Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HPCC-31263 Document security manager user authentication #18322

Merged
merged 1 commit into from
Feb 28, 2024
Merged

HPCC-31263 Document security manager user authentication #18322

merged 1 commit into from
Feb 28, 2024

Conversation

kenrowland
Copy link
Contributor

@kenrowland kenrowland commented Feb 20, 2024
edited
Loading

Added document covering user authentication for defined security managers

Signed-Off-By: Kenneth Rowland [email protected]

Type of change:

  • This change is a bug fix (non-breaking change which fixes an issue).
  • This change is a new feature (non-breaking change which adds functionality).
  • This change improves the code (refactor or other change that does not change the functionality)
  • This change fixes warnings (the fix does not alter the functionality or the generated code)
  • This change is a breaking change (fix or feature that will cause existing behavior to change).
  • This change alters the query API (existing queries will have to be recompiled)

Checklist:

  • My code follows the code style of this project.
    • My code does not create any new warnings from compiler, build system, or lint.
  • The commit message is properly formatted and free of typos.
    • The commit message title makes sense in a changelog, by itself.
    • The commit is signed.
  • My change requires a change to the documentation.
    • I have updated the documentation accordingly, or...
    • I have created a JIRA ticket to update the documentation.
    • Any new interfaces or exported functions are appropriately commented.
  • I have read the CONTRIBUTORS document.
  • The change has been fully tested:
    • I have added tests to cover my changes.
    • All new and existing tests passed.
    • I have checked that this change does not introduce memory leaks.
    • I have used Valgrind or similar tools to check for potential issues.
  • I have given due consideration to all of the following potential concerns:
    • Scalability
    • Performance
    • Security
    • Thread-safety
    • Cloud-compatibility
    • Premature optimization
    • Existing deployed queries will not be broken
    • This change fixes the problem, not just the symptom
    • The target branch of this pull request is appropriate for such a change.
  • There are no similar instances of the same problem that should be addressed
    • I have addressed them here
    • I have raised JIRA issues to address them separately
  • This is a user interface / front-end modification
    • I have tested my changes in multiple modern browsers
    • The component(s) render as expected

Smoketest:

  • Send notifications about my Pull Request position in Smoketest queue.
  • Test my draft Pull Request.

Testing:

@github-actions GitHub Actions
Copy link

https://track.hpccsystems.com/browse/HPCC-31263
Jira updated

afishbeckln
afishbeckln reviewed Feb 20, 2024
View reviewed changes
devdoc/SecurityUserAuthentication.md Outdated
the user is added to the permissions cache, if enabled, to prevent repeated trips to the AD whenever an
authentication check is required.

During an authentication, if enabled, the permission cached is interrogated to see if the user is currently
Copy link
Contributor

@afishbeckln afishbeckln Feb 20, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"permission cache" without the "d"?

afishbeckln
afishbeckln reviewed Feb 20, 2024
View reviewed changes
devdoc/SecurityUserAuthentication.md Outdated
During an authentication, if enabled, the permission cached is interrogated to see if the user is currently
cached. If so, the authentication status of the user from the cache is returned. If caching is not enabled,
digital signatures, if configured for the platform, are used to prevent multiple trips to the AD for each
user. The signature is used to detect if there has been a change to the user. If changed, the user is marked
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What kind of change to the user does the signature checking detect?

afishbeckln
afishbeckln requested changes Feb 20, 2024
View reviewed changes
Copy link
Contributor

@afishbeckln afishbeckln left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One minor comment and one request for clarification.

JamesDeFabia
JamesDeFabia requested changes Feb 23, 2024
View reviewed changes
Copy link
Contributor

@JamesDeFabia JamesDeFabia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor comments inline

devdoc/SecurityUserAuthentication.md Outdated
The _authenticate_ method, or any of its overloads or derivatives, accepts a resource or resource list and a user.
These methods authenticate the user first before checking access to the specified resource.

ECLWatch uses user authentication during authorization during its log in process. Instead of first authenticating
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ECL Watch s/b two words

devdoc/SecurityUserAuthentication.md Outdated

ECLWatch uses user authentication during authorization during its log in process. Instead of first authenticating
the user, it calls an authenticate method passing both the user and the necessary resources for which the user must
have access in order to log into ECLWatch.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ECL Watch s/b two words

@kenrowland
HPCC-31263 Document security manager user authentication
a0eb7cd 
Added document covering user authentication for defined security managers

Signed-Off-By: Kenneth Rowland [email protected]
JamesDeFabia
JamesDeFabia approved these changes Feb 27, 2024
View reviewed changes
Copy link
Contributor

@JamesDeFabia JamesDeFabia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good from my POV

@kenrowland
Copy link
Contributor Author

@ghalliday Please merge

@ghalliday ghalliday merged commit 5848e08 into hpcc-systems:master Feb 28, 2024
49 of 50 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@afishbeckln afishbeckln afishbeckln approved these changes

@JamesDeFabia JamesDeFabia JamesDeFabia approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kenrowland @JamesDeFabia @afishbeckln @ghalliday