[jira] [Comment Edited] (MESOS-5336) Add authorization to GET /quota

Thu, 19 May 2016 00:45:37 -0700 

    [ 
https://issues.apache.org/jira/browse/MESOS-5336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15286541#comment-15286541
 ] 

Alexander Rukletsov edited comment on MESOS-5336 at 5/19/16 7:44 AM:
---------------------------------------------------------------------

{noformat}
Commit: 8e616a03cdba5dbc7975f003c2bd0d3dd5f4da19 [8e616a0]
Author: Zhitao Li <[email protected]>
Date: 17 May 2016 11:52:18 CEST
Committer: Alexander Rukletsov <[email protected]>
Commit Date: 17 May 2016 14:40:20 CEST

Added authorization for GET '/quota' master endpoint.

GET access to the '/quota' master endpoint is authorized using the
newly introduced 'GET_QUOTA_WITH_ROLE' action. The response JSON is
filtered on per-role basis.

Review: https://reviews.apache.org/r/47274/
{noformat}

{noformat}
Commit: 71e5099c55bb5fd064ef5efe59ed780ad1e93060 [71e5099]
Author: Zhitao Li [email protected]
Date: 19 May 2016 09:04:20 CEST
Committer: Alexander Rukletsov [email protected]
Commit Date: 19 May 2016 09:39:37 CEST

Documented quota authorization changes.

Review: https://reviews.apache.org/r/47400/
{noformat}


was (Author: alexr):
{noformat}
Commit: 8e616a03cdba5dbc7975f003c2bd0d3dd5f4da19 [8e616a0]
Author: Zhitao Li <[email protected]>
Date: 17 May 2016 11:52:18 CEST
Committer: Alexander Rukletsov <[email protected]>
Commit Date: 17 May 2016 14:40:20 CEST

Added authorization for GET '/quota' master endpoint.

GET access to the '/quota' master endpoint is authorized using the
newly introduced 'GET_QUOTA_WITH_ROLE' action. The response JSON is
filtered on per-role basis.

Review: https://reviews.apache.org/r/47274/
{noformat}

> Add authorization to GET /quota
> -------------------------------
>
>                 Key: MESOS-5336
>                 URL: https://issues.apache.org/jira/browse/MESOS-5336
>             Project: Mesos
>          Issue Type: Improvement
>          Components: master, security
>            Reporter: Adam B
>            Assignee: Zhitao Li
>              Labels: mesosphere, security
>             Fix For: 0.29.0
>
>
> We already authorize which http users can set/remove quota for particular 
> roles, but even knowing of the existence of these roles (let alone their 
> quotas) may be sensitive information. We should add authz around GET 
> operations on /quota.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to