mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joerg Schad <jo...@mesosphere.io>
Subject Re: Review Request 46613: Introduced filtering relevant actions and acls.
Date Fri, 20 May 2016 21:03:56 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46613/
-----------------------------------------------------------

(Updated May 20, 2016, 9:03 p.m.)


Review request for Adam B, Alexander Rojas and Michael Park.


Changes
-------

Addressed review.


Bugs: MESOS-5169
    https://issues.apache.org/jira/browse/MESOS-5169


Repository: mesos


Description (updated)
-------

In order to allow for framework and task level filtering we introduce
the following authorizer actions:
* VIEW_FRAMEWORK_WITH_INFO
* VIEW_TASK_WITH_EXECUTOR_INFO = 13;
* VIEW_TASK_WITH_COMMAND_INFO = 14;
* VIEW_TASK_WITH_TASK = 15;

Note that we need different actions for authorizing a tasks
based on the object being authorized.

We also introduce the following acls for the local authorizer:
* ViewFrameworks  (giving access to frameworks running in
    a given role)
* ViewTasks view_tasks (giving access to Tasks run under a
    specific OS user)


Diffs (updated)
-----

  docs/authorization.md 0db5c345b3239814b3b9d2e8a87601ff69d0f869 
  include/mesos/authorizer/acls.proto 9adae8c2a2e1b2ee4b9068ea50fcebb0544f2e5d 
  include/mesos/authorizer/authorizer.proto 32492a59ad95df3bb673ec42321518f86c11af59 
  src/authorizer/local/authorizer.cpp aa1a9d8e5c7fb86b6310015d93aeacb466a307ef 

Diff: https://reviews.apache.org/r/46613/diff/


Testing
-------

make check (OSX)


Thanks,

Joerg Schad


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message