[ https://issues.apache.org/jira/browse/MESOS-3065?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Greg Mann reassigned MESOS-3065: -------------------------------- Assignee: Greg Mann (was: Michael Park) > Add authorization for persistent volume > --------------------------------------- > > Key: MESOS-3065 > URL: https://issues.apache.org/jira/browse/MESOS-3065 > Project: Mesos > Issue Type: Task > Reporter: Michael Park > Assignee: Greg Mann > Labels: mesosphere, persistent-volumes > > Persistent volume should be authorized with the {{principal}} of the > reserving entity (framework or master). The idea is to introduce {{Create}} > and {{Destroy}} into the ACL. > {code} > message Create { > // Subjects. > required Entity principals = 1; > // Objects? Perhaps the kind of volume? allowed permissions? > } > message Unreserve { > // Subjects. > required Entity principals = 1; > // Objects. > required Entity creator_principals = 2; > } > {code} > When a framework/operator creates a persistent volume, "create" ACLs are > checked to see if the framework (FrameworkInfo.principal) or the operator > (Credential.user) is authorized to create persistent volumes. If not > authorized, the create operation is rejected. > When a framework/operator destroys a persistent volume, "destroy" ACLs are > checked to see if the framework (FrameworkInfo.principal) or the operator > (Credential.user) is authorized to destroy the persistent volume created by a > framework or operator (Resource.DiskInfo.principal). If not authorized, the > destroy operation is rejected. -- This message was sent by Atlassian JIRA (v6.3.4#6332)