[MESOS-2620] Implement a mechanism which allows access control of endpoints - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Implemented
Affects Version/s: 0.21.1
Fix Version/s: 0.23.0
Component/s: agent, libprocess, master
Labels:
- mesosphere
- security

Target Version/s:

0.23.0

Description

Rationale

As is currently implemented, libprocess processes are able to provide HTTP endpoints to serve some client's requests. Any security requirement are left to the actual endpoint handler to be implemented. Moreover, some common security checks (e.g., requiring the connection to be perform over a secure channel or controlling the source of the connection) cannot be performed at all since this attributes are not made available to the endpoint's handlers.

Goal

Implement a mechanism which allows users of libprocess to install firewall like rules which can be easily applied to any incoming connection, decoupling the endpoint's handler from the security layer.

Provide at least one rule which allows the selective disabling of endpoints. This also requires mesos users to be able to manipulate such rules.

Attachments

Issue Links

blocks

MESOS-2333 Securing Sandboxes via Filebrowser Access Control

Resolved

Activity

People

Assignee:: Alexander Rojas

Reporter:: Alexander Rojas

Shepherd:: Till Toenshoff

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 15/Apr/15 08:48

Updated:: 26/Nov/18 12:55

Resolved:: 26/Nov/18 12:55