HTTP API, modules, scheduler api, security
Labels:

Epic Name:
http scheduler library authenticatee

Description

Motivation

Authentication and authorization have been added to most Mesos APIs at this point. Schedulers making use of the Mesos HTTP scheduler library however, currently only support a hard wired basic HTTP authentication.

To secure the master’s HTTP scheduler API, the /api/v1/scheduler endpoint must be authenticated. Without authentication, a malicious or buggy actor from within or outside the cluster could send requests to these master endpoints, potentially disrupting running schedulers or tasks, injecting harmful tasks, or exposing privileged information.

Goals

Support custom authentication of schedulers based on the Mesos V1 HTTP scheduler API library /src/scheduler/scheduler.cpp.
Require minimal operator configuration when enabling scheduler authentication for a simple default use case.
Provide a thin, reusable layer of abstraction enabling any HTTP API consumer to authenticate.

Attachments

Activity

People

Assignee:: Till Toenshoff

Reporter:: Till Toenshoff

Shepherd:: Greg Mann

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 25/Sep/17 20:57

Updated:: 29/Apr/19 09:27