[
https://issues.apache.org/jira/browse/MESOS-5588?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15333387#comment-15333387
]
Alexander Rukletsov commented on MESOS-5588:
--------------------------------------------
I think the precedent for {{optional}} was set in
https://reviews.apache.org/r/41681/diff/28-29/ . Unfortunately, I don't see any
comments on why this change was made, maybe there were some offline discussion
(cc [~adam-mesos], [~gradywang]). Since then, newly added actions were
following the pattern. I don't see any reason why we should use {{required}} in
some cases and {{optional}} in other, so let's pick one and restore consistency.
Keep in mind, that ptoro3 doesn't support {{required}} fields; so even though
it makes sense to have protobuf parser check ACL integrity for us, we might
have to revisit this in future and implement validation ourselves.
> Improve error handling when parsing acls.
> -----------------------------------------
>
> Key: MESOS-5588
> URL: https://issues.apache.org/jira/browse/MESOS-5588
> Project: Mesos
> Issue Type: Improvement
> Reporter: Joerg Schad
> Assignee: Joerg Schad
>
> During parsing of the authorizer errors are ignored. This can lead to
> undetected security issues.
> Consider the following acl with an typo (usr instead of user)
> {code}
> "view_frameworks": [
> {
> "principals": { "type": "ANY" },
> "usr": { "type": "NONE" }
> }
> ]
> {code}
> When the master is started with these flags it will interprete the acl int he
> following way which gives any principal access to any framework.
> {noformat}
> view_frameworks {
> principals {
> type: ANY
> }
> }
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
