[jira] [Commented] (ZOOKEEPER-2709) Clarify documentation around "auth" ACL scheme

Tue, 07 Mar 2017 10:46:06 -0800 

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2709?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15899910#comment-15899910
 ] 

ASF GitHub Bot commented on ZOOKEEPER-2709:
-------------------------------------------

Github user joshelser commented on a diff in the pull request:

    https://github.com/apache/zookeeper/pull/182#discussion_r104744229
  
    --- Diff: src/docs/src/documentation/content/xdocs/zookeeperProgrammers.xml 
---
    @@ -899,9 +899,12 @@
             single id, <emphasis>anyone</emphasis>, that represents
             anyone.</para></listitem>
     
    -        <listitem><para><emphasis role="bold">auth</emphasis> doesn't
    -        use any id, represents any authenticated
    -        user.</para></listitem>
    +        <listitem><para><emphasis role="bold">auth</emphasis> is a 
convenience
    +        scheme which defaults to the currently-authenticated user and 
scheme.
    +        Any ID which is provided using this scheme is ignored by ZooKeeper.
    --- End diff --
    
    Thanks for taking a look, @hanm!
    
    > I think the ID here refers to the id of the scheme:id pair of the ID 
object in the ACL, correct?
    
    Yup, that's what I was intending. Perhaps I should try to clarify that 
better :)
    
    > the auth scheme is also referenced in command line where people can do 
'setAcl /node auth:username:password:crdwa' in which case the username 
(sometimes overloaded as id) is required.
    
    OK, that's a good point which I didn't realize. I would have expected that 
`auth:username:password:crdwa` would have resulted in ignoring 
`username:password`. Let me play with that to better understand it..


> Clarify documentation around "auth" ACL scheme
> ----------------------------------------------
>
>                 Key: ZOOKEEPER-2709
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2709
>             Project: ZooKeeper
>          Issue Type: Task
>          Components: documentation
>            Reporter: Josh Elser
>            Priority: Minor
>
> We recently found up in HBASE-17717 that we were incorrectly setting an ACL 
> on our "sensitive" znodes after the output of {{getACL}} on these nodes 
> didn't match what was expected.
> In referencing the documentation about how the {{auth}} ACL scheme was 
> supposed to work, it was unclear if it was a ZooKeeper bug or an HBase bug. 
> After reading some ZooKeeper code, we found that it was an HBase bug, but it 
> would be nice to clarify the docs around this ACL scheme.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to