Adam B created MESOS-5459:
-----------------------------
Summary: Update RUN_TASK_WITH_USER to use additional metadata
Key: MESOS-5459
URL: https://issues.apache.org/jira/browse/MESOS-5459
Project: Mesos
Issue Type: Improvement
Components: security
Reporter: Adam B
Fix For: 0.29.0
Currently, the `authorization::Action` `RUN_TASK_WITH_USER` will pass the user
as its `Object.value` string, but some authorizers may want to make
authorization decisions based on additional task attributes, like role,
resources, labels, container type, etc.
We should create a new Action `RUN_TASK` that passes FrameworkInfo and TaskInfo
in its Object, and the LocalAuthorizer's RunTaskWithUser ACL can be implemented
using the user found in TaskInfo/FrameworkInfo.
We may need to leave the old _WITH_USER action around, but it's arguable
whether we should call the authorizer once for RUN_TASK and once for
RUN_TASK_WITH_USER, or only use the new action and deprecate the old one?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
