[jira] [Updated] (MESOS-2948) Generalize authorizer interface in order to allow for arbitrary Subjects, Actions and Objects

Alexander Rojas (JIRA) Mon, 06 Jul 2015 06:45:19 -0700

     [ 
https://issues.apache.org/jira/browse/MESOS-2948?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Alexander Rojas updated MESOS-2948:
-----------------------------------
    Description: 
The current 
[{{mesos::Authorizer}}|https://github.com/apache/mesos/blob/40b596402521be25b93b9ef4edd8f5c727c9d20e/src/authorizer/authorizer.hpp]
 API has one method for each of the _actions_ supported (Register Framework, 
Launch Task and Shutdown Framework), and each of these _actions_ themselves 
define the _objects_ on which they operate.

Currently, in case a new action needs to be authorized it is necessary to 
modify the {{mesos::Authorizer}} interface and all its implementations 
(currently only {{mesos::LocalAuthorizer}}), and add a new nested message to 
the {{ACL}} message in {{mesos.proto}}.

An update to the API should allow for new _actions_ and _objects_ to be added 
without the need to change the {{mesos::Authorizer}} interface while 
encapsulating implementation details on how the authorization process is 
performed.

  was:
The current 
[{{mesos::Authorizer}}|https://github.com/apache/mesos/blob/40b596402521be25b93b9ef4edd8f5c727c9d20e/src/authorizer/authorizer.hpp]
 API has one method for each of the _actions_ supported (Register Framework, 
Launch Task and Shutdown Framework), and each of these _actions_ themselves 
define the _objects_ one which they operate.

Currently, in case a new action needs to be authorized it is necessary to 
modify the {{mesos::Authorizer}} interface and all its implementations 
(currently only {{mesos::LocalAuthorizer}}), and add a new nested message to 
the {{ACL}} message in {{mesos.proto}}.

An update to the API should allow for new _actions_ and _objects_ to be added 
without the need to change the {{mesos::Authorizer}} interface while 
encapsulating implementation details on how the authorization process is 
performed.


> Generalize authorizer interface in order to allow for arbitrary Subjects, 
> Actions and Objects
> ---------------------------------------------------------------------------------------------
>
>                 Key: MESOS-2948
>                 URL: https://issues.apache.org/jira/browse/MESOS-2948
>             Project: Mesos
>          Issue Type: Epic
>          Components: master, security
>            Reporter: Alexander Rojas
>              Labels: acl, mesosphere, security
>
> The current 
> [{{mesos::Authorizer}}|https://github.com/apache/mesos/blob/40b596402521be25b93b9ef4edd8f5c727c9d20e/src/authorizer/authorizer.hpp]
>  API has one method for each of the _actions_ supported (Register Framework, 
> Launch Task and Shutdown Framework), and each of these _actions_ themselves 
> define the _objects_ on which they operate.
> Currently, in case a new action needs to be authorized it is necessary to 
> modify the {{mesos::Authorizer}} interface and all its implementations 
> (currently only {{mesos::LocalAuthorizer}}), and add a new nested message to 
> the {{ACL}} message in {{mesos.proto}}.
> An update to the API should allow for new _actions_ and _objects_ to be added 
> without the need to change the {{mesos::Authorizer}} interface while 
> encapsulating implementation details on how the authorization process is 
> performed.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (MESOS-2948) Generalize authorizer interface in order to allow for arbitrary Subjects, Actions and Objects

Reply via email to