Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Always authenticate users in the shell after startup and when switching users #3433

Closed
ctubbsii opened this issue May 26, 2023 · 3 comments · Fixed by #3440
Closed

Always authenticate users in the shell after startup and when switching users #3433

ctubbsii opened this issue May 26, 2023 · 3 comments · Fixed by #3440
Assignees
@dlmarion
Labels
blocker This issue blocks any release version labeled on it.
Milestone
2.1.1

Comments

@ctubbsii
Copy link
Member

Issue #3427 reported a change in behavior of the shell, where the shell will not fail if started using invalid credentials. This is due to a change in AccumuloClient not performing the fast-failure that Connector used to (an intentional choice).

To restore expected behavior in the shell, the AccumuloClient should authenticate the current user every time a new AccumuloClient is constructed. This occurs when starting the shell initially, as well as when switching to another user.
@ctubbsii ctubbsii added the blocker This issue blocks any release version labeled on it. label May 26, 2023
@ctubbsii ctubbsii mentioned this issue May 26, 2023
Closed
@ctubbsii
Copy link
Member Author

ctubbsii commented May 26, 2023
edited
Loading

To authenticate the client, it should just be a simple matter of calling client.securityOperations().authenticate(username, token) immediately after it is constructed. However, this is made slightly complicated by the fact that the AccumuloClient can be constructed using the client config file. You can call .whoami() to get the username, but I'm not sure if there's an easy way to get the AuthenticationToken parameter that authenticate(username, token) requires.

@ctubbsii
Copy link
Member Author

A user also reported that when the shell is idle for too long, and it asks to re-authenticate, it doesn't matter what you enter, and it will still work. That is related to this issue. It should also authenticate the client object when that happens as well as startup and switching users.

@ctubbsii
Copy link
Member Author

There's a challenge that the credentials could be in the client config file, too. So, re-authenticating by asking the user to re-enter things, doesn't necessarily make sense... they might not know the credentials if it's sourced somewhere in the environment. So, we need to make sure that the re-authentication is working correctly for those cases, as well, and we're not pointlessly prompting.

@dlmarion dlmarion self-assigned this May 30, 2023
@dlmarion dlmarion linked a pull request May 30, 2023 that will close this issue
Modify Shell to authenticate user on call to config #3440
Merged
@dlmarion dlmarion mentioned this issue May 31, 2023
Closed
dlmarion added a commit that referenced this issue Jun 8, 2023
@dlmarion @ctubbsii
Modify Shell to authenticate user on call to config (#3440)
0f23897 
Closes #3433 

---------

Co-authored-by: Christopher Tubbs <ctubbsii@apache.org>
@dlmarion dlmarion closed this as completed Jun 8, 2023
@ctubbsii ctubbsii added this to the 2.1.1 milestone Jul 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dlmarion dlmarion

Labels
blocker This issue blocks any release version labeled on it.
Projects
None yet
Milestone
2.1.1
Development

Successfully merging a pull request may close this issue.

Modify Shell to authenticate user on call to config dlmarion/accumulo
2 participants
@dlmarion @ctubbsii