Authorization Database format: composite id spec incompatible between documentation and implementation. #1325
Comments
|
Agreed! We've been trying to get all copies corrected and it's been a bit
difficult. Thank you for the reminder that it's still not fixed.
…On Tue, 10 Nov 2020, aoanla wrote:
At present (and, it appears, for as long as the feature has been implemented), there is a discrepancy between how the documentation tells you to configure "composite ids" for authdb files, and how the code validates them.
In the documentation (ie: https://xrootd.slac.stanford.edu/doc/dev50/sec_config.htm#_Toc42289936 )
The example says:
> Example
>
> = atlddm o atlas r production u ddm
>
> = atlprod o atlas r production
>
> x atlddm /atlas ld
>
> x atlprod /atlas lrw
>
> o atlas /atlas lr
>
>
>
> A client whose name is ddm and is a member of the atlas organization and has a role of production is allowed to lookup and delete files in /atlas. A client who is a member of the atlas organization and has a role of production is allowed to lookup, read and write files in /atlas. Otherwise, client?s who are members of the atlas organization can only lookup and read file in /atlas.
And further up, the description of the idspec values is:
> idspec
>
> is a single letter indicating the type of entity identifier that follows. You must specify one or more of them.
>
This will not work, however, as the code is looking for
> // Id's are of the form 'c:', make sure we have that (don't validate it)
> //
> if (strlen(pp) != 2 || !index("ghoru", *pp))
>
That is, it wants something that looks like "o:" not "o".
Changing the provided specifiers in the Example to
> = atlddm o: atlas r: production u: ddm
> = atlprod o: atlas r: production
(and not altering the x lines)
successfully removes the error.
Could either the documentation be changed to agree with the code, or the code be changed to agree with the documentation, whichever is out of sync with the design intent?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
#1325
|
|
The documentation should now be fixed but only for the latest document version. Unfortunately, we cannot update old documents that are still listed on the web page as these versions have long since gone. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
At present (and, it appears, for as long as the feature has been implemented), there is a discrepancy between how the documentation tells you to configure "composite ids" for authdb files, and how the code validates them.
In the documentation (ie: https://xrootd.slac.stanford.edu/doc/dev50/sec_config.htm#_Toc42289936 )
The example says:
And further up, the description of the idspec values is:
This will not work, however, as the code is looking for
That is, it wants something that looks like "o:" not "o".
Changing the provided specifiers in the Example to
(and not altering the x lines)
successfully removes the error.
Could either the documentation be changed to agree with the code, or the code be changed to agree with the documentation, whichever is out of sync with the design intent?
The text was updated successfully, but these errors were encountered: