[
https://issues.apache.org/jira/browse/MESOS-5286?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Greg Mann updated MESOS-5286:
-----------------------------
Comment: was deleted
(was: The above patches accomplish a working solution for the two endpoints
indicated, with the endpoint handlers performing the authorization calls. The
following two patches move the authorization calls into {{ProcessBase::visit}},
where the HTTP authentication calls also reside, so that the authorization
results can be more easily sequenced to ensure that operations are performed in
the same order in which they are received. This means that the endpoint
handlers of any endpoint with an authorization callback installed in libprocess
will only receive requests that have been both authenticated and authorized.
https://reviews.apache.org/r/46989/
https://reviews.apache.org/r/46990/)
> Add authorization to libprocess HTTP endpoints
> ----------------------------------------------
>
> Key: MESOS-5286
> URL: https://issues.apache.org/jira/browse/MESOS-5286
> Project: Mesos
> Issue Type: Improvement
> Components: libprocess
> Reporter: Greg Mann
> Assignee: Greg Mann
> Labels: mesosphere
> Fix For: 0.29.0
>
>
> Now that the libprocess-level HTTP endpoints have had authentication added to
> them in MESOS-4902, we can add authorization to them as well. As a first
> step, we can implement a "coarse-grained" approach, in which a principal is
> granted or denied access to a given endpoint. We will likely need to register
> an authorizer with libprocess.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
