[
https://issues.apache.org/jira/browse/MESOS-5710?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Adam B updated MESOS-5710:
--------------------------
Description:
Any of a GET, POST, PUT, or DELETE to
`<master>/logging/toggle?level=INFO&duration=5mins` will set the log level and
return 200. To be consistent with REST-like syntax, DELETE, GET, and even POST
are wrong and should return a MethodNotAllowed.
Once this endpoint no longer accepts GET, it is no longer appropriate to use
the GET_ENDPOINT acl here. Instead we could create a new PUT_ENDPOINT_WITH_PATH
acl (which hopefully ignores query params), or add a first-class TOGGLE_LOGGING
acl.
was:
Any of a GET, POST, PUT, or DELETE to
`<master>/logging/toggle?level=INFO&duration=5mins` will set the log level and
return 200.
To be consistent with REST-like syntax, DELETE, GET, and even POST are wrong
and should return a MethodNotAllowed.
> The /logging/toggle endpoint accepts requests with any http method
> ------------------------------------------------------------------
>
> Key: MESOS-5710
> URL: https://issues.apache.org/jira/browse/MESOS-5710
> Project: Mesos
> Issue Type: Task
> Reporter: Adam B
> Priority: Minor
> Labels: mesosphere, security
> Fix For: 1.0.0
>
>
> Any of a GET, POST, PUT, or DELETE to
> `<master>/logging/toggle?level=INFO&duration=5mins` will set the log level
> and return 200. To be consistent with REST-like syntax, DELETE, GET, and even
> POST are wrong and should return a MethodNotAllowed.
> Once this endpoint no longer accepts GET, it is no longer appropriate to use
> the GET_ENDPOINT acl here. Instead we could create a new
> PUT_ENDPOINT_WITH_PATH acl (which hopefully ignores query params), or add a
> first-class TOGGLE_LOGGING acl.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
