Uploaded image for project: 'Couchbase C client library libcouchbase'
  1. Couchbase C client library libcouchbase
  2. CCBC-1216

Add support for user impersonation

    XMLWordPrintable

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 3.2.2
    • library

    Description

      Implement user impersonation as specified. See the parent ticket for more information and reference to the Go SDK which has already been completed.

      From internal discussions, note that we will need to perform the following:

      1. Review the User Impersonation SDK-RFC on this topic to be sure we're being consistent with the RFC and Go implementation.
      2. Refactor the framing extras (flexible extras) logic to support the new user impersonation framing extra.
      3. Also note that any services using HTTP will need to pass the new cb-on-behalf-of header value. See the Go SDK implementation for reference if needed.
      4. We will introduce internal functions (not shown on the public interface) for each of the affected command functions based on a consistent pattern using onbehalfof. For example, for a Query request command, it will be: lcb_cmdquery_onbehalfof(lcb_CMDQUERY *cmd, const char *user, size_t user_len) and for a KV store command it would be lcb_cmdstore_onbehalfof(lcb_CMDSTORE *cmd, const char *user, size_t user_len).

      Attachments

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            Can we define some enumeration with only two values Local and External, and instead of accepting string domain for HTTP services, translate enum value into some static string?
            Ankit Prabhu said he will clarify these questions soon. Until then the change will be in review state.

             Hareen Kancharla, Artem Stemkovski Could you please confirm which format to use for "cb-on-behalf-of" http header?

            ankit.prabhu Ankit Prabhu added a comment - Can we define some enumeration with only two values Local and External, and instead of accepting string domain for HTTP services, translate enum value into some static string? Ankit Prabhu said he will clarify these questions soon. Until then the change will be in review state.   Hareen Kancharla , Artem Stemkovski Could you please confirm which format to use for "cb-on-behalf-of" http header?

            Jeelan Poola - After discussion with the team today, I think what we've provided currently is sufficient, and I just want to confirm you agree. Since it's an internal feature, we're just treating the value as an opaque string, and any special formatting of the string would be done by the caller (including Base64 if needed for Query). This is true for KV as well as Query, and since this can be set specifically for each command/operation, that strategy should be easy to navigate depending on context of use, and then you have the passthrough you need for this without anything getting in the way in between.

            If that all sounds like what you expect, can you just confirm, so we know we're all set on this?

            ray.cardillo Ray Cardillo added a comment - Jeelan Poola  - After discussion with the team today, I think what we've provided currently is sufficient, and I just want to confirm you agree. Since it's an internal feature, we're just treating the value as an opaque string, and any special formatting of the string would be done by the caller (including Base64 if needed for Query). This is true for KV as well as Query, and since this can be set specifically for each command/operation, that strategy should be easy to navigate depending on context of use, and then you have the passthrough you need for this without anything getting in the way in between. If that all sounds like what you expect, can you just confirm, so we know we're all set on this?

            Ray Cardillo, Ankit Prabhu, Jeelan Poola, Brett Lawson, I've updated the patch for assumption that SDK does not do any encoding, and only puts given string where it should be in HTTP or MCBP packet.

            avsej Sergey Avseyev added a comment - Ray Cardillo , Ankit Prabhu , Jeelan Poola , Brett Lawson , I've updated the patch for assumption that SDK does not do any encoding, and only puts given string where it should be in HTTP or MCBP packet.
            jeelan.poola Jeelan Poola added a comment -

            Thank you Ray CardilloSergey Avseyev!

            Artem StemkovskiHareen Kancharla Could you please confirm encoding format for 'cb-in-behalf-of' user and domain in http headers? Looking at the code, it appears, they should be base64 encoded. So we are going ahead with the same. Eventing will do the necessary encoding. Thank you!

            jeelan.poola Jeelan Poola added a comment - Thank you Ray Cardillo Sergey Avseyev ! Artem Stemkovski Hareen Kancharla Could you please confirm encoding format for 'cb-in-behalf-of' user and domain in http headers? Looking at the code, it appears, they should be base64 encoded. So we are going ahead with the same. Eventing will do the necessary encoding. Thank you!

            Build couchbase-server-7.1.0-1450 contains libcouchbase commit ecbde08 with commit message:
            CCBC-1216: implement user impersonation API

            build-team Couchbase Build Team added a comment - Build couchbase-server-7.1.0-1450 contains libcouchbase commit ecbde08 with commit message: CCBC-1216 : implement user impersonation API

            People

              avsej Sergey Avseyev
              brett19 Brett Lawson
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty