[ https://issues.apache.org/jira/browse/MESOS-7414?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vinod Kone updated MESOS-7414: ------------------------------ Sprint: Mesosphere Sprint 56, Mesosphere Sprint 57 (was: Mesosphere Sprint 56) > Enable authorization for master's logging API calls: GET_LOGGING_LEVEL and > SET_LOGGING_LEVEL > --------------------------------------------------------------------------------------------- > > Key: MESOS-7414 > URL: https://issues.apache.org/jira/browse/MESOS-7414 > Project: Mesos > Issue Type: Task > Components: HTTP API, master > Reporter: Alexander Rojas > Assignee: Alexander Rojas > Labels: mesosphere, operator, security > > The Operator API calls {{GET_LOGGING_LEVEL}} and {{SET_LOGGING_LEVEL}} lack > authorization so any recognized user will be able to change the logging level > of a given master. > The v0 endpoint {{/logging/toggle}} has authorization through the > {{GET_ENDPOINT_WITH_PATH}} action. We need to decide whether it should also > use additional authorization. > Note that there are already actions defined for authorization of these > actions as they were already implemented in the agent. -- This message was sent by Atlassian JIRA (v6.3.15#6346)