This is an automated email from the ASF dual-hosted git repository. samt pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/cassandra.git
The following commit(s) were added to refs/heads/trunk by this push: new 149caf0 CassandraNetworkAuthorizer gets login privilege from RolesCache 149caf0 is described below commit 149caf01e08f58f306ff51379ab189c7a4b1ca6d Author: Sam Tunnicliffe <s...@beobal.com> AuthorDate: Tue Apr 16 16:33:59 2019 +0100 CassandraNetworkAuthorizer gets login privilege from RolesCache Patch by Sam Tunnicliffe; reviewed by Blake Eggleston for CASSANDRA-15089 --- CHANGES.txt | 2 ++ .../cassandra/auth/CassandraNetworkAuthorizer.java | 2 +- .../cassandra/auth/CassandraNetworkAuthorizerTest.java | 17 +++++++++++++++++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/CHANGES.txt b/CHANGES.txt index 3248cfe..cbdd91f 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,4 +1,6 @@ 4.0 + * CassandraNetworkAuthorizer uses cached roles info (CASSANDRA-15089) + * Introduce optional timeouts for idle client sessions (CASSANDRA-11097) * Fix AlterTableStatement dropped type validation order (CASSANDRA-15203) * Update Netty dependencies to latest, clean up SocketFactory (CASSANDRA-15195) * Native Transport - Apply noSpamLogger to ConnectionLimitHandler (CASSANDRA-15167) diff --git a/src/java/org/apache/cassandra/auth/CassandraNetworkAuthorizer.java b/src/java/org/apache/cassandra/auth/CassandraNetworkAuthorizer.java index 34a0140..6fdcd69 100644 --- a/src/java/org/apache/cassandra/auth/CassandraNetworkAuthorizer.java +++ b/src/java/org/apache/cassandra/auth/CassandraNetworkAuthorizer.java @@ -78,7 +78,7 @@ public class CassandraNetworkAuthorizer implements INetworkAuthorizer public DCPermissions authorize(RoleResource role) { - if (!DatabaseDescriptor.getRoleManager().canLogin(role)) + if (!Roles.canLogin(role)) { return DCPermissions.none(); } diff --git a/test/unit/org/apache/cassandra/auth/CassandraNetworkAuthorizerTest.java b/test/unit/org/apache/cassandra/auth/CassandraNetworkAuthorizerTest.java index c24a769..2e57173 100644 --- a/test/unit/org/apache/cassandra/auth/CassandraNetworkAuthorizerTest.java +++ b/test/unit/org/apache/cassandra/auth/CassandraNetworkAuthorizerTest.java @@ -51,6 +51,7 @@ import org.apache.cassandra.transport.messages.ResultMessage; import static org.apache.cassandra.auth.AuthKeyspace.NETWORK_PERMISSIONS; import static org.apache.cassandra.auth.RoleTestUtils.LocalCassandraRoleManager; import static org.apache.cassandra.schema.SchemaConstants.AUTH_KEYSPACE_NAME; +import static org.apache.cassandra.auth.RoleTestUtils.getReadCount; public class CassandraNetworkAuthorizerTest { @@ -105,6 +106,8 @@ public class CassandraNetworkAuthorizerTest new LocalCassandraAuthorizer(), new LocalCassandraNetworkAuthorizer()); setupSuperUser(); + // not strictly necessary to init the cache here, but better to be explicit + Roles.initRolesCache(DatabaseDescriptor.getRoleManager(), () -> true); } @Before @@ -227,6 +230,8 @@ public class CassandraNetworkAuthorizerTest Assert.assertEquals(DCPermissions.subset("dc1"), dcPerms(username)); assertDcPermRow(username, "dc1"); + // clear the roles cache to lose the (non-)superuser status for the user + Roles.clearCache(); auth("ALTER ROLE %s WITH superuser = true", username); Assert.assertEquals(DCPermissions.all(), dcPerms(username)); } @@ -238,4 +243,16 @@ public class CassandraNetworkAuthorizerTest auth("CREATE ROLE %s", username); Assert.assertEquals(DCPermissions.none(), dcPerms(username)); } + + @Test + public void getLoginPrivilegeFromRolesCache() throws Exception + { + String username = createName(); + auth("CREATE ROLE %s", username); + long readCount = getReadCount(); + dcPerms(username); + Assert.assertEquals(++readCount, getReadCount()); + dcPerms(username); + Assert.assertEquals(readCount, getReadCount()); + } } --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org