[jira] [Updated] (CASSANDRA-18811) Set right client auth for creating SSL context in mTLS optional mode
[ https://issues.apache.org/jira/browse/CASSANDRA-18811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa updated CASSANDRA-18811: Attachment: result_details.tar.gz > Set right client auth for creating SSL context in mTLS optional mode > > > Key: CASSANDRA-18811 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18811 > Project: Cassandra > Issue Type: Bug > Components: Messaging/Client, Messaging/Internode >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > Fix For: 4.1.x, 5.0.x, 5.x > > Attachments: ci_summary.html, result_details.tar.gz > > Time Spent: 10m > Remaining Estimate: 0h > > Adding a new value `optional` for require_client_auth in Encryption options. > when require_client_auth is optional, the SSL context that is created will > allow client connections that provide a client certificate along with the > client connections that do not provide certificates. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Comment Edited] (CASSANDRA-18811) Set right client auth for creating SSL context in mTLS optional mode
[ https://issues.apache.org/jira/browse/CASSANDRA-18811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17798378#comment-17798378 ] Jyothsna Konisa edited comment on CASSANDRA-18811 at 12/18/23 11:17 PM: [^ci_summary.html] [^result_details.tar.gz] Attaching test run results. was (Author: jyothsnakonisa): [^ci_summary.html] [^result_details.tar.gz] Attaching test run results. > Set right client auth for creating SSL context in mTLS optional mode > > > Key: CASSANDRA-18811 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18811 > Project: Cassandra > Issue Type: Bug > Components: Messaging/Client, Messaging/Internode >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > Fix For: 4.1.x, 5.0.x, 5.x > > Attachments: ci_summary.html, result_details.tar.gz > > Time Spent: 10m > Remaining Estimate: 0h > > Adding a new value `optional` for require_client_auth in Encryption options. > when require_client_auth is optional, the SSL context that is created will > allow client connections that provide a client certificate along with the > client connections that do not provide certificates. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-18811) Set right client auth for creating SSL context in mTLS optional mode
[ https://issues.apache.org/jira/browse/CASSANDRA-18811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17798378#comment-17798378 ] Jyothsna Konisa commented on CASSANDRA-18811: - [^ci_summary.html] [^result_details.tar.gz] Attaching test run results. > Set right client auth for creating SSL context in mTLS optional mode > > > Key: CASSANDRA-18811 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18811 > Project: Cassandra > Issue Type: Bug > Components: Messaging/Client, Messaging/Internode >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > Fix For: 4.1.x, 5.0.x, 5.x > > Attachments: ci_summary.html > > Time Spent: 10m > Remaining Estimate: 0h > > Adding a new value `optional` for require_client_auth in Encryption options. > when require_client_auth is optional, the SSL context that is created will > allow client connections that provide a client certificate along with the > client connections that do not provide certificates. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-18811) Set right client auth for creating SSL context in mTLS optional mode
[ https://issues.apache.org/jira/browse/CASSANDRA-18811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa updated CASSANDRA-18811: Attachment: ci_summary.html > Set right client auth for creating SSL context in mTLS optional mode > > > Key: CASSANDRA-18811 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18811 > Project: Cassandra > Issue Type: Bug > Components: Messaging/Client, Messaging/Internode >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > Fix For: 4.1.x, 5.0.x, 5.x > > Attachments: ci_summary.html > > Time Spent: 10m > Remaining Estimate: 0h > > Adding a new value `optional` for require_client_auth in Encryption options. > when require_client_auth is optional, the SSL context that is created will > allow client connections that provide a client certificate along with the > client connections that do not provide certificates. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-19199) Remove write option VALIDATE_SSTABLES to enforce validation
[ https://issues.apache.org/jira/browse/CASSANDRA-19199?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17796387#comment-17796387 ] Jyothsna Konisa commented on CASSANDRA-19199: - Circle CI https://app.circleci.com/pipelines/github/jyothsnakonisa/cassandra-analytics/13/workflows/7a9c74d4-517a-4866-a09c-2d3dd01eec08 > Remove write option VALIDATE_SSTABLES to enforce validation > --- > > Key: CASSANDRA-19199 > URL: https://issues.apache.org/jira/browse/CASSANDRA-19199 > Project: Cassandra > Issue Type: Task > Components: Analytics Library >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > > We should not allow the end-user to bypass the non-extended verify. Remove > VALIDATE_SSTABLES in writer options in Bulk Writer. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-19199) Remove write option VALIDATE_SSTABLES to enforce validation
[ https://issues.apache.org/jira/browse/CASSANDRA-19199?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa updated CASSANDRA-19199: Change Category: Operability Complexity: Normal Component/s: Analytics Library Reviewers: Yifan Cai Status: Open (was: Triage Needed) > Remove write option VALIDATE_SSTABLES to enforce validation > --- > > Key: CASSANDRA-19199 > URL: https://issues.apache.org/jira/browse/CASSANDRA-19199 > Project: Cassandra > Issue Type: Task > Components: Analytics Library >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > > We should not allow the end-user to bypass the non-extended verify. Remove > VALIDATE_SSTABLES in writer options in Bulk Writer. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-19199) Remove write option VALIDATE_SSTABLES to enforce validation
[ https://issues.apache.org/jira/browse/CASSANDRA-19199?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa updated CASSANDRA-19199: Test and Documentation Plan: Removed writer options, test cases passed. Status: Patch Available (was: Open) > Remove write option VALIDATE_SSTABLES to enforce validation > --- > > Key: CASSANDRA-19199 > URL: https://issues.apache.org/jira/browse/CASSANDRA-19199 > Project: Cassandra > Issue Type: Task > Components: Analytics Library >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > > We should not allow the end-user to bypass the non-extended verify. Remove > VALIDATE_SSTABLES in writer options in Bulk Writer. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-19199) Remove write option VALIDATE_SSTABLES to enforce validation
[ https://issues.apache.org/jira/browse/CASSANDRA-19199?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17796002#comment-17796002 ] Jyothsna Konisa commented on CASSANDRA-19199: - https://github.com/apache/cassandra-analytics/pull/24 > Remove write option VALIDATE_SSTABLES to enforce validation > --- > > Key: CASSANDRA-19199 > URL: https://issues.apache.org/jira/browse/CASSANDRA-19199 > Project: Cassandra > Issue Type: Task >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > > We should not allow the end-user to bypass the non-extended verify. Remove > VALIDATE_SSTABLES in writer options in Bulk Writer. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-19199) Remove write option VALIDATE_SSTABLES to enforce validation
[ https://issues.apache.org/jira/browse/CASSANDRA-19199?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa updated CASSANDRA-19199: Description: We should not allow the end-user to bypass the non-extended verify. Remove VALIDATE_SSTABLES in writer options in Bulk Writer. (was: We should not allow the end-user to bypass the non-extended verify. Remove VALIDATE_SSTABLES in writer options.) > Remove write option VALIDATE_SSTABLES to enforce validation > --- > > Key: CASSANDRA-19199 > URL: https://issues.apache.org/jira/browse/CASSANDRA-19199 > Project: Cassandra > Issue Type: Task >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > > We should not allow the end-user to bypass the non-extended verify. Remove > VALIDATE_SSTABLES in writer options in Bulk Writer. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Assigned] (CASSANDRA-19199) Remove write option VALIDATE_SSTABLES to enforce validation
[ https://issues.apache.org/jira/browse/CASSANDRA-19199?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa reassigned CASSANDRA-19199: --- Assignee: Jyothsna Konisa > Remove write option VALIDATE_SSTABLES to enforce validation > --- > > Key: CASSANDRA-19199 > URL: https://issues.apache.org/jira/browse/CASSANDRA-19199 > Project: Cassandra > Issue Type: Task >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > > We should not allow the end-user to bypass the non-extended verify. Remove > VALIDATE_SSTABLES in writer options. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Created] (CASSANDRA-19199) Remove write option VALIDATE_SSTABLES to enforce validation
Jyothsna Konisa created CASSANDRA-19199: --- Summary: Remove write option VALIDATE_SSTABLES to enforce validation Key: CASSANDRA-19199 URL: https://issues.apache.org/jira/browse/CASSANDRA-19199 Project: Cassandra Issue Type: Task Reporter: Jyothsna Konisa We should not allow the end-user to bypass the non-extended verify. Remove VALIDATE_SSTABLES in writer options. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-18811) Set right client auth for creating SSL context in mTLS optional mode
[ https://issues.apache.org/jira/browse/CASSANDRA-18811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17761070#comment-17761070 ] Jyothsna Konisa commented on CASSANDRA-18811: - CircleCi link: https://app.circleci.com/pipelines/github/jyothsnakonisa/cassandra/174/workflows/72d9d77b-45ff-42d0-8a44-a8964ce4762a > Set right client auth for creating SSL context in mTLS optional mode > > > Key: CASSANDRA-18811 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18811 > Project: Cassandra > Issue Type: Bug > Components: Messaging/Client, Messaging/Internode >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > Fix For: 4.1.x, 5.0-alpha, 5.x > > Time Spent: 10m > Remaining Estimate: 0h > > Adding a new value `optional` for require_client_auth in Encryption options. > when require_client_auth is optional, the SSL context that is created will > allow client connections that provide a client certificate along with the > client connections that do not provide certificates. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Created] (CASSANDRA-18811) Set right client auth for creating SSL context in mTLS optional mode
Jyothsna Konisa created CASSANDRA-18811: --- Summary: Set right client auth for creating SSL context in mTLS optional mode Key: CASSANDRA-18811 URL: https://issues.apache.org/jira/browse/CASSANDRA-18811 Project: Cassandra Issue Type: Bug Reporter: Jyothsna Konisa Assignee: Jyothsna Konisa Adding a new value `optional` for require_client_auth in Encryption options. when require_client_auth is optional, the SSL context that is created will allow client connections that provide a client certificate along with the client connections that do not provide certificates. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Comment Edited] (CASSANDRA-18554) mTLS based client and internode authenticators
[ https://issues.apache.org/jira/browse/CASSANDRA-18554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17748294#comment-17748294 ] Jyothsna Konisa edited comment on CASSANDRA-18554 at 7/28/23 5:54 PM: -- circleCI: https://app.circleci.com/pipelines/github/yifan-c/cassandra/434/workflows/9afdd37e-6342-4a5f-b090-cf06a5b2cde1 was (Author: jyothsnakonisa): circleCI: https://app.circleci.com/pipelines/github/jyothsnakonisa/cassandra/159/workflows/19c0b0ea-6629-419c-aeed-690f67ccb7ac > mTLS based client and internode authenticators > -- > > Key: CASSANDRA-18554 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18554 > Project: Cassandra > Issue Type: New Feature > Components: Feature/Authorization >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > Time Spent: 3.5h > Remaining Estimate: 0h > > Cassandra currently doesn't have any certificate based authenticator for both > client connections and internode connections. If one wants to use certificate > based authentication protocol like TLS, in which clients send their > certificates for the TLS handshake, we can leverage the information from the > client certificate to identify a client. Using this authentication mechanism > one can avoid the pain of password generations, sharing and rotation. > Introducing following certificate based mTLS authenticators for internode and > client connections > MutualTlsAuthenticator (client authentication) > MutualTlsInternodeAuthenticator (internode authentication) > MutualTlsWithPasswordFallbackAuthenticator (for optional mode operation for > client authentication) > An implementation of MutualTlsCertificateValidator called > SpiffeCertificateValidator whose identity is SPIFFE that is embedded in SAN > of the client certificate. One can implement their own CertificateValidator > to match their needs and configure it in Cassandra.yaml -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-18554) mTLS based client and internode authenticators
[ https://issues.apache.org/jira/browse/CASSANDRA-18554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17748294#comment-17748294 ] Jyothsna Konisa commented on CASSANDRA-18554: - circleCI: https://app.circleci.com/pipelines/github/jyothsnakonisa/cassandra/159/workflows/19c0b0ea-6629-419c-aeed-690f67ccb7ac > mTLS based client and internode authenticators > -- > > Key: CASSANDRA-18554 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18554 > Project: Cassandra > Issue Type: New Feature > Components: Feature/Authorization >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > Time Spent: 3h 20m > Remaining Estimate: 0h > > Cassandra currently doesn't have any certificate based authenticator for both > client connections and internode connections. If one wants to use certificate > based authentication protocol like TLS, in which clients send their > certificates for the TLS handshake, we can leverage the information from the > client certificate to identify a client. Using this authentication mechanism > one can avoid the pain of password generations, sharing and rotation. > Introducing following certificate based mTLS authenticators for internode and > client connections > MutualTlsAuthenticator (client authentication) > MutualTlsInternodeAuthenticator (internode authentication) > MutualTlsWithPasswordFallbackAuthenticator (for optional mode operation for > client authentication) > An implementation of MutualTlsCertificateValidator called > SpiffeCertificateValidator whose identity is SPIFFE that is embedded in SAN > of the client certificate. One can implement their own CertificateValidator > to match their needs and configure it in Cassandra.yaml -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-18605) Cassandra Analytics - Adding support for TTL & Timestamps for bulk writes
[ https://issues.apache.org/jira/browse/CASSANDRA-18605?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17733312#comment-17733312 ] Jyothsna Konisa commented on CASSANDRA-18605: - Circle CI link https://app.circleci.com/pipelines/github/jyothsnakonisa/cassandra-analytics/6/workflows/fb4372a1-53c5-4a55-aeb7-3eea556cbe2d > Cassandra Analytics - Adding support for TTL & Timestamps for bulk writes > - > > Key: CASSANDRA-18605 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18605 > Project: Cassandra > Issue Type: New Feature > Components: Analytics Library >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > Time Spent: 10m > Remaining Estimate: 0h > > In this patch we are adding support for Spark Bulk Writer writes with TTL & > Timestamp. TTL/ Timestamp can be constant where all rows in the RDD are > written with same TTL/Timestamp or per row based where each row has a > corresponding TTL/Timestamp present in a separate column in the RDD. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-18605) Cassandra Analytics - Adding support for TTL & Timestamps for bulk writes
[ https://issues.apache.org/jira/browse/CASSANDRA-18605?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa updated CASSANDRA-18605: Test and Documentation Plan: Added test cases and ran `SampleCassandraJob` to verify that writes with TTL & Timestamp are working Status: Patch Available (was: Open) https://github.com/apache/cassandra-analytics/pull/7 > Cassandra Analytics - Adding support for TTL & Timestamps for bulk writes > - > > Key: CASSANDRA-18605 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18605 > Project: Cassandra > Issue Type: New Feature > Components: Analytics Library >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > Time Spent: 10m > Remaining Estimate: 0h > > In this patch we are adding support for Spark Bulk Writer writes with TTL & > Timestamp. TTL/ Timestamp can be constant where all rows in the RDD are > written with same TTL/Timestamp or per row based where each row has a > corresponding TTL/Timestamp present in a separate column in the RDD. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-18605) Cassandra Analytics - Adding support for TTL & Timestamps for bulk writes
[ https://issues.apache.org/jira/browse/CASSANDRA-18605?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa updated CASSANDRA-18605: Change Category: Performance Complexity: Normal Component/s: Analytics Library Mentor: Francisco Guerrero Reviewers: Dinesh Joshi, Francisco Guerrero Assignee: Jyothsna Konisa Status: Open (was: Triage Needed) > Cassandra Analytics - Adding support for TTL & Timestamps for bulk writes > - > > Key: CASSANDRA-18605 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18605 > Project: Cassandra > Issue Type: New Feature > Components: Analytics Library >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > Time Spent: 10m > Remaining Estimate: 0h > > In this patch we are adding support for Spark Bulk Writer writes with TTL & > Timestamp. TTL/ Timestamp can be constant where all rows in the RDD are > written with same TTL/Timestamp or per row based where each row has a > corresponding TTL/Timestamp present in a separate column in the RDD. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-18605) Cassandra Analytics - Adding support for TTL & Timestamps for bulk writes
[ https://issues.apache.org/jira/browse/CASSANDRA-18605?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa updated CASSANDRA-18605: Summary: Cassandra Analytics - Adding support for TTL & Timestamps for bulk writes (was: Cassandra Analytics - Adding support for TTL & Timestamps during bulk writes) > Cassandra Analytics - Adding support for TTL & Timestamps for bulk writes > - > > Key: CASSANDRA-18605 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18605 > Project: Cassandra > Issue Type: New Feature >Reporter: Jyothsna Konisa >Priority: Normal > > In this patch we are adding support for Spark Bulk Writer writes with TTL & > Timestamp. TTL/ Timestamp can be constant where all rows in the RDD are > written with same TTL/Timestamp or per row based where each row has a > corresponding TTL/Timestamp present in a separate column in the RDD. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Created] (CASSANDRA-18605) Cassandra Analytics - Adding support for TTL & Timestamps during bulk writes
Jyothsna Konisa created CASSANDRA-18605: --- Summary: Cassandra Analytics - Adding support for TTL & Timestamps during bulk writes Key: CASSANDRA-18605 URL: https://issues.apache.org/jira/browse/CASSANDRA-18605 Project: Cassandra Issue Type: New Feature Reporter: Jyothsna Konisa In this patch we are adding support for Spark Bulk Writer writes with TTL & Timestamp. TTL/ Timestamp can be constant where all rows in the RDD are written with same TTL/Timestamp or per row based where each row has a corresponding TTL/Timestamp present in a separate column in the RDD. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-18554) mTLS based client and internode authenticators
[ https://issues.apache.org/jira/browse/CASSANDRA-18554?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa updated CASSANDRA-18554: Test and Documentation Plan: * Added unit tests for all the authenticators * Testing using CCM Status: Patch Available (was: Open) > mTLS based client and internode authenticators > -- > > Key: CASSANDRA-18554 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18554 > Project: Cassandra > Issue Type: New Feature > Components: Feature/Authorization >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > Time Spent: 10m > Remaining Estimate: 0h > > Cassandra currently doesn't have any certificate based authenticator for both > client connections and internode connections. If one wants to use certificate > based authentication protocol like TLS, in which clients send their > certificates for the TLS handshake, we can leverage the information from the > client certificate to identify a client. Using this authentication mechanism > one can avoid the pain of password generations, sharing and rotation. > Introducing following certificate based mTLS authenticators for internode and > client connections > MutualTlsAuthenticator (client authentication) > MutualTlsInternodeAuthenticator (internode authentication) > MutualTlsWithPasswordFallbackAuthenticator (for optional mode operation for > client authentication) > An implementation of MutualTlsCertificateValidator called > SpiffeCertificateValidator whose identity is SPIFFE that is embedded in SAN > of the client certificate. One can implement their own CertificateValidator > to match their needs and configure it in Cassandra.yaml -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-18554) mTLS based client and internode authenticators
[ https://issues.apache.org/jira/browse/CASSANDRA-18554?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa updated CASSANDRA-18554: Change Category: Performance Complexity: Normal Component/s: Feature/Authorization Reviewers: Blake Eggleston, Dinesh Joshi, Jon Meredith, Yifan Cai Status: Open (was: Triage Needed) > mTLS based client and internode authenticators > -- > > Key: CASSANDRA-18554 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18554 > Project: Cassandra > Issue Type: New Feature > Components: Feature/Authorization >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > Time Spent: 10m > Remaining Estimate: 0h > > Cassandra currently doesn't have any certificate based authenticator for both > client connections and internode connections. If one wants to use certificate > based authentication protocol like TLS, in which clients send their > certificates for the TLS handshake, we can leverage the information from the > client certificate to identify a client. Using this authentication mechanism > one can avoid the pain of password generations, sharing and rotation. > Introducing following certificate based mTLS authenticators for internode and > client connections > MutualTlsAuthenticator (client authentication) > MutualTlsInternodeAuthenticator (internode authentication) > MutualTlsWithPasswordFallbackAuthenticator (for optional mode operation for > client authentication) > An implementation of MutualTlsCertificateValidator called > SpiffeCertificateValidator whose identity is SPIFFE that is embedded in SAN > of the client certificate. One can implement their own CertificateValidator > to match their needs and configure it in Cassandra.yaml -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Created] (CASSANDRA-18554) mTLS based client and internode authenticators
Jyothsna Konisa created CASSANDRA-18554: --- Summary: mTLS based client and internode authenticators Key: CASSANDRA-18554 URL: https://issues.apache.org/jira/browse/CASSANDRA-18554 Project: Cassandra Issue Type: New Feature Reporter: Jyothsna Konisa Assignee: Jyothsna Konisa Cassandra currently doesn't have any certificate based authenticator for both client connections and internode connections. If one wants to use certificate based authentication protocol like TLS, in which clients send their certificates for the TLS handshake, we can leverage the information from the client certificate to identify a client. Using this authentication mechanism one can avoid the pain of password generations, sharing and rotation. Introducing following certificate based mTLS authenticators for internode and client connections MutualTlsAuthenticator (client authentication) MutualTlsInternodeAuthenticator (internode authentication) MutualTlsWithPasswordFallbackAuthenticator (for optional mode operation for client authentication) An implementation of MutualTlsCertificateValidator called SpiffeCertificateValidator whose identity is SPIFFE that is embedded in SAN of the client certificate. One can implement their own CertificateValidator to match their needs and configure it in Cassandra.yaml -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-17708) Fix flaky testOutboundConnectionsAreRejectedWhenAuthFails
[ https://issues.apache.org/jira/browse/CASSANDRA-17708?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa updated CASSANDRA-17708: Mentor: Jon Meredith Test and Documentation Plan: Ran the tests in the class `InternodeEncryptionEnforcementTest` repeatedly on CircleCi and checked for flakiness. Status: Patch Available (was: Open) https://github.com/apache/cassandra/pull/1706 https://app.circleci.com/pipelines/github/jyothsnakonisa/cassandra/132/workflows/182dd59d-cffe-4f6e-959e-0c32395b9088 > Fix flaky testOutboundConnectionsAreRejectedWhenAuthFails > - > > Key: CASSANDRA-17708 > URL: https://issues.apache.org/jira/browse/CASSANDRA-17708 > Project: Cassandra > Issue Type: Bug > Components: CI >Reporter: Ekaterina Dimitrova >Assignee: Jyothsna Konisa >Priority: Normal > Fix For: 4.x > > > testOutboundConnectionsAreRejectedWhenAuthFails was introduced in > CASSANDRA-17661 > It seems it was introduced flaky from the very beginning as per this run in a > loop - > [https://app.circleci.com/pipelines/github/ekaterinadimitrova2/cassandra?branch=flaky-testOutboundConnectionsAreRejectedWhenAuthFails=all] > CC [~janaki.manchala] , [~jonmeredith], [~ycai] > -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-17708) Fix flaky testOutboundConnectionsAreRejectedWhenAuthFails
[ https://issues.apache.org/jira/browse/CASSANDRA-17708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17690010#comment-17690010 ] Jyothsna Konisa commented on CASSANDRA-17708: - Configured `RejectOutboundAuthenticator` only on instance 1 of the test cluster and waiting for the authentication error on instance 1 of the cluster fixed the flakiness of the test`InternodeEncryptionEnforcementTest.testOutboundConnectionsAreRejectedWhenAuthFails`. Also, there is a race condition in the `AllowFirstAndRejectOtherOutboundAuthenticator`, fixing it removed the flakiness in the test `InternodeEncryptionEnforcementTest.testOutboundConnectionsAreInterruptedWhenAuthFails`. > Fix flaky testOutboundConnectionsAreRejectedWhenAuthFails > - > > Key: CASSANDRA-17708 > URL: https://issues.apache.org/jira/browse/CASSANDRA-17708 > Project: Cassandra > Issue Type: Bug > Components: CI >Reporter: Ekaterina Dimitrova >Assignee: Jyothsna Konisa >Priority: Normal > Fix For: 4.x > > > testOutboundConnectionsAreRejectedWhenAuthFails was introduced in > CASSANDRA-17661 > It seems it was introduced flaky from the very beginning as per this run in a > loop - > [https://app.circleci.com/pipelines/github/ekaterinadimitrova2/cassandra?branch=flaky-testOutboundConnectionsAreRejectedWhenAuthFails=all] > CC [~janaki.manchala] , [~jonmeredith], [~ycai] > -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Assigned] (CASSANDRA-17708) Fix flaky testOutboundConnectionsAreRejectedWhenAuthFails
[ https://issues.apache.org/jira/browse/CASSANDRA-17708?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa reassigned CASSANDRA-17708: --- Assignee: Jyothsna Konisa > Fix flaky testOutboundConnectionsAreRejectedWhenAuthFails > - > > Key: CASSANDRA-17708 > URL: https://issues.apache.org/jira/browse/CASSANDRA-17708 > Project: Cassandra > Issue Type: Bug > Components: CI >Reporter: Ekaterina Dimitrova >Assignee: Jyothsna Konisa >Priority: Normal > Fix For: 4.x > > > testOutboundConnectionsAreRejectedWhenAuthFails was introduced in > CASSANDRA-17661 > It seems it was introduced flaky from the very beginning as per this run in a > loop - > [https://app.circleci.com/pipelines/github/ekaterinadimitrova2/cassandra?branch=flaky-testOutboundConnectionsAreRejectedWhenAuthFails=all] > CC [~janaki.manchala] , [~jonmeredith], [~ycai] > -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRASC-48) Add an endpoint that gives information about the release version & partitioner name of a node
[
https://issues.apache.org/jira/browse/CASSANDRASC-48?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jyothsna Konisa updated CASSANDRASC-48:
---
Authors: Jyothsna Konisa
Test and Documentation Plan: Added test cases to test the new endpoints
Status: Patch Available (was: Open)
> Add an endpoint that gives information about the release version &
> partitioner name of a node
> -
>
> Key: CASSANDRASC-48
> URL: https://issues.apache.org/jira/browse/CASSANDRASC-48
> Project: Sidecar for Apache Cassandra
> Issue Type: New Feature
> Components: Rest API
>Reporter: Jyothsna Konisa
>Assignee: Jyothsna Konisa
>Priority: Normal
> Labels: pull-request-available
>
> Add a new endpoint in sidecar that gives information about the release
> version & partitioner name of a node.
> GET /api/v1/cassandra/status
> GET /api/v1/cassandra/status?instanceId={id}
> Response
> {
> releaseVersion: "4.2-SNAPSHOT",
> partitioner: "org.apache.cassandra.dht.Murmur3Partitioner"
> }
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-18034) Adding endpoint verification option to client_encryption_options
[ https://issues.apache.org/jira/browse/CASSANDRA-18034?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa updated CASSANDRA-18034: Test and Documentation Plan: Added test cases to validate various scenarios. https://github.com/apache/cassandra/pull/1995 Status: Patch Available (was: Open) > Adding endpoint verification option to client_encryption_options > > > Key: CASSANDRA-18034 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18034 > Project: Cassandra > Issue Type: New Feature > Components: Messaging/Client >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > Time Spent: 20m > Remaining Estimate: 0h > > Add a new property `client_encryption_options.require_endpoint_verification` > in cassandra.yaml to enable endpoint verification on client connections > optionally. When this property is set to true, the IP/hostname of the client > is verified against the IP/hostname that is present in the SAN of the client > certificates. This would help in preventing clients stealing certificates > from the hosts and using them while connecting to cassandra. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Comment Edited] (CASSANDRA-18034) Adding endpoint verification option to client_encryption_options
[ https://issues.apache.org/jira/browse/CASSANDRA-18034?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17631885#comment-17631885 ] Jyothsna Konisa edited comment on CASSANDRA-18034 at 11/11/22 8:41 PM: --- PR : https://github.com/apache/cassandra/pull/1995 CircleCi : https://app.circleci.com/pipelines/github/jyothsnakonisa/cassandra/100/workflows/60bbc0ac-b09b-446a-983d-566cc62979cc was (Author: jyothsnakonisa): PR : https://github.com/apache/cassandra/pull/1995 > Adding endpoint verification option to client_encryption_options > > > Key: CASSANDRA-18034 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18034 > Project: Cassandra > Issue Type: New Feature > Components: Messaging/Client >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > Time Spent: 10m > Remaining Estimate: 0h > > Add a new property `client_encryption_options.require_endpoint_verification` > in cassandra.yaml to enable endpoint verification on client connections > optionally. When this property is set to true, the IP/hostname of the client > is verified against the IP/hostname that is present in the SAN of the client > certificates. This would help in preventing clients stealing certificates > from the hosts and using them while connecting to cassandra. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Comment Edited] (CASSANDRASC-48) Add an endpoint that gives information about the release version & partitioner name of a node
[
https://issues.apache.org/jira/browse/CASSANDRASC-48?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17631922#comment-17631922
]
Jyothsna Konisa edited comment on CASSANDRASC-48 at 11/10/22 9:45 PM:
--
*PR :* https://github.com/apache/cassandra-sidecar/pull/42
*CircleCI :*
https://app.circleci.com/pipelines/github/jyothsnakonisa/cassandra-sidecar/2/workflows/d24ab1b4-5149-4ae5-80d6-7c5d8c3dc5cb
was (Author: jyothsnakonisa):
*PR :* https://github.com/apache/cassandra-sidecar/pull/42
*CircleCI :
*https://app.circleci.com/pipelines/github/jyothsnakonisa/cassandra-sidecar/2/workflows/d24ab1b4-5149-4ae5-80d6-7c5d8c3dc5cb
> Add an endpoint that gives information about the release version &
> partitioner name of a node
> -
>
> Key: CASSANDRASC-48
> URL: https://issues.apache.org/jira/browse/CASSANDRASC-48
> Project: Sidecar for Apache Cassandra
> Issue Type: New Feature
> Components: Rest API
>Reporter: Jyothsna Konisa
>Assignee: Jyothsna Konisa
>Priority: Normal
> Labels: pull-request-available
>
> Add a new endpoint in sidecar that gives information about the release
> version & partitioner name of a node.
> GET /api/v1/cassandra/status
> GET /api/v1/cassandra/status?instanceId={id}
> Response
> {
> releaseVersion: "4.2-SNAPSHOT",
> partitioner: "org.apache.cassandra.dht.Murmur3Partitioner"
> }
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Comment Edited] (CASSANDRASC-48) Add an endpoint that gives information about the release version & partitioner name of a node
[
https://issues.apache.org/jira/browse/CASSANDRASC-48?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17631922#comment-17631922
]
Jyothsna Konisa edited comment on CASSANDRASC-48 at 11/10/22 9:45 PM:
--
*PR :* https://github.com/apache/cassandra-sidecar/pull/42
*CircleCI :
*https://app.circleci.com/pipelines/github/jyothsnakonisa/cassandra-sidecar/2/workflows/d24ab1b4-5149-4ae5-80d6-7c5d8c3dc5cb
was (Author: jyothsnakonisa):
PR: https://github.com/apache/cassandra-sidecar/pull/42
> Add an endpoint that gives information about the release version &
> partitioner name of a node
> -
>
> Key: CASSANDRASC-48
> URL: https://issues.apache.org/jira/browse/CASSANDRASC-48
> Project: Sidecar for Apache Cassandra
> Issue Type: New Feature
> Components: Rest API
>Reporter: Jyothsna Konisa
>Assignee: Jyothsna Konisa
>Priority: Normal
> Labels: pull-request-available
>
> Add a new endpoint in sidecar that gives information about the release
> version & partitioner name of a node.
> GET /api/v1/cassandra/status
> GET /api/v1/cassandra/status?instanceId={id}
> Response
> {
> releaseVersion: "4.2-SNAPSHOT",
> partitioner: "org.apache.cassandra.dht.Murmur3Partitioner"
> }
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRASC-48) Add an endpoint that gives information about the release version & partitioner name of a node
[
https://issues.apache.org/jira/browse/CASSANDRASC-48?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jyothsna Konisa updated CASSANDRASC-48:
---
Change Category: Operability
Complexity: Normal
Component/s: Rest API
Reviewers: Francisco Guerrero, Yifan Cai
Status: Open (was: Triage Needed)
> Add an endpoint that gives information about the release version &
> partitioner name of a node
> -
>
> Key: CASSANDRASC-48
> URL: https://issues.apache.org/jira/browse/CASSANDRASC-48
> Project: Sidecar for Apache Cassandra
> Issue Type: New Feature
> Components: Rest API
>Reporter: Jyothsna Konisa
>Assignee: Jyothsna Konisa
>Priority: Normal
> Labels: pull-request-available
>
> Add a new endpoint in sidecar that gives information about the release
> version & partitioner name of a node.
> GET /api/v1/cassandra/status
> GET /api/v1/cassandra/status?instanceId={id}
> Response
> {
> releaseVersion: "4.2-SNAPSHOT",
> partitioner: "org.apache.cassandra.dht.Murmur3Partitioner"
> }
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRASC-48) Add an endpoint that gives information about the release version & partitioner name of a node
[
https://issues.apache.org/jira/browse/CASSANDRASC-48?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17631922#comment-17631922
]
Jyothsna Konisa commented on CASSANDRASC-48:
PR: https://github.com/apache/cassandra-sidecar/pull/42
> Add an endpoint that gives information about the release version &
> partitioner name of a node
> -
>
> Key: CASSANDRASC-48
> URL: https://issues.apache.org/jira/browse/CASSANDRASC-48
> Project: Sidecar for Apache Cassandra
> Issue Type: New Feature
>Reporter: Jyothsna Konisa
>Assignee: Jyothsna Konisa
>Priority: Normal
> Labels: pull-request-available
>
> Add a new endpoint in sidecar that gives information about the release
> version & partitioner name of a node.
> GET /api/v1/cassandra/status
> GET /api/v1/cassandra/status?instanceId={id}
> Response
> {
> releaseVersion: "4.2-SNAPSHOT",
> partitioner: "org.apache.cassandra.dht.Murmur3Partitioner"
> }
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRASC-48) Add an endpoint that gives information about the release version & partitioner name of a node
[
https://issues.apache.org/jira/browse/CASSANDRASC-48?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jyothsna Konisa updated CASSANDRASC-48:
---
Summary: Add an endpoint that gives information about the release version &
partitioner name of a node (was: Add an endpoint in sidecar that gives
information about the release version & partitioner name of a node)
> Add an endpoint that gives information about the release version &
> partitioner name of a node
> -
>
> Key: CASSANDRASC-48
> URL: https://issues.apache.org/jira/browse/CASSANDRASC-48
> Project: Sidecar for Apache Cassandra
> Issue Type: New Feature
>Reporter: Jyothsna Konisa
>Assignee: Jyothsna Konisa
>Priority: Normal
>
> Add a new endpoint in sidecar that gives information about the release
> version & partitioner name of a node.
> GET /api/v1/cassandra/status
> GET /api/v1/cassandra/status?instanceId={id}
> Response
> {
> releaseVersion: "4.2-SNAPSHOT",
> partitioner: "org.apache.cassandra.dht.Murmur3Partitioner"
> }
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Created] (CASSANDRASC-48) Add an endpoint in sidecar that gives information about the release version & partitioner name of a node
Jyothsna Konisa created CASSANDRASC-48:
--
Summary: Add an endpoint in sidecar that gives information about
the release version & partitioner name of a node
Key: CASSANDRASC-48
URL: https://issues.apache.org/jira/browse/CASSANDRASC-48
Project: Sidecar for Apache Cassandra
Issue Type: New Feature
Reporter: Jyothsna Konisa
Assignee: Jyothsna Konisa
Add a new endpoint in sidecar that gives information about the release version
& partitioner name of a node.
GET /api/v1/cassandra/status
GET /api/v1/cassandra/status?instanceId={id}
Response
{
releaseVersion: "4.2-SNAPSHOT",
partitioner: "org.apache.cassandra.dht.Murmur3Partitioner"
}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-18034) Adding endpoint verification option to client_encryption_options
[ https://issues.apache.org/jira/browse/CASSANDRA-18034?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17631885#comment-17631885 ] Jyothsna Konisa commented on CASSANDRA-18034: - PR : https://github.com/apache/cassandra/pull/1995 > Adding endpoint verification option to client_encryption_options > > > Key: CASSANDRA-18034 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18034 > Project: Cassandra > Issue Type: New Feature >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > Time Spent: 10m > Remaining Estimate: 0h > > Add a new property `client_encryption_options.require_endpoint_verification` > in cassandra.yaml to enable endpoint verification on client connections > optionally. When this property is set to true, the IP/hostname of the client > is verified against the IP/hostname that is present in the SAN of the client > certificates. This would help in preventing clients stealing certificates > from the hosts and using them while connecting to cassandra. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Assigned] (CASSANDRA-18034) Adding endpoint verification option to client_encryption_options
[ https://issues.apache.org/jira/browse/CASSANDRA-18034?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa reassigned CASSANDRA-18034: --- Assignee: Jyothsna Konisa > Adding endpoint verification option to client_encryption_options > > > Key: CASSANDRA-18034 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18034 > Project: Cassandra > Issue Type: New Feature >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > > Add a new property `client_encryption_options.require_endpoint_verification` > in cassandra.yaml to enable endpoint verification on client connections > optionally. When this property is set to true, the IP/hostname of the client > is verified against the IP/hostname that is present in the SAN of the client > certificates. This would help in preventing clients stealing certificates > from the hosts and using them while connecting to cassandra. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Created] (CASSANDRA-18034) Adding endpoint verification option to client_encryption_options
Jyothsna Konisa created CASSANDRA-18034: --- Summary: Adding endpoint verification option to client_encryption_options Key: CASSANDRA-18034 URL: https://issues.apache.org/jira/browse/CASSANDRA-18034 Project: Cassandra Issue Type: New Feature Reporter: Jyothsna Konisa Add a new property `client_encryption_options.require_endpoint_verification` in cassandra.yaml to enable endpoint verification on client connections optionally. When this property is set to true, the IP/hostname of the client is verified against the IP/hostname that is present in the SAN of the client certificates. This would help in preventing clients stealing certificates from the hosts and using them while connecting to cassandra. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-17923) Mixed mode support for internode authentication during TLS upgrades
[ https://issues.apache.org/jira/browse/CASSANDRA-17923?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa updated CASSANDRA-17923: Test and Documentation Plan: Added test cases to test internode TLS support for scenarios like rolling updates. Also tested this TLS mixed mode operation using CCM locally. [https://app.circleci.com/pipelines/github/jyothsnakonisa/cassandra?branch=mixmode-internode-auth] [https://app.circleci.com/pipelines/github/jyothsnakonisa/cassandra?branch=mixmode-internode-auth] was: Added test cases to test internode TLS support for scenarios like upgrading and downgrading clusters. Also tested this TLS mixed mode operation using CCM locally. [https://app.circleci.com/pipelines/github/jyothsnakonisa/cassandra?branch=mixmode-internode-auth] [https://app.circleci.com/pipelines/github/jyothsnakonisa/cassandra?branch=mixmode-internode-auth] > Mixed mode support for internode authentication during TLS upgrades > --- > > Key: CASSANDRA-17923 > URL: https://issues.apache.org/jira/browse/CASSANDRA-17923 > Project: Cassandra > Issue Type: New Feature >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > > During upgrades from "non-ssl -> ssl" or "ssl-mTLS" the cluster should be > able to function in mixed mode with some nodes supporting "non-ssl" > authentication and the new nodes supporting "mTLS" authentication. Currently > we do not have this supported and because of which upgrades are not possible > for upgrading internode authentication strategies. > If a node is configured in optional mode for internode connections, retry > with other SSL strategies If the node is not able to connect to other nodes > due to authentication problems. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-17923) Mixed mode support for internode authentication during TLS upgrades
[ https://issues.apache.org/jira/browse/CASSANDRA-17923?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa updated CASSANDRA-17923: Reviewers: Jon Meredith, Yifan Cai Source Control Link: https://github.com/apache/cassandra/pull/1884 Test and Documentation Plan: Added test cases to test internode TLS support for scenarios like upgrading and downgrading clusters. Also tested this TLS mixed mode operation using CCM locally. [https://app.circleci.com/pipelines/github/jyothsnakonisa/cassandra?branch=mixmode-internode-auth] [https://app.circleci.com/pipelines/github/jyothsnakonisa/cassandra?branch=mixmode-internode-auth] Tester: Jyothsna Konisa > Mixed mode support for internode authentication during TLS upgrades > --- > > Key: CASSANDRA-17923 > URL: https://issues.apache.org/jira/browse/CASSANDRA-17923 > Project: Cassandra > Issue Type: New Feature >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > > During upgrades from "non-ssl -> ssl" or "ssl-mTLS" the cluster should be > able to function in mixed mode with some nodes supporting "non-ssl" > authentication and the new nodes supporting "mTLS" authentication. Currently > we do not have this supported and because of which upgrades are not possible > for upgrading internode authentication strategies. > If a node is configured in optional mode for internode connections, retry > with other SSL strategies If the node is not able to connect to other nodes > due to authentication problems. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-17923) Mixed mode support for internode authentication during TLS upgrades
[ https://issues.apache.org/jira/browse/CASSANDRA-17923?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa updated CASSANDRA-17923: Summary: Mixed mode support for internode authentication during TLS upgrades (was: Mixed mode support for internode authentication during mTLS upgrades) > Mixed mode support for internode authentication during TLS upgrades > --- > > Key: CASSANDRA-17923 > URL: https://issues.apache.org/jira/browse/CASSANDRA-17923 > Project: Cassandra > Issue Type: New Feature >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > > During upgrades from "non-ssl -> ssl" or "ssl-mTLS" the cluster should be > able to function in mixed mode with some nodes supporting "non-ssl" > authentication and the new nodes supporting "mTLS" authentication. Currently > we do not have this supported and because of which upgrades are not possible > for upgrading internode authentication strategies. > If a node is configured in optional mode for internode connections, retry > with other SSL strategies If the node is not able to connect to other nodes > due to authentication problems. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-17923) Mixed mode support for internode authentication during mTLS upgrades
[ https://issues.apache.org/jira/browse/CASSANDRA-17923?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa updated CASSANDRA-17923: Summary: Mixed mode support for internode authentication during mTLS upgrades (was: Mixed mode support internode authentication during mTLS upgrades) > Mixed mode support for internode authentication during mTLS upgrades > > > Key: CASSANDRA-17923 > URL: https://issues.apache.org/jira/browse/CASSANDRA-17923 > Project: Cassandra > Issue Type: New Feature >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > > During upgrades from "non-ssl -> ssl" or "ssl-mTLS" the cluster should be > able to function in mixed mode with some nodes supporting "non-ssl" > authentication and the new nodes supporting "mTLS" authentication. Currently > we do not have this supported and because of which upgrades are not possible > for upgrading internode authentication strategies. > If a node is configured in optional mode for internode connections, retry > with other SSL strategies If the node is not able to connect to other nodes > due to authentication problems. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Created] (CASSANDRA-17923) Mixed mode support internode authentication during mTLS upgrades
Jyothsna Konisa created CASSANDRA-17923: --- Summary: Mixed mode support internode authentication during mTLS upgrades Key: CASSANDRA-17923 URL: https://issues.apache.org/jira/browse/CASSANDRA-17923 Project: Cassandra Issue Type: New Feature Reporter: Jyothsna Konisa During upgrades from "non-ssl -> ssl" or "ssl-mTLS" the cluster should be able to function in mixed mode with some nodes supporting "non-ssl" authentication and the new nodes supporting "mTLS" authentication. Currently we do not have this supported and because of which upgrades are not possible for upgrading internode authentication strategies. If a node is configured in optional mode for internode connections, retry with other SSL strategies If the node is not able to connect to other nodes due to authentication problems. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Assigned] (CASSANDRA-17923) Mixed mode support internode authentication during mTLS upgrades
[ https://issues.apache.org/jira/browse/CASSANDRA-17923?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa reassigned CASSANDRA-17923: --- Assignee: Jyothsna Konisa > Mixed mode support internode authentication during mTLS upgrades > > > Key: CASSANDRA-17923 > URL: https://issues.apache.org/jira/browse/CASSANDRA-17923 > Project: Cassandra > Issue Type: New Feature >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > > During upgrades from "non-ssl -> ssl" or "ssl-mTLS" the cluster should be > able to function in mixed mode with some nodes supporting "non-ssl" > authentication and the new nodes supporting "mTLS" authentication. Currently > we do not have this supported and because of which upgrades are not possible > for upgrading internode authentication strategies. > If a node is configured in optional mode for internode connections, retry > with other SSL strategies If the node is not able to connect to other nodes > due to authentication problems. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-17661) Adding support to perform certificate based internode authentication
[ https://issues.apache.org/jira/browse/CASSANDRA-17661?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa updated CASSANDRA-17661: Test and Documentation Plan: Added test cases to verify the changes that are made and added documentation. Status: Patch Available (was: Open) Link to the PR [https://github.com/apache/cassandra/pull/1645] > Adding support to perform certificate based internode authentication > > > Key: CASSANDRA-17661 > URL: https://issues.apache.org/jira/browse/CASSANDRA-17661 > Project: Cassandra > Issue Type: New Feature > Components: Messaging/Internode >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > Fix For: 4.x > > Time Spent: 1h 20m > Remaining Estimate: 0h > > Changes are to be made in IInternodeAuthenticator interface to support > certificate based authentication and to add a new pipeline in > InboundConnectionInitiator should be added to perform certificate based > authentication for internode communications. -- This message was sent by Atlassian Jira (v8.20.7#820007) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-17661) Adding support to perform certificate based internode authentication
[ https://issues.apache.org/jira/browse/CASSANDRA-17661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17544770#comment-17544770 ] Jyothsna Konisa commented on CASSANDRA-17661: - Link to the CI: https://app.circleci.com/pipelines/github/jyothsnakonisa/cassandra?branch=internode-auth=all > Adding support to perform certificate based internode authentication > > > Key: CASSANDRA-17661 > URL: https://issues.apache.org/jira/browse/CASSANDRA-17661 > Project: Cassandra > Issue Type: New Feature > Components: Messaging/Internode >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > Fix For: 4.x > > Time Spent: 50m > Remaining Estimate: 0h > > Changes are to be made in IInternodeAuthenticator interface to support > certificate based authentication and to add a new pipeline in > InboundConnectionInitiator should be added to perform certificate based > authentication for internode communications. -- This message was sent by Atlassian Jira (v8.20.7#820007) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Created] (CASSANDRA-17661) Adding support to perform certificate based internode authentication
Jyothsna Konisa created CASSANDRA-17661: --- Summary: Adding support to perform certificate based internode authentication Key: CASSANDRA-17661 URL: https://issues.apache.org/jira/browse/CASSANDRA-17661 Project: Cassandra Issue Type: New Feature Reporter: Jyothsna Konisa Assignee: Jyothsna Konisa Changes are to be made in IInternodeAuthenticator interface to support certificate based authentication and to add a new pipeline in InboundConnectionInitiator should be added to perform certificate based authentication for internode communications. -- This message was sent by Atlassian Jira (v8.20.7#820007) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Comment Edited] (CASSANDRA-17513) Adding support for TLS client authentication for internode communication
[ https://issues.apache.org/jira/browse/CASSANDRA-17513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17541258#comment-17541258 ] Jyothsna Konisa edited comment on CASSANDRA-17513 at 5/24/22 4:24 AM: -- [https://app.circleci.com/pipelines/github/jyothsnakonisa/cassandra?branch=add-new-prop=all] Link to the CI. was (Author: jyothsnakonisa): https://app.circleci.com/pipelines/github/jyothsnakonisa/cassandra?branch=add-new-prop=all > Adding support for TLS client authentication for internode communication > > > Key: CASSANDRA-17513 > URL: https://issues.apache.org/jira/browse/CASSANDRA-17513 > Project: Cassandra > Issue Type: Improvement > Components: Feature/Encryption, Local/Config >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > Time Spent: 7h 10m > Remaining Estimate: 0h > > Same keystore is being set for both Inbound and outbound connections but we > should use a keystore with server certificate for Inbound connections and a > keystore with client certificates for outbound connections. So we should add > a new property in Cassandra.yaml to pass outbound keystore and use it in > SSLContextFactory for creating outbound SSL context. -- This message was sent by Atlassian Jira (v8.20.7#820007) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-17513) Adding support for TLS client authentication for internode communication
[ https://issues.apache.org/jira/browse/CASSANDRA-17513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17541258#comment-17541258 ] Jyothsna Konisa commented on CASSANDRA-17513: - https://app.circleci.com/pipelines/github/jyothsnakonisa/cassandra?branch=add-new-prop=all > Adding support for TLS client authentication for internode communication > > > Key: CASSANDRA-17513 > URL: https://issues.apache.org/jira/browse/CASSANDRA-17513 > Project: Cassandra > Issue Type: Improvement > Components: Feature/Encryption, Local/Config >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > Time Spent: 7h 10m > Remaining Estimate: 0h > > Same keystore is being set for both Inbound and outbound connections but we > should use a keystore with server certificate for Inbound connections and a > keystore with client certificates for outbound connections. So we should add > a new property in Cassandra.yaml to pass outbound keystore and use it in > SSLContextFactory for creating outbound SSL context. -- This message was sent by Atlassian Jira (v8.20.7#820007) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-17513) Add new property to pass keystore for outbound connections
[
https://issues.apache.org/jira/browse/CASSANDRA-17513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17522399#comment-17522399
]
Jyothsna Konisa commented on CASSANDRA-17513:
-
[~maulin.vasavada] Thank you very much for your insights, We are trying to
implement mTLS internode authentication and server_encryption_options is used
for configuring SSL/TLS configurations for an internode authentication.
In an internode connection, the node that creates an inbound connection acts
like a server and needs server certificate where as the node that creates
outbound connection is like a client and it needs a client certificate.
Currently we are setting same keystore for inbound and outbound connections but
we should use a keystore with server certificate to inbound connection and a
keystore with client certificate to an outbound connection.
There are two configurations for setting up encryption options in
Cassandra.yaml file
# client_encryption_options (Between Cassandra cluster to clients)
# server_encryption_options (for internode connections between Cassandra nodes)
*client_encryption_options* is used to set encryption configuration for
communication between Cassandra cluster and clients. The server certificate
(the identity of the server) is put inside *client_encryption_options.keystore*
For example if I am a user of a Cassandra cluster and I want to perform a
CQLSH query using Java driver, during SSL handshake server
certificate({*}client_encryption_options.keystore{*}) is presented to the
client as server identity and *client_encryption_options.truststore* should
have roots that trust client certificates.
*server_encryption_options* is used to set encryption configuration for
communication between Cassandra nodes (internode authentication). Even in this
case the server certificate of a node (node's identity) is put inside
*server_encryption_options.keystore* and is presented to the other node. Also
the {*}server{*}{*}_encryption_options.truststore{*} includes trusted roots of
other node's certificates.
So, we cannot use client_encryption_options for configuring TLS/SSL options for
internode authentication. Let me know if this addressed your concern.
> Add new property to pass keystore for outbound connections
> --
>
> Key: CASSANDRA-17513
> URL: https://issues.apache.org/jira/browse/CASSANDRA-17513
> Project: Cassandra
> Issue Type: Bug
>Reporter: Jyothsna Konisa
>Assignee: Jyothsna Konisa
>Priority: Normal
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Same keystore is being set for both Inbound and outbound connections but we
> should use a keystore with server certificate for Inbound connections and a
> keystore with client certificates for outbound connections. So we should add
> a new property in Cassandra.yaml to pass outbound keystore and use it in
> SSLContextFactory for creating outbound SSL context.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Created] (CASSANDRA-17513) Add new property to pass keystore for outbound connections
Jyothsna Konisa created CASSANDRA-17513: --- Summary: Add new property to pass keystore for outbound connections Key: CASSANDRA-17513 URL: https://issues.apache.org/jira/browse/CASSANDRA-17513 Project: Cassandra Issue Type: Bug Reporter: Jyothsna Konisa Assignee: Jyothsna Konisa Same keystore is being set for both Inbound and outbound connections but we should use a keystore with server certificate for Inbound connections and a keystore with client certificates for outbound connections. So we should add a new property in Cassandra.yaml to pass outbound keystore and use it in SSLContextFactory for creating outbound SSL context. -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16967) Probabilistic diff to sample partitions for diff testing based on probability.
[ https://issues.apache.org/jira/browse/CASSANDRA-16967?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa updated CASSANDRA-16967: Mentor: Yifan Cai (was: Yifan Gu) > Probabilistic diff to sample partitions for diff testing based on probability. > -- > > Key: CASSANDRA-16967 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16967 > Project: Cassandra > Issue Type: New Feature > Components: Tool/diff >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > > Probabilistic diff allows us to sample partitions randomly while running diff > tests. It takes new config parameter `partition_sampling_probability ` that > ranges between (0-1) and samples partitions based on this probability. The > default value for this config property is 1 which means that all the > partitions will be diffed. The partitions that are selected are also based on > the JobId, for a given sampling probability and JobId we always diff on same > partitions.This helps in reproducing any issues that one might run into. > Probabilistic diff allows us to run diff jobs on large clusters by sampling > some partitions. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16967) Probabilistic diff to sample partitions for diff testing based on probability.
[ https://issues.apache.org/jira/browse/CASSANDRA-16967?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa updated CASSANDRA-16967: Test and Documentation Plan: Unit testing is added in this patch Status: Patch Available (was: Open) > Probabilistic diff to sample partitions for diff testing based on probability. > -- > > Key: CASSANDRA-16967 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16967 > Project: Cassandra > Issue Type: New Feature > Components: Tool/diff >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > > Probabilistic diff allows us to sample partitions randomly while running diff > tests. It takes new config parameter `partition_sampling_probability ` that > ranges between (0-1) and samples partitions based on this probability. The > default value for this config property is 1 which means that all the > partitions will be diffed. The partitions that are selected are also based on > the JobId, for a given sampling probability and JobId we always diff on same > partitions.This helps in reproducing any issues that one might run into. > Probabilistic diff allows us to run diff jobs on large clusters by sampling > some partitions. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16967) Probabilistic diff to sample partitions for diff testing based on probability.
[ https://issues.apache.org/jira/browse/CASSANDRA-16967?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa updated CASSANDRA-16967: Change Category: Operability Complexity: Normal Component/s: Tool/diff Mentor: Yifan Gu Status: Open (was: Triage Needed) > Probabilistic diff to sample partitions for diff testing based on probability. > -- > > Key: CASSANDRA-16967 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16967 > Project: Cassandra > Issue Type: New Feature > Components: Tool/diff >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > > Probabilistic diff allows us to sample partitions randomly while running diff > tests. It takes new config parameter `partition_sampling_probability ` that > ranges between (0-1) and samples partitions based on this probability. The > default value for this config property is 1 which means that all the > partitions will be diffed. The partitions that are selected are also based on > the JobId, for a given sampling probability and JobId we always diff on same > partitions.This helps in reproducing any issues that one might run into. > Probabilistic diff allows us to run diff jobs on large clusters by sampling > some partitions. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16967) Probabilistic diff to sample partitions for diff testing based on probability.
[ https://issues.apache.org/jira/browse/CASSANDRA-16967?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa updated CASSANDRA-16967: Authors: Dinesh Joshi, Jyothsna Konisa, Yifan Cai (was: Jyothsna Konisa) > Probabilistic diff to sample partitions for diff testing based on probability. > -- > > Key: CASSANDRA-16967 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16967 > Project: Cassandra > Issue Type: New Feature >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > > Probabilistic diff allows us to sample partitions randomly while running diff > tests. It takes new config parameter `partition_sampling_probability ` that > ranges between (0-1) and samples partitions based on this probability. The > default value for this config property is 1 which means that all the > partitions will be diffed. The partitions that are selected are also based on > the JobId, for a given sampling probability and JobId we always diff on same > partitions.This helps in reproducing any issues that one might run into. > Probabilistic diff allows us to run diff jobs on large clusters by sampling > some partitions. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16967) Probabilistic diff to sample partitions for diff testing based on probability.
[ https://issues.apache.org/jira/browse/CASSANDRA-16967?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17419432#comment-17419432 ] Jyothsna Konisa commented on CASSANDRA-16967: - [https://github.com/apache/cassandra-diff/pull/17] This pull request add a new feature called probabilistic Diff using which one can sample partitions for running a diff test. > Probabilistic diff to sample partitions for diff testing based on probability. > -- > > Key: CASSANDRA-16967 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16967 > Project: Cassandra > Issue Type: New Feature >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > > Probabilistic diff allows us to sample partitions randomly while running diff > tests. It takes new config parameter `partition_sampling_probability ` that > ranges between (0-1) and samples partitions based on this probability. The > default value for this config property is 1 which means that all the > partitions will be diffed. The partitions that are selected are also based on > the JobId, for a given sampling probability and JobId we always diff on same > partitions.This helps in reproducing any issues that one might run into. > Probabilistic diff allows us to run diff jobs on large clusters by sampling > some partitions. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16968) Diff Job retry bug fixes in reading previous run's job parameters & marking the job status
[ https://issues.apache.org/jira/browse/CASSANDRA-16968?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa updated CASSANDRA-16968: Reviewers: Dinesh Joshi (was: Yifan Cai) > Diff Job retry bug fixes in reading previous run's job parameters & marking > the job status > -- > > Key: CASSANDRA-16968 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16968 > Project: Cassandra > Issue Type: New Feature > Components: Tool/diff >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > > Diff job retry with same jobId should avoid running diffs on the partitions > that were successfully diffed previously. The retry failed because previous > run failed to mark the job as not running on exit. This is due to a bug in > the resource try catch block where session object Is closed before marking > the job as not running. Also there is another bug in the way we get job > parameters during rerun of a failed diff job. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16968) Diff Job retry bug fixes in reading previous run's job parameters & marking the job status
[ https://issues.apache.org/jira/browse/CASSANDRA-16968?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa updated CASSANDRA-16968: Reviewers: Dinesh Joshi, Yifan Cai (was: Dinesh Joshi) > Diff Job retry bug fixes in reading previous run's job parameters & marking > the job status > -- > > Key: CASSANDRA-16968 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16968 > Project: Cassandra > Issue Type: New Feature > Components: Tool/diff >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > > Diff job retry with same jobId should avoid running diffs on the partitions > that were successfully diffed previously. The retry failed because previous > run failed to mark the job as not running on exit. This is due to a bug in > the resource try catch block where session object Is closed before marking > the job as not running. Also there is another bug in the way we get job > parameters during rerun of a failed diff job. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16968) Diff Job retry bug fixes in reading previous run's job parameters & marking the job status
[ https://issues.apache.org/jira/browse/CASSANDRA-16968?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyothsna Konisa updated CASSANDRA-16968: Test and Documentation Plan: Unit tests have been added in this patch Status: Patch Available (was: Open) > Diff Job retry bug fixes in reading previous run's job parameters & marking > the job status > -- > > Key: CASSANDRA-16968 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16968 > Project: Cassandra > Issue Type: New Feature > Components: Tool/diff >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > > Diff job retry with same jobId should avoid running diffs on the partitions > that were successfully diffed previously. The retry failed because previous > run failed to mark the job as not running on exit. This is due to a bug in > the resource try catch block where session object Is closed before marking > the job as not running. Also there is another bug in the way we get job > parameters during rerun of a failed diff job. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16968) Diff Job retry bug fixes in reading previous run's job parameters & marking the job status
[ https://issues.apache.org/jira/browse/CASSANDRA-16968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17416948#comment-17416948 ] Jyothsna Konisa commented on CASSANDRA-16968: - [https://github.com/apache/cassandra-diff/pull/16] # The try resource block in DiffJob.java closes the session object before the code in exception or finally block gets executed. We are marking the job as not running in the exception block which throws an exception as the session object is already closed. Changing the resource try catch block to try catch finally block so that session object will not be closed until cleanup is complete. # When job_id is passed as a config property for the first time, we will not have metadata associated with job_id in metadata table but the current code attempts to get the job metadata for the passed jobId and as those details will not be present, a null pointer exception is thrown. This patch fixes this issue by getting jobParameters from the table only when they are available otherwise creates new job parameters with passed JobId or random UUID. > Diff Job retry bug fixes in reading previous run's job parameters & marking > the job status > -- > > Key: CASSANDRA-16968 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16968 > Project: Cassandra > Issue Type: New Feature >Reporter: Jyothsna Konisa >Assignee: Jyothsna Konisa >Priority: Normal > > Diff job retry with same jobId should avoid running diffs on the partitions > that were successfully diffed previously. The retry failed because previous > run failed to mark the job as not running on exit. This is due to a bug in > the resource try catch block where session object Is closed before marking > the job as not running. Also there is another bug in the way we get job > parameters during rerun of a failed diff job. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Created] (CASSANDRA-16968) Diff Job retry bug fixes in reading previous run's job parameters & marking the job status
Jyothsna Konisa created CASSANDRA-16968: --- Summary: Diff Job retry bug fixes in reading previous run's job parameters & marking the job status Key: CASSANDRA-16968 URL: https://issues.apache.org/jira/browse/CASSANDRA-16968 Project: Cassandra Issue Type: New Feature Reporter: Jyothsna Konisa Assignee: Jyothsna Konisa Diff job retry with same jobId should avoid running diffs on the partitions that were successfully diffed previously. The retry failed because previous run failed to mark the job as not running on exit. This is due to a bug in the resource try catch block where session object Is closed before marking the job as not running. Also there is another bug in the way we get job parameters during rerun of a failed diff job. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Created] (CASSANDRA-16967) Probabilistic diff to sample partitions for diff testing based on probability.
Jyothsna Konisa created CASSANDRA-16967: --- Summary: Probabilistic diff to sample partitions for diff testing based on probability. Key: CASSANDRA-16967 URL: https://issues.apache.org/jira/browse/CASSANDRA-16967 Project: Cassandra Issue Type: New Feature Reporter: Jyothsna Konisa Assignee: Jyothsna Konisa Probabilistic diff allows us to sample partitions randomly while running diff tests. It takes new config parameter `partition_sampling_probability ` that ranges between (0-1) and samples partitions based on this probability. The default value for this config property is 1 which means that all the partitions will be diffed. The partitions that are selected are also based on the JobId, for a given sampling probability and JobId we always diff on same partitions.This helps in reproducing any issues that one might run into. Probabilistic diff allows us to run diff jobs on large clusters by sampling some partitions. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16224) InvalidQueryException: Order by on unknown column From cassandra-diff
[
https://issues.apache.org/jira/browse/CASSANDRA-16224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17276762#comment-17276762
]
Jyothsna Konisa commented on CASSANDRA-16224:
-
Adding quotes by default to keyspace names, table names and column names so
that we do not run into issues with quotes during diff job where we have
reserve/keywords in keyspace, table and column names.
> InvalidQueryException: Order by on unknown column From cassandra-diff
> -
>
> Key: CASSANDRA-16224
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16224
> Project: Cassandra
> Issue Type: Bug
> Components: Tool/diff
>Reporter: Yifan Cai
>Assignee: Jyothsna Konisa
>Priority: Normal
> Labels: pull-request-available
>
> Diff job fails with the following error,
> {code:java}
> Caused by:
> shaded.com.datastax.driver.core.exceptions.InvalidQueryException: Order by on
> unknown column
> at
> shaded.com.datastax.driver.core.exceptions.InvalidQueryException.copy(InvalidQueryException.java:49)
> at
> shaded.com.datastax.driver.core.DriverThrowables.propagateCause(DriverThrowables.java:35)
> at
> shaded.com.datastax.driver.core.AbstractSession.prepare(AbstractSession.java:97)
> at mme.cassandraclient.SessionWrapper.prepare(SessionWrapper.java:215)
> at
> org.apache.cassandra.diff.DiffCluster.getFullStatement(DiffCluster.java:272)
> at
> org.apache.cassandra.diff.DiffCluster.getStatementForTable(DiffCluster.java:204)
> at org.apache.cassandra.diff.DiffCluster.keyReader(DiffCluster.java:188)
> at
> org.apache.cassandra.diff.DiffCluster.fetchPartitionKeys(DiffCluster.java:125)
> at
> org.apache.cassandra.diff.DiffCluster.lambda$getPartitionKeys$0(DiffCluster.java:114)
> at org.apache.cassandra.diff.RetryStrategy.retry(RetryStrategy.java:21)
> at
> org.apache.cassandra.diff.DiffCluster.getPartitionKeys(DiffCluster.java:113)
> {code}
> The cause is that when building the select query, the ordered-by column names
> are not quoted. The server only sees the field names in lowercase, and it is
> unable to recognize.
> A simple unit test to prove that the field name needs to be quoted in the
> query builder in order to have the built query preserve the quotes.
> {code:java}
> query = "SELECT * FROM t WHERE a='foo' ORDER BY \"bCol\" DESC;";
> select = select().from("t").where(eq("a", "foo")).orderBy(desc("\"bCol\""));
> assertEquals(select.toString(), query);
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Assigned] (CASSANDRA-16224) InvalidQueryException: Order by on unknown column From cassandra-diff
[
https://issues.apache.org/jira/browse/CASSANDRA-16224?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jyothsna Konisa reassigned CASSANDRA-16224:
---
Assignee: Jyothsna Konisa
> InvalidQueryException: Order by on unknown column From cassandra-diff
> -
>
> Key: CASSANDRA-16224
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16224
> Project: Cassandra
> Issue Type: Bug
> Components: Tool/diff
>Reporter: Yifan Cai
>Assignee: Jyothsna Konisa
>Priority: Normal
> Labels: pull-request-available
>
> Diff job fails with the following error,
> {code:java}
> Caused by:
> shaded.com.datastax.driver.core.exceptions.InvalidQueryException: Order by on
> unknown column
> at
> shaded.com.datastax.driver.core.exceptions.InvalidQueryException.copy(InvalidQueryException.java:49)
> at
> shaded.com.datastax.driver.core.DriverThrowables.propagateCause(DriverThrowables.java:35)
> at
> shaded.com.datastax.driver.core.AbstractSession.prepare(AbstractSession.java:97)
> at mme.cassandraclient.SessionWrapper.prepare(SessionWrapper.java:215)
> at
> org.apache.cassandra.diff.DiffCluster.getFullStatement(DiffCluster.java:272)
> at
> org.apache.cassandra.diff.DiffCluster.getStatementForTable(DiffCluster.java:204)
> at org.apache.cassandra.diff.DiffCluster.keyReader(DiffCluster.java:188)
> at
> org.apache.cassandra.diff.DiffCluster.fetchPartitionKeys(DiffCluster.java:125)
> at
> org.apache.cassandra.diff.DiffCluster.lambda$getPartitionKeys$0(DiffCluster.java:114)
> at org.apache.cassandra.diff.RetryStrategy.retry(RetryStrategy.java:21)
> at
> org.apache.cassandra.diff.DiffCluster.getPartitionKeys(DiffCluster.java:113)
> {code}
> The cause is that when building the select query, the ordered-by column names
> are not quoted. The server only sees the field names in lowercase, and it is
> unable to recognize.
> A simple unit test to prove that the field name needs to be quoted in the
> query builder in order to have the built query preserve the quotes.
> {code:java}
> query = "SELECT * FROM t WHERE a='foo' ORDER BY \"bCol\" DESC;";
> select = select().from("t").where(eq("a", "foo")).orderBy(desc("\"bCol\""));
> assertEquals(select.toString(), query);
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16224) InvalidQueryException: Order by on unknown column From cassandra-diff
[
https://issues.apache.org/jira/browse/CASSANDRA-16224?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jyothsna Konisa updated CASSANDRA-16224:
Test and Documentation Plan: Manual container test
Status: Patch Available (was: Open)
> InvalidQueryException: Order by on unknown column From cassandra-diff
> -
>
> Key: CASSANDRA-16224
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16224
> Project: Cassandra
> Issue Type: Bug
> Components: Tool/diff
>Reporter: Yifan Cai
>Priority: Normal
> Labels: pull-request-available
>
> Diff job fails with the following error,
> {code:java}
> Caused by:
> shaded.com.datastax.driver.core.exceptions.InvalidQueryException: Order by on
> unknown column
> at
> shaded.com.datastax.driver.core.exceptions.InvalidQueryException.copy(InvalidQueryException.java:49)
> at
> shaded.com.datastax.driver.core.DriverThrowables.propagateCause(DriverThrowables.java:35)
> at
> shaded.com.datastax.driver.core.AbstractSession.prepare(AbstractSession.java:97)
> at mme.cassandraclient.SessionWrapper.prepare(SessionWrapper.java:215)
> at
> org.apache.cassandra.diff.DiffCluster.getFullStatement(DiffCluster.java:272)
> at
> org.apache.cassandra.diff.DiffCluster.getStatementForTable(DiffCluster.java:204)
> at org.apache.cassandra.diff.DiffCluster.keyReader(DiffCluster.java:188)
> at
> org.apache.cassandra.diff.DiffCluster.fetchPartitionKeys(DiffCluster.java:125)
> at
> org.apache.cassandra.diff.DiffCluster.lambda$getPartitionKeys$0(DiffCluster.java:114)
> at org.apache.cassandra.diff.RetryStrategy.retry(RetryStrategy.java:21)
> at
> org.apache.cassandra.diff.DiffCluster.getPartitionKeys(DiffCluster.java:113)
> {code}
> The cause is that when building the select query, the ordered-by column names
> are not quoted. The server only sees the field names in lowercase, and it is
> unable to recognize.
> A simple unit test to prove that the field name needs to be quoted in the
> query builder in order to have the built query preserve the quotes.
> {code:java}
> query = "SELECT * FROM t WHERE a='foo' ORDER BY \"bCol\" DESC;";
> select = select().from("t").where(eq("a", "foo")).orderBy(desc("\"bCol\""));
> assertEquals(select.toString(), query);
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16224) InvalidQueryException: Order by on unknown column From cassandra-diff
[
https://issues.apache.org/jira/browse/CASSANDRA-16224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17275276#comment-17275276
]
Jyothsna Konisa commented on CASSANDRA-16224:
-
[https://github.com/apache/cassandra-diff/pull/14]
For tables with clustering keys, in the prepared statement with ordering,
column names are to be quoted.
> InvalidQueryException: Order by on unknown column From cassandra-diff
> -
>
> Key: CASSANDRA-16224
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16224
> Project: Cassandra
> Issue Type: Bug
> Components: Tool/diff
>Reporter: Yifan Cai
>Priority: Normal
> Labels: pull-request-available
>
> Diff job fails with the following error,
> {code:java}
> Caused by:
> shaded.com.datastax.driver.core.exceptions.InvalidQueryException: Order by on
> unknown column
> at
> shaded.com.datastax.driver.core.exceptions.InvalidQueryException.copy(InvalidQueryException.java:49)
> at
> shaded.com.datastax.driver.core.DriverThrowables.propagateCause(DriverThrowables.java:35)
> at
> shaded.com.datastax.driver.core.AbstractSession.prepare(AbstractSession.java:97)
> at mme.cassandraclient.SessionWrapper.prepare(SessionWrapper.java:215)
> at
> org.apache.cassandra.diff.DiffCluster.getFullStatement(DiffCluster.java:272)
> at
> org.apache.cassandra.diff.DiffCluster.getStatementForTable(DiffCluster.java:204)
> at org.apache.cassandra.diff.DiffCluster.keyReader(DiffCluster.java:188)
> at
> org.apache.cassandra.diff.DiffCluster.fetchPartitionKeys(DiffCluster.java:125)
> at
> org.apache.cassandra.diff.DiffCluster.lambda$getPartitionKeys$0(DiffCluster.java:114)
> at org.apache.cassandra.diff.RetryStrategy.retry(RetryStrategy.java:21)
> at
> org.apache.cassandra.diff.DiffCluster.getPartitionKeys(DiffCluster.java:113)
> {code}
> The cause is that when building the select query, the ordered-by column names
> are not quoted. The server only sees the field names in lowercase, and it is
> unable to recognize.
> A simple unit test to prove that the field name needs to be quoted in the
> query builder in order to have the built query preserve the quotes.
> {code:java}
> query = "SELECT * FROM t WHERE a='foo' ORDER BY \"bCol\" DESC;";
> select = select().from("t").where(eq("a", "foo")).orderBy(desc("\"bCol\""));
> assertEquals(select.toString(), query);
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
