This is an automated email from the ASF dual-hosted git repository.
samt pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra.git
The following commit(s) were added to refs/heads/trunk by this push:
new 149caf0 CassandraNetworkAuthorizer gets login privilege from
RolesCache
149caf0 is described below
commit 149caf01e08f58f306ff51379ab189c7a4b1ca6d
Author: Sam Tunnicliffe <[email protected]>
AuthorDate: Tue Apr 16 16:33:59 2019 +0100
CassandraNetworkAuthorizer gets login privilege from RolesCache
Patch by Sam Tunnicliffe; reviewed by Blake Eggleston for CASSANDRA-15089
---
CHANGES.txt | 2 ++
.../cassandra/auth/CassandraNetworkAuthorizer.java | 2 +-
.../cassandra/auth/CassandraNetworkAuthorizerTest.java | 17 +++++++++++++++++
3 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/CHANGES.txt b/CHANGES.txt
index 3248cfe..cbdd91f 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,6 @@
4.0
+ * CassandraNetworkAuthorizer uses cached roles info (CASSANDRA-15089)
+ * Introduce optional timeouts for idle client sessions (CASSANDRA-11097)
* Fix AlterTableStatement dropped type validation order (CASSANDRA-15203)
* Update Netty dependencies to latest, clean up SocketFactory
(CASSANDRA-15195)
* Native Transport - Apply noSpamLogger to ConnectionLimitHandler
(CASSANDRA-15167)
diff --git a/src/java/org/apache/cassandra/auth/CassandraNetworkAuthorizer.java
b/src/java/org/apache/cassandra/auth/CassandraNetworkAuthorizer.java
index 34a0140..6fdcd69 100644
--- a/src/java/org/apache/cassandra/auth/CassandraNetworkAuthorizer.java
+++ b/src/java/org/apache/cassandra/auth/CassandraNetworkAuthorizer.java
@@ -78,7 +78,7 @@ public class CassandraNetworkAuthorizer implements
INetworkAuthorizer
public DCPermissions authorize(RoleResource role)
{
- if (!DatabaseDescriptor.getRoleManager().canLogin(role))
+ if (!Roles.canLogin(role))
{
return DCPermissions.none();
}
diff --git
a/test/unit/org/apache/cassandra/auth/CassandraNetworkAuthorizerTest.java
b/test/unit/org/apache/cassandra/auth/CassandraNetworkAuthorizerTest.java
index c24a769..2e57173 100644
--- a/test/unit/org/apache/cassandra/auth/CassandraNetworkAuthorizerTest.java
+++ b/test/unit/org/apache/cassandra/auth/CassandraNetworkAuthorizerTest.java
@@ -51,6 +51,7 @@ import org.apache.cassandra.transport.messages.ResultMessage;
import static org.apache.cassandra.auth.AuthKeyspace.NETWORK_PERMISSIONS;
import static
org.apache.cassandra.auth.RoleTestUtils.LocalCassandraRoleManager;
import static org.apache.cassandra.schema.SchemaConstants.AUTH_KEYSPACE_NAME;
+import static org.apache.cassandra.auth.RoleTestUtils.getReadCount;
public class CassandraNetworkAuthorizerTest
{
@@ -105,6 +106,8 @@ public class CassandraNetworkAuthorizerTest
new LocalCassandraAuthorizer(),
new LocalCassandraNetworkAuthorizer());
setupSuperUser();
+ // not strictly necessary to init the cache here, but better to be
explicit
+ Roles.initRolesCache(DatabaseDescriptor.getRoleManager(), () -> true);
}
@Before
@@ -227,6 +230,8 @@ public class CassandraNetworkAuthorizerTest
Assert.assertEquals(DCPermissions.subset("dc1"), dcPerms(username));
assertDcPermRow(username, "dc1");
+ // clear the roles cache to lose the (non-)superuser status for the
user
+ Roles.clearCache();
auth("ALTER ROLE %s WITH superuser = true", username);
Assert.assertEquals(DCPermissions.all(), dcPerms(username));
}
@@ -238,4 +243,16 @@ public class CassandraNetworkAuthorizerTest
auth("CREATE ROLE %s", username);
Assert.assertEquals(DCPermissions.none(), dcPerms(username));
}
+
+ @Test
+ public void getLoginPrivilegeFromRolesCache() throws Exception
+ {
+ String username = createName();
+ auth("CREATE ROLE %s", username);
+ long readCount = getReadCount();
+ dcPerms(username);
+ Assert.assertEquals(++readCount, getReadCount());
+ dcPerms(username);
+ Assert.assertEquals(readCount, getReadCount());
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]