Code Review / aaa.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 40854b6)
Bug 9040: avoid using dynamicAuthorization for cluster-admin operations 33/62233/1
authorEvan Zeller <evanrzeller@gmail.com>
Wed, 23 Aug 2017 22:24:40 +0000 (15:24 -0700)
committerEvan Zeller <evanrzeller@gmail.com>
Wed, 23 Aug 2017 22:28:02 +0000 (15:28 -0700)
In some scenarios such as unexpected loss of voting members in a
geo-distributed cluster the cluster-admin RPC
change-member-voting-states-for-all-shards should be executed to convert
the member to voting. This RPC needs to execute regardless of if there
is a leader so we should avoid using the dynamicAuthorization via MD-SAL

Change-Id: I1c992d0da7a99171e131c7979ff4f22d740aaaed
Signed-off-by: Evan Zeller <evanrzeller@gmail.com>
aaa-shiro/impl/src/main/resources/initial/aaa-app-config.xml patch | blob | history

diff --git a/aaa-shiro/impl/src/main/resources/initial/aaa-app-config.xml b/aaa-shiro/impl/src/main/resources/initial/aaa-app-config.xml
index 0967d3fd765d39a812c420d46e7fbe585853f79c..17cf1f275d5c28223316dd93cdb607bcb414efe8 100644 (file)
--- a/aaa-shiro/impl/src/main/resources/initial/aaa-app-config.xml
+++ b/aaa-shiro/impl/src/main/resources/initial/aaa-app-config.xml
@@ -304,6 +304,10 @@
         <pair-key>/restconf/operational/aaa-authn-model**</pair-key>
         <pair-value>authcBasic, roles[admin]</pair-value>
     </urls>
+    <urls>
+        <pair-key>/restconf/operations/cluster-admin**</pair-key>
+        <pair-value>authcBasic, roles[admin]</pair-value>
+    </urls>
     <!-- Start moonAuthRealm commented out
     <urls>
         <pair-key>/token</pair-key>
Authentication, Authorization, Accounting