(Opening a flux-accounting-specific issue to relay some of the conversation had in flux-framework/flux-core#4306)
There might be a need to change the behavior in the priority plugin as it relates to handling jobs that specify a queue they do not have access to. Currently, the plugin will accept a job that specifies a queue it does not know about:
// if the queue cannot be found, this means that flux-accounting
// does not know about the queue, and thus should return a default
// factor
auto q_it = queues.find (queue);
if (q_it == queues.end ())
return UNKNOWN_QUEUE;If I remember correctly, this behavior was implemented so that an admin did not have to also configure queue permissions for every user in the flux-accounting database in order for them to be able to submit jobs to queues. However, as @grondo pointed out, this presents a workaround for users to be able to submit jobs they should not have access to. Consider the following use case:
a new exempt queue gets added to flux-core before flux-accounting is updated, and users are able to submit jobs to it, thus bypassing all limits.
This is especially important if the queue being added has expected limits or certain priorities configured with it; admins would also need to configure this queue and its relevant properties in the flux-accounting database as well as give only the necessary users access to this queue.
Tagging @ryanday36 here in case he has any thoughts that I might have missed or other potential considerations with changing this behavior in the priority plugin.
(Opening a flux-accounting-specific issue to relay some of the conversation had in flux-framework/flux-core#4306)
There might be a need to change the behavior in the priority plugin as it relates to handling jobs that specify a queue they do not have access to. Currently, the plugin will accept a job that specifies a queue it does not know about:
If I remember correctly, this behavior was implemented so that an admin did not have to also configure queue permissions for every user in the flux-accounting database in order for them to be able to submit jobs to queues. However, as @grondo pointed out, this presents a workaround for users to be able to submit jobs they should not have access to. Consider the following use case:
This is especially important if the queue being added has expected limits or certain priorities configured with it; admins would also need to configure this queue and its relevant properties in the flux-accounting database as well as give only the necessary users access to this queue.
Tagging @ryanday36 here in case he has any thoughts that I might have missed or other potential considerations with changing this behavior in the priority plugin.