Alexander Rojas created MESOS-2948:
--------------------------------------
Summary: Generalize authorizer interface in order to allow for
arbitrary Subjects, Actions and Objects
Key: MESOS-2948
URL: https://issues.apache.org/jira/browse/MESOS-2948
Project: Mesos
Issue Type: Epic
Components: master, security
Reporter: Alexander Rojas
The current
[{{mesos::Authorizer}}|https://github.com/apache/mesos/blob/40b596402521be25b93b9ef4edd8f5c727c9d20e/src/authorizer/authorizer.hpp]
API has one method for each of the _actions_ supported (Register Framework,
Launch Task and Shutdown Framework), and each of these _actions_ themselves
define the _objects_ one which they operate.
Currently, in case a new action needs to be authorized it is necessary to
modify the {{mesos::Authorizer}} interface and all its implementations
(currently only {{mesos::LocalAuthorizer}}), and add a new nested message to
the {{ACL}} message in {{mesos.proto}}.
An update to the API should allow for new _actions_ and _objects_ to be added
without the need to change the {{mesos::Authorizer}} interface while
encapsulating implementation details on how the authorization process is
performed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
