[jira] [Commented] (CASSANDRA-16404) Provide a nodetool way of invalidating auth caches

[Sumanth Pasupuleti (Jira)]

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-16404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17320549#comment-17320549
 ] 

Sumanth Pasupuleti commented on CASSANDRA-16404:
------------------------------------------------

Thanks [~blerer] for keeping me in loop for assignee change. I was waiting for 
the ticket to be triaged before implementing :), but thanks much to [~azotcsit] 
for taking this ticket forward with discussions and patch! 

[~azotcsit] I had a chance to review your patch and here are a few comments I 
have from the review.
# In addition to roles having hierarchy that you already mention, even 
resources have hierarchy. It maybe worth considering clearing entries for all 
resources underneath a resource in context.
# This 
[commit|https://github.com/apache/cassandra/pull/950/commits/e5660717deeb86872e4c868264f79f96c6b87d78]
 touches a lot more tests than just cache tests; I would recommend tackling 
that change as part of a separate ticket and change.
# Code style - You may want to run the * intellij code styler; especially for 
same line vs next style braces styling.

> Provide a nodetool way of invalidating auth caches
> --------------------------------------------------
>
>                 Key: CASSANDRA-16404
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-16404
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Feature/Authorization
>            Reporter: Sumanth Pasupuleti
>            Assignee: Alexey Zotov
>            Priority: Normal
>             Fix For: 4.x
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> We currently have nodetool commands to invalidate certain caches like 
> KeyCache, RowCache and CounterCache. 
> Being able to invalidate auth caches as well can come in handy in situations 
> where, critical backend auth changes may need to be in effect right away for 
> all the connections, especially in configurations where cache validity is 
> chosen to be for a longer duration. An example can be that an authenticated 
> user "User1" is no longer authorized to access a table resource "table1" and 
> it is vital that this change is reflected right away, without having to wait 
> for cache expiry/refresh to trigger.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org