You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At present (and, it appears, for as long as the feature has been implemented), there is a discrepancy between how the documentation tells you to configure "composite ids" for authdb files, and how the code validates them.
A client whose name is ddm and is a member of the atlas organization and has a role of production is allowed to lookup and delete files in /atlas. A client who is a member of the atlas organization and has a role of production is allowed to lookup, read and write files in /atlas. Otherwise, client’s who are members of the atlas organization can only lookup and read file in /atlas.
And further up, the description of the idspec values is:
idspec
is a single letter indicating the type of entity identifier that follows. You must specify one or more of them.
This will not work, however, as the code is looking for
// Id's are of the form 'c:', make sure we have that (don't validate it)
//
if (strlen(pp) != 2 || !index("ghoru", *pp))
That is, it wants something that looks like "o:" not "o".
Changing the provided specifiers in the Example to
= atlddm o: atlas r: production u: ddm
= atlprod o: atlas r: production
(and not altering the x lines)
successfully removes the error.
Could either the documentation be changed to agree with the code, or the code be changed to agree with the documentation, whichever is out of sync with the design intent?
The text was updated successfully, but these errors were encountered:
On Tue, 10 Nov 2020, aoanla wrote:
At present (and, it appears, for as long as the feature has been implemented), there is a discrepancy between how the documentation tells you to configure "composite ids" for authdb files, and how the code validates them.
In the documentation (ie: https://xrootd.slac.stanford.edu/doc/dev50/sec_config.htm#_Toc42289936 )
The example says:
> Example
>
> = atlddm o atlas r production u ddm
>
> = atlprod o atlas r production
>
> x atlddm /atlas ld
>
> x atlprod /atlas lrw
>
> o atlas /atlas lr
>
>
>
> A client whose name is ddm and is a member of the atlas organization and has a role of production is allowed to lookup and delete files in /atlas. A client who is a member of the atlas organization and has a role of production is allowed to lookup, read and write files in /atlas. Otherwise, client?s who are members of the atlas organization can only lookup and read file in /atlas.
And further up, the description of the idspec values is:
> idspec
>
> is a single letter indicating the type of entity identifier that follows. You must specify one or more of them.
>
This will not work, however, as the code is looking for
> // Id's are of the form 'c:', make sure we have that (don't validate it)
> //
> if (strlen(pp) != 2 || !index("ghoru", *pp))
>
That is, it wants something that looks like "o:" not "o".
Changing the provided specifiers in the Example to
> = atlddm o: atlas r: production u: ddm
> = atlprod o: atlas r: production
(and not altering the x lines)
successfully removes the error.
Could either the documentation be changed to agree with the code, or the code be changed to agree with the documentation, whichever is out of sync with the design intent?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
#1325
The documentation should now be fixed but only for the latest document version. Unfortunately, we cannot update old documents that are still listed on the web page as these versions have long since gone.
At present (and, it appears, for as long as the feature has been implemented), there is a discrepancy between how the documentation tells you to configure "composite ids" for authdb files, and how the code validates them.
In the documentation (ie: https://xrootd.slac.stanford.edu/doc/dev50/sec_config.htm#_Toc42289936 )
The example says:
And further up, the description of the idspec values is:
This will not work, however, as the code is looking for
That is, it wants something that looks like "o:" not "o".
Changing the provided specifiers in the Example to
(and not altering the x lines)
successfully removes the error.
Could either the documentation be changed to agree with the code, or the code be changed to agree with the documentation, whichever is out of sync with the design intent?
The text was updated successfully, but these errors were encountered: