You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Greg Mann (JIRA)" <ji...@apache.org> on 2016/02/20 02:45:18 UTC

[jira] [Comment Edited] (MESOS-4591) `/reserve` and `/create-volumes` endpoints allow operations for any role

    [ https://issues.apache.org/jira/browse/MESOS-4591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15155283#comment-15155283 ] 

Greg Mann edited comment on MESOS-4591 at 2/20/16 1:44 AM:
-----------------------------------------------------------

Review requests here:
https://reviews.apache.org/r/43776/
https://reviews.apache.org/r/43777/
https://reviews.apache.org/r/43782/
https://reviews.apache.org/r/43778/
https://reviews.apache.org/r/43779/
https://reviews.apache.org/r/43800/


was (Author: greggomann):
Patches for this approach have been posted here for review:
https://reviews.apache.org/r/43776/
https://reviews.apache.org/r/43777/
https://reviews.apache.org/r/43782/
https://reviews.apache.org/r/43778/
https://reviews.apache.org/r/43779/
https://reviews.apache.org/r/43800/

> `/reserve` and `/create-volumes` endpoints allow operations for any role
> ------------------------------------------------------------------------
>
>                 Key: MESOS-4591
>                 URL: https://issues.apache.org/jira/browse/MESOS-4591
>             Project: Mesos
>          Issue Type: Bug
>    Affects Versions: 0.27.0
>            Reporter: Greg Mann
>            Assignee: Greg Mann
>              Labels: mesosphere, reservations
>             Fix For: 0.28.0
>
>
> When frameworks reserve resources, the validation of the operation ensures that the {{role}} of the reservation matches the {{role}} of the framework. For the case of the {{/reserve}} operator endpoint, however, the operator has no role to validate, so this check isn't performed.
> This means that if an ACL exists which authorizes a framework's principal to reserve resources, that same principal can be used to reserve resources for _any_ role through the operator endpoint.
> We should restrict reservations made through the operator endpoint to specified roles. A few possibilities:
> * The {{object}} of the {{reserve_resources}} ACL could be changed from {{resources}} to {{roles}}
> * A second ACL could be added for authorization of {{reserve}} operations, with an {{object}} of {{role}}
> * Our conception of the {{resources}} object in the {{reserve_resources}} ACL could be expanded to include role information, i.e., {{disk(role1);mem(role1)}}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)