[SERVER-28655] Allow yaml config options to be parsed as a single bson blob Created: 06/Apr/17  Updated: 27/Mar/23

Status: Backlog
Project: Core Server
Component/s: Internal Code
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Spencer Jackson Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 0
Labels: move-sa, platforms-re-triaged, re-triaged-ticket
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Assigned Teams:
Server Security
Participants:

 Description   

Some of our configuration options in our YAML config file need to contain structured configuration data. For example, right now, the LDAP userToDNMapping is provided a string containing JSON. This means, we must read in the string, and transform it from JSON to BSON. It would be preferable if we could accept the userToDNMapping as YAML list, point our configuration parser at the relevant node in the tree, and convert everything below it into a BSONObj which we can more easily work with. This will make it much easier for a user to correctly enter a well formatted input.



 Comments   
Comment by Lauren Lewis (Inactive) [ 24/Feb/22 ]

We haven’t heard back from you for at least one calendar year, so this issue is being closed. If this is still an issue for you, please provide additional information and we will reopen the ticket.

Comment by Billy Donahue [ 19/Aug/20 ]

I understand the motivation, but I don't quite understand why we'd use YAML for this instead of JSON to solve the problem. The fundamental problem is that there's no nested structure in the config file. You can introduce it with JSON, a much simpler notation. The important thing is just that we need nested hierarchical objects in config files, and not just a flat keyvalue list of dumb string values. JSON would meet that goal. I just personally find YAML very difficult and line-indent-oriented, and there's too many ways to write the same thing. I mean, this would be the same thing in JSON, which seems to be a similar gain over the original.

{
  "userToDNMapping": [
    {
      "match": "(ldapz_kerberos1)@LDAPTEST.10GEN.CC",
      "substitution": "cn={0},ou=org,dc=domain,dc=example"
    },
    {
      "match": "(ldapz_kerberos2@LDAPTEST.10GEN.CC)",
      "ldapQuery": "ou=org,dc=domain,dc=example??one?krbPrincipalName={0}"
    }
  ]
}

Comment by Spencer Jackson [ 06/Apr/17 ]

Today userToDNMapping works like:

userToDNMapping: '[{match: "(ldapz_kerberos1)@LDAPTEST.10GEN.CC", substitution: "cn={0},ou=org,dc=domain,dc=example"},{match: "(ldapz_kerberos2@LDAPTEST.10GEN.CC)", ldapQuery: "ou=org,dc=domain,dc=example??one?krbPrincipalName={0}"}]'

With this change it would resemble:

userToDNMapping:
  - 
   match: "(ldapz_kerberos1)@LDAPTEST.10GEN.CC"
   substitution: "cn={0},ou=org,dc=domain,dc=example"
  -
   match: "(ldapz_kerberos2@LDAPTEST.10GEN.CC)"
   ldapQuery: "ou=org,dc=domain,dc=example??one?krbPrincipalName={0}"

Comment by Mark Benvenuto [ 06/Apr/17 ]

Do you have an example syntax of how this might work?

Generated at Thu Feb 08 04:18:44 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.