Chun-Hung Hsiao created MESOS-8100:
--------------------------------------
Summary: Authorize standalone container calls from local resource
providers.
Key: MESOS-8100
URL: https://issues.apache.org/jira/browse/MESOS-8100
Project: Mesos
Issue Type: Task
Components: agent
Reporter: Chun-Hung Hsiao
Assignee: Chun-Hung Hsiao
Fix For: 1.5.0
We need to add authorization for a local resource provider to call the
standalone container API to prevent the provider from manipulating arbitrary
containers. We can use the same JWT-based authN/authZ mechanism for executors,
where the agent will create a auth token for each local resource provider
instance:
{noformat}
class LecalResourceProvider
{
public:
static Try<process::Owned<LocalResourceProvider>> create(
const process::http::URL& url,
const std::string& workDir,
const mesos::ResourceProviderInfo& info,
const Option<std::string>& authToken);
...
};
{noformat}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
