KNOX-3374: Revert LDAPServer Manager changes. Skip roles lookup if ro…#1301
KNOX-3374: Revert LDAPServer Manager changes. Skip roles lookup if ro…#1301hanicz wants to merge 1 commit into
Conversation
…lesLookupInterceptor is enabled
|
@handavid Could you please review the changes? |
Test Results32 tests 32 ✅ 3s ⏱️ Results for commit f0e2377. |
handavid
left a comment
There was a problem hiding this comment.
@hanicz
Can you explain to me your thoughts behind this PR? I don't understand why the AbstractAuthResource needs to do role lookup at all. Can't it just rely on the the KnoxLDAPServerManager to return the appropriate values (either groups or roles as configured)? Is there a use-case where the auth would need to return roles even if the LDAP service is configured to return groups? I find that a little confusing.
Also, I don't think it's really appropriate for auth to condition it's behavior on the configuration of the LDAP proxy. IMO, the LDAP proxy should be a black box to auth and auth should just take whatever the proxy returns.
…lesLookupInterceptor is enabled
KNOX-3374 - Fix inherited roles missing from auth headers when LDAP roles-lookup interceptor is active
What changes were proposed in this pull request?
Reworked the KNOX-3374 fix per review feedback.
AbstractAuthResourcechecks forrolesLookupInterceptorenabled.How was this patch tested?
Unit tests, manual e2e tests
Roles:
Tested with rolesLookupInterceptor enabled and disabled
Integration Tests
N/A
UI changes
N/A