zeroflag commented on a change in pull request #537:
URL: https://github.com/apache/knox/pull/537#discussion_r811837591
##########
File path:
gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/IdentityAsserterMessages.java
##########
@@ -17,12 +17,37 @@
*/
package org.apache.knox.gateway;
+import java.util.Set;
+
import org.apache.knox.gateway.i18n.messages.Message;
import org.apache.knox.gateway.i18n.messages.MessageLevel;
import org.apache.knox.gateway.i18n.messages.Messages;
+import org.apache.knox.gateway.plang.Ast;
+import org.apache.knox.gateway.plang.SyntaxException;
@Messages(logger="org.apache.knox.gateway")
public interface IdentityAsserterMessages {
@Message( level = MessageLevel.ERROR, text = "Required subject/identity not
available. Check authentication/federation provider for proper configuration."
)
void subjectNotAvailable();
+
+ @Message( level = MessageLevel.WARN, text = "Virtual group name is missing
after dot character.")
+ void missingVirtualGroupName();
+
+ @Message( level = MessageLevel.WARN, text = "Parse error: {2}. At {0}={1}")
+ void parseError(String key, String script, SyntaxException e);
+
+ @Message( level = MessageLevel.WARN, text = "Invalid result: {2}. Expected
boolean when evaluating: {1}. For virtualGroup: {0}")
Review comment:
I think this is a serious, but unlikely problem. So the predicate should
always evaluate to a boolean value.
For example:
```(= username 'admin')```
But if the user specifies an expression that returns a string or a number,
we won't know what to to and whether we should put the user into the virtual
group or not.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
