[jira] [Commented] (ZOOKEEPER-2709) Clarify documentation around "auth" ACL scheme

Tue, 07 Mar 2017 12:30:12 -0800 

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2709?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15900100#comment-15900100
 ] 

ASF GitHub Bot commented on ZOOKEEPER-2709:
-------------------------------------------

Github user afine commented on a diff in the pull request:

    https://github.com/apache/zookeeper/pull/182#discussion_r104765953
  
    --- Diff: src/docs/src/documentation/content/xdocs/zookeeperProgrammers.xml 
---
    @@ -841,9 +841,9 @@
         itself, ZooKeeper associates all the ids that correspond to a
         client with the clients connection. These ids are checked against
         the ACLs of znodes when a clients tries to access a node. ACLs are
    -    made up of pairs of <emphasis>(scheme:expression,
    +    made up of pairs of <emphasis>(scheme:id,
    --- End diff --
    
    I'm not sure if this is the best way to clarify here. As demonstrated below 
with the ip address example, the second field can be an "expression" that 
matches against ids. Although in the code we occasionally refer to the second 
term as an "id" (`ap.matches(authId.getId(), id.getId())` in 
`PrepRequestProcessor`) we do also refer to it as an "expression" in other 
places (`boolean matches(String id, String aclExpr)` in 
`AuthenticationProvider`).
    
    I think continuing to refer to the second term as an "expression" and 
explaining exactly what an "expression" is may be clearer.


> Clarify documentation around "auth" ACL scheme
> ----------------------------------------------
>
>                 Key: ZOOKEEPER-2709
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2709
>             Project: ZooKeeper
>          Issue Type: Task
>          Components: documentation
>            Reporter: Josh Elser
>            Priority: Minor
>
> We recently found up in HBASE-17717 that we were incorrectly setting an ACL 
> on our "sensitive" znodes after the output of {{getACL}} on these nodes 
> didn't match what was expected.
> In referencing the documentation about how the {{auth}} ACL scheme was 
> supposed to work, it was unclear if it was a ZooKeeper bug or an HBase bug. 
> After reading some ZooKeeper code, we found that it was an HBase bug, but it 
> would be nice to clarify the docs around this ACL scheme.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to