[jira] [Created] (MESOS-9562) Authorization for DESTROY and UNRESERVE is not symmetrical.

Alexander Rukletsov (JIRA) Fri, 08 Feb 2019 05:46:40 -0800

Alexander Rukletsov created MESOS-9562:
------------------------------------------


             Summary: Authorization for DESTROY and UNRESERVE is not 
symmetrical.
                 Key: MESOS-9562
                 URL: https://issues.apache.org/jira/browse/MESOS-9562
             Project: Mesos
          Issue Type: Improvement
          Components: master, scheduler api
    Affects Versions: 1.7.1
            Reporter: Alexander Rukletsov


For [the {{UNRESERVE}} 
case|https://github.com/apache/mesos/blob/5d3ed364c6d1307d88e6b950ae0eef423c426673/src/master/master.cpp#L3661-L3677],
 if the principal was not set, {{.has_principal()}} will be {{false}}, hence we 
will not call {{authorizations.push_back()}}, and hence we will not create an 
authz request with this resource as an object. For [the {{DESTROY}} 
case|https://github.com/apache/mesos/blob/5d3ed364c6d1307d88e6b950ae0eef423c426673/src/master/master.cpp#L3772-L3773],
 if the principal was not set, a default value {{""}} for string will be used 
and hence we will create an authz request with this resource as an object. 

We definitely need to make the behaviour consistent. I'm not sure which 
approach is correct.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (MESOS-9562) Authorization for DESTROY and UNRESERVE is not symmetrical.

Reply via email to