You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Till Toenshoff (JIRA)" <ji...@apache.org> on 2017/12/12 16:31:00 UTC

[jira] [Commented] (MESOS-8322) Authorization failure message from the master should include the subject.

    [ https://issues.apache.org/jira/browse/MESOS-8322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16287835#comment-16287835 ] 

Till Toenshoff commented on MESOS-8322:
---------------------------------------

So we should add the {{frameworkInfo->principal}} within the string that gets rendered here: https://github.com/apache/mesos/blob/master/src/master/master.cpp#L4901

> Authorization failure message from the master should include the subject.
> -------------------------------------------------------------------------
>
>                 Key: MESOS-8322
>                 URL: https://issues.apache.org/jira/browse/MESOS-8322
>             Project: Mesos
>          Issue Type: Improvement
>          Components: master
>    Affects Versions: 1.5.0
>            Reporter: Till Toenshoff
>            Assignee: Alexander Rukletsov
>            Priority: Minor
>              Labels: security
>
> When trying to run a task owned by a framework principal that lacks specific rights for the task-user in question, it would be much more helpful if the Mesos master would actually supply the framework principal (aka Subject) within the error message.
> Currently what I see is reason strings like this:
> {{Not authorized to launch as user 'nobody'}}
> Whereas I think it would be much more helpful if we included the subject like this:
> {{SUBJECT is not authorized to launch tasks as user 'OBJECT'}}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)