[ https://issues.apache.org/jira/browse/MESOS-3065?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15058838#comment-15058838 ]
Greg Mann commented on MESOS-3065: ---------------------------------- This ticket has been split into pieces to help us complete some of this work on a short timescale. The review requests which are now applicable to this particular ticket are: https://reviews.apache.org/r/40255/ https://reviews.apache.org/r/40256/ https://reviews.apache.org/r/40271/ > Add framework authorization for persistent volume > ------------------------------------------------- > > Key: MESOS-3065 > URL: https://issues.apache.org/jira/browse/MESOS-3065 > Project: Mesos > Issue Type: Task > Reporter: Michael Park > Assignee: Greg Mann > Labels: mesosphere, persistent-volumes > > This is the third in a series of tickets that adds authorization support to > persistent volumes. > When a framework creates a persistent volume, "create" ACLs are checked to > see if the framework (FrameworkInfo.principal) or the operator > (Credential.user) is authorized to create persistent volumes. If not > authorized, the create operation is rejected. > When a framework destroys a persistent volume, "destroy" ACLs are checked to > see if the framework (FrameworkInfo.principal) or the operator > (Credential.user) is authorized to destroy the persistent volume created by a > framework or operator (Resource.DiskInfo.principal). If not authorized, the > destroy operation is rejected. > A separate ticket will use the structures created here to enable > authorization of the "/create" and "/destroy" HTTP endpoints: > https://issues.apache.org/jira/browse/MESOS-3903 -- This message was sent by Atlassian JIRA (v6.3.4#6332)