Michael Park created MESOS-3065: ----------------------------------- Summary: Add authorization for persistent volume Key: MESOS-3065 URL: https://issues.apache.org/jira/browse/MESOS-3065 Project: Mesos Issue Type: Task Reporter: Michael Park
Persistent volume should be authorized with the {{principal}} of the reserving entity (framework or master). The idea is to introduce {{Create}} and {{Destroy}} into the ACL. {code} message Create { // Subjects. required Entity principals = 1; // Objects? Perhaps the kind of volume? allowed permissions? } message Unreserve { // Subjects. required Entity principals = 1; // Objects. required Entity creator_principals = 2; } {code} When a framework/operator creates a persistent volume, "create" ACLs are checked to see if the framework (FrameworkInfo.principal) or the operator (Credential.user) is authorized to create persistent volumes. If not authorized, the create operation is rejected. When a framework/operator destroys a persistent volume, "destroy" ACLs are checked to see if the framework (FrameworkInfo.principal) or the operator (Credential.user) is authorized to destroy the persistent volume created by a framework or operator (Resource.DiskInfo.principal). If not authorized, the destroy operation is rejected. -- This message was sent by Atlassian JIRA (v6.3.4#6332)