[jira] [Created] (MESOS-10099) Operator API can silently drop objects due to authorization errors.

Andrei Sekretenko (Jira) Thu, 27 Feb 2020 07:14:18 -0800

Andrei Sekretenko created MESOS-10099:
-----------------------------------------


             Summary: Operator API can silently drop objects due to 
authorization errors.
                 Key: MESOS-10099
                 URL: https://issues.apache.org/jira/browse/MESOS-10099
             Project: Mesos
          Issue Type: Bug
          Components: master
            Reporter: Andrei Sekretenko
            Assignee: Andrei Sekretenko



Currently, `ObjectApproves` does not discern declined authorization from error 
returned by `ObjectApprovers::approved()`:

https://github.com/apache/mesos/blob/e3db054d639b79a7b0246d2431ff8eece3e394e8/src/master/master.cpp#L13274

As a consequence, authorization errors in ObjectApprover result in silently 
filtering objects in operator API calls, example: 
https://github.com/apache/mesos/blob/998aee66bfedd1fe15bb1e1fc43a637fe91662a5/src/master/readonly_handler.cpp#L196

This issue is potentially exacerbated by introduction of synchronous 
authorization (which will result in _transient_ failures propagated as errors 
returned by `approved(...)`.




--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (MESOS-10099) Operator API can silently drop objects due to authorization errors.

Reply via email to