Conversation
Test does not pass yet.
* remove dependency on config * make checks optional * support HS256
and make everything truly optional.
* Improve pubkey not found error handling
When the public key identified by the {Alg, KID} tuple is not found on
the IAM keystore server, it's possible to see errors like:
(node1@127.0.0.1)140> epep:jwt_decode(SampleJWT).
** exception error: no function clause matching
public_key:do_verify(<<"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjIwMTcwNTIwLTAwOjAwOjAwIn0.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjEyMzIx"...>>,
sha256,
<<229,188,162,247,201,233,118,32,115,206,156,
169,17,221,78,157,161,147,46,179,42,219,66,
15,139,91,...>>,
{error,not_found}) (public_key.erl, line 782)
in function jwtf:public_key_verify/4 (src/jwtf.erl, line 212)
in call from jwtf:decode/3 (src/jwtf.erl, line 30)
Modify key/1 and public_key_not_found_test/0 to account for keystore
changing from returning an error tuple to throwing one.
Tolerate 5 crashes per 10 seconds
Improve restart strategy
|
This is great, gratz! One question: it’s not clear to me how /_security response will look for buckets having access restrictions, is there a special field for those restrictions? I mean I want to explicitly mark buckets of the kind in Photon, so how can I detect _access restricted buckets reading /_security endpoint? RFC states |
wohali
left a comment
There was a problem hiding this comment.
These are early comments, I ran out of time today for more. Will review more thoroughly next week.
rnewson
left a comment
There was a problem hiding this comment.
I've taken a pass at this and have enough feedback to submit this first review. It does look like we're making the right sort of internal changes to store the additional data.
The majority of my comments are about the inconsistencies in the code. For example, in some cases you explicitly handle all expected results of a function, and in others you have a generic _ field for everything else (even in the case where we are switching on a boolean). I expressed my preference to avoid this sloppiness (aka "defensive programming") and to instead be explicit throughout. There is a place to validate the settings the user has made, and that should be the only place where coercion to type occurs (assuming we don't flat-out reject a malformed request, as I think we should).
Finally, I thought we had moved forward on general formatting conventions. Two blank lines between functions, one blank line between clauses of same function, etc. I've worked that way for some time as has almost all the code I've reviewed from others. Perhaps this was never formally adopted by the couchdb project. Is it the first you are hearing of it, Jan?
| % check we sort them again here. See COUCHDB-2735. | ||
| Cmp = fun([#doc{id=A}|_], [#doc{id=B}|_]) -> A < B end, | ||
| Cmp = fun | ||
| ([], []) -> false; % TODO: re-evaluate this addition, might be a |
|
another note. In some places you use a list comprehension, in others a lists:map. In both cases you're changing each item of a list to superset or subset of its original content, but using two different mechanisms to do so. It wasn't clear if this was intentional or not. The only difference is error handling, in that the list comprehension approach can silently drop items that fail, whereas lists:map would not. Is that why you chose lc vs map or were the choices arbitrary? |
|
@janl Are there any further plans for this pull request? |
|
We are very interested in this new feature, but for our use case (mirroring/migrating data from Notes/Domino databases), just checking the |
I made no conscious decisions but rather picked the variant that was most prominent in the surrounding code. A cursory glance suggests this is fine where employed, but I’ll have another eye on it once the final PR goes up. |
|
I’m closing this PR in favour of a new cleaner one shortly since our master/main/3.x rejigger has made this one not show correctly here. I resolved all comments here that I have fixed in the future PR. The remaining ones will need to be looked at there again, I’ll add comments where appropriate, since code moved around quite a bit. |
This is the first per-doc-access PR worth sharing more widely.
This allows the creation of databases with the option
accessenabled. Access-enabled databases require docs from regular users to have a new"_access": ["owner"]field, that matches the submittinguserCtx.name. As a result, a user will get full_all_docsand_changes(and all the other APIs) scoped to just the docs where their name is in theaccessfield. See https://github.com/apache/couchdb-documentation/blob/rfc/010-per-document-access/rfcs/010-per-document-access-control.md for some more info on how it all fits together.There are multiple parts to all this:
A new access query server that creates two new indexes
by-access-idandby-access-seqwhich include all docs in their respective sort orders, but bucketed by user. This required teachingcouch_indexto index deleted docs conditionally.A switch in the mrview code that access
_all_docsand_changesthat uses the new indexes for users that are not db or server admins.All the plumbing to handle access information everywhere we need it. It is stored in
#doc#doc_infoand#full_doc_inforecords, so we can avoid loading full doc bodies on doc updates.All the actual access validation for document CRUD, especially updates, including replicated updates (mainly in couch_db.erl and couch_db_updater.erl).
Teaching the replicator to write
_localdoc checkpoints as the user that owns the replication.All users from the
_usersdb now have an implicit role_usersthat will become handy later.Some odds and ends across various modules to make the acquainted with the new reality.
The test suite is quite extensive (1k + LOC) and covers most scenarios.
Current caveats:
couchdb_update_conflicts_test.erlsomething when fromO(log n)toO(n)or worse. I hope more sets of eyes help with this 👀👀👀.lists:reverse()somewhere, that shouldn’t be hard to spot.Testing recommendations
make check;)But also, read the test suite and the linked RFC.
Related Issues or Pull Requests
#1524
Checklist
rel/overlay/etc/default.ini