Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-10099

Operator API can silently drop objects due to authorization errors.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • master
    • None

    Description

      Currently, `ObjectApproves` does not discern declined authorization from error returned by `ObjectApprovers::approved()`:

      https://github.com/apache/mesos/blob/e3db054d639b79a7b0246d2431ff8eece3e394e8/src/master/master.cpp#L13274

      As a consequence, authorization errors in ObjectApprover result in silently filtering objects in operator API calls, example: https://github.com/apache/mesos/blob/998aee66bfedd1fe15bb1e1fc43a637fe91662a5/src/master/readonly_handler.cpp#L196

      This issue is potentially exacerbated by introduction of synchronous authorization (which will result in transient failures propagated as errors returned by `approved(...)`.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. MESOS-10085 Operator API events are silently dropped on transient authorization failures.

          • Major - Major loss of function.
          • Accepted

          Improvement - An improvement or enhancement to an existing feature or task. MESOS-10056 Perform synchronous authorization for scheduler calls.

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              asekretenko Andrei Sekretenko
              asekretenko Andrei Sekretenko
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: