Greg Mann created MESOS-5004:
--------------------------------
Summary: Clarify docs on '/reserve' and '/create-volumes' without
authentication
Key: MESOS-5004
URL: https://issues.apache.org/jira/browse/MESOS-5004
Project: Mesos
Issue Type: Documentation
Components: documentation
Reporter: Greg Mann
For both reservations and persistent volume creation, the behavior of the HTTP
endpoints differs slightly from that of the framework operations. Due to the
implementation of HTTP authentication, it is not possible for a
framework/operator to provide a principal when HTTP authentication is disabled.
This means that when HTTP authentication is disabled, the endpoint handlers
will _always_ receive {{None()}} as the principal associated with the request,
and thus if authorization is enabled, the request will only succeed if the NONE
principal is authorized to do stuff.
The docs should be updated to explain this behavior explicitly.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
