[
https://issues.apache.org/jira/browse/CASSANDRA-15089?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16820006#comment-16820006
]
Sam Tunnicliffe commented on CASSANDRA-15089:
---------------------------------------------
The patch breaks a dtest which was relying on the LOGIN privilege not being
cached.
||dtest PR||CI||
|[15089|https://github.com/apache/cassandra-dtest/pull/50]|[circle|https://circleci.com/gh/beobal/workflows/cassandra/tree/cci%2F15089-trunk]
> CassandraNetworkAuthorizer::authorize should get role details from Roles, not
> directly from IRoleManager
> --------------------------------------------------------------------------------------------------------
>
> Key: CASSANDRA-15089
> URL: https://issues.apache.org/jira/browse/CASSANDRA-15089
> Project: Cassandra
> Issue Type: Bug
> Components: Feature/Authorization
> Reporter: Sam Tunnicliffe
> Assignee: Sam Tunnicliffe
> Priority: Normal
> Fix For: 4.0
>
>
> If the network permissions cache doesn't contain any entry for a role, the
> authorize method is invoked on the configured INetworkAuthorizer. In the case
> of CassandraNetworkAuthorizer, this immediately checks whether the role in
> question has the LOGIN privilege set. It does this using the configured
> IRoleManager directly, which causes a read from the underlying table in
> system_auth. It should fetch the flag from Roles::canLogin, which uses the
> RolesCache, falling back to the IRoleManager if necessary.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
