[
https://issues.apache.org/jira/browse/MESOS-5005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15212531#comment-15212531
]
Greg Mann commented on MESOS-5005:
----------------------------------
IMO this should be addressed sooner rather than later. [~mcypark],
[~adam-mesos], [~jieyu], [~jvanremoortere], any bandwidth to shepherd this? I'm
on-call next sprint but this shouldn't be too complicated, might be a
reasonable ticket for me to take on. [~hartem]
> Make `ReservationInfo.principal` and `Persistence.principal` equivalent
> -----------------------------------------------------------------------
>
> Key: MESOS-5005
> URL: https://issues.apache.org/jira/browse/MESOS-5005
> Project: Mesos
> Issue Type: Bug
> Reporter: Greg Mann
> Labels: mesosphere, persistent-volumes, reservations
>
> Currently, we require that `ReservationInfo.principal` be equal to the
> principal provided for authentication, which means that when HTTP
> authentication is disabled this field cannot be set. Based on comments in
> 'mesos.proto', the original intention was to enforce this same constraint for
> `Persistence.principal`, but it seems that we don't enforce it. This should
> be changed to make the two fields equivalent.
> This means that when HTTP authentication is disabled, requests to '/reserve'
> cannot set {{ReservationInfo.principal}}, while requests to `/create-volumes`
> can set any principal in {{Persistence.principal}}. One solution would be to
> add the constraint to {{Persistence.principal}} when HTTP authentication is
> enabled, and remove the constraint from {{ReservationInfo.principal}} when
> HTTP authentication is disabled: this would allow us to track a
> reserver/creator principal when HTTP authentication is disabled.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
