[
https://issues.apache.org/jira/browse/MESOS-3065?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15058838#comment-15058838
]
Greg Mann commented on MESOS-3065:
----------------------------------
This ticket has been split into pieces to help us complete some of this work on
a short timescale. The review requests which are now applicable to this
particular ticket are:
https://reviews.apache.org/r/40255/
https://reviews.apache.org/r/40256/
https://reviews.apache.org/r/40271/
> Add framework authorization for persistent volume
> -------------------------------------------------
>
> Key: MESOS-3065
> URL: https://issues.apache.org/jira/browse/MESOS-3065
> Project: Mesos
> Issue Type: Task
> Reporter: Michael Park
> Assignee: Greg Mann
> Labels: mesosphere, persistent-volumes
>
> This is the third in a series of tickets that adds authorization support to
> persistent volumes.
> When a framework creates a persistent volume, "create" ACLs are checked to
> see if the framework (FrameworkInfo.principal) or the operator
> (Credential.user) is authorized to create persistent volumes. If not
> authorized, the create operation is rejected.
> When a framework destroys a persistent volume, "destroy" ACLs are checked to
> see if the framework (FrameworkInfo.principal) or the operator
> (Credential.user) is authorized to destroy the persistent volume created by a
> framework or operator (Resource.DiskInfo.principal). If not authorized, the
> destroy operation is rejected.
> A separate ticket will use the structures created here to enable
> authorization of the "/create" and "/destroy" HTTP endpoints:
> https://issues.apache.org/jira/browse/MESOS-3903
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
