Andrei Sekretenko created MESOS-10099:
-
Summary: Operator API can silently drop objects due to
authorization errors.
Key: MESOS-10099
URL: https://issues.apache.org/jira/browse/MESOS-10099
Project: Mesos
Issue Type: Bug
Components: master
Reporter: Andrei Sekretenko
Assignee: Andrei Sekretenko
Currently, `ObjectApproves` does not discern declined authorization from error
returned by `ObjectApprovers::approved()`:
https://github.com/apache/mesos/blob/e3db054d639b79a7b0246d2431ff8eece3e394e8/src/master/master.cpp#L13274
As a consequence, authorization errors in ObjectApprover result in silently
filtering objects in operator API calls, example:
https://github.com/apache/mesos/blob/998aee66bfedd1fe15bb1e1fc43a637fe91662a5/src/master/readonly_handler.cpp#L196
This issue is potentially exacerbated by introduction of synchronous
authorization (which will result in _transient_ failures propagated as errors
returned by `approved(...)`.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)