Chun-Hung Hsiao created MESOS-8100: -------------------------------------- Summary: Authorize standalone container calls from local resource providers. Key: MESOS-8100 URL: https://issues.apache.org/jira/browse/MESOS-8100 Project: Mesos Issue Type: Task Components: agent Reporter: Chun-Hung Hsiao Assignee: Chun-Hung Hsiao Fix For: 1.5.0
We need to add authorization for a local resource provider to call the standalone container API to prevent the provider from manipulating arbitrary containers. We can use the same JWT-based authN/authZ mechanism for executors, where the agent will create a auth token for each local resource provider instance: {noformat} class LecalResourceProvider { public: static Try<process::Owned<LocalResourceProvider>> create( const process::http::URL& url, const std::string& workDir, const mesos::ResourceProviderInfo& info, const Option<std::string>& authToken); ... }; {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029)