zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ZOOKEEPER-2709) Clarify documentation around "auth" ACL scheme
Date Tue, 07 Mar 2017 18:39:38 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-2709?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15899910#comment-15899910
] 

ASF GitHub Bot commented on ZOOKEEPER-2709:
-------------------------------------------

Github user joshelser commented on a diff in the pull request:

    https://github.com/apache/zookeeper/pull/182#discussion_r104744229
  
    --- Diff: src/docs/src/documentation/content/xdocs/zookeeperProgrammers.xml ---
    @@ -899,9 +899,12 @@
             single id, <emphasis>anyone</emphasis>, that represents
             anyone.</para></listitem>
     
    -        <listitem><para><emphasis role="bold">auth</emphasis>
doesn't
    -        use any id, represents any authenticated
    -        user.</para></listitem>
    +        <listitem><para><emphasis role="bold">auth</emphasis>
is a convenience
    +        scheme which defaults to the currently-authenticated user and scheme.
    +        Any ID which is provided using this scheme is ignored by ZooKeeper.
    --- End diff --
    
    Thanks for taking a look, @hanm!
    
    > I think the ID here refers to the id of the scheme:id pair of the ID object in the
ACL, correct?
    
    Yup, that's what I was intending. Perhaps I should try to clarify that better :)
    
    > the auth scheme is also referenced in command line where people can do 'setAcl /node
auth:username:password:crdwa' in which case the username (sometimes overloaded as id) is required.
    
    OK, that's a good point which I didn't realize. I would have expected that `auth:username:password:crdwa`
would have resulted in ignoring `username:password`. Let me play with that to better understand
it..


> Clarify documentation around "auth" ACL scheme
> ----------------------------------------------
>
>                 Key: ZOOKEEPER-2709
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2709
>             Project: ZooKeeper
>          Issue Type: Task
>          Components: documentation
>            Reporter: Josh Elser
>            Priority: Minor
>
> We recently found up in HBASE-17717 that we were incorrectly setting an ACL on our "sensitive"
znodes after the output of {{getACL}} on these nodes didn't match what was expected.
> In referencing the documentation about how the {{auth}} ACL scheme was supposed to work,
it was unclear if it was a ZooKeeper bug or an HBase bug. After reading some ZooKeeper code,
we found that it was an HBase bug, but it would be nice to clarify the docs around this ACL
scheme.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message