zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ZOOKEEPER-2709) Clarify documentation around "auth" ACL scheme
Date Tue, 07 Mar 2017 06:13:33 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-2709?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15898804#comment-15898804
] 

ASF GitHub Bot commented on ZOOKEEPER-2709:
-------------------------------------------

Github user hanm commented on a diff in the pull request:

    https://github.com/apache/zookeeper/pull/182#discussion_r104595517
  
    --- Diff: src/docs/src/documentation/content/xdocs/zookeeperProgrammers.xml ---
    @@ -899,9 +899,12 @@
             single id, <emphasis>anyone</emphasis>, that represents
             anyone.</para></listitem>
     
    -        <listitem><para><emphasis role="bold">auth</emphasis>
doesn't
    -        use any id, represents any authenticated
    -        user.</para></listitem>
    +        <listitem><para><emphasis role="bold">auth</emphasis>
is a convenience
    +        scheme which defaults to the currently-authenticated user and scheme.
    +        Any ID which is provided using this scheme is ignored by ZooKeeper.
    --- End diff --
    
    Thanks for the patch, it is a good improvement on doc.
    
    I think the ID here refers to the id of the scheme:id pair of the ID object in the ACL,
correct? Mentioning this because the auth scheme is also referenced in command line where
people can do 'setAcl /node auth:username:password:crdwa' in which case the username (sometimes
overloaded as id) is required. 



> Clarify documentation around "auth" ACL scheme
> ----------------------------------------------
>
>                 Key: ZOOKEEPER-2709
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2709
>             Project: ZooKeeper
>          Issue Type: Task
>          Components: documentation
>            Reporter: Josh Elser
>            Priority: Minor
>
> We recently found up in HBASE-17717 that we were incorrectly setting an ACL on our "sensitive"
znodes after the output of {{getACL}} on these nodes didn't match what was expected.
> In referencing the documentation about how the {{auth}} ACL scheme was supposed to work,
it was unclear if it was a ZooKeeper bug or an HBase bug. After reading some ZooKeeper code,
we found that it was an HBase bug, but it would be nice to clarify the docs around this ACL
scheme.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message