Skip to content
This repository has been archived by the owner on Jun 23, 2022. It is now read-only.

feat(security): enable access replica when appenv replica_access_controller.allowed_users is empty #683

Merged
merged 5 commits into from
Dec 15, 2020
Merged

feat(security): enable access replica when appenv replica_access_controller.allowed_users is empty #683

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
5e84a6a
fix
levy5307 Dec 8, 2020
06e1554
fix
levy5307 Dec 8, 2020
067b5f9
fix
levy5307 Dec 8, 2020
1ccd8e5
fix
levy5307 Dec 8, 2020
fbfc61d
fix
levy5307 Dec 14, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion src/runtime/security/replica_access_controller.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,11 @@ bool replica_access_controller::allowed(message_ex *msg)

{
utils::auto_read_lock l(_lock);
if (_users.find(user_name) == _users.end()) {
// If the user didn't specify any ACL, it means this table is publicly accessible to
// everyone. This is a backdoor to allow old-version clients to gracefully upgrade. After
// they are finally ensured to be fully upgraded, they can specify some usernames to ACL and
// the table will be truly protected.
if (!_users.empty() && _users.find(user_name) == _users.end()) {
levy5307 marked this conversation as resolved.
Show resolved Hide resolved
levy5307 marked this conversation as resolved.
Show resolved Hide resolved
ddebug_f("{}: user_name {} doesn't exist in acls map", _name, user_name);
return false;
}
Expand Down
2 changes: 1 addition & 1 deletion src/runtime/test/replica_access_controller_test.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ TEST_F(replica_access_controller_test, allowed)
bool result;
} tests[] = {{{"replica_user1", "replica_user2"}, "replica_user1", true},
{{"replica_user1", "replica_user2"}, "not_replica_user", false},
{{}, "user_name", false}};
{{}, "user_name", true}};

bool origin_enable_acl = FLAGS_enable_acl;
FLAGS_enable_acl = true;
Expand Down
14 changes: 14 additions & 0 deletions src/utils/test/utils.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,20 @@ TEST(core, split_args)
std::unordered_set<std::string> sargs_set;
dsn::utils::split_args(value.c_str(), sargs_set, ',');
EXPECT_EQ(sargs_set.size(), 3);

// test value = ""
value = "";
sargs.clear();
dsn::utils::split_args(value.c_str(), sargs, ',');
EXPECT_EQ(sargs.size(), 0);

sargs2.clear();
dsn::utils::split_args(value.c_str(), sargs2, ',');
EXPECT_EQ(sargs2.size(), 0);

sargs_set.clear();
dsn::utils::split_args(value.c_str(), sargs_set, ',');
EXPECT_EQ(sargs_set.size(), 0);
}

TEST(core, split_args_keep_place_holder)
Expand Down