Till Toenshoff created MESOS-8014:
-------------------------------------
Summary: Provide HTTP authenticatee interface re/usable for the
scheduler library.
Key: MESOS-8014
URL: https://issues.apache.org/jira/browse/MESOS-8014
Project: Mesos
Issue Type: Epic
Components: HTTP API, modules, scheduler api, security
Reporter: Till Toenshoff
Assignee: Till Toenshoff
h4. Motivation
Authentication and authorization have been added to most Mesos APIs at this
point. Schedulers making use of the Mesos HTTP scheduler library however,
currently only support a hard wired basic HTTP authentication.
To secure the master’s HTTP scheduler API, the {{/api/v1/scheduler}} endpoint
must be authenticated. Without authentication, a malicious or buggy actor from
within or outside the cluster could send requests to these master endpoints,
potentially disrupting running schedulers or tasks, injecting harmful tasks, or
exposing privileged information.
h4. Goals
- Support custom authentication of schedulers based on the Mesos V1 HTTP
scheduler API library
[/src/scheduler/scheduler.cpp|https://github.com/apache/mesos/blob/8198579fea7e433e202bd33f4ea62eb235859365/src/scheduler/scheduler.cpp].
- Require minimal operator configuration when enabling scheduler authentication
for a simple default use case.
- Provide a thin, reusable layer of abstraction enabling any HTTP API consumer
to authenticate.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
