Details
Description
Of the agent's current v1 operator Calls,
- Some don't need authz:
GET_HEALTH = 1
GET_VERSION = 3;
GET_METRICS = 4;
GET_LOGGING_LEVEL = 5;
- Most of the others already have authz:
LIST_FILES = 7;
READ_FILE = 8;
GET_STATE = 9;
GET_FRAMEWORKS = 11;
GET_EXECUTORS = 12;
GET_TASKS = 13;
LAUNCH_NESTED_CONTAINER = 14;
WAIT_NESTED_CONTAINER = 15;
KILL_NESTED_CONTAINER = 16;
LAUNCH_NESTED_CONTAINER_SESSION = 17;
ATTACH_CONTAINER_INPUT = 18;
ATTACH_CONTAINER_OUTPUT = 19;
- Some don't have authz, but need it, and these are the ones we're worried about.
GET_FLAGS = 2;
SET_LOGGING_LEVEL = 6;
GET_CONTAINERS = 10;
Attachments
Issue Links
- duplicates
-
MESOS-6201 Filter containers information by principal when retrieving it from Agent.
-
- Resolved
-
- is related to
-
MESOS-5317 Authorize the agent's '/containers' endpoint.
-
- Resolved
-
- relates to
-
MESOS-6474 Add fine-grained ACLs for authorization with the new debugging APIs
-
- Resolved
-