[
https://issues.apache.org/jira/browse/MESOS-7416?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16111872#comment-16111872
]
Greg Mann commented on MESOS-7416:
----------------------------------
{code}
commit e87569b2ae3c7f8303ce146f882c340b4fdd5ca4
Author: Alexander Rojas <[email protected]>
Date: Wed Aug 2 13:14:07 2017 -0700
Added full authz for non summarized fields of `/slaves` endpoint.
Fields were authorized based on partial elements of each
resource. Moreover, some fields which required authorization were not
being authorized at all. This patch enables full authorization of all
fields.
Review: https://reviews.apache.org/r/61257/
{code}
{code}
commit 2fe2562455d899545f2f6cbace989489867b8ee7
Author: Alexander Rojas <[email protected]>
Date: Wed Aug 2 13:14:01 2017 -0700
Enabled filtering of the 'GET_AGENTS' v1 API call.
Enables filtering of the results of calls to the 'GET_AGENTS' v1
API. It filters the contents of different resources entries based
on the 'VIEW_ROLE' permissions of the principal doing the request
based on resource roles, allocation roles and reservations.
Review: https://reviews.apache.org/r/61171/
{code}
> Filter results of `/master/slaves` and the v1 call GET_AGENTS
> -------------------------------------------------------------
>
> Key: MESOS-7416
> URL: https://issues.apache.org/jira/browse/MESOS-7416
> Project: Mesos
> Issue Type: Task
> Components: HTTP API, master
> Reporter: Alexander Rojas
> Assignee: Alexander Rojas
> Labels: mesosphere, security
> Fix For: 1.4.0
>
>
> The results returned by both the endpoint {{/master/slaves}} and the API v1
> {{GET_AGENTS}} return full information about the agent state which probably
> need to be filtered for certain uses, particularly in a multi-tenancy
> scenario.
> The kind of leaked data includes specific role names and their specific
> allocations.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
