search

chevah / compat

Chevah OS Compatibility Layer
Other
4 stars 1 forks source link

[#680] Add support to get groups for users from secondary domain #681

Open adiroiban opened 2 years ago

adiroiban commented 2 years ago

Scope

Authentication doesn't fully work for users from a secondary domain.

The credentials are validated, but then getting the groups fails.

Changes

Run the group opration in impersonation mode as the newly authenticated user.

Drive-by changes:

How to try and test the changes

reviewers: @danuker

FYI

codecov[bot] commented 2 years ago

Codecov Report

Merging #681 (6975965) into master (e2ff275) will decrease coverage by 0.01%. The diff coverage is 0.00%.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #681 +/- ## ========================================== - Coverage 76.61% 76.59% -0.02% ========================================== Files 58 58 Lines 8059 8061 +2 Branches 667 667 ========================================== Hits 6174 6174 - Misses 1734 1736 +2 Partials 151 151 ``` | [Impacted Files](https://codecov.io/gh/chevah/compat/pull/681?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=chevah) | Coverage Δ | | |---|---|---| | [chevah/compat/nt\_users.py](https://codecov.io/gh/chevah/compat/pull/681/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=chevah#diff-Y2hldmFoL2NvbXBhdC9udF91c2Vycy5weQ==) | `49.11% <0.00%> (-0.59%)` | :arrow_down: |
adiroiban commented 2 years ago

@dumol not urgent. When you have time, can you check why the docker tests are failing

looks like this fails due to our github checkout process

dumol commented 2 years ago

looks like this fails due to our github checkout process

Known issue, documented at https://github.com/chevah/compat/blob/master/.github/workflows/docker.yml#L105.

adiroiban commented 1 year ago

This was deployed to customer, but the issue was not fixed.

This is complicated, as this is a multi-domain Windows VM, with one-way trust for one of the domain.... complicated stuff and I have no idea how to setup such a Windows domain.