Project

General

Profile

Task #2432

Bug #2429: knb mn's failing certain authorization tests

knb not handling verified flag properly

Added by Rob Nahf about 12 years ago. Updated about 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Ben Leinfelder
Category:
Metacat
Start date:
2012-03-02
Due date:
% Done:

100%

Milestone:
CCI-1.0.0
Product Version:
*
Story Points:
Sprint:

Description

see:

http://dev-testing.dataone.org:8080/hudson/job/d1_integration/org.dataone$d1_integration/1016/testReport/org.dataone.integration.it/MNodeTier2IT/testIsAuthorized_vs_VerifiedRead_2/
isAuthorized() vs. TierTesting:testObject:Verified_READ.4:
ClientSubjectCN: 'testPerson' Requesting: 'READ' => Failed!! Expected: 'true' got: 'NotAuthorized'

testPerson has the verified flag set in subjectInfo.

could this be a deployment issue? Not sure if demo[1-4] mn's are up-to-date.

History

#1 Updated by Ben Leinfelder about 12 years ago

Chris' comment on a different bug:

"I've updated isAuthorized() to insert the symbolic verified user into the equivalent subject list for each person listed (not just the primary). Wrote a metacat test that now succeeds in this scenario. Needs to be tested via d1_integration."

Probably able to close after checking MN integration test.

#2 Updated by Ben Leinfelder about 12 years ago

In the test case that we are seeing this error, the person requesting access is the "mapped" equivalent identity. This user is not verified, but the original person to whom they are mapped is verified.
I actually thought we had concluded that "verified" is NOT transitive.
At any rate Metacat is not honoring transitive verification at this point.

#3 Updated by Ben Leinfelder about 12 years ago

  • Assignee changed from Chris Jones to Ben Leinfelder

#4 Updated by Ben Leinfelder about 12 years ago

  • Status changed from New to Closed

Now verified is transitive. Reopen if this needs to be changed.

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)