[
https://issues.apache.org/jira/browse/CASSANDRA-10135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14704818#comment-14704818
]
Sam Tunnicliffe commented on CASSANDRA-10135:
---------------------------------------------
Thi is mostly discussed in CASSANDRA-8850, tl;dr the initial proposal was to
make role names quoted strings, but in the end it was decided to stick with
identifiers as had previously been the case for user names.
2.1 and 2.2 define a user/role name as either an identifier - an unquoted,
case-insensitive string which matches the rule {{LETTER (LETTER | DIGIT |
'_')*}} - or as a string literal, which are single quoted & non-case sensitive.
From 2.2, string literals also support extended postgres syntax
(CASSANDRA-7769).
There is a divergence between user and role names in the 2.2 CQL grammar
though; role are defined as identifiers, unreserved keywords or quoted names.
Quoted names are much like the 2.1 string literals, except are double quoted
and in this usage, case-sensitive. They do not support the postgres {{$$}}
syntax.
I've pushed a branch
[here|https://github.com/apache/cassandra/compare/cassandra-2.2...beobal:10135-2.2]
which adds string literal as a supported production for role names, along with
some additional tests which exercise the various syntax options. To preserve
backwards compatibility, a quoted string role name (either singly quoted or
using pg syntax) is *not* case sensitive.
> Quoting changed for username in GRANT statement
> -----------------------------------------------
>
> Key: CASSANDRA-10135
> URL: https://issues.apache.org/jira/browse/CASSANDRA-10135
> Project: Cassandra
> Issue Type: Bug
> Components: API
> Environment: cassandra 2.2.0
> Reporter: Bernhard K. Weisshuhn
> Priority: Minor
>
> We may have uncovered an undocumented api change between cassandra 2.1.x and
> 2.2.0.
> When granting permissions to a username containing special characters, 2.1.x
> needed single quotes around the username and refused doubles.
> 2.2.0 needs doubles and refuses singles.
> Working example for 2.1.x:
> {code:sql}
> GRANT SELECT ON ALL KEYSPACES TO
> 'vault-readonly-root-79840dbb-917e-ed90-38e0-578226e6c1c6-1440017797';
> {code}
> Enclosing the username in double quotes instead of singles fails with the
> following error message:
> {quote}
> cassandra@cqlsh> GRANT SELECT ON ALL KEYSPACES TO
> "vault-readonly-root-79840dbb-917e-ed90-38e0-578226e6c1c6-1440017797";
> SyntaxException: <ErrorMessage code=2000 [Syntax error in CQL query]
> message="line 1:33 mismatched input
> 'vault-readonly-root-79840dbb-917e-ed90-38e0-578226e6c1c6-1440017797'
> expecting set null (...SELECT ON ALL KEYSPACES TO
> ["vault-readonly-root-79840dbb-917e-ed90-38e0-578226e6c1c6-144001779]...)">
> {quote}
> Singles fail in 2.2.0:
> {quote}
> cassandra@cqlsh> GRANT SELECT ON ALL KEYSPACES TO
> 'vault-readonly-root-e04e7a84-a7ba-d84f-f3c0-1e50e7590179-1440019308';
> SyntaxException: <ErrorMessage code=2000 [Syntax error in CQL query]
> message="line 1:33 no viable alternative at input
> 'vault-readonly-root-e04e7a84-a7ba-d84f-f3c0-1e50e7590179-1440019308'
> (...SELECT ON ALL KEYSPACES TO
> ['vault-readonly-root-e04e7a84-a7ba-d84f-f3c0-1e50e7590179-144001930]...)">
> {quote}
> ... whereas double quotes succeed:
> {code:sql}
> GRANT SELECT ON ALL KEYSPACES TO
> "vault-readonly-root-e04e7a84-a7ba-d84f-f3c0-1e50e7590179-1440019308";
> {code}
> If this is a deliberate change, I don't think it is reflected in the
> documentation. I am temped to consider this a bug introduced with the role
> additions.
> Motivation for this report:
> https://github.com/hashicorp/vault/pull/545#issuecomment-132634630
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
