[ https://issues.apache.org/jira/browse/MESOS-4591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15135713#comment-15135713 ]
Guangya Liu commented on MESOS-4591: ------------------------------------ [~greggomann] what is the problem if /reserve endpoint allows reservations for any role? I think that the /create endpoint also allows to create persistent volume for any role. > `/reserve` endpoint allows reservations for any role > ---------------------------------------------------- > > Key: MESOS-4591 > URL: https://issues.apache.org/jira/browse/MESOS-4591 > Project: Mesos > Issue Type: Bug > Affects Versions: 0.27.0 > Reporter: Greg Mann > Labels: mesosphere, reservations > > When frameworks reserve resources, the validation of the operation ensures > that the {{role}} of the reservation matches the {{role}} of the framework. > For the case of the {{/reserve}} operator endpoint, however, the operator has > no role to validate, so this check isn't performed. > This means that if an ACL exists which authorizes a framework's principal to > reserve resources, that same principal can be used to reserve resources for > _any_ role through the operator endpoint. > We should restrict reservations made through the operator endpoint to > specified roles. A few possibilities: > * The {{object}} of the {{reserve_resources}} ACL could be changed from > {{resources}} to {{roles}} > * A second ACL could be added for authorization of {{reserve}} operations, > with an {{object}} of {{role}} > * Our conception of the {{resources}} object in the {{reserve_resources}} ACL > could be expanded to include role information, i.e., > {{disk(role1);mem(role1)}} -- This message was sent by Atlassian JIRA (v6.3.4#6332)