[2/2] mesos git commit: Added executor authentication and authorization to the CHANGELOG.

Mon, 24 Apr 2017 13:27:07 -0700 

Added executor authentication and authorization to the CHANGELOG.

This patch adds MESOS-6365 to the CHANGELOG. This ticket
corresponds to the addition of authentication and authorization
for HTTP executors.

Review: https://reviews.apache.org/r/58626/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/7a98a013
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/7a98a013
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/7a98a013

Branch: refs/heads/master
Commit: 7a98a01394bd9114970ff5df06e7068741ac018d
Parents: 6b7a63c
Author: Greg Mann <[email protected]>
Authored: Mon Apr 24 13:26:34 2017 -0700
Committer: Vinod Kone <[email protected]>
Committed: Mon Apr 24 13:26:34 2017 -0700

----------------------------------------------------------------------
 CHANGELOG | 13 +++++++++++++
 1 file changed, 13 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/7a98a013/CHANGELOG
----------------------------------------------------------------------
diff --git a/CHANGELOG b/CHANGELOG
index fd97ef0..3fdd19c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -16,6 +16,19 @@ This release contains the following new features:
     (e.g. new employees join, new teams are formed, employees leave, teams
     are disbanded, etc).
 
+  * [MESOS-6365] - Authentication and authorization support for HTTP executors.
+    A new `--authenticate_http_executors` agent flag enables required
+    authentication on the HTTP executor API. A new `--executor_secret_key` flag
+    sets a key file to be used when generating and authenticating default 
tokens
+    that are passed to HTTP executors. Note that enabling these flags after
+    upgrade is disruptive to HTTP executors that were launched before the
+    upgrade; see 'docs/authentication.md' for more information on these flags
+    and the recommended upgrade procedure. Implicit authorization rules have
+    been added which allow an authenticated executor to make executor API calls
+    as that executor and make operator API calls which affect that executor's
+    container. See 'docs/authorization.md' for more information on these
+    implicit authorization rules.
+
 Deprecations:
   * [MESOS-7259] - Remove deprecated ACLs `SetQuota` and `RemoveQuota`
     This change is only applicable to the local authorizer since internally

Reply via email to