[ https://issues.apache.org/jira/browse/MESOS-5005?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Artem Harutyunyan updated MESOS-5005: ------------------------------------- Sprint: Mesosphere Sprint 32, Mesosphere Sprint 33 (was: Mesosphere Sprint 32) > Make `ReservationInfo.principal` and `Persistence.principal` equivalent > ----------------------------------------------------------------------- > > Key: MESOS-5005 > URL: https://issues.apache.org/jira/browse/MESOS-5005 > Project: Mesos > Issue Type: Bug > Reporter: Greg Mann > Assignee: Greg Mann > Labels: mesosphere, persistent-volumes, reservations > > Currently, we require that `ReservationInfo.principal` be equal to the > principal provided for authentication, which means that when HTTP > authentication is disabled this field cannot be set. Based on comments in > 'mesos.proto', the original intention was to enforce this same constraint for > `Persistence.principal`, but it seems that we don't enforce it. This should > be changed to make the two fields equivalent. > This means that when HTTP authentication is disabled, requests to '/reserve' > cannot set {{ReservationInfo.principal}}, while requests to `/create-volumes` > can set any principal in {{Persistence.principal}}. One solution would be to > add the constraint to {{Persistence.principal}} when HTTP authentication is > enabled, and remove the constraint from {{ReservationInfo.principal}} when > HTTP authentication is disabled: this would allow us to track a > reserver/creator principal when HTTP authentication is disabled. -- This message was sent by Atlassian JIRA (v6.3.4#6332)