Joshua Cohen created AURORA-1883:
------------------------------------
Summary: Support access control on arbitrary constraints
Key: AURORA-1883
URL: https://issues.apache.org/jira/browse/AURORA-1883
Project: Aurora
Issue Type: Task
Components: Scheduler
Reporter: Joshua Cohen
Priority: Minor
We currently have support for enforcing role-based access control for dedicated
constraints. I'd propose that broader support for access control on constraints
would be useful. In my specific case, given the heterogenous nature of hardware
in our Mesos clusters, I'd like to allow users to constrain tasks to run on
specific hardware platforms. However, if this were broadly available, there
would be nothing to stop all users from trying to run exclusively on the newest
hardware platforms causing contention and potentially an inability to schedule.
I'd like to see us add support for rejecting tasks with certain constraints
unless the authenticated user belongs to a role that has been granted access to
that constraint.
This is aspirational, we can work around this for the time being with a
dedicated cluster, but that comes with operational overhead (e.g. ensuring the
makeup of that cluster matches the makeup of the shared cluster), thus this
ticket as a longer term, generalized mechanism to solve this problem.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
