Alexander Rojas created MESOS-7415:
--------------------------------------
Summary: Add authorization to master's operator maintenance API in
v0 and v1
Key: MESOS-7415
URL: https://issues.apache.org/jira/browse/MESOS-7415
Project: Mesos
Issue Type: Task
Components: c++ api, HTTP API, master
Reporter: Alexander Rojas
None of the maintenance primitives in either API v0 or API v1 have any kind of
authorization, which allows any user with valid credentials to do things such
as shutting down a machine, schedule time off on an agent, modify maintenance
schedule, etc.
The authorization support needs to be added to the v0 endpoints:
* {{/master/machine/up}}
* {{/master/machine/down}}
* {{/master/maintenance/schedule}}
* {{/master/maintenance/status}}
as well as to the v1 calls:
* {{GET_MAINTENANCE_STATUS}}
* {{GET_MAINTENANCE_SCHEDULE}}
* {{UPDATE_MAINTENANCE_SCHEDULE}}
* {{START_MAINTENANCE}}
* {{STOP_MAINTENANCE}}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
