| // Licensed to the Apache Software Foundation (ASF) under one |
| // or more contributor license agreements. See the NOTICE file |
| // distributed with this work for additional information |
| // regarding copyright ownership. The ASF licenses this file |
| // to you under the Apache License, Version 2.0 (the |
| // "License"); you may not use this file except in compliance |
| // with the License. You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| import "mesos/mesos.proto"; |
| |
| package mesos; |
| |
| option java_package = "org.apache.mesos"; |
| option java_outer_classname = "Protos"; |
| |
| |
| /** |
| * ACLs used for local authorization (See authorization.md file in the docs). |
| */ |
| message ACL { |
| // Entity is used to describe a subject(s) or an object(s) of an ACL. |
| // NOTE: |
| // To allow everyone access to an Entity set its type to 'ANY'. |
| // To deny access to an Entity set its type to 'NONE'. |
| message Entity { |
| enum Type { |
| SOME = 0; |
| ANY = 1; |
| NONE = 2; |
| } |
| optional Type type = 1 [default = SOME]; |
| repeated string values = 2; // Ignored for ANY/NONE. |
| } |
| |
| // ACLs. |
| message RegisterFramework { |
| // Subjects: Framework principals. |
| required Entity principals = 1; |
| |
| // Objects: Roles for resource offers. |
| required Entity roles = 2; |
| } |
| |
| message RunTask { |
| // Subjects: Framework principals. |
| required Entity principals = 1; |
| |
| // Objects: Users to run the tasks/executors as. |
| required Entity users = 2; |
| } |
| |
| // Which principals are authorized to shutdown frameworks of other |
| // principals. |
| // TODO(gyliu513): Remove this message at the end of the deprecation |
| // cycle on 0.27. It will be replaced by TeardownFramework then. |
| message ShutdownFramework { |
| // Subjects. |
| required Entity principals = 1; |
| |
| // Objects. |
| required Entity framework_principals = 2; |
| } |
| |
| // Which principals are authorized to teardown frameworks of other |
| // principals. |
| message TeardownFramework { |
| // Subjects. |
| required Entity principals = 1; |
| |
| // Objects. |
| required Entity framework_principals = 2; |
| } |
| |
| // Specifies which roles a principal can reserve resources for. |
| message ReserveResources { |
| // Subjects: Framework principal or Operator username. |
| required Entity principals = 1; |
| |
| // Objects: The principal(s) can reserve resources for these roles. |
| required Entity roles = 2; |
| } |
| |
| // Specifies which principals can unreserve which principals' |
| // reserved resources. |
| message UnreserveResources { |
| // Subjects: Framework principal or Operator username. |
| required Entity principals = 1; |
| |
| // Objects: Principal of the entity that reserved the resources. |
| required Entity reserver_principals = 2; |
| } |
| |
| // Specifies which roles a principal can create volumes for. |
| message CreateVolume { |
| // Subjects: Framework principal or Operator username. |
| required Entity principals = 1; |
| |
| // Objects: The principal(s) can create volumes for these roles. |
| required Entity roles = 2; |
| } |
| |
| // Specifies which principals can destroy volumes |
| // created by which other principals. |
| message DestroyVolume { |
| // Subjects: Framework principal or Operator username. |
| required Entity principals = 1; |
| |
| // Objects: Principal of the entity that created the volume. |
| required Entity creator_principals = 2; |
| } |
| |
| // Which principals are authorized to set quotas for given roles. |
| message SetQuota { |
| // Subjects: Operator username. |
| required Entity principals = 1; |
| |
| // Objects: The list of roles for which a quota can be set. |
| required Entity roles = 2; |
| } |
| |
| // Which principals can remove quotas set by which other principals. |
| message RemoveQuota { |
| // Subjects: Operator username. |
| required Entity principals = 1; |
| |
| // Objects: Principal of the entity that set the quota. |
| required Entity quota_principals = 2; |
| } |
| } |
| |
| |
| /** |
| * Collection of ACL. |
| * |
| * Each authorization request is evaluated against the ACLs in the order |
| * they are defined. |
| * |
| * For simplicity, the ACLs for a given action are not aggregated even |
| * when they have the same subjects or objects. The first ACL that |
| * matches the request determines whether that request should be |
| * permitted or not. An ACL matches iff both the subjects |
| * (e.g., clients, principals) and the objects (e.g., urls, users, |
| * roles) of the ACL match the request. |
| * |
| * If none of the ACLs match the request, the 'permissive' field |
| * determines whether the request should be permitted or not. |
| * |
| * TODO(vinod): Do aggregation of ACLs when possible. |
| * |
| */ |
| message ACLs { |
| optional bool permissive = 1 [default = true]; |
| repeated ACL.RegisterFramework register_frameworks = 2; |
| repeated ACL.RunTask run_tasks = 3; |
| // TODO(gyliu513): Remove this shutdown_frameworks at the |
| // end of the deprecation cycle on 0.27. |
| repeated ACL.ShutdownFramework shutdown_frameworks = 4; |
| repeated ACL.ReserveResources reserve_resources = 5; |
| repeated ACL.UnreserveResources unreserve_resources = 6; |
| repeated ACL.CreateVolume create_volumes = 7; |
| repeated ACL.DestroyVolume destroy_volumes = 8; |
| repeated ACL.SetQuota set_quotas = 9; |
| repeated ACL.RemoveQuota remove_quotas = 10; |
| repeated ACL.TeardownFramework teardown_frameworks = 11; |
| } |