[jira] [Comment Edited] (CASSANDRA-20863) Missing authorizer and role_manager configs in system_views.settings

Tiago L. Alves (Jira) Wed, 27 Aug 2025 05:13:04 -0700


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-20863?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18016520#comment-18016520
 ]


Tiago L. Alves edited comment on CASSANDRA-20863 at 8/27/25 12:12 PM:
----------------------------------------------------------------------

In CASSANDRA-19946 all auth* related classes allow configuration parameters. 
This was done by changing the underlying mechanism that loads those 
implementations using {{{}ParameterizedClass{}}}. This impacted the way those 
settings were exposed in {{system_views.settings}} virtual table.

For instance, while in Cassandra 5.0.1 we could check for the configured 
role_manager by running: {{select * from system_views.settings where name = 
'role_manager';}} in Cassandra 5.0.2 and later we need to use {{select * from 
system_views.settings where name = 'role_manager.class_name'; }}.

The same happens when checking for the used authorizer. In Cassandra 5.0.1, we 
could use {{select * from system_views.settings where name = 'authorizer';}} 
while in Cassandra 5.0.2 we need to use {{select * from system_views.settings 
where name = 'authorizer.class_name'; }}(notice the {{.class_name}} after the 
property name).

Note that in Cassandra 5.0.1, to query for the authenticator one already had to 
use {{query select * from system_views.settings where name = 
'authenticator.class_name';}} as querying for {{query select * from 
system_views.settings where name = 'authenticator';}} would yield no results.

While we were careful to ensure {{cassandra.yaml}} configuration would be 
backwards compatible, allowing to configure either:
{code:java}
authorizer: AllowAllAuthorizer{code}
or

 
{code:java}
authorizer:
  class_name: AllowAllAuthorizer
{code}
we failed to notice the impact of {{system_views.settings}} virtual table. This 
could be seen a regression between 5.0.1 and 5.0.2.

[~skrlaha] would adapting the queries be a solution for you?

 [~stefan.miklosovic]  as we worked together on this, do you think it makes 
sense / be possible to modify the {{system_views.settings}} to continue 
reporting {{{}authenticator{}}}, {{{}role_manager{}}}, and {{{}authorizer{}}}?

 


was (Author: tiagomlalves):
In CASSANDRA-19946 all auth* related classes allow configuration parameters. 
This was done by changing the underlying mechanism that loads those 
implementations using `ParameterizedClass`. This impacted the way those 
settings were exposed in `system_views.settings`.

For instance, while in Cassandra 5.0.1 we could check for the configured 
role_manager by running: `select * from system_views.settings where name = 
'role_manager';` in Cassandra 5.0.2 and later we need to use `select * from 
system_views.settings where name = 'role_manager.class_name';`.

The same happens when checking for the used authorizer. In Cassandra 5.0.1, we 
could use `select * from system_views.settings where name = 'authorizer';` 
while in Cassandra 5.0.2 we need to use `select * from system_views.settings 
where name = 'authorizer.class_name';`.

Note that in Cassandra 5.0.1, to query for the authenticator one had to use 
`query select * from system_views.settings where name = 
'authenticator.class_name';` as querying for `query select * from 
system_views.settings where name = 'authenticator';` would yield no results.

While we were careful to ensure `cassandra.yaml` configuration would be 
backwards compatible, allowing to configure either:

```

authorizer: AllowAllAuthorizer

```

or

```

authorizer:
  class_name: AllowAllAuthorizer

```

we failed to notice the impact of ` system_views.settings ` virtual table. This 
could be seen a regression between 5.0.1 and 5.0.2.

[~skrlaha] would adapting the queries be a solution for you?

 [~stefan.miklosovic]  as we worked together on this, do you think it makes 
sense / be possible to modify the `system_views.settings` to continue reporting 
`authenticator`, `role_manager`, and `authorizer`?

 

> Missing authorizer and role_manager configs in system_views.settings
> --------------------------------------------------------------------
>
>                 Key: CASSANDRA-20863
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-20863
>             Project: Apache Cassandra
>          Issue Type: Bug
>            Reporter: Sudipta Laha
>            Assignee: Tiago L. Alves
>            Priority: Normal
>
> Authorizer role_manager configs are missing in system_views.settings after 
> the changes in CASSANDRA-19946 were merged. Example query on a 5.x cluster:
>  
> cqlsh> select * from system_views.settings where name = 'authorizer';
>  name | value
> ------+-------
> cqlsh> select * from system_views.settings where name = 'role_manager';
>  name | value
> ------+-------
> (0 rows)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

[jira] [Comment Edited] (CASSANDRA-20863) Missing authorizer and role_manager configs in system_views.settings

Reply via email to