Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security: fix security-config circular dependency #20821

Merged
merged 5 commits into from
Jul 3, 2024
Merged

security: fix security-config circular dependency #20821

merged 5 commits into from
Jul 3, 2024

Conversation

dotnwat
Copy link
Member

@dotnwat dotnwat commented Jul 3, 2024

Fixes circular dependency between security and config libraries.

Backports Required

  • none - not a bug fix
  • none - this is a backport
  • none - issue does not exist in previous branches
  • none - papercut/not impactful enough to backport
  • v24.1.x
  • v23.3.x
  • v23.2.x

Release Notes

  • none

dotnwat added 2 commits July 2, 2024 21:49
@dotnwat
config: remove unused headers
2581780 
Signed-off-by: Noah Watkins <noahwatkins@gmail.com>
@dotnwat
security: split out tls::rule into standalone file
80a25c4 
v::config depends on v::security_config which is composed of
config_bsl/rcl.cc which both include mtls.h which in turn depends on
config headers for things like config::binding, creating a circular
dependency on headers.

this commit splits out tls::rule which is the only type needed by
v::config and doesn't have dependences on any config headers.

Signed-off-by: Noah Watkins <noahwatkins@gmail.com>
@dotnwat dotnwat requested a review from a team as a code owner July 3, 2024 04:52
@dotnwat dotnwat removed the request for review from a team July 3, 2024 04:56
dotnwat
dotnwat commented Jul 3, 2024
View reviewed changes
src/v/config/property.h
@@ -22,8 +22,6 @@

#include <seastar/util/noncopyable_function.hh>

#include <boost/intrusive/list.hpp>
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unrelated to the purpose of the pr, just a vehicle for a trivial fix.

dotnwat
dotnwat commented Jul 3, 2024
View reviewed changes
src/v/security/CMakeLists.txt
Comment on lines +7 to +8
gssapi_rule.cc
logger.cc
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

v::security_config also fills a role as a sort of v::security_common

dotnwat added 3 commits July 2, 2024 22:35
@dotnwat
security: split out gssapi_rule into standalone file
f7c9ea5 
v::config depends on v::security_config which is composed of
config_bsl/rcl.cc one which include gssapi_principal_mapper.h which in
turn depends on config headers for things like config::binding, creating
a circular dependency on headers.

this commit splits out gssapi_rule which is the only type needed by
v::config and doesn't have dependences on any config headers.

Signed-off-by: Noah Watkins <noahwatkins@gmail.com>
@dotnwat
security: split oidc principal parsing from apply
66ec5b7 
Before this change oidc_principal_mapping parsing and application from
jwt to acl_principal were combined into one unit. However, v::config
needs the parsing component to perform validation, but doesn't want to
take on all of the transitive dependencies that come from acl.h etc...

So we split out the parsing component and add a helper to handle the
final apply logic.

Signed-off-by: Noah Watkins <noahwatkins@gmail.com>
@dotnwat
security: move validate_kerberos_mapping_rules into config.h
04085d1 
Depending on gssapi_principal_mapper.h for this meant bringing in
config::binding dependency. but that is unnecessary after this commit
moves the declaration into config.h.

Signed-off-by: Noah Watkins <noahwatkins@gmail.com>
@dotnwat dotnwat force-pushed the security-config branch from bfde7ae to 04085d1 Compare July 3, 2024 05:35
BenPope
BenPope approved these changes Jul 3, 2024
View reviewed changes
Copy link
Member

@BenPope BenPope left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks.

@dotnwat dotnwat merged commit 93474b7 into redpanda-data:dev Jul 3, 2024
18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BenPope BenPope BenPope approved these changes

@michael-redpanda michael-redpanda Awaiting requested review from michael-redpanda

Assignees
No one assigned
Labels
area/redpanda
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dotnwat @BenPope