Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Add support for user impersonation

Description

Implement user impersonation as specified. See the parent ticket for more information and reference to the Go SDK which has already been completed.

From internal discussions, note that we will need to perform the following:

  1. Review the User Impersonation SDK-RFC on this topic to be sure we're being consistent with the RFC and Go implementation.

  2. Refactor the framing extras (flexible extras) logic to support the new user impersonation framing extra.

  3. Also note that any services using HTTP will need to pass the new cb-on-behalf-of header value. See the Go SDK implementation for reference if needed.

  4. We will introduce internal functions (not shown on the public interface) for each of the affected command functions based on a consistent pattern using onbehalfof. For example, for a Query request command, it will be: *lcb_cmdquery_onbehalfof(lcb_CMDQUERY *cmd, const char *user, size_t user_len)* and for a KV store command it would be *lcb_cmdstore_onbehalfof(lcb_CMDSTORE *cmd, const char *user, size_t user_len)*.

Environment

None

Gerrit Reviews

None

Release Notes Description

None

Activity

Show:

CB robot October 8, 2021 at 8:26 AM

Build couchbase-server-7.1.0-1450 contains libcouchbase commit ecbde08 with commit message:
: implement user impersonation API

Jeelan Poola September 3, 2021 at 4:51 AM

Thank you !

Could you please confirm encoding format for 'cb-in-behalf-of' user and domain in http headers? Looking at the code, it appears, they should be base64 encoded. So we are going ahead with the same. Eventing will do the necessary encoding. Thank you!

Sergey Auseyau September 2, 2021 at 6:48 PM

, , , , I've updated the patch for assumption that SDK does not do any encoding, and only puts given string where it should be in HTTP or MCBP packet.

Ray Cardillo September 2, 2021 at 6:25 PM

 - After discussion with the team today, I think what we've provided currently is sufficient, and I just want to confirm you agree. Since it's an internal feature, we're just treating the value as an opaque string, and any special formatting of the string would be done by the caller (including Base64 if needed for Query). This is true for KV as well as Query, and since this can be set specifically for each command/operation, that strategy should be easy to navigate depending on context of use, and then you have the passthrough you need for this without anything getting in the way in between.

If that all sounds like what you expect, can you just confirm, so we know we're all set on this?

Ankit Prabhu September 1, 2021 at 7:10 AM

Can we define some enumeration with only two values Local and External, and instead of accepting string domain for HTTP services, translate enum value into some static string?
Ankit Prabhu said he will clarify these questions soon. Until then the change will be in review state.

 , Could you please confirm which format to use for "cb-on-behalf-of" http header?

Fixed
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Fix versions

Sprint

Story Points

Components

Labels

Reporter

Priority

Instabug

Open Instabug

PagerDuty

Sentry

Zendesk Support

Created April 14, 2020 at 8:46 AM
Updated October 8, 2021 at 8:26 AM
Resolved September 3, 2021 at 7:14 AM
Instabug