Not sure if you came across http://mesos.apache.org/documentation/latest/authorization/ but I hope it can answer your questions.
On Thu, Jul 30, 2020 at 4:03 PM Marc Roos <m.r...@f1-outsourcing.eu> wrote: > > > Currently I am running on a testing environment with some default acl I > found[1]. I have configured mesos-credentials, and afaik everything > agents/marathon framework is authenticating. So I thought about > converting the acl to default drop/deny. However I see there are quite a > few options. > > Is it advicable to even set the all to deny? Is there an example how to > set the url for GetEndpoint? > > [2] > > https://github.com/apache/mesos/blob/master/include/mesos/authorizer/acls.proto > http://mesos.apache.org/documentation/latest/configuration/master/ > > [1] > { > "run_tasks": [ > { > "principals": { > "type": "ANY" > }, > "users": { > "type": "ANY" > } > } > ], > "register_frameworks": [ > { > "principals": { > "type": "ANY" > }, > "roles": { > "type": "ANY" > } > } > ] > } >