[
https://issues.apache.org/jira/browse/MESOS-5005?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Greg Mann updated MESOS-5005:
-----------------------------
Summary: Enforce that DiskInfo principal is equal to framework/operator
principal (was: Make `ReservationInfo.principal` and `Persistence.principal`
equivalent)
> Enforce that DiskInfo principal is equal to framework/operator principal
> ------------------------------------------------------------------------
>
> Key: MESOS-5005
> URL: https://issues.apache.org/jira/browse/MESOS-5005
> Project: Mesos
> Issue Type: Bug
> Reporter: Greg Mann
> Assignee: Greg Mann
> Labels: mesosphere, persistent-volumes, reservations
>
> Currently, we require that `ReservationInfo.principal` be equal to the
> principal provided for authentication, which means that when HTTP
> authentication is disabled this field cannot be set. Based on comments in
> 'mesos.proto', the original intention was to enforce this same constraint for
> `Persistence.principal`, but it seems that we don't enforce it. This should
> be changed to make the two fields equivalent.
> This means that when HTTP authentication is disabled, requests to '/reserve'
> cannot set {{ReservationInfo.principal}}, while requests to `/create-volumes`
> can set any principal in {{Persistence.principal}}. One solution would be to
> add the constraint to {{Persistence.principal}} when HTTP authentication is
> enabled, and remove the constraint from {{ReservationInfo.principal}} when
> HTTP authentication is disabled: this would allow us to track a
> reserver/creator principal when HTTP authentication is disabled.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
