[ https://issues.apache.org/jira/browse/MESOS-2948?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gavin updated MESOS-2948: ------------------------- Comment: was deleted (was: www.rtat.net) > Generalize authorizer interface in order to allow for arbitrary Subjects, > Actions and Objects > --------------------------------------------------------------------------------------------- > > Key: MESOS-2948 > URL: https://issues.apache.org/jira/browse/MESOS-2948 > Project: Mesos > Issue Type: Epic > Components: master, security > Reporter: Alexander Rojas > Assignee: Alexander Rojas > Priority: Blocker > Labels: acl, mesosphere, security > Fix For: 1.0.0 > > > The current > [{{mesos::Authorizer}}|https://github.com/apache/mesos/blob/40b596402521be25b93b9ef4edd8f5c727c9d20e/src/authorizer/authorizer.hpp] > API has one method for each of the _actions_ supported (Register Framework, > Launch Task and Shutdown Framework), and each of these _actions_ themselves > define the _objects_ on which they operate. > Currently, in case a new action needs to be authorized it is necessary to > modify the {{mesos::Authorizer}} interface and all its implementations > (currently only {{mesos::LocalAuthorizer}}), and add a new nested message to > the {{ACL}} message in {{mesos.proto}}. > An update to the API should allow for new _actions_ and _objects_ to be added > without the need to change the {{mesos::Authorizer}} interface while > encapsulating implementation details on how the authorization process is > performed. -- This message was sent by Atlassian JIRA (v7.6.3#76005)