[jira] [Updated] (MESOS-8100) Authorize standalone container calls from local resource providers.

[Adam B (JIRA)]

     [ 
https://issues.apache.org/jira/browse/MESOS-8100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Adam B updated MESOS-8100:
--------------------------
    Sprint: Mesosphere Sprint 66, Mesosphere Sprint 67, Mesosphere Sprint 68  
(was: Mesosphere Sprint 66, Mesosphere Sprint 67)

> Authorize standalone container calls from local resource providers.
> -------------------------------------------------------------------
>
>                 Key: MESOS-8100
>                 URL: https://issues.apache.org/jira/browse/MESOS-8100
>             Project: Mesos
>          Issue Type: Task
>          Components: agent
>            Reporter: Chun-Hung Hsiao
>            Assignee: Chun-Hung Hsiao
>              Labels: mesosphere
>             Fix For: 1.5.0
>
>
> We need to add authorization for a local resource provider to call the 
> standalone container API to prevent the provider from manipulating arbitrary 
> containers. We can use the same JWT-based authN/authZ mechanism for 
> executors, where the agent will create a auth token for each local resource 
> provider instance:
> {noformat}
> class LecalResourceProvider
> {
> public:
>   static Try<process::Owned<LocalResourceProvider>> create(
>       const process::http::URL& url,
>       const std::string& workDir,
>       const mesos::ResourceProviderInfo& info,
>       const Option<std::string>& authToken);
>   ...
> };
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)