[jira] [Commented] (CASSANDRA-16404) Provide a nodetool way of invalidating auth caches

Fri, 16 Jul 2021 06:51:05 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-16404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17382085#comment-17382085
 ] 

Aleksei Zotov commented on CASSANDRA-16404:
-------------------------------------------

[~blerer]

The plan sounds good to me! I'd be glad to give a try to {{CASSANDRA-16806.}}

[~samt]

Do you want me to change the syntax for {{invalidatepermissionscache}} command 
only or for all?

I'll think on other syntax in order to simplify operations. Just a couple of 
thoughts:
 # "-u" might be bit confusing because there is "(-u <username> | --username 
<username>)" which is JMX user.
 # if we do not have enough information from input to construct "Resource" then 
we'll have to iterate through all cached records because "Resource" is a part 
of key . It actually should not be a significant issue because there should not 
be many records, but I just want to highlight that.

 

> Provide a nodetool way of invalidating auth caches
> --------------------------------------------------
>
>                 Key: CASSANDRA-16404
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-16404
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Feature/Authorization
>            Reporter: Sumanth Pasupuleti
>            Assignee: Aleksei Zotov
>            Priority: Normal
>             Fix For: 4.x
>
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> We currently have nodetool commands to invalidate certain caches like 
> KeyCache, RowCache and CounterCache. 
> Being able to invalidate auth caches as well can come in handy in situations 
> where, critical backend auth changes may need to be in effect right away for 
> all the connections, especially in configurations where cache validity is 
> chosen to be for a longer duration. An example can be that an authenticated 
> user "User1" is no longer authorized to access a table resource "table1" and 
> it is vital that this change is reflected right away, without having to wait 
> for cache expiry/refresh to trigger.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to