[
https://issues.apache.org/jira/browse/MESOS-5406?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15298130#comment-15298130
]
Jay Guo commented on MESOS-5406:
--------------------------------
Some more thoughts:
# Should we sort ACLs and apply some mechanism like longest-prefix-match in
routing table? Instead of relying on the order they are specified by user
# Also should aggregate ACLs for given action? I saw TODO in codebase:
TODO(vinod): Do aggregation of ACLs when possible.
> Validate ACLs on creating an instance of local authorizer.
> ----------------------------------------------------------
>
> Key: MESOS-5406
> URL: https://issues.apache.org/jira/browse/MESOS-5406
> Project: Mesos
> Issue Type: Improvement
> Components: security
> Reporter: Alexander Rukletsov
> Assignee: Jay Guo
> Labels: mesosphere, security
>
> Some combinations of ACLs are not allowed, for example, specifying both
> {{SetQuota}} and {{UpdateQuota}}. We should capture such issues and error out
> early.
> This ticket aims to add as many validations as possible to a dedicated
> {{validate()}} routine, instead of having them implicitly in the codebase.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
