[jira] [Updated] (MESOS-5005) Enforce that DiskInfo principal is equal to framework/operator principal

Wed, 13 Apr 2016 14:33:59 -0700 

     [ 
https://issues.apache.org/jira/browse/MESOS-5005?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Greg Mann updated MESOS-5005:
-----------------------------
    Description: Currently, we require that `ReservationInfo.principal` be 
equal to the principal provided for authentication, which means that when HTTP 
authentication is disabled this field cannot be set. Based on comments in 
'mesos.proto', the original intention was to enforce this same constraint for 
`Persistence.principal`, but it seems that we don't enforce it. This should be 
changed to make the two fields equivalent.  (was: Currently, we require that 
`ReservationInfo.principal` be equal to the principal provided for 
authentication, which means that when HTTP authentication is disabled this 
field cannot be set. Based on comments in 'mesos.proto', the original intention 
was to enforce this same constraint for `Persistence.principal`, but it seems 
that we don't enforce it. This should be changed to make the two fields 
equivalent.

This means that when HTTP authentication is disabled, requests to '/reserve' 
cannot set {{ReservationInfo.principal}}, while requests to `/create-volumes` 
can set any principal in {{Persistence.principal}}. One solution would be to 
add the constraint to {{Persistence.principal}} when HTTP authentication is 
enabled, and remove the constraint from {{ReservationInfo.principal}} when HTTP 
authentication is disabled: this would allow us to track a reserver/creator 
principal when HTTP authentication is disabled.)

> Enforce that DiskInfo principal is equal to framework/operator principal
> ------------------------------------------------------------------------
>
>                 Key: MESOS-5005
>                 URL: https://issues.apache.org/jira/browse/MESOS-5005
>             Project: Mesos
>          Issue Type: Bug
>            Reporter: Greg Mann
>            Assignee: Greg Mann
>              Labels: mesosphere, persistent-volumes, reservations
>
> Currently, we require that `ReservationInfo.principal` be equal to the 
> principal provided for authentication, which means that when HTTP 
> authentication is disabled this field cannot be set. Based on comments in 
> 'mesos.proto', the original intention was to enforce this same constraint for 
> `Persistence.principal`, but it seems that we don't enforce it. This should 
> be changed to make the two fields equivalent.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to