[
https://issues.apache.org/jira/browse/MESOS-2842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15864835#comment-15864835
]
Adam B edited comment on MESOS-2842 at 2/14/17 1:26 AM:
--------------------------------------------------------
Even if we don't support changing a role, it should fail framework
registration, not crash the master.
I'm escalating this to Critical, since a misbehaving framework should not be
able to crash the master. (or maybe that's a separate issue?)
was (Author: adam-mesos):
Even if we don't support changing a role, it should fail framework
registration, not crash the master.
I'm escalating this to Critical, since a misbehaving framework should not be
able to crash the master.
> Update FrameworkInfo.principal on framework re-registration
> -----------------------------------------------------------
>
> Key: MESOS-2842
> URL: https://issues.apache.org/jira/browse/MESOS-2842
> Project: Mesos
> Issue Type: Bug
> Reporter: Vinod Kone
> Priority: Critical
> Labels: security
>
> From the design doc:
> This is a bit involved because ‘principal’ is used for authentication and
> rate limiting.
> The authentication part is straightforward because a framework with updated
> ‘principal’ should authenticate with the new ‘principal’ before being allowed
> to re-register. The ‘authenticated’ map already gets updated when the
> framework disconnects and reconnects, so it is fine.
> For rate limiting, Master:failoverFramework() needs to be changed to update
> the principal in ‘frameworks.principals’ map and also remove the metrics for
> the old principal if there are no other frameworks with this principal
> (similar to what we do in Master::removeFramework()).
> The Master::visit() and Master::_visit() should work with the current
> semantics.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
