[jira] [Updated] (MESOS-7414) Enable authorization for master's logging API calls: GET_LOGGING_LEVEL and SET_LOGGING_LEVEL

Vinod Kone (JIRA) Tue, 13 Jun 2017 13:20:40 -0700

     [ 
https://issues.apache.org/jira/browse/MESOS-7414?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Vinod Kone updated MESOS-7414:
------------------------------
    Sprint: Mesosphere Sprint 56, Mesosphere Sprint 57, Mesosphere Sprint 58  
(was: Mesosphere Sprint 56, Mesosphere Sprint 57)

> Enable authorization for master's logging API calls: GET_LOGGING_LEVEL  and 
> SET_LOGGING_LEVEL
> ---------------------------------------------------------------------------------------------
>
>                 Key: MESOS-7414
>                 URL: https://issues.apache.org/jira/browse/MESOS-7414
>             Project: Mesos
>          Issue Type: Task
>          Components: HTTP API, master
>            Reporter: Alexander Rojas
>            Assignee: Alexander Rojas
>              Labels: mesosphere, operator, security
>
> The Operator API calls {{GET_LOGGING_LEVEL}}  and {{SET_LOGGING_LEVEL}} lack 
> authorization so any recognized user will be able to change the logging level 
> of a given master.
> The v0 endpoint {{/logging/toggle}} has authorization through the 
> {{GET_ENDPOINT_WITH_PATH}} action. We need to decide whether it should also 
> use additional authorization.
> Note that there are already actions defined for authorization of these 
> actions as they were already implemented in the agent.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (MESOS-7414) Enable authorization for master's logging API calls: GET_LOGGING_LEVEL and SET_LOGGING_LEVEL

Reply via email to