Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
Currently, when performing ACCEPT call, operations are validated after authorization to avoid races between validating against Master state and other events modifying Master state while operation is being authorized by Authorizer.
This causes a need for the authorization code to compose valid authorization Objects for invalid operations. If the authorization setup is strict enough, this will result in the framework receiving "Not authorized" message for an invalid operation, instead of validation error.
There are two options to prevent sending authorization errors for invalid operations (and also get rid of handling invalid operations in Object composing code):
- to split validation into two parts (first one stateless, second one depending on the master state), and run the first part before authorizing
- get rid of asynchronous authorization step in ACCEPT (as suggested in
MESOS-10056), and perform all validation before authorization.
Attachments
Issue Links
- is fixed by
-
MESOS-10056 Perform synchronous authorization for scheduler calls.
-
- Resolved
-
- is related to
-
-
- Resolved
-