[jira] [Commented] (MESOS-5317) Authorize the agent's '/containers' endpoint
[
https://issues.apache.org/jira/browse/MESOS-5317?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15289378#comment-15289378
]
Abhishek Dasgupta commented on MESOS-5317:
--
RR:
https://reviews.apache.org/r/47530/
> Authorize the agent's '/containers' endpoint
>
>
> Key: MESOS-5317
> URL: https://issues.apache.org/jira/browse/MESOS-5317
> Project: Mesos
> Issue Type: Improvement
> Components: security, slave
>Reporter: Greg Mann
>Assignee: Abhishek Dasgupta
> Labels: authorization, mesosphere
> Fix For: 0.29.0
>
>
> After the agent's {{/containers}} endpoint is authenticated, we should
> enabled authorization as well.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (MESOS-5317) Authorize the agent's '/containers' endpoint
[
https://issues.apache.org/jira/browse/MESOS-5317?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15288684#comment-15288684
]
Adam B commented on MESOS-5317:
---
[~jieyu] tells me we can do coarse-grained authz on this endpoint for 0.29 and
consider filtering in a future release. The only consumers Jie is aware of are
superuser-level services/scripts that want the unfiltered contents anyway.
> Authorize the agent's '/containers' endpoint
>
>
> Key: MESOS-5317
> URL: https://issues.apache.org/jira/browse/MESOS-5317
> Project: Mesos
> Issue Type: Improvement
> Components: security, slave
>Reporter: Greg Mann
>Assignee: Abhishek Dasgupta
> Labels: authorization, mesosphere
> Fix For: 0.29.0
>
>
> After the agent's {{/containers}} endpoint is authenticated, we should
> enabled authorization as well.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (MESOS-5317) Authorize the agent's '/containers' endpoint
[
https://issues.apache.org/jira/browse/MESOS-5317?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15273873#comment-15273873
]
Adam B commented on MESOS-5317:
---
Should we do GET_ENDPOINT_WITH_PATH coarse-grained authz on this endpoint, or
per-container/executor filtering?
[~jieyu], nobody's depending on this new endpoint yet right, so can we punt on
authn/z for it for now and recommend the endpoint be disabled on secure
clusters that care about protecting access to container stats? Then we can take
the time to design what authz should look like.
> Authorize the agent's '/containers' endpoint
>
>
> Key: MESOS-5317
> URL: https://issues.apache.org/jira/browse/MESOS-5317
> Project: Mesos
> Issue Type: Improvement
> Components: security, slave
>Reporter: Greg Mann
> Labels: authorization, mesosphere
> Fix For: 0.29.0
>
>
> After the agent's {{/containers}} endpoint is authenticated, we should
> enabled authorization as well.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
