Skip to content

Remove SpecialUsers principals#1065

Merged
danielballan merged 7 commits intobluesky:mainfrom
nmaytan:remove_specialusers
Aug 26, 2025
Merged

Remove SpecialUsers principals#1065
danielballan merged 7 commits intobluesky:mainfrom
nmaytan:remove_specialusers

Conversation

@nmaytan
Copy link
Contributor

@nmaytan nmaytan commented Aug 5, 2025

Closes #923, with follow-up authZ work in #1008

Checklist

  • Add a Changelog entry
  • Add the ticket number which this PR closes to the comment section

@nmaytan nmaytan requested a review from danielballan August 5, 2025 22:30
danielballan
danielballan reviewed Aug 6, 2025
View reviewed changes
Copy link
Member

@danielballan danielballan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like this so much.

In addition to the nits marked in line, we should give attention to how to differentiate authenticated and unauthenticated requests in log messages, in the case of the single-user server. (The multi-user server will log clearly as is.)

@danielballan
Copy link
Member

danielballan commented Aug 6, 2025

Note from design discussion:

For multi-user server, send the logging filter a Principal or None.

For single-user server, send the logging filter either:

  • a special SingleUserPrincipal sentinel object or None
  • one of two values of a two-state enum (effectively resurrecting SpecialUsers, but with a very reduced scope of just being used for logging)

danielballan
danielballan reviewed Aug 6, 2025
View reviewed changes
nmaytan
nmaytan commented Aug 14, 2025
View reviewed changes
@nmaytan nmaytan requested a review from danielballan August 14, 2025 04:26
@nmaytan nmaytan force-pushed the remove_specialusers branch from b68cb6d to a027746 Compare August 22, 2025 00:01
@nmaytan nmaytan force-pushed the remove_specialusers branch from a027746 to cf0da9e Compare August 26, 2025 19:47
@danielballan danielballan merged commit f76811e into bluesky:main Aug 26, 2025
9 checks passed
ZohebShaikh pushed a commit that referenced this pull request Feb 21, 2026
@nmaytan @ZohebShaikh
Remove SpecialUsers principals (#1065)
6b66a5e 
* Remove SpecialUsers principals

* Remove SpecialUsers from Simple policy

* Minor cleanups

* Use SingleUser sentinel for 'single user with api key' mode

* Remove SpecialUsers from zarr endpoints

* Update changelog to catch up with releases

* Update changelog for new release
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@danielballan danielballan danielballan approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Replace SpecialUsers enum with full Principal object

2 participants

@nmaytan @danielballan