Replace `proxy_connection` with `client_connection` #296

alanking · 2025-01-14T18:16:28Z

main
4-3-stable

At least 3 things can go wrong in this function and none of them are being handled:

irods_capability_storage_tiering/include/irods/private/storage_tiering/proxy_connection.hpp

Lines 12 to 34 in 4c759d6

    
           auto make(const std::string clientUser = "", const std::string clientZone = "") -> rcComm_t* 
        
           { 
        
               rodsEnv env{}; 
        
               _getRodsEnv(env); 
        
               conn = _rcConnect( 
        
                          env.rodsHost, 
        
                          env.rodsPort, 
        
                          env.rodsUserName, 
        
                          env.rodsZone, 
        
                          !clientUser.empty() ? 
        
                              clientUser.c_str() : 
        
                              env.rodsUserName, 
        
                          !clientZone.empty() ? 
        
                              clientZone.c_str() : 
        
                              env.rodsZone, 
        
                          &err_msg, 
        
                          0, 0); 
        
               clientLogin(conn); 
        
               return conn; 
        
           } // make

Make sure error cases are being checked and handled appropriately.

alanking · 2025-01-15T16:36:20Z

Alternatively, as we move toward admin-only for all operations, we can probably just replace this entirely with client_connection and assume that the connection is privileged (i.e. use ADMIN_KW without checking authFlag in RcComm).

korydraughn · 2025-01-15T17:33:12Z

Agreed.

The proxy_connections used by this plugin are equivalent to using the irods::experimental::client_connection provided by the iRODS client library except for modifying the authFlag. Seeing as everything is done by client connections as admins in the plugin now, the authFlag doesn't matter as much anymore. As such, all instances of proxy_connection can be replaced and the whole header file has been removed. Also removes the unused exec_as_user header file.

All operations are done using the local server's service account rodsadmin client environment and as such do not need to know which user needs to execute policies.

The proxy_connections used by this plugin are equivalent to using the irods::experimental::client_connection provided by the iRODS client library except for modifying the authFlag. Seeing as everything is done by client connections as admins in the plugin now, the authFlag doesn't matter as much anymore. As such, all instances of proxy_connection can be replaced and the whole header file has been removed. Also removes the unused exec_as_user header file.

All operations are done using the local server's service account rodsadmin client environment and as such do not need to know which user needs to execute policies.

The proxy_connections used by this plugin are equivalent to using the irods::experimental::client_connection provided by the iRODS client library except for modifying the authFlag. Seeing as everything is done by client connections as admins in the plugin now, the authFlag doesn't matter as much anymore. As such, all instances of proxy_connection can be replaced and the whole header file has been removed. Also removes the unused exec_as_user header file.

All operations are done using the local server's service account rodsadmin client environment and as such do not need to know which user needs to execute policies.

The proxy_connections used by this plugin are equivalent to using the irods::experimental::client_connection provided by the iRODS client library except for modifying the authFlag. Seeing as everything is done by client connections as admins in the plugin now, the authFlag doesn't matter as much anymore. As such, all instances of proxy_connection can be replaced and the whole header file has been removed. Also removes the unused exec_as_user header file.

All operations are done using the local server's service account rodsadmin client environment and as such do not need to know which user needs to execute policies.

alanking added the bug label Jan 14, 2025

alanking added this to the 4.3.3.1 milestone Jan 14, 2025

alanking mentioned this issue Jan 14, 2025

Fix tiering with complex permissions and rodsusers running tiering rules (4-3-stable) #295

Merged

alanking changed the title ~~Add error handling to proxy_connection~~ Replace proxy_connection with client_connection Jan 17, 2025

alanking mentioned this issue Jan 17, 2025

Investigate using RsComm instead of RcComm for plugin operations #302

Open

alanking self-assigned this Jan 17, 2025

alanking mentioned this issue Jan 22, 2025

Light refactoring and optimizations (4-3-stable) #305

Merged

alanking mentioned this issue Jan 23, 2025

Light refactoring and optimizations (main) #307

Merged

alanking closed this as completed Jan 23, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Replace `proxy_connection` with `client_connection` #296

Replace `proxy_connection` with `client_connection` #296

alanking commented Jan 14, 2025 •

edited

Loading

alanking commented Jan 15, 2025

korydraughn commented Jan 15, 2025

Replace proxy_connection with client_connection #296

Replace proxy_connection with client_connection #296

Comments

alanking commented Jan 14, 2025 • edited Loading

alanking commented Jan 15, 2025

korydraughn commented Jan 15, 2025

Replace `proxy_connection` with `client_connection` #296

Replace `proxy_connection` with `client_connection` #296

alanking commented Jan 14, 2025 •

edited

Loading