[jira] [Commented] (CASSANDRA-16404) Provide a nodetool way of invalidating auth caches

Sun, 25 Jul 2021 09:46:20 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-16404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17386915#comment-17386915
 ] 

Aleksei Zotov commented on CASSANDRA-16404:
-------------------------------------------

[~samt]

> Fortunately, this piece of code ({{FunctionResource.fromName}} method) is not 
>used anywhere and I feel we can easily and safely switch from {{AbstractType}} 
>to {{CQLType}} (I can raise and handle a separate ticket for the sake of scope 
>segregation).

That's not completely correct. Even though {{fromName}} is not used, it needs 
to be aligned with {{getName}} which is used in a few places. I briefly checked 
the usages of {{getName}} and looks like {{role_permissions}} table relies on 
this method while storing existing permissions. So we cannot easily change it.

I made the change with introducing multiple CLI options. Please, review and let 
me know if there are any improvement points.

> Provide a nodetool way of invalidating auth caches
> --------------------------------------------------
>
>                 Key: CASSANDRA-16404
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-16404
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Feature/Authorization
>            Reporter: Sumanth Pasupuleti
>            Assignee: Aleksei Zotov
>            Priority: Normal
>             Fix For: 4.x
>
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> We currently have nodetool commands to invalidate certain caches like 
> KeyCache, RowCache and CounterCache. 
> Being able to invalidate auth caches as well can come in handy in situations 
> where, critical backend auth changes may need to be in effect right away for 
> all the connections, especially in configurations where cache validity is 
> chosen to be for a longer duration. An example can be that an authenticated 
> user "User1" is no longer authorized to access a table resource "table1" and 
> it is vital that this change is reflected right away, without having to wait 
> for cache expiry/refresh to trigger.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to