[
https://issues.apache.org/jira/browse/MESOS-7415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vinod Kone updated MESOS-7415:
------------------------------
Shepherd: Greg Mann (was: Adam B)
> Add authorization to master's operator maintenance API in v0 and v1
> -------------------------------------------------------------------
>
> Key: MESOS-7415
> URL: https://issues.apache.org/jira/browse/MESOS-7415
> Project: Mesos
> Issue Type: Task
> Components: c++ api, HTTP API, master
> Reporter: Alexander Rojas
> Assignee: Alexander Rojas
> Labels: authorization, mesosphere, security
>
> None of the maintenance primitives in either API v0 or API v1 have any kind
> of authorization, which allows any user with valid credentials to do things
> such as shutting down a machine, schedule time off on an agent, modify
> maintenance schedule, etc.
> The authorization support needs to be added to the v0 endpoints:
> * {{/master/machine/up}}
> * {{/master/machine/down}}
> * {{/master/maintenance/schedule}}
> * {{/master/maintenance/status}}
> as well as to the v1 calls:
> * {{GET_MAINTENANCE_STATUS}}
> * {{GET_MAINTENANCE_SCHEDULE}}
> * {{UPDATE_MAINTENANCE_SCHEDULE}}
> * {{START_MAINTENANCE}}
> * {{STOP_MAINTENANCE}}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
