[
https://issues.apache.org/jira/browse/MESOS-8100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vinod Kone updated MESOS-8100:
------------------------------
Sprint: Mesosphere Sprint 66, Mesosphere Sprint 67 (was: Mesosphere Sprint
66)
> Authorize standalone container calls from local resource providers.
> -------------------------------------------------------------------
>
> Key: MESOS-8100
> URL: https://issues.apache.org/jira/browse/MESOS-8100
> Project: Mesos
> Issue Type: Task
> Components: agent
> Reporter: Chun-Hung Hsiao
> Assignee: Chun-Hung Hsiao
> Labels: mesosphere
> Fix For: 1.5.0
>
>
> We need to add authorization for a local resource provider to call the
> standalone container API to prevent the provider from manipulating arbitrary
> containers. We can use the same JWT-based authN/authZ mechanism for
> executors, where the agent will create a auth token for each local resource
> provider instance:
> {noformat}
> class LecalResourceProvider
> {
> public:
> static Try<process::Owned<LocalResourceProvider>> create(
> const process::http::URL& url,
> const std::string& workDir,
> const mesos::ResourceProviderInfo& info,
> const Option<std::string>& authToken);
> ...
> };
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
