Michael Park created MESOS-5628:
-----------------------------------
Summary: `QuotaHandler` should only make one authorization request
to the authorizer.
Key: MESOS-5628
URL: https://issues.apache.org/jira/browse/MESOS-5628
Project: Mesos
Issue Type: Task
Reporter: Michael Park
Assignee: Michael Park
Currently, the {{QuotaHandler}} makes two authorization requests to the
authorizer. For example, {{SetQuota}} and {{UpdateQuota}}. It then uses the
following loop to determine its behavior.
{code}
foreach (bool authorized, authorizeResults) {
if (!authorized) {
return Forbidden();
}
}
return _set(quotaInfo, forced);
{code}
This depends on the fact that {{LocalAuthorizer::authorized}} returns {{true}}
when it receives a request it does not support. Considering that {{true}} as an
answer to {{authorized}} means authorized, this is clearly incorrect.
Another issue is that a seemingly innocent transformation of this loop can
break the logic:
{code}
foreach (bool authorized, authorizeResults) {
if (authorized) {
return _set(quotaInfo, forced);
}
}
return Forbidden();
{code}
Attempting to make multiple requests to the authorizer for an action and trying
to combine the results is complicated. It would be much simpler to make one
request per action.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
