Google Git
Sign in
apache / mesos / refs/tags/0.28.1-rc1 / . / include / mesos / authorizer / authorizer.proto
blob: 84d2cb3fbff3fbc7c3854d6eec5a3a55ad5760f8 [file] [log] [blame]
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
import "mesos/mesos.proto";
package mesos;
option java_package = "org.apache.mesos";
option java_outer_classname = "Protos";
/**
* ACLs used for local authorization (See authorization.md file in the docs).
*/
message ACL {
// Entity is used to describe a subject(s) or an object(s) of an ACL.
// NOTE:
// To allow everyone access to an Entity set its type to 'ANY'.
// To deny access to an Entity set its type to 'NONE'.
message Entity {
enum Type {
SOME = 0;
ANY = 1;
NONE = 2;
}
optional Type type = 1 [default = SOME];
repeated string values = 2; // Ignored for ANY/NONE.
}
// ACLs.
message RegisterFramework {
// Subjects: Framework principals.
required Entity principals = 1;
// Objects: Roles for resource offers.
required Entity roles = 2;
}
message RunTask {
// Subjects: Framework principals.
required Entity principals = 1;
// Objects: Users to run the tasks/executors as.
required Entity users = 2;
}
// Which principals are authorized to shutdown frameworks of other
// principals.
// TODO(gyliu513): Remove this message at the end of the deprecation
// cycle on 0.27. It will be replaced by TeardownFramework then.
message ShutdownFramework {
// Subjects.
required Entity principals = 1;
// Objects.
required Entity framework_principals = 2;
}
// Which principals are authorized to teardown frameworks of other
// principals.
message TeardownFramework {
// Subjects.
required Entity principals = 1;
// Objects.
required Entity framework_principals = 2;
}
// Specifies which roles a principal can reserve resources for.
message ReserveResources {
// Subjects: Framework principal or Operator username.
required Entity principals = 1;
// Objects: The principal(s) can reserve resources for these roles.
required Entity roles = 2;
}
// Specifies which principals can unreserve which principals'
// reserved resources.
message UnreserveResources {
// Subjects: Framework principal or Operator username.
required Entity principals = 1;
// Objects: Principal of the entity that reserved the resources.
required Entity reserver_principals = 2;
}
// Specifies which roles a principal can create volumes for.
message CreateVolume {
// Subjects: Framework principal or Operator username.
required Entity principals = 1;
// Objects: The principal(s) can create volumes for these roles.
required Entity roles = 2;
}
// Specifies which principals can destroy volumes
// created by which other principals.
message DestroyVolume {
// Subjects: Framework principal or Operator username.
required Entity principals = 1;
// Objects: Principal of the entity that created the volume.
required Entity creator_principals = 2;
}
// Which principals are authorized to set quotas for given roles.
message SetQuota {
// Subjects: Operator username.
required Entity principals = 1;
// Objects: The list of roles for which a quota can be set.
required Entity roles = 2;
}
// Which principals can remove quotas set by which other principals.
message RemoveQuota {
// Subjects: Operator username.
required Entity principals = 1;
// Objects: Principal of the entity that set the quota.
required Entity quota_principals = 2;
}
}
/**
* Collection of ACL.
*
* Each authorization request is evaluated against the ACLs in the order
* they are defined.
*
* For simplicity, the ACLs for a given action are not aggregated even
* when they have the same subjects or objects. The first ACL that
* matches the request determines whether that request should be
* permitted or not. An ACL matches iff both the subjects
* (e.g., clients, principals) and the objects (e.g., urls, users,
* roles) of the ACL match the request.
*
* If none of the ACLs match the request, the 'permissive' field
* determines whether the request should be permitted or not.
*
* TODO(vinod): Do aggregation of ACLs when possible.
*
*/
message ACLs {
optional bool permissive = 1 [default = true];
repeated ACL.RegisterFramework register_frameworks = 2;
repeated ACL.RunTask run_tasks = 3;
// TODO(gyliu513): Remove this shutdown_frameworks at the
// end of the deprecation cycle on 0.27.
repeated ACL.ShutdownFramework shutdown_frameworks = 4;
repeated ACL.ReserveResources reserve_resources = 5;
repeated ACL.UnreserveResources unreserve_resources = 6;
repeated ACL.CreateVolume create_volumes = 7;
repeated ACL.DestroyVolume destroy_volumes = 8;
repeated ACL.SetQuota set_quotas = 9;
repeated ACL.RemoveQuota remove_quotas = 10;
repeated ACL.TeardownFramework teardown_frameworks = 11;
}