[
https://issues.apache.org/jira/browse/MESOS-5459?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vinod Kone updated MESOS-5459:
------------------------------
Priority: Blocker (was: Major)
Marking this as a blocker because this is an API change? [~adam-mesos] please
downgrade if it's not.
> Update RUN_TASK_WITH_USER to use additional metadata
> ----------------------------------------------------
>
> Key: MESOS-5459
> URL: https://issues.apache.org/jira/browse/MESOS-5459
> Project: Mesos
> Issue Type: Improvement
> Components: security
> Reporter: Adam B
> Assignee: Benjamin Bannier
> Priority: Blocker
> Labels: mesosphere, security
> Fix For: 1.0.0
>
>
> Currently, the `authorization::Action` `RUN_TASK_WITH_USER` will pass the
> user as its `Object.value` string, but some authorizers may want to make
> authorization decisions based on additional task attributes, like role,
> resources, labels, container type, etc.
> We should create a new Action `RUN_TASK` that passes FrameworkInfo and
> TaskInfo in its Object, and the LocalAuthorizer's RunTaskWithUser ACL can be
> implemented using the user found in TaskInfo/FrameworkInfo.
> We may need to leave the old _WITH_USER action around, but it's arguable
> whether we should call the authorizer once for RUN_TASK and once for
> RUN_TASK_WITH_USER, or only use the new action and deprecate the old one?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
