[ https://issues.apache.org/jira/browse/MESOS-5406?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15298130#comment-15298130 ]
Jay Guo commented on MESOS-5406: -------------------------------- Some more thoughts: # Should we sort ACLs and apply some mechanism like longest-prefix-match in routing table? Instead of relying on the order they are specified by user # Also should aggregate ACLs for given action? I saw TODO in codebase: TODO(vinod): Do aggregation of ACLs when possible. > Validate ACLs on creating an instance of local authorizer. > ---------------------------------------------------------- > > Key: MESOS-5406 > URL: https://issues.apache.org/jira/browse/MESOS-5406 > Project: Mesos > Issue Type: Improvement > Components: security > Reporter: Alexander Rukletsov > Assignee: Jay Guo > Labels: mesosphere, security > > Some combinations of ACLs are not allowed, for example, specifying both > {{SetQuota}} and {{UpdateQuota}}. We should capture such issues and error out > early. > This ticket aims to add as many validations as possible to a dedicated > {{validate()}} routine, instead of having them implicitly in the codebase. -- This message was sent by Atlassian JIRA (v6.3.4#6332)