Adam B created MESOS-5709:
-----------------------------
Summary: Authorization for /roles
Key: MESOS-5709
URL: https://issues.apache.org/jira/browse/MESOS-5709
Project: Mesos
Issue Type: Task
Components: security
Reporter: Adam B
Priority: Minor
Fix For: 1.0.0
The /roles endpoint exposes the list of all roles and their weights, as well as
the list of all frameworkIds registered with each role. This is a superset of
the information exposed on GET /weights, which we already protect. We should
protect the data in /roles the same way.
- Should we reuse VIEW_FRAMEWORK with role (from /state)?
- Should we add a new VIEW_ROLE and adapt GET_WEIGHTS to use it?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
