[
https://issues.apache.org/jira/browse/MESOS-5336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15281073#comment-15281073
]
Zhitao Li commented on MESOS-5336:
----------------------------------
[~adam-mesos], I'll leave this decision reconcile with you and [~alexr]. I'm
fine with both way, just let me know whether you decide to keep
GET_ENDPOINT_WITH_PATH or not.
The patch below is built on top of GET_ENDPOINT_WITH_PATH but I can rebase to
drop that one if we decide to go otherwise.
> Add authorization to GET /quota
> -------------------------------
>
> Key: MESOS-5336
> URL: https://issues.apache.org/jira/browse/MESOS-5336
> Project: Mesos
> Issue Type: Improvement
> Components: master, security
> Reporter: Adam B
> Labels: mesosphere, security
> Fix For: 0.29.0
>
>
> We already authorize which http users can set/remove quota for particular
> roles, but even knowing of the existence of these roles (let alone their
> quotas) may be sensitive information. We should add authz around GET
> operations on /quota.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
