[jira] [Updated] (MESOS-5005) Make `ReservationInfo.principal` and `Persistence.principal` equivalent
[
https://issues.apache.org/jira/browse/MESOS-5005?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Artem Harutyunyan updated MESOS-5005:
-
Sprint: Mesosphere Sprint 32, Mesosphere Sprint 33 (was: Mesosphere Sprint
32)
> Make `ReservationInfo.principal` and `Persistence.principal` equivalent
> ---
>
> Key: MESOS-5005
> URL: https://issues.apache.org/jira/browse/MESOS-5005
> Project: Mesos
> Issue Type: Bug
>Reporter: Greg Mann
>Assignee: Greg Mann
> Labels: mesosphere, persistent-volumes, reservations
>
> Currently, we require that `ReservationInfo.principal` be equal to the
> principal provided for authentication, which means that when HTTP
> authentication is disabled this field cannot be set. Based on comments in
> 'mesos.proto', the original intention was to enforce this same constraint for
> `Persistence.principal`, but it seems that we don't enforce it. This should
> be changed to make the two fields equivalent.
> This means that when HTTP authentication is disabled, requests to '/reserve'
> cannot set {{ReservationInfo.principal}}, while requests to `/create-volumes`
> can set any principal in {{Persistence.principal}}. One solution would be to
> add the constraint to {{Persistence.principal}} when HTTP authentication is
> enabled, and remove the constraint from {{ReservationInfo.principal}} when
> HTTP authentication is disabled: this would allow us to track a
> reserver/creator principal when HTTP authentication is disabled.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (MESOS-5005) Make `ReservationInfo.principal` and `Persistence.principal` equivalent
[
https://issues.apache.org/jira/browse/MESOS-5005?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Artem Harutyunyan updated MESOS-5005:
-
Assignee: Greg Mann
> Make `ReservationInfo.principal` and `Persistence.principal` equivalent
> ---
>
> Key: MESOS-5005
> URL: https://issues.apache.org/jira/browse/MESOS-5005
> Project: Mesos
> Issue Type: Bug
>Reporter: Greg Mann
>Assignee: Greg Mann
> Labels: mesosphere, persistent-volumes, reservations
>
> Currently, we require that `ReservationInfo.principal` be equal to the
> principal provided for authentication, which means that when HTTP
> authentication is disabled this field cannot be set. Based on comments in
> 'mesos.proto', the original intention was to enforce this same constraint for
> `Persistence.principal`, but it seems that we don't enforce it. This should
> be changed to make the two fields equivalent.
> This means that when HTTP authentication is disabled, requests to '/reserve'
> cannot set {{ReservationInfo.principal}}, while requests to `/create-volumes`
> can set any principal in {{Persistence.principal}}. One solution would be to
> add the constraint to {{Persistence.principal}} when HTTP authentication is
> enabled, and remove the constraint from {{ReservationInfo.principal}} when
> HTTP authentication is disabled: this would allow us to track a
> reserver/creator principal when HTTP authentication is disabled.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (MESOS-5005) Make `ReservationInfo.principal` and `Persistence.principal` equivalent
[
https://issues.apache.org/jira/browse/MESOS-5005?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Adam B updated MESOS-5005:
--
Shepherd: Adam B
Sprint: Mesosphere Sprint 32
> Make `ReservationInfo.principal` and `Persistence.principal` equivalent
> ---
>
> Key: MESOS-5005
> URL: https://issues.apache.org/jira/browse/MESOS-5005
> Project: Mesos
> Issue Type: Bug
>Reporter: Greg Mann
> Labels: mesosphere, persistent-volumes, reservations
>
> Currently, we require that `ReservationInfo.principal` be equal to the
> principal provided for authentication, which means that when HTTP
> authentication is disabled this field cannot be set. Based on comments in
> 'mesos.proto', the original intention was to enforce this same constraint for
> `Persistence.principal`, but it seems that we don't enforce it. This should
> be changed to make the two fields equivalent.
> This means that when HTTP authentication is disabled, requests to '/reserve'
> cannot set {{ReservationInfo.principal}}, while requests to `/create-volumes`
> can set any principal in {{Persistence.principal}}. One solution would be to
> add the constraint to {{Persistence.principal}} when HTTP authentication is
> enabled, and remove the constraint from {{ReservationInfo.principal}} when
> HTTP authentication is disabled: this would allow us to track a
> reserver/creator principal when HTTP authentication is disabled.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
