ekaterinadimitrova2 commented on a change in pull request #1043: URL: https://github.com/apache/cassandra/pull/1043#discussion_r648704797
########## File path: test/unit/org/apache/cassandra/cql3/PasswordObfuscatorTest.java ########## @@ -0,0 +1,110 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.cassandra.cql3; + +import org.junit.Test; + +import static java.lang.String.format; +import static org.junit.Assert.assertEquals; + +public class PasswordObfuscatorTest +{ + private static IObfuscator obfuscator = new PasswordObfuscator(); Review comment: nit: can be final ########## File path: src/java/org/apache/cassandra/cql3/PasswordObfuscator.java ########## @@ -0,0 +1,63 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.cassandra.cql3; + +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +/** + * Obfuscates passwords in a given string + */ +class PasswordObfuscator implements IObfuscator +{ + private static final String OBFUSCATION_TOKEN = "*******"; + private static final String PASSWORD_TOKEN = "password"; + + private static final int PATTERN_FLAGS = Pattern.CASE_INSENSITIVE | Pattern.DOTALL; + private static final Pattern PASSWORD_PATTERN = Pattern.compile(".*password\\s*=?\\s*'(?<password>[^\\s]+)'.*", + PATTERN_FLAGS); + + /** + * Obfuscates passwords in DCL statements. + * + * @param sourceString string to obfuscate + * @return obfuscated string, not containing passwords in plaintext + */ + @Override + public String obfuscate(String sourceString) + { + Matcher passwordMatcher = PASSWORD_PATTERN.matcher(sourceString); + if (!passwordMatcher.matches()) + { + return sourceString; + } Review comment: super nit: I don't think we need the brackets ########## File path: doc/source/new/auditlogging.rst ########## @@ -450,37 +451,45 @@ The ``auditlogviewer`` tool is used to dump audit logs. Run the ``auditlogviewer [ec2-user@ip-10-0-2-238 hourly]$ auditlogviewer /cassandra/audit/logs/hourly WARN 03:12:11,124 Using Pauser.sleepy() as not enough processors, have 2, needs 8+ - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564711427328|type :USE_KEYSPACE|category:OTHER|ks:auditlogkeyspace|operation:USE AuditLogKeyspace; - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564711427329|type :USE_KEYSPACE|category:OTHER|ks:auditlogkeyspace|operation:USE "auditlogkeyspace" - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564711446279|type :SELECT|category:QUERY|ks:auditlogkeyspace|scope:t|operation:SELECT * FROM t; - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564713878834|type :DROP_TABLE|category:DDL|ks:auditlogkeyspace|scope:t|operation:DROP TABLE IF EXISTS - AuditLogKeyspace.t; - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/3.91.56.164|port:42382|timestamp:1564714618360|ty - pe:REQUEST_FAILURE|category:ERROR|operation:CREATE KEYSPACE AuditLogKeyspace - WITH replication = {'class': 'SimpleStrategy', 'replication_factor' : 1};; Cannot add - existing keyspace "auditlogkeyspace" - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564714690968|type :DROP_KEYSPACE|category:DDL|ks:auditlogkeyspace|operation:DROP KEYSPACE AuditLogKeyspace; - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/3.91.56.164|port:42406|timestamp:1564714708329|ty pe:CREATE_KEYSPACE|category:DDL|ks:auditlogkeyspace|operation:CREATE KEYSPACE - AuditLogKeyspace - WITH replication = {'class': 'SimpleStrategy', 'replication_factor' : 1}; - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564714870678|type :USE_KEYSPACE|category:OTHER|ks:auditlogkeyspace|operation:USE auditlogkeyspace; - [ec2-user@ip-10-0-2-238 hourly]$ + Type: audit + LogMessage: + user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564711427328|type :USE_KEYSPACE|category:OTHER|ks:auditlogkeyspace|operation:USE AuditLogKeyspace; + Type: audit + LogMessage: + user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564711427329|type :USE_KEYSPACE|category:OTHER|ks:auditlogkeyspace|operation:USE "auditlogkeyspace" + Type: audit + LogMessage: + user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564711446279|type :SELECT|category:QUERY|ks:auditlogkeyspace|scope:t|operation:SELECT * FROM t; + Type: audit + LogMessage: + user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564713878834|type :DROP_TABLE|category:DDL|ks:auditlogkeyspace|scope:t|operation:DROP TABLE IF EXISTS + AuditLogKeyspace.t; + Type: audit + LogMessage: + user:anonymous|host:10.0.2.238:7000|source:/3.91.56.164|port:42382|timestamp:1564714618360|ty + pe:REQUEST_FAILURE|category:ERROR|operation:CREATE KEYSPACE AuditLogKeyspace + WITH replication = {'class': 'SimpleStrategy', 'replication_factor' : 1};; Cannot add + existing keyspace "auditlogkeyspace" + Type: audit + LogMessage: + user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564714690968|type :DROP_KEYSPACE|category:DDL|ks:auditlogkeyspace|operation:DROP KEYSPACE AuditLogKeyspace; + Type: audit + LogMessage: + user:anonymous|host:10.0.2.238:7000|source:/3.91.56.164|port:42406|timestamp:1564714708329|ty pe:CREATE_KEYSPACE|category:DDL|ks:auditlogkeyspace|operation:CREATE KEYSPACE + AuditLogKeyspace + WITH replication = {'class': 'SimpleStrategy', 'replication_factor' : 1}; + Type: audit + LogMessage: + user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564714870678|type :USE_KEYSPACE|category:OTHER|ks:auditlogkeyspace|operation:USE auditlogkeyspace; + [ec2-user@ip-10-0-2-238 hourly]$ + Type: audit + LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:65282|timestamp:1622630496708|type:CREATE_ROLE|category:DCL|operation:create role role1 WITH password = '*******'; + Type: audit + LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:65282|timestamp:1622630634552|type:ALTER_ROLE|category:DCL|operation:alter ROLE role1 WITH PASSWORD = '*******' AND LOGIN = false; + Type: audit + LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:65282|timestamp:1622630698686|type:CREATE_ROLE|category:DCL|operation:create user user1 WITH PASSWORD '*******' NOSUPERUSER ; Review comment: Same here, the capital letters ########## File path: doc/source/new/auditlogging.rst ########## @@ -450,37 +451,45 @@ The ``auditlogviewer`` tool is used to dump audit logs. Run the ``auditlogviewer [ec2-user@ip-10-0-2-238 hourly]$ auditlogviewer /cassandra/audit/logs/hourly WARN 03:12:11,124 Using Pauser.sleepy() as not enough processors, have 2, needs 8+ - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564711427328|type :USE_KEYSPACE|category:OTHER|ks:auditlogkeyspace|operation:USE AuditLogKeyspace; - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564711427329|type :USE_KEYSPACE|category:OTHER|ks:auditlogkeyspace|operation:USE "auditlogkeyspace" - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564711446279|type :SELECT|category:QUERY|ks:auditlogkeyspace|scope:t|operation:SELECT * FROM t; - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564713878834|type :DROP_TABLE|category:DDL|ks:auditlogkeyspace|scope:t|operation:DROP TABLE IF EXISTS - AuditLogKeyspace.t; - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/3.91.56.164|port:42382|timestamp:1564714618360|ty - pe:REQUEST_FAILURE|category:ERROR|operation:CREATE KEYSPACE AuditLogKeyspace - WITH replication = {'class': 'SimpleStrategy', 'replication_factor' : 1};; Cannot add - existing keyspace "auditlogkeyspace" - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564714690968|type :DROP_KEYSPACE|category:DDL|ks:auditlogkeyspace|operation:DROP KEYSPACE AuditLogKeyspace; - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/3.91.56.164|port:42406|timestamp:1564714708329|ty pe:CREATE_KEYSPACE|category:DDL|ks:auditlogkeyspace|operation:CREATE KEYSPACE - AuditLogKeyspace - WITH replication = {'class': 'SimpleStrategy', 'replication_factor' : 1}; - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564714870678|type :USE_KEYSPACE|category:OTHER|ks:auditlogkeyspace|operation:USE auditlogkeyspace; - [ec2-user@ip-10-0-2-238 hourly]$ + Type: audit + LogMessage: + user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564711427328|type :USE_KEYSPACE|category:OTHER|ks:auditlogkeyspace|operation:USE AuditLogKeyspace; + Type: audit + LogMessage: + user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564711427329|type :USE_KEYSPACE|category:OTHER|ks:auditlogkeyspace|operation:USE "auditlogkeyspace" + Type: audit + LogMessage: + user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564711446279|type :SELECT|category:QUERY|ks:auditlogkeyspace|scope:t|operation:SELECT * FROM t; + Type: audit + LogMessage: + user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564713878834|type :DROP_TABLE|category:DDL|ks:auditlogkeyspace|scope:t|operation:DROP TABLE IF EXISTS + AuditLogKeyspace.t; + Type: audit + LogMessage: + user:anonymous|host:10.0.2.238:7000|source:/3.91.56.164|port:42382|timestamp:1564714618360|ty + pe:REQUEST_FAILURE|category:ERROR|operation:CREATE KEYSPACE AuditLogKeyspace + WITH replication = {'class': 'SimpleStrategy', 'replication_factor' : 1};; Cannot add + existing keyspace "auditlogkeyspace" + Type: audit + LogMessage: + user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564714690968|type :DROP_KEYSPACE|category:DDL|ks:auditlogkeyspace|operation:DROP KEYSPACE AuditLogKeyspace; + Type: audit + LogMessage: + user:anonymous|host:10.0.2.238:7000|source:/3.91.56.164|port:42406|timestamp:1564714708329|ty pe:CREATE_KEYSPACE|category:DDL|ks:auditlogkeyspace|operation:CREATE KEYSPACE + AuditLogKeyspace + WITH replication = {'class': 'SimpleStrategy', 'replication_factor' : 1}; + Type: audit + LogMessage: + user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564714870678|type :USE_KEYSPACE|category:OTHER|ks:auditlogkeyspace|operation:USE auditlogkeyspace; + [ec2-user@ip-10-0-2-238 hourly]$ + Type: audit + LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:65282|timestamp:1622630496708|type:CREATE_ROLE|category:DCL|operation:create role role1 WITH password = '*******'; + Type: audit + LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:65282|timestamp:1622630634552|type:ALTER_ROLE|category:DCL|operation:alter ROLE role1 WITH PASSWORD = '*******' AND LOGIN = false; + Type: audit + LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:65282|timestamp:1622630698686|type:CREATE_ROLE|category:DCL|operation:create user user1 WITH PASSWORD '*******' NOSUPERUSER ; + Type: audit + LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:65282|timestamp:1622630747344|type:ALTER_ROLE|category:DCL|operation:alter user user1 WITH PASSWORD '*******'; Review comment: And here.... ########## File path: doc/source/new/auditlogging.rst ########## @@ -450,37 +451,45 @@ The ``auditlogviewer`` tool is used to dump audit logs. Run the ``auditlogviewer [ec2-user@ip-10-0-2-238 hourly]$ auditlogviewer /cassandra/audit/logs/hourly WARN 03:12:11,124 Using Pauser.sleepy() as not enough processors, have 2, needs 8+ - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564711427328|type :USE_KEYSPACE|category:OTHER|ks:auditlogkeyspace|operation:USE AuditLogKeyspace; - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564711427329|type :USE_KEYSPACE|category:OTHER|ks:auditlogkeyspace|operation:USE "auditlogkeyspace" - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564711446279|type :SELECT|category:QUERY|ks:auditlogkeyspace|scope:t|operation:SELECT * FROM t; - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564713878834|type :DROP_TABLE|category:DDL|ks:auditlogkeyspace|scope:t|operation:DROP TABLE IF EXISTS - AuditLogKeyspace.t; - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/3.91.56.164|port:42382|timestamp:1564714618360|ty - pe:REQUEST_FAILURE|category:ERROR|operation:CREATE KEYSPACE AuditLogKeyspace - WITH replication = {'class': 'SimpleStrategy', 'replication_factor' : 1};; Cannot add - existing keyspace "auditlogkeyspace" - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564714690968|type :DROP_KEYSPACE|category:DDL|ks:auditlogkeyspace|operation:DROP KEYSPACE AuditLogKeyspace; - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/3.91.56.164|port:42406|timestamp:1564714708329|ty pe:CREATE_KEYSPACE|category:DDL|ks:auditlogkeyspace|operation:CREATE KEYSPACE - AuditLogKeyspace - WITH replication = {'class': 'SimpleStrategy', 'replication_factor' : 1}; - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564714870678|type :USE_KEYSPACE|category:OTHER|ks:auditlogkeyspace|operation:USE auditlogkeyspace; - [ec2-user@ip-10-0-2-238 hourly]$ + Type: audit + LogMessage: + user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564711427328|type :USE_KEYSPACE|category:OTHER|ks:auditlogkeyspace|operation:USE AuditLogKeyspace; + Type: audit + LogMessage: + user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564711427329|type :USE_KEYSPACE|category:OTHER|ks:auditlogkeyspace|operation:USE "auditlogkeyspace" + Type: audit + LogMessage: + user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564711446279|type :SELECT|category:QUERY|ks:auditlogkeyspace|scope:t|operation:SELECT * FROM t; + Type: audit + LogMessage: + user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564713878834|type :DROP_TABLE|category:DDL|ks:auditlogkeyspace|scope:t|operation:DROP TABLE IF EXISTS + AuditLogKeyspace.t; + Type: audit + LogMessage: + user:anonymous|host:10.0.2.238:7000|source:/3.91.56.164|port:42382|timestamp:1564714618360|ty + pe:REQUEST_FAILURE|category:ERROR|operation:CREATE KEYSPACE AuditLogKeyspace + WITH replication = {'class': 'SimpleStrategy', 'replication_factor' : 1};; Cannot add + existing keyspace "auditlogkeyspace" + Type: audit + LogMessage: + user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564714690968|type :DROP_KEYSPACE|category:DDL|ks:auditlogkeyspace|operation:DROP KEYSPACE AuditLogKeyspace; + Type: audit + LogMessage: + user:anonymous|host:10.0.2.238:7000|source:/3.91.56.164|port:42406|timestamp:1564714708329|ty pe:CREATE_KEYSPACE|category:DDL|ks:auditlogkeyspace|operation:CREATE KEYSPACE + AuditLogKeyspace + WITH replication = {'class': 'SimpleStrategy', 'replication_factor' : 1}; + Type: audit + LogMessage: + user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564714870678|type :USE_KEYSPACE|category:OTHER|ks:auditlogkeyspace|operation:USE auditlogkeyspace; + [ec2-user@ip-10-0-2-238 hourly]$ + Type: audit + LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:65282|timestamp:1622630496708|type:CREATE_ROLE|category:DCL|operation:create role role1 WITH password = '*******'; Review comment: Shouldn't we keep the capital letters, for example `CREATE `instead of `create`? ########## File path: src/java/org/apache/cassandra/audit/AuditLogManager.java ########## @@ -135,7 +135,7 @@ else if (e instanceof AuthenticationException) builder.setType(AuditLogEntryType.REQUEST_FAILURE); } - builder.appendToOperation(e.getMessage()); + builder.appendToOperation(QueryEvents.instance.getObfuscator().obfuscate(e.getMessage())); Review comment: Great catch, should we add a test for it? ########## File path: src/java/org/apache/cassandra/cql3/QueryEvents.java ########## @@ -72,8 +82,9 @@ public void notifyQuerySuccess(CQLStatement statement, { try { + for (Listener listener : listeners) - listener.querySuccess(statement, query, options, state, queryTime, response); + listener.querySuccess(statement, possiblyObfuscateQuery(statement, query), options, state, queryTime, response); Review comment: I am wondering what happened here? ########## File path: test/unit/org/apache/cassandra/audit/AuditLoggerAuthTest.java ########## @@ -135,7 +136,7 @@ public void testCqlALTERRoleAuditing() executeWithCredentials(Arrays.asList(cql), CASS_USER, CASS_PW, AuditLogEntryType.LOGIN_SUCCESS); assertTrue(getInMemAuditLogger().size() > 0); AuditLogEntry logEntry = getInMemAuditLogger().poll(); - assertLogEntry(logEntry, AuditLogEntryType.ALTER_ROLE, cql, CASS_USER); + assertLogEntry(logEntry, AuditLogEntryType.ALTER_ROLE, "ALTER ROLE " + TEST_ROLE + " WITH PASSWORD = '" + QueryEvents.instance.getObfuscator().getObfuscationToken() + "'", CASS_USER); Review comment: I think `"'"` can be substituted with `'''` ########## File path: src/java/org/apache/cassandra/cql3/QueryEvents.java ########## @@ -235,6 +246,15 @@ public void notifyPrepareFailure(@Nullable CQLStatement statement, String query, } } + private String possiblyObfuscateQuery(CQLStatement statement, String query) Review comment: +1 on simplifying it ########## File path: doc/source/new/auditlogging.rst ########## @@ -450,37 +451,45 @@ The ``auditlogviewer`` tool is used to dump audit logs. Run the ``auditlogviewer [ec2-user@ip-10-0-2-238 hourly]$ auditlogviewer /cassandra/audit/logs/hourly WARN 03:12:11,124 Using Pauser.sleepy() as not enough processors, have 2, needs 8+ - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564711427328|type :USE_KEYSPACE|category:OTHER|ks:auditlogkeyspace|operation:USE AuditLogKeyspace; - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564711427329|type :USE_KEYSPACE|category:OTHER|ks:auditlogkeyspace|operation:USE "auditlogkeyspace" - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564711446279|type :SELECT|category:QUERY|ks:auditlogkeyspace|scope:t|operation:SELECT * FROM t; - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564713878834|type :DROP_TABLE|category:DDL|ks:auditlogkeyspace|scope:t|operation:DROP TABLE IF EXISTS - AuditLogKeyspace.t; - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/3.91.56.164|port:42382|timestamp:1564714618360|ty - pe:REQUEST_FAILURE|category:ERROR|operation:CREATE KEYSPACE AuditLogKeyspace - WITH replication = {'class': 'SimpleStrategy', 'replication_factor' : 1};; Cannot add - existing keyspace "auditlogkeyspace" - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564714690968|type :DROP_KEYSPACE|category:DDL|ks:auditlogkeyspace|operation:DROP KEYSPACE AuditLogKeyspace; - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/3.91.56.164|port:42406|timestamp:1564714708329|ty pe:CREATE_KEYSPACE|category:DDL|ks:auditlogkeyspace|operation:CREATE KEYSPACE - AuditLogKeyspace - WITH replication = {'class': 'SimpleStrategy', 'replication_factor' : 1}; - Type: AuditLog - LogMessage: - user:anonymous|host:10.0.2.238:7000|source:/127.0.0.1|port:46264|timestamp:1564714870678|type :USE_KEYSPACE|category:OTHER|ks:auditlogkeyspace|operation:USE auditlogkeyspace; - [ec2-user@ip-10-0-2-238 hourly]$ + Type: audit Review comment: I am wondering why did you decide to change the type? ########## File path: src/java/org/apache/cassandra/cql3/IObfuscator.java ########## @@ -0,0 +1,36 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.cassandra.cql3; + +public interface IObfuscator Review comment: What other implementations do we plan? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
