[
https://issues.apache.org/jira/browse/MESOS-5709?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15355062#comment-15355062
]
Joerg Schad commented on MESOS-5709:
------------------------------------
Introduced authorization based filtering for /roles.
https://reviews.apache.org/r/49369
Updateted documentation for roles endpoint filtering
https://reviews.apache.org/r/49370/
> Authorization for /roles
> ------------------------
>
> Key: MESOS-5709
> URL: https://issues.apache.org/jira/browse/MESOS-5709
> Project: Mesos
> Issue Type: Task
> Components: security
> Reporter: Adam B
> Assignee: Joerg Schad
> Priority: Minor
> Labels: mesosphere, security
> Fix For: 1.0.0
>
>
> The /roles endpoint exposes the list of all roles and their weights, as well
> as the list of all frameworkIds registered with each role. This is a superset
> of the information exposed on GET /weights, which we already protect. We
> should protect the data in /roles the same way.
> - Should we reuse VIEW_FRAMEWORK with role (from /state)?
> - Should we add a new VIEW_ROLE and adapt GET_WEIGHTS to use it?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
