> On Jan. 13, 2016, 5:22 a.m., Michael Park wrote: > > src/master/validation.cpp, line 703 > > <https://reviews.apache.org/r/42164/diff/5/?file=1194762#file1194762line703> > > > > First thing here is that the `principal` field in `ReservationInfo` is > > still marked `required`. What's our plan for changing it to `optional`? > > > > Second thing is that even if `principal.isNone()`, if is authorization > > is turned off we don't care, right? That is, if authorization is turned > > off, even frameworks without a principal can reserve any resources?
Regarding your first question: per our discussion, we do indeed need a good plan for migrating to an `optional` principal within `ReservationInfo`. It would seem that we have to choose between two less-than-ideal situations: either we tolerate HTTP endpoints that don't work when authentication is disabled, or we enforce that frameworks cannot register with `principal == ""`, so that we can use the empty string to represent a null principal while we migrate to an `optional` principal over a deprecation cycle. To your second point: again per our discussion, semantically the principal within `ReservationInfo` represents the principal (or lack thereof) which reserved the resources, so we should enforce that it matches the principal of the framework/operator, even if authorization is not enabled. - Greg ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/42164/#review114149 ----------------------------------------------------------- On Jan. 13, 2016, 2:45 a.m., Greg Mann wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/42164/ > ----------------------------------------------------------- > > (Updated Jan. 13, 2016, 2:45 a.m.) > > > Review request for mesos, Alexander Rojas, Michael Park, and Neil Conway. > > > Bugs: MESOS-3940 > https://issues.apache.org/jira/browse/MESOS-3940 > > > Repository: mesos > > > Description > ------- > > Allowed (un)reserve operations without a principal. > > > Diffs > ----- > > src/master/validation.cpp 6a43bce5b7df6a9d939245c4726d060fa19eb305 > src/tests/master_validation_tests.cpp > fbf8fadbc04a7cbc60ee6091e0224339389b400f > src/tests/reservation_endpoints_tests.cpp > b8edd6fafedd4c2221a8d19c1ebc71254071a8c7 > > Diff: https://reviews.apache.org/r/42164/diff/ > > > Testing > ------- > > Two master validation tests were removed which tested to make sure that > reserve and unreserve operations would not succeed without a principal. > > `make check` was used to test on both OSX and Ubuntu 14.04 > > > Thanks, > > Greg Mann > >
