[MESOS-9562] Authorization for DESTROY and UNRESERVE is not symmetrical. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Accepted
Priority: Major
Resolution: Unresolved
Affects Version/s: 1.7.1
Fix Version/s: None
Component/s: master, scheduler api
Labels:

Epic Link:
Authorization Improvements
Story Points:
5

Description

For the UNRESERVE case, if the principal was not set, .has_principal() will be false, hence we will not call authorizations.push_back(), and hence we will not create an authz request with this resource as an object. For the DESTROY case, if the principal was not set, a default value "" for string will be used and hence we will create an authz request with this resource as an object.

We definitely need to make the behaviour consistent. I'm not sure which approach is correct.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Alex R

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 08/Feb/19 13:44

Updated:: 29/Apr/19 09:26