[jira] [Work logged] (KNOX-2789) Refine privileged/non-privileged group settings

Tue, 23 Aug 2022 02:01:07 -0700 


     [ 
https://issues.apache.org/jira/browse/KNOX-2789?focusedWorklogId=802764&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-802764
 ]

ASF GitHub Bot logged work on KNOX-2789:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 23/Aug/22 09:00
            Start Date: 23/Aug/22 09:00
    Worklog Time Spent: 10m 
      Work Description: MrtnBalazs opened a new pull request, #622:
URL: https://github.com/apache/knox/pull/622

   ## What changes were proposed in this pull request?
   
   Introduced new group called `gateway.session.verification.unlimited.users` 
and  changed the behaviour of the groups and the tests that check these 
behaviours. `gateway.non.privileged.users` group is now not configurable.
   Also changed configuration names:
   ```
   gateway.privileged.users -> gateway.session.verification.privileged.users
   gateway.non.privileged.users.concurrent.session.limit -> 
gateway.session.verification.non.privileged.user.limit
   gateway.privileged.users.concurrent.session.limit -> 
gateway.session.verification.privileged.user.limit
   ```
   
   Previous behaviour:
   If someone is configured privileged -> privileged limit applies
   If someone is configured non-privileged -> non-privileged limit applies
   If someone is not configured in either of the groups -> no limit applies
   
   New behaviour:
   If someone is configured privileged -> privileged limit applies
   If someone is configured unlimited -> no limit applies
   If someone is not configured in either of the groups -> non-privileged limit 
applies
   
   ## How was this patch tested?
   
   I changed the existing unit tests to test the new behaviours.
   I also tested the new behaviours manually with the following configurataions:
   1. Nothing
   2. Empty string for implementation configuration
   ```
   <property>
           <name>gateway.service.concurrentsessionverifier.impl</name>
           <value></value>
   </property>
   ```
   3. Blank string for implementation
   ```
   <property>
           <name>gateway.service.concurrentsessionverifier.impl</name>
           <value>      </value>
   </property>
   ```
   4. Not valid implementation
   ```
   <property>
           <name>gateway.service.concurrentsessionverifier.impl</name>
           
<value>org.apache.knox.gateway.session.control.NotExistingConcurrentSessionVerifier</value>
   </property>
   ```
   5. Empty implementation configured
   ```
   <property>
           <name>gateway.service.concurrentsessionverifier.impl</name>
           
<value>org.apache.knox.gateway.session.control.EmptyConcurrentSessionVerifier</value>
   </property>
   ```
   6. InMemory implementation configured
   ```
   <property>
           <name>gateway.service.concurrentsessionverifier.impl</name>
           
<value>org.apache.knox.gateway.session.control.InMemoryConcurrentSessionVerifier</value>
   </property>
   ```
   7. Fully configured
   ```
   <property>
           <name>gateway.session.verification.unlimited.users</name>
           <value>admin</value>
   </property>
   <property>
           <name>gateway.session.verification.privileged.users</name>
           <value>tom</value>
   </property>
   <property>
           <name>gateway.session.verification.privileged.user.limit</name>
           <value>2</value>
   </property>
   <property>
           <name>gateway.session.verification.non.privileged.user.limit</name>
           <value>1</value>
   </property>
   <property>
           
<name>gateway.session.verification.expired.tokens.cleaning.period</name>
           <value>80</value>
   </property>
   <property>
           <name>gateway.service.concurrentsessionverifier.impl</name>
           
<value>org.apache.knox.gateway.session.control.InMemoryConcurrentSessionVerifier</value>
   </property>
   ```
   
   
   




Issue Time Tracking
-------------------

            Worklog Id:     (was: 802764)
    Remaining Estimate: 0h
            Time Spent: 10m

> Refine privileged/non-privileged group settings
> -----------------------------------------------
>
>                 Key: KNOX-2789
>                 URL: https://issues.apache.org/jira/browse/KNOX-2789
>             Project: Apache Knox
>          Issue Type: Sub-task
>          Components: Server
>    Affects Versions: 2.0.0
>            Reporter: Sandor Molnar
>            Assignee: Balazs Marton
>            Priority: Major
>             Fix For: 2.0.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Existing group settings should be refined as follows:
>  * instead of having the privileged and non-privileged groups their own 
> configuration, we should only have one config for the privileged users. 
> Additionally, the existing configuration name should be changed to 
> {{gateway.session.verification.privileged.users}}
>  * Currently, if a user is not listed in any of these groups, are allowed to 
> have unlimited sessions. This should be changed: a new config should be 
> introduced called {{gateway.session.verification.unlimited.users}}
>  * each user that is not listed in any of those groups is considered 
> non-privileged and the previously introduced limit should be applied to it
> Additionally, the following configuration names should be updated:
>  * {{gateway.non.privileged.users.concurrent.session.limit}} -> 
> {{gateway.session.verification.non.privileged.user.limit}}
>  * {{gateway.privileged.users.concurrent.session.limit}} -> 
> {{gateway.session.verification.privileged.user.limit}}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to