[cassandra] branch trunk updated: CassandraNetworkAuthorizer gets login privilege from RolesCache

Thu, 11 Jul 2019 09:16:03 -0700 

This is an automated email from the ASF dual-hosted git repository.

samt pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 149caf0  CassandraNetworkAuthorizer gets login privilege from 
RolesCache
149caf0 is described below

commit 149caf01e08f58f306ff51379ab189c7a4b1ca6d
Author: Sam Tunnicliffe <s...@beobal.com>
AuthorDate: Tue Apr 16 16:33:59 2019 +0100

    CassandraNetworkAuthorizer gets login privilege from RolesCache
    
    Patch by Sam Tunnicliffe; reviewed by Blake Eggleston for CASSANDRA-15089
---
 CHANGES.txt                                             |  2 ++
 .../cassandra/auth/CassandraNetworkAuthorizer.java      |  2 +-
 .../cassandra/auth/CassandraNetworkAuthorizerTest.java  | 17 +++++++++++++++++
 3 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/CHANGES.txt b/CHANGES.txt
index 3248cfe..cbdd91f 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,6 @@
 4.0
+ * CassandraNetworkAuthorizer uses cached roles info (CASSANDRA-15089)
+ * Introduce optional timeouts for idle client sessions (CASSANDRA-11097)
  * Fix AlterTableStatement dropped type validation order (CASSANDRA-15203)
  * Update Netty dependencies to latest, clean up SocketFactory 
(CASSANDRA-15195)
  * Native Transport - Apply noSpamLogger to ConnectionLimitHandler 
(CASSANDRA-15167)
diff --git a/src/java/org/apache/cassandra/auth/CassandraNetworkAuthorizer.java 
b/src/java/org/apache/cassandra/auth/CassandraNetworkAuthorizer.java
index 34a0140..6fdcd69 100644
--- a/src/java/org/apache/cassandra/auth/CassandraNetworkAuthorizer.java
+++ b/src/java/org/apache/cassandra/auth/CassandraNetworkAuthorizer.java
@@ -78,7 +78,7 @@ public class CassandraNetworkAuthorizer implements 
INetworkAuthorizer
 
     public DCPermissions authorize(RoleResource role)
     {
-        if (!DatabaseDescriptor.getRoleManager().canLogin(role))
+        if (!Roles.canLogin(role))
         {
             return DCPermissions.none();
         }
diff --git 
a/test/unit/org/apache/cassandra/auth/CassandraNetworkAuthorizerTest.java 
b/test/unit/org/apache/cassandra/auth/CassandraNetworkAuthorizerTest.java
index c24a769..2e57173 100644
--- a/test/unit/org/apache/cassandra/auth/CassandraNetworkAuthorizerTest.java
+++ b/test/unit/org/apache/cassandra/auth/CassandraNetworkAuthorizerTest.java
@@ -51,6 +51,7 @@ import org.apache.cassandra.transport.messages.ResultMessage;
 import static org.apache.cassandra.auth.AuthKeyspace.NETWORK_PERMISSIONS;
 import static 
org.apache.cassandra.auth.RoleTestUtils.LocalCassandraRoleManager;
 import static org.apache.cassandra.schema.SchemaConstants.AUTH_KEYSPACE_NAME;
+import static org.apache.cassandra.auth.RoleTestUtils.getReadCount;
 
 public class CassandraNetworkAuthorizerTest
 {
@@ -105,6 +106,8 @@ public class CassandraNetworkAuthorizerTest
                                new LocalCassandraAuthorizer(),
                                new LocalCassandraNetworkAuthorizer());
         setupSuperUser();
+        // not strictly necessary to init the cache here, but better to be 
explicit
+        Roles.initRolesCache(DatabaseDescriptor.getRoleManager(), () -> true);
     }
 
     @Before
@@ -227,6 +230,8 @@ public class CassandraNetworkAuthorizerTest
         Assert.assertEquals(DCPermissions.subset("dc1"), dcPerms(username));
         assertDcPermRow(username, "dc1");
 
+        // clear the roles cache to lose the (non-)superuser status for the 
user
+        Roles.clearCache();
         auth("ALTER ROLE %s WITH superuser = true", username);
         Assert.assertEquals(DCPermissions.all(), dcPerms(username));
     }
@@ -238,4 +243,16 @@ public class CassandraNetworkAuthorizerTest
         auth("CREATE ROLE %s", username);
         Assert.assertEquals(DCPermissions.none(), dcPerms(username));
     }
+
+    @Test
+    public void getLoginPrivilegeFromRolesCache() throws Exception
+    {
+        String username = createName();
+        auth("CREATE ROLE %s", username);
+        long readCount = getReadCount();
+        dcPerms(username);
+        Assert.assertEquals(++readCount, getReadCount());
+        dcPerms(username);
+        Assert.assertEquals(readCount, getReadCount());
+    }
 }


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to