Return-Path: X-Original-To: apmail-couchdb-dev-archive@www.apache.org Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id BEF3110FB5 for ; Thu, 4 Dec 2014 12:02:13 +0000 (UTC) Received: (qmail 53136 invoked by uid 500); 4 Dec 2014 12:02:13 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 53070 invoked by uid 500); 4 Dec 2014 12:02:13 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 52976 invoked by uid 99); 4 Dec 2014 12:02:13 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Dec 2014 12:02:13 +0000 Date: Thu, 4 Dec 2014 12:02:13 +0000 (UTC) From: "ASF GitHub Bot (JIRA)" To: dev@couchdb.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (COUCHDB-2452) Provide _users DB security when _users DB is on the clustered interface MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/COUCHDB-2452?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14234159#comment-14234159 ] ASF GitHub Bot commented on COUCHDB-2452: ----------------------------------------- GitHub user mikewallace1979 opened a pull request: https://github.com/apache/couchdb/pull/288 Test users db security rules on clustered interface Explicitly test authentication_db security rules when authentication_db is on the clustered interface (5984). COUCHDB-2452 You can merge this pull request into a Git repository by running: $ git pull https://github.com/apache/couchdb 2452-users-db-security-on-clustered-interface Alternatively you can review and apply these changes as the patch at: https://github.com/apache/couchdb/pull/288.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #288 ---- commit 49f03e2be48dac56c27b220b11cd70676df50f99 Author: Mike Wallace Date: 2014-11-26T23:17:04Z Teach dev/run to clear nodes DB This commit makes dev/run replace the nodes DB with an empty DB before adding the nodes doc. This changes the previous behaviour which was to just try adding the docs and ignore conflicts. The change makes it possible for a developer to run `dev/run -n 1` (to spawn a single node cluster) having previously run `dev/run` (which spawns a three node cluster). Without replacing the nodes DB the `dev/run -n 1` single-node cluster would still have two other nodes in the nodes DB and therefore not work correctly. Note that we explicitly delete each node doc rather than deleting the whole database because the cluster membership layer gets upset when the nodes database itself is deleted/recreated. commit 23d79b3f606245ab657900fe7b1bc6ef77ace16e Author: Mike Wallace Date: 2014-11-27T15:13:44Z Test _users security on the cluster and admin port This commit modifies the _users DB security test so that it tests the authentication DB against the clustered interface in addition to the admin interface. Previously this test was only being run against the admin port. COUCHDB-2452 commit ed4a4a9e2bfbc906bc2339007fe7ef13137eba88 Author: Mike Wallace Date: 2014-12-01T13:22:46Z Make users_db_security.js use N=1 clusters only The users_db_security.js test will not work against a multi-node cluster because it relies on config settings being made by the test code. Because there is no generic way of discovering the locations of the other nodes on a dev cluster (they may be on unexpected ports for one reason or another) it is only possible to guarantee those settings are made on a single node. This commit therefore forces the users_db_security.js test to run against a single node cluster by: - setting the cluster variables to N=Q=R=W=1 - excluding the test in the Makefile and running it explicitly with `dev/run -n 1` - teaching run_on_modified_server to correctly preserve the old config settings when nested run_on_modified_server calls are made COUCHDB-2452 ---- > Provide _users DB security when _users DB is on the clustered interface > ----------------------------------------------------------------------- > > Key: COUCHDB-2452 > URL: https://issues.apache.org/jira/browse/COUCHDB-2452 > Project: CouchDB > Issue Type: Improvement > Security Level: public(Regular issues) > Components: Database Core > Reporter: Mike Wallace > > The authentication DB (default name _users) has special security semantics which are currently only supported on the admin port (default 5986). Since we support using the _users DB on the clustered port we should also ensure the same security semantics apply there. -- This message was sent by Atlassian JIRA (v6.3.4#6332)