sbp opened a new issue, #266: URL: https://github.com/apache/tooling-trusted-releases/issues/266
In b17cc7fe6b499b8fe1ba145e9840988540428e58 I partially fixed a bug reported by @andrewmusselman, that developers without LDAP credentials cannot perform certain operations. The fix does not extend to the ATR ssh server (and hence rsync), the API, and tasks. The partial fix was to allow a `principal.Authorisation` to take a `route.CommitterSession`. It tries to get an ASFQuart session anyway if it's passed `None`, but we had been passing it `session.uid` in many places which is a `str`, which makes it resolve credentials from LDAP. Giving it a `route.CommitterSession` lets it know that ASFQuart session information is available so that it can avoid falling back to LDAP. Unfortunately this fix does not apply in contexts where there really is no ASFQuart session. Two potential methods to fix these contexts include: 1. Caching a user's ASFQuart session information. 2. Allowing manual override of session information using a local JSON configuration file. We could also allow a hybrid of the two, where we allow a user to press a button to cache their ASFQuart session information in a JSON file for use in other contexts. We could also have a button to remove the cache. The cache file could be read on server startup and stored in memory, so we wouldn't need to read from disk before performing an LDAP lookup. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
