[ https://issues.apache.org/jira/browse/MESOS-7415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alexander Rojas reassigned MESOS-7415: -------------------------------------- Assignee: Alexander Rojas > Add authorization to master's operator maintenance API in v0 and v1 > ------------------------------------------------------------------- > > Key: MESOS-7415 > URL: https://issues.apache.org/jira/browse/MESOS-7415 > Project: Mesos > Issue Type: Task > Components: c++ api, HTTP API, master > Reporter: Alexander Rojas > Assignee: Alexander Rojas > Labels: authorization, mesosphere, security > > None of the maintenance primitives in either API v0 or API v1 have any kind > of authorization, which allows any user with valid credentials to do things > such as shutting down a machine, schedule time off on an agent, modify > maintenance schedule, etc. > The authorization support needs to be added to the v0 endpoints: > * {{/master/machine/up}} > * {{/master/machine/down}} > * {{/master/maintenance/schedule}} > * {{/master/maintenance/status}} > as well as to the v1 calls: > * {{GET_MAINTENANCE_STATUS}} > * {{GET_MAINTENANCE_SCHEDULE}} > * {{UPDATE_MAINTENANCE_SCHEDULE}} > * {{START_MAINTENANCE}} > * {{STOP_MAINTENANCE}} -- This message was sent by Atlassian JIRA (v6.3.15#6346)