[
https://issues.apache.org/jira/browse/CASSANDRA-16958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17472961#comment-17472961
]
Josh McKenzie commented on CASSANDRA-16958:
-------------------------------------------
Well that ended up being a more interesting rebase than expected after
CASSANDRA-17027.
I ended up changing some of the implementation to try and better tie together
various AuthCache implementers initialization since that was the long pole of
complexity on getting this rebase to behave and wired it up in CQLTester.
I've now tied the starting of all "static" caches to
{{AuthCacheService.initializeAndRegisterCaches}} and left a bread crumb there
pointing to the current member initialization and registration happening in
{{{}PasswordAuthenticator.setup{}}}, as well as left {{@link}} breadcrumbs on
the various init methods indicating they shouldn't be used directly.
Any work locally on that code should both 1) provide immediate context about
the relationships between the various caches, the service, and initialization,
and 2) automatically be picked up by IDE's doing a rename or other refactor.
So all that said, here's our links:
||Item|Link|
||PR|[Link|https://github.com/apache/cassandra/pull/1205]|
||JDK8
tests|[Link|https://app.circleci.com/pipelines/github/josh-mckenzie/cassandra/163/workflows/b2d1f937-80cd-4ac0-a2a6-b0587fd7cc92]|
||JDK11
tests|[Link|https://app.circleci.com/pipelines/github/josh-mckenzie/cassandra/163/workflows/d9bf9c91-1e31-4480-9078-bff7440cd601]|
Lastly of note: I reged replaced git: with https: as per CASSANDRA-17255; will
revert that bit in favor of that other commit once CI is done.
> Prewarm role and credentials caches to avoid timeouts at startup
> ----------------------------------------------------------------
>
> Key: CASSANDRA-16958
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16958
> Project: Cassandra
> Issue Type: Improvement
> Components: Feature/Authorization
> Reporter: Josh McKenzie
> Assignee: Josh McKenzie
> Priority: Normal
> Fix For: 4.x
>
>
> With our current auth querying setup, you can end up with a thundering herd
> on reconnect due to delays on auth resolution.
> We should instead allow the ability to do a 'select' on all roles and
> pre-load the cache before turning on native transport. Notably, this could
> present some unacceptable delays on start with a very large count of users
> (thousands), or someone who uses a third party auth system rather than the
> built-in authorizer so this should be configurable and opt-in.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
