Skip to content

Security and Users & Roles Sections Migration#452

Open
Ethan-Arrowood wants to merge 9 commits intomajor-version-reorgfrom
migration/security
Open

Security and Users & Roles Sections Migration#452
Ethan-Arrowood wants to merge 9 commits intomajor-version-reorgfrom
migration/security

Conversation

@Ethan-Arrowood
Copy link
Member

@Ethan-Arrowood Ethan-Arrowood commented Mar 4, 2026
edited
Loading

Security and Users & Roles Sections Migration

Summary

Migration of Security and Users & Roles documentation from versioned_docs into the new reference_versioned_docs/version-v4/ structure.

Originally scoped as a single security/users-and-roles.md page, Users & Roles was promoted to its own top-level section during migration due to the breadth of content (permission structure reference, config file roles, full Operations API coverage). This also revealed that authentication config was a top-level key in harperdb-config.yaml — not nested under operationsApi as the source docs incorrectly implied — and that authentication.hashFunction (password hashing algorithm, added in v4.5.0) was entirely undocumented.

Files Created

Security

  • reference_versioned_docs/version-v4/security/overview.md
  • reference_versioned_docs/version-v4/security/configuration.md (new — documents authentication: config block, including undocumented hashFunction key)
  • reference_versioned_docs/version-v4/security/basic-authentication.md
  • reference_versioned_docs/version-v4/security/jwt-authentication.md
  • reference_versioned_docs/version-v4/security/mtls-authentication.md
  • reference_versioned_docs/version-v4/security/certificate-management.md
  • reference_versioned_docs/version-v4/security/certificate-verification.md

Users & Roles (new top-level section)

  • reference_versioned_docs/version-v4/users-and-roles/overview.md
  • reference_versioned_docs/version-v4/users-and-roles/configuration.md
  • reference_versioned_docs/version-v4/users-and-roles/operations.md

Other

  • migration-context/link-placeholders/security-link-placeholders.md

Files Removed

  • reference_versioned_docs/version-v4/security/cors.md (content lives in http/configuration.md)
  • reference_versioned_docs/version-v4/security/ssl.md (content lives in http/tls.md)
  • reference_versioned_docs/version-v4/security/users-and-roles.md (replaced by users-and-roles/ section)

Notable Changes vs. Original Plan

  • Users & Roles promoted to top-level section: The original plan had security/users-and-roles.md as a single page. During migration it was split into users-and-roles/overview.md, users-and-roles/configuration.md, and users-and-roles/operations.md — consistent with how other content-rich sections like logging/ are structured.
  • security/configuration.md added: The source docs incorrectly nested token timeout config under operationsApi.authentication; the actual key is top-level authentication:. A dedicated configuration page now documents all auth config options. The jwt-authentication.md page has been corrected accordingly.
  • authentication.hashFunction documented for first time: The v4.5.0 password hashing feature (sha256/argon2id) was noted in release notes but never had a documented config key. security/configuration.md documents it with a TODO to verify the exact key name against Harper source.
  • Plan updated: v4-docs-reference-plan.md updated to reflect the new users-and-roles/ top-level section and security/configuration.md.

Source Files Used

security/overview.md

  • versioned_docs/version-4.7/developers/security/index.md (primary)
  • versioned_docs/version-4.7/developers/security/configuration.md (CORS/SSL overview)

security/configuration.md

  • versioned_docs/version-4.7/deployments/configuration.md (authentication section)

security/basic-authentication.md

  • versioned_docs/version-4.7/developers/security/basic-auth.md (primary)

security/jwt-authentication.md

  • versioned_docs/version-4.7/developers/security/jwt-auth.md (primary)

security/mtls-authentication.md

  • versioned_docs/version-4.7/developers/security/mtls-auth.md (primary)
  • release-notes/v4-tucker/4.3.0.md (confirmed mTLS introduction)

security/certificate-management.md

  • versioned_docs/version-4.7/developers/security/certificate-management.md (primary)
  • release-notes/v4-tucker/4.4.0.md (dynamic certificate management)
  • release-notes/v4-tucker/4.5.0.md (certificate revocation)

security/certificate-verification.md

  • versioned_docs/version-4.7/developers/security/certificate-verification.md (primary)
  • release-notes/v4-tucker/4.5.0.md (revocation support)
  • release-notes/v4-tucker/4.7.0.md (OCSP support confirmed)

users-and-roles/overview.md

  • versioned_docs/version-4.7/developers/security/users-and-roles.md (primary)

users-and-roles/configuration.md

  • versioned_docs/version-4.7/reference/roles.md (roles config file format)
  • release-notes/v4-tucker/4.5.0.md (password hashing upgrade)

users-and-roles/operations.md

  • versioned_docs/version-4.7/developers/operations-api/users-and-roles.md (primary)

Version Annotations Added

High Confidence (Confirmed via release notes)

  • mTLS Authentication: Added in v4.3.0
  • Dynamic Certificate Management: Added in v4.4.0
  • Certificate Revocation: Added in v4.5.0
  • OCSP Support: Added in v4.7.0
  • Password Hashing (sha256, argon2id): Added in v4.5.0
  • Cookie-based sessions (enableSessions): Added in v4.2.0

Needs Verification

  • Basic Auth available since v4.1.0 (inferred from migration map; v4.1 source files not found in repo)
  • JWT Auth available since v4.1.0 (same note)
  • authentication.hashFunction config key name (documented in release notes but key name not in any source doc — TODO left in security/configuration.md)

Link Placeholders

See migration-context/link-placeholders/security-link-placeholders.md for complete list.

Summary:

  • 3 placeholders to replication/clustering section (mTLS for replication)
  • 3 already resolved (cli/commands.md, http/configuration.md, http/tls.md)

Checklist for Human Reviewer

  • Verify v4.1.0 "available since" annotations for Basic Auth and JWT
  • Confirm authentication.hashFunction is the correct config key name and remove the TODO in security/configuration.md
  • Review users-and-roles operation examples for accuracy
  • Check inline source comments are accurate
  • Ensure link placeholders to replication/clustering make sense
  • Update migration-map.md status to "Complete" after merge

🤖 Generated with Claude Code

@Ethan-Arrowood @claude
docs: migrate Security section to v4 consolidated reference
2c4707c 
Migrates all security documentation from versioned_docs into the new
reference_versioned_docs/version-v4/security/ structure. Includes 9
pages covering authentication methods, certificate management, CORS,
SSL/HTTPS configuration, and users/roles RBAC.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@Ethan-Arrowood Ethan-Arrowood requested a review from a team as a code owner March 4, 2026 18:06
@Ethan-Arrowood Ethan-Arrowood marked this pull request as draft March 4, 2026 18:06
@Ethan-Arrowood Ethan-Arrowood mentioned this pull request Mar 4, 2026
Draft
25 tasks
@github-actions github-actions bot temporarily deployed to pr-452 March 4, 2026 18:08 Inactive
@github-actions
Copy link

github-actions bot commented Mar 4, 2026

🚀 Preview Deployment

Your preview deployment is ready!

🔗 Preview URL: https://preview.harper-documentation.harperfabric.com/pr-452

This preview will update automatically when you push new commits.

Ethan-Arrowood and others added 2 commits March 4, 2026 16:27
@Ethan-Arrowood @claude
docs: move Users & Roles to its own top-level section
7a0b7aa 
Splits security/users-and-roles.md into a dedicated users-and-roles/
section with overview, configuration, and operations files. Updates
the sidebar to reflect the new top-level "Users & Roles" category.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@Ethan-Arrowood
manual edits to security sections
8898658
@github-actions github-actions bot temporarily deployed to pr-452 March 6, 2026 21:40 Inactive
@github-actions
Copy link

github-actions bot commented Mar 6, 2026

🚀 Preview Deployment

Your preview deployment is ready!

🔗 Preview URL: https://preview.harper-documentation.harperfabric.com/pr-452

This preview will update automatically when you push new commits.

Ethan-Arrowood and others added 2 commits March 10, 2026 16:05
@Ethan-Arrowood @claude
docs: add security/configuration.md and fix authentication config keys
8908bdd 
- Add security/configuration.md covering the top-level `authentication:`
  config block (authorizeLocal, cacheTTL, enableSessions, token timeouts,
  hashFunction) with a TODO to verify the hashFunction key name
- Fix jwt-authentication.md: config was incorrectly nested under
  `operationsApi.authentication` — it is a top-level `authentication:` section
- Fix jwt-authentication.md: update broken ssl.md link to http/tls.md
- Update users-and-roles/configuration.md: replace fabricated config snippet
  with a link to security/configuration.md#hashfunction

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@Ethan-Arrowood
finish security and users-and-roles sections
f5e8bb8
@Ethan-Arrowood Ethan-Arrowood marked this pull request as ready for review March 11, 2026 15:08
@Ethan-Arrowood Ethan-Arrowood changed the title Security Section Migration Security and Users-and-Roles Sections Migration Mar 11, 2026
@github-actions github-actions bot temporarily deployed to pr-452 March 11, 2026 15:10 Inactive
@github-actions
Copy link

github-actions bot commented Mar 11, 2026

🚀 Preview Deployment

Your preview deployment is ready!

🔗 Preview URL: https://preview.harper-documentation.harperfabric.com/pr-452

This preview will update automatically when you push new commits.

@Ethan-Arrowood Ethan-Arrowood changed the title Security and Users-and-Roles Sections Migration Security and Users & Roles Sections Migration Mar 11, 2026
@Ethan-Arrowood @claude
docs: update plan to reflect users-and-roles promotion to top-level s…
9962f2e 
…ection

Notes that users-and-roles was broken out from security/ during migration,
and documents the new users-and-roles/ and security/configuration.md structure.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@github-actions github-actions bot temporarily deployed to pr-452 March 11, 2026 15:15 Inactive
@github-actions
Copy link

github-actions bot commented Mar 11, 2026

🚀 Preview Deployment

Your preview deployment is ready!

🔗 Preview URL: https://preview.harper-documentation.harperfabric.com/pr-452

This preview will update automatically when you push new commits.

cb1kenobi
cb1kenobi reviewed Mar 12, 2026
View reviewed changes
kriszyp
kriszyp reviewed Mar 16, 2026
View reviewed changes
Copy link
Member

@kriszyp kriszyp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is looking great!

reference_versioned_docs/version-v4/users-and-roles/overview.md Outdated
| Role | Description |
| ---------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
| `super_user` | Full access to all operations and methods. The admin role. |
| `cluster_user` | Internal system role that allows clustered instances to communicate. Managed internally. |
Copy link
Member

@kriszyp kriszyp Mar 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't exist anymore and should be removed.

Copy link
Member Author

@Ethan-Arrowood Ethan-Arrowood Mar 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But it existed in v4 at some point, right? Which version did we remove it? Just v5 or some point in v4 minors?

@github-actions github-actions bot temporarily deployed to pr-452 March 16, 2026 17:56 Inactive
@github-actions
Copy link

github-actions bot commented Mar 16, 2026

🚀 Preview Deployment

Your preview deployment is ready!

🔗 Preview URL: https://preview.harper-documentation.harperfabric.com/pr-452

This preview will update automatically when you push new commits.

@github-actions github-actions bot temporarily deployed to pr-452 March 16, 2026 18:15 Inactive
@github-actions
Copy link

github-actions bot commented Mar 16, 2026

🚀 Preview Deployment

Your preview deployment is ready!

🔗 Preview URL: https://preview.harper-documentation.harperfabric.com/pr-452

This preview will update automatically when you push new commits.

@github-actions
Copy link

github-actions bot commented Mar 16, 2026

🚀 Preview Deployment

Your preview deployment is ready!

🔗 Preview URL: https://preview.harper-documentation.harperfabric.com/pr-452

This preview will update automatically when you push new commits.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kriszyp kriszyp kriszyp left review comments

@cb1kenobi cb1kenobi cb1kenobi left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Ethan-Arrowood @kriszyp @cb1kenobi