Re: [PR] CASSANDRA-19366 trunk - Expose auth mode in system_views.clients, clientstats, metrics [cassandra]

Wed, 07 Feb 2024 11:47:26 -0800 


tolbertam commented on code in PR #3085:
URL: https://github.com/apache/cassandra/pull/3085#discussion_r1481996718


##########
src/java/org/apache/cassandra/auth/IAuthenticator.java:
##########
@@ -179,5 +195,64 @@ default boolean shouldSendAuthenticateMessage()
         {
             return true;
         }
+
+        /**
+         * @return The assumed mode of authentication attempted using this 
negotiator, this will usually be some value
+         * of {@link AuthenticationMode#toString()}} unless an implementor 
provides their own custom authentication
+         * scheme.
+         */
+        default AuthenticationMode getAuthenticationMode()
+        {
+            return AuthenticationMode.UNAUTHENTICATED;
+        }
+    }
+
+    /**
+     * Known modes of authentication supported by Cassandra's provided {@link 
IAuthenticator} implementations.
+     */
+    abstract class AuthenticationMode
+    {
+        private final String displayName;
+
+        public AuthenticationMode(@Nonnull String displayName)
+        {
+            this.displayName = displayName;
+        }
+
+        /**
+         * User was not authenticated in any particular way.
+         */
+        public static final AuthenticationMode UNAUTHENTICATED = new 
AuthenticationMode("Unauthenticated") {};
+
+        /**
+         * User authenticated using a password.
+         */
+        public static final AuthenticationMode PASSWORD = new 
AuthenticationMode("Password") {};
+
+        /**
+         * User authenticated using a trusted identity in their client 
certificate.
+         */
+        public static final AuthenticationMode MTLS = new 
AuthenticationMode("Mtls") {};

Review Comment:
   I'll test whether spaces work w/ JMX, I suspect it does, but isn't desirable 
as might require clients to escape;  If it doesn't work, I suggest we throw a 
RuntimeException in the `AuthenticationMode` constructor. 
   
   As far as the name, regardless of whether spaces are allowed, how about 
`MutualTls` (for consistency with how the authenticator is named)?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to