Till Toenshoff created MESOS-8014: ------------------------------------- Summary: Provide HTTP authenticatee interface re/usable for the scheduler library. Key: MESOS-8014 URL: https://issues.apache.org/jira/browse/MESOS-8014 Project: Mesos Issue Type: Epic Components: HTTP API, modules, scheduler api, security Reporter: Till Toenshoff Assignee: Till Toenshoff
h4. Motivation Authentication and authorization have been added to most Mesos APIs at this point. Schedulers making use of the Mesos HTTP scheduler library however, currently only support a hard wired basic HTTP authentication. To secure the master’s HTTP scheduler API, the {{/api/v1/scheduler}} endpoint must be authenticated. Without authentication, a malicious or buggy actor from within or outside the cluster could send requests to these master endpoints, potentially disrupting running schedulers or tasks, injecting harmful tasks, or exposing privileged information. h4. Goals - Support custom authentication of schedulers based on the Mesos V1 HTTP scheduler API library [/src/scheduler/scheduler.cpp|https://github.com/apache/mesos/blob/8198579fea7e433e202bd33f4ea62eb235859365/src/scheduler/scheduler.cpp]. - Require minimal operator configuration when enabling scheduler authentication for a simple default use case. - Provide a thin, reusable layer of abstraction enabling any HTTP API consumer to authenticate. -- This message was sent by Atlassian JIRA (v6.4.14#64029)