[
https://issues.apache.org/jira/browse/MESOS-5628?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Park updated MESOS-5628:
--------------------------------
Description:
Currently, the {{QuotaHandler}} makes two authorization requests to the
authorizer. For example, {{SetQuota}} and {{UpdateQuota}}. It then uses the
following loop to determine its behavior.
{code}
foreach (bool authorized, authorizeResults) {
if (!authorized) {
return Forbidden();
}
}
return _set(quotaInfo, forced);
{code}
This depends on the fact that {{LocalAuthorizer::authorized}} returns {{true}}
when it receives a request it does not support. Considering that {{true}} as an
answer to {{authorized}} means authorized, this is clearly incorrect. In
general, this type of global invariant is difficult to keep in sync and correct.
Another issue is that a seemingly innocent transformation of this loop would
break the logic:
{code}
foreach (bool authorized, authorizeResults) {
if (authorized) {
return _set(quotaInfo, forced);
}
}
return Forbidden();
{code}
Attempting to make multiple requests to the authorizer for an action and trying
to combine the results is complicated. It would be much simpler to make one
request per action.
was:
Currently, the {{QuotaHandler}} makes two authorization requests to the
authorizer. For example, {{SetQuota}} and {{UpdateQuota}}. It then uses the
following loop to determine its behavior.
{code}
foreach (bool authorized, authorizeResults) {
if (!authorized) {
return Forbidden();
}
}
return _set(quotaInfo, forced);
{code}
This depends on the fact that {{LocalAuthorizer::authorized}} returns {{true}}
when it receives a request it does not support. Considering that {{true}} as an
answer to {{authorized}} means authorized, this is clearly incorrect.
Another issue is that a seemingly innocent transformation of this loop can
break the logic:
{code}
foreach (bool authorized, authorizeResults) {
if (authorized) {
return _set(quotaInfo, forced);
}
}
return Forbidden();
{code}
Attempting to make multiple requests to the authorizer for an action and trying
to combine the results is complicated. It would be much simpler to make one
request per action.
> `QuotaHandler` should only make one authorization request to the authorizer.
> ----------------------------------------------------------------------------
>
> Key: MESOS-5628
> URL: https://issues.apache.org/jira/browse/MESOS-5628
> Project: Mesos
> Issue Type: Task
> Reporter: Michael Park
> Assignee: Michael Park
> Labels: mesosphere
>
> Currently, the {{QuotaHandler}} makes two authorization requests to the
> authorizer. For example, {{SetQuota}} and {{UpdateQuota}}. It then uses the
> following loop to determine its behavior.
> {code}
> foreach (bool authorized, authorizeResults) {
> if (!authorized) {
> return Forbidden();
> }
> }
> return _set(quotaInfo, forced);
> {code}
> This depends on the fact that {{LocalAuthorizer::authorized}} returns
> {{true}} when it receives a request it does not support. Considering that
> {{true}} as an answer to {{authorized}} means authorized, this is clearly
> incorrect. In general, this type of global invariant is difficult to keep in
> sync and correct.
> Another issue is that a seemingly innocent transformation of this loop would
> break the logic:
> {code}
> foreach (bool authorized, authorizeResults) {
> if (authorized) {
> return _set(quotaInfo, forced);
> }
> }
> return Forbidden();
> {code}
> Attempting to make multiple requests to the authorizer for an action and
> trying to combine the results is complicated. It would be much simpler to
> make one request per action.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
