Greg Mann created MESOS-5004: -------------------------------- Summary: Clarify docs on '/reserve' and '/create-volumes' without authentication Key: MESOS-5004 URL: https://issues.apache.org/jira/browse/MESOS-5004 Project: Mesos Issue Type: Documentation Components: documentation Reporter: Greg Mann
For both reservations and persistent volume creation, the behavior of the HTTP endpoints differs slightly from that of the framework operations. Due to the implementation of HTTP authentication, it is not possible for a framework/operator to provide a principal when HTTP authentication is disabled. This means that when HTTP authentication is disabled, the endpoint handlers will _always_ receive {{None()}} as the principal associated with the request, and thus if authorization is enabled, the request will only succeed if the NONE principal is authorized to do stuff. The docs should be updated to explain this behavior explicitly. -- This message was sent by Atlassian JIRA (v6.3.4#6332)