[
https://issues.apache.org/jira/browse/MESOS-3065?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Greg Mann updated MESOS-3065:
-----------------------------
Description:
Persistent volume should be authorized with the {{principal}} of the reserving
entity (framework or master). The idea is to introduce {{Create}} and
{{Destroy}} into the ACL.
{code}
message Create {
// Subjects.
required Entity principals = 1;
// Objects? Perhaps the kind of volume? allowed permissions?
}
message Destroy {
// Subjects.
required Entity principals = 1;
// Objects.
required Entity creator_principals = 2;
}
{code}
When a framework creates a persistent volume, "create" ACLs are checked to see
if the framework (FrameworkInfo.principal) or the operator (Credential.user) is
authorized to create persistent volumes. If not authorized, the create
operation is rejected.
When a framework destroys a persistent volume, "destroy" ACLs are checked to
see if the framework (FrameworkInfo.principal) or the operator
(Credential.user) is authorized to destroy the persistent volume created by a
framework or operator (Resource.DiskInfo.principal). If not authorized, the
destroy operation is rejected.
A separate ticket will use the structures created here to enable authorization
of the "/create" and "/destroy" HTTP endpoints:
https://issues.apache.org/jira/browse/MESOS-3903
was:
Persistent volume should be authorized with the {{principal}} of the reserving
entity (framework or master). The idea is to introduce {{Create}} and
{{Destroy}} into the ACL.
{code}
message Create {
// Subjects.
required Entity principals = 1;
// Objects? Perhaps the kind of volume? allowed permissions?
}
message Destroy {
// Subjects.
required Entity principals = 1;
// Objects.
required Entity creator_principals = 2;
}
{code}
When a framework/operator creates a persistent volume, "create" ACLs are
checked to see if the framework (FrameworkInfo.principal) or the operator
(Credential.user) is authorized to create persistent volumes. If not
authorized, the create operation is rejected.
When a framework/operator destroys a persistent volume, "destroy" ACLs are
checked to see if the framework (FrameworkInfo.principal) or the operator
(Credential.user) is authorized to destroy the persistent volume created by a
framework or operator (Resource.DiskInfo.principal). If not authorized, the
destroy operation is rejected.
> Add framework authorization for persistent volume
> -------------------------------------------------
>
> Key: MESOS-3065
> URL: https://issues.apache.org/jira/browse/MESOS-3065
> Project: Mesos
> Issue Type: Task
> Reporter: Michael Park
> Assignee: Greg Mann
> Labels: mesosphere, persistent-volumes
>
> Persistent volume should be authorized with the {{principal}} of the
> reserving entity (framework or master). The idea is to introduce {{Create}}
> and {{Destroy}} into the ACL.
> {code}
> message Create {
> // Subjects.
> required Entity principals = 1;
> // Objects? Perhaps the kind of volume? allowed permissions?
> }
> message Destroy {
> // Subjects.
> required Entity principals = 1;
> // Objects.
> required Entity creator_principals = 2;
> }
> {code}
> When a framework creates a persistent volume, "create" ACLs are checked to
> see if the framework (FrameworkInfo.principal) or the operator
> (Credential.user) is authorized to create persistent volumes. If not
> authorized, the create operation is rejected.
> When a framework destroys a persistent volume, "destroy" ACLs are checked to
> see if the framework (FrameworkInfo.principal) or the operator
> (Credential.user) is authorized to destroy the persistent volume created by a
> framework or operator (Resource.DiskInfo.principal). If not authorized, the
> destroy operation is rejected.
> A separate ticket will use the structures created here to enable
> authorization of the "/create" and "/destroy" HTTP endpoints:
> https://issues.apache.org/jira/browse/MESOS-3903
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
