[
https://issues.apache.org/jira/browse/CASSANDRA-20208?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17914316#comment-17914316
]
Stefan Miklosovic commented on CASSANDRA-20208:
-----------------------------------------------
[CASSANDRA-20208|https://github.com/instaclustr/cassandra/tree/CASSANDRA-20208]
{noformat}
java17_pre-commit_tests
✓ j17_build 4m 50s
✓ j17_cqlsh_dtests_py311 6m 57s
✓ j17_cqlsh_dtests_py311_vnode 7m 22s
✓ j17_cqlsh_dtests_py38 6m 59s
✓ j17_cqlsh_dtests_py38_vnode 9m 32s
✓ j17_cqlshlib_cython_tests 11m 9s
✓ j17_cqlshlib_tests 6m 40s
✓ j17_jvm_dtests_latest_vnode 16m 6s
✓ j17_unit_tests 14m 42s
✓ j17_utests_latest 14m 54s
✓ j17_utests_oa 15m 14s
✕ j17_dtests 33m 52s
compaction_test.TestCompaction test_compaction_throughput
refresh_test.TestRefresh test_refresh_deadlock_startup
✕ j17_dtests_latest 39m 1s
read_repair_test.TestSpeculativeReadRepair test_failed_read_repair
read_repair_test.TestSpeculativeReadRepair test_quorum_requirement
read_repair_test.TestSpeculativeReadRepair
test_quorum_requirement_on_speculated_read
read_repair_test.TestSpeculativeReadRepair test_speculative_data_request
✕ j17_dtests_vnode 41m 45s
compaction_test.TestCompaction test_compaction_throughput
✕ j17_jvm_dtests 20m 48s
org.apache.cassandra.fuzz.ring.ConsistentBootstrapTest
coordinatorIsBehindTest
{noformat}
[java17_pre-commit_tests|https://app.circleci.com/pipelines/github/instaclustr/cassandra/5220/workflows/4be5451c-b3ff-4403-9454-44062c85dfff]
> audit_logging_options parameters are not sanitized when loaded from a
> configuration file on startup
> ---------------------------------------------------------------------------------------------------
>
> Key: CASSANDRA-20208
> URL: https://issues.apache.org/jira/browse/CASSANDRA-20208
> Project: Apache Cassandra
> Issue Type: Bug
> Components: Observability/Logging
> Reporter: Dmitry Konstantinov
> Assignee: Stefan Miklosovic
> Priority: Normal
> Fix For: 4.1.x, 5.0.x, 5.x
>
> Attachments: audit_filtering_state.png
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> based on the discussion in
> [https://lists.apache.org/thread/3whc30bqfcr1vgwv73zwlv74l2v3c0gt]
> a configuration like this:
> {code:java}
> audit_logging_options:
> enabled: true
> logger:
> - class_name: FileAuditLogger
> included_categories: DCL, ERROR, AUTH {code}
> is not sanitized when it is loaded on startup from cassandra.yaml file -
> spaces here are remaining: " ERROR", " AUTH" after parsing. As a result the
> audit logs filtering works not in a way as a user may expect and it is hard
> to troubleshoot:
> !audit_filtering_state.png|width=400!
> When we run nodetool enableauditlog the following logic is invoked:
> [https://github.com/apache/cassandra/blob/cassandra-4.1.7/src/java/org/apache/cassandra/service/StorageService.java#L6459]
> which rebuild AuditLogOptions using builder API.AuditLogOption.build() has
> sanitisation logic which does the trimming:
> [https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/audit/AuditLogOptions.java#L235]
>
> org.apache.cassandra.config.Config#audit_logging_options is created a generic
> reflective code which does not use the builder, so there is no trimming
> during a startup.
> It can be fixed by adding sanitisation during the startup parsing too to make
> the behaviour more consistent and less error prone.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
