ecaudit icon indicating copy to clipboard operation
ecaudit copied to clipboard

Published 20 hours ago verified publisher icon Ericsson

When wrapping AuditRoleManager it's not possible to use custom options

Open tobier opened this issue 4 years ago • 2 comments

Since AuditRoleManager assumes, and enforces, a certain type and number of options relating to whitelisting, it's not possible to pass on RoleOptions instances with custom options. The culprit seems to be AuditWhitelistManager.

void createRoleOption(RoleOptions options)
{
    if (options.getCustomOptions().isPresent())
    {
        throw new InvalidRequestException("Whitelist options are not supported in CREATE ROLE statements");
    }

Similar checks are done for alterRole.

tobier avatar Mar 19 '20 16:03 tobier

Right, ecAudit do put some restrictions on how the custom options are used. The one you mentioned, and some others in alterRoleOption().

The upside of doing this is that it is possible to feedback to the user if there is a typo in the option key. If we're ignoring unknown keys that means we're silently ignoring typos. But this may be something we have to sacrifice.

So, what level of ambition are we looking for here? Should the AuditRoleManger be able to wrap a custom IRoleManager? Or should we assume that "the other" IRoleManager will be "wrapping" the AuditRoleManager, in which case we only need to ignore unrecognized options?

eperott avatar Mar 23 '20 07:03 eperott

Current behavior is deliberate, so I'm not considering this a bug, but rather a feature request.

eperott avatar Mar 23 '20 08:03 eperott