cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From alek...@apache.org
Subject git commit: Relax CL for auth queries for non-default users
Date Mon, 11 Mar 2013 22:27:24 GMT
Updated Branches:
  refs/heads/cassandra-1.2 09ee5db73 -> 2513480cc


Relax CL for auth queries for non-default users

patch by Aleksey Yeschenko; reviewed by Jonathan Ellis for
CASSANDRA-5310


Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/2513480c
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/2513480c
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/2513480c

Branch: refs/heads/cassandra-1.2
Commit: 2513480ccddc2f8c6164b85b0732606e3e521610
Parents: 09ee5db
Author: Aleksey Yeschenko <aleksey@apache.org>
Authored: Tue Mar 12 01:26:07 2013 +0300
Committer: Aleksey Yeschenko <aleksey@apache.org>
Committed: Tue Mar 12 01:26:07 2013 +0300

----------------------------------------------------------------------
 CHANGES.txt                                        |    1 +
 src/java/org/apache/cassandra/auth/Auth.java       |   39 +++++++----
 .../apache/cassandra/auth/CassandraAuthorizer.java |    2 +-
 .../cassandra/auth/PasswordAuthenticator.java      |   52 ++++++++++-----
 4 files changed, 63 insertions(+), 31 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cassandra/blob/2513480c/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index 8b5674c..3550ef6 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -18,6 +18,7 @@
  * Add binary protocol support to stress (CASSANDRA-4993)
  * cqlsh: Fix COPY FROM value quoting and null handling (CASSANDRA-5305)
  * Fix repair -pr for vnodes (CASSANDRA-5329)
+ * Relax CL for auth queries for non-default users (CASSANDRA-5310)
 Merged from 1.1:
  * fix logging of "Found table data in data directories" when only system tables
    are present (CASSANDRA-5289)

http://git-wip-us.apache.org/repos/asf/cassandra/blob/2513480c/src/java/org/apache/cassandra/auth/Auth.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/auth/Auth.java b/src/java/org/apache/cassandra/auth/Auth.java
index 43118e4..d8e79ca 100644
--- a/src/java/org/apache/cassandra/auth/Auth.java
+++ b/src/java/org/apache/cassandra/auth/Auth.java
@@ -35,6 +35,7 @@ import org.apache.cassandra.locator.SimpleStrategy;
 import org.apache.cassandra.service.IMigrationListener;
 import org.apache.cassandra.service.MigrationManager;
 import org.apache.cassandra.service.StorageService;
+import org.apache.cassandra.utils.FBUtilities;
 
 public class Auth
 {
@@ -67,7 +68,7 @@ public class Auth
         String query = String.format("SELECT * FROM %s.%s WHERE name = '%s'", AUTH_KS, USERS_CF,
escape(username));
         try
         {
-            return !QueryProcessor.process(query, ConsistencyLevel.QUORUM).isEmpty();
+            return !QueryProcessor.process(query, consistencyForUser(username)).isEmpty();
         }
         catch (RequestExecutionException e)
         {
@@ -86,7 +87,7 @@ public class Auth
         String query = String.format("SELECT super FROM %s.%s WHERE name = '%s'", AUTH_KS,
USERS_CF, escape(username));
         try
         {
-            UntypedResultSet result = QueryProcessor.process(query, ConsistencyLevel.QUORUM);
+            UntypedResultSet result = QueryProcessor.process(query, consistencyForUser(username));
             return !result.isEmpty() && result.one().getBoolean("super");
         }
         catch (RequestExecutionException e)
@@ -109,7 +110,7 @@ public class Auth
                                              USERS_CF,
                                              escape(username),
                                              isSuper),
-                               ConsistencyLevel.QUORUM);
+                               consistencyForUser(username));
     }
 
     /**
@@ -124,7 +125,7 @@ public class Auth
                                              AUTH_KS,
                                              USERS_CF,
                                              escape(username)),
-                               ConsistencyLevel.QUORUM);
+                               consistencyForUser(username));
     }
 
     /**
@@ -144,15 +145,27 @@ public class Auth
         // the delay is here to give the node some time to see its peers - to reduce
         // "Skipped default superuser setup: some nodes were not ready" log spam.
         // It's the only reason for the delay.
-        StorageService.tasks.schedule(new Runnable()
-                                      {
-                                          public void run()
-                                          {
-                                              setupDefaultSuperuser();
+        if (DatabaseDescriptor.getSeeds().contains(FBUtilities.getBroadcastAddress()) ||
!DatabaseDescriptor.isAutoBootstrap())
+        {
+            StorageService.tasks.schedule(new Runnable()
+                                              {
+                                              public void run()
+                                              {
+                                                  setupDefaultSuperuser();
                                           }
-                                      },
-                                      SUPERUSER_SETUP_DELAY,
-                                      TimeUnit.SECONDS);
+                                          },
+                                          SUPERUSER_SETUP_DELAY,
+                                          TimeUnit.SECONDS);
+        }
+    }
+
+    // Only use QUORUM cl for the default superuser.
+    private static ConsistencyLevel consistencyForUser(String username)
+    {
+        if (username.equals(DEFAULT_SUPERUSER_NAME))
+            return ConsistencyLevel.QUORUM;
+        else
+            return ConsistencyLevel.ONE;
     }
 
     private static void setupAuthKeyspace()
@@ -177,7 +190,7 @@ public class Auth
         {
             try
             {
-                QueryProcessor.process(USERS_CF_SCHEMA, ConsistencyLevel.ONE);
+                QueryProcessor.process(USERS_CF_SCHEMA, ConsistencyLevel.ANY);
             }
             catch (RequestExecutionException e)
             {

http://git-wip-us.apache.org/repos/asf/cassandra/blob/2513480c/src/java/org/apache/cassandra/auth/CassandraAuthorizer.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/auth/CassandraAuthorizer.java b/src/java/org/apache/cassandra/auth/CassandraAuthorizer.java
index 2227e5b..0518734 100644
--- a/src/java/org/apache/cassandra/auth/CassandraAuthorizer.java
+++ b/src/java/org/apache/cassandra/auth/CassandraAuthorizer.java
@@ -249,6 +249,6 @@ public class CassandraAuthorizer implements IAuthorizer
 
     private static UntypedResultSet process(String query) throws RequestExecutionException
     {
-        return QueryProcessor.process(query, ConsistencyLevel.QUORUM);
+        return QueryProcessor.process(query, ConsistencyLevel.ONE);
     }
 }

http://git-wip-us.apache.org/repos/asf/cassandra/blob/2513480c/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java b/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
index f8f44d4..e6e28ae 100644
--- a/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
+++ b/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
@@ -26,6 +26,7 @@ import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import org.apache.cassandra.config.DatabaseDescriptor;
 import org.apache.cassandra.config.Schema;
 import org.apache.cassandra.cql3.UntypedResultSet;
 import org.apache.cassandra.cql3.QueryProcessor;
@@ -35,6 +36,7 @@ import org.apache.cassandra.exceptions.ConfigurationException;
 import org.apache.cassandra.exceptions.InvalidRequestException;
 import org.apache.cassandra.exceptions.RequestExecutionException;
 import org.apache.cassandra.service.StorageService;
+import org.apache.cassandra.utils.FBUtilities;
 import org.mindrot.jbcrypt.BCrypt;
 
 /**
@@ -102,7 +104,8 @@ public class PasswordAuthenticator implements IAuthenticator
                                            SALTED_HASH,
                                            Auth.AUTH_KS,
                                            CREDENTIALS_CF,
-                                           escape(username)));
+                                           escape(username)),
+                             consistencyForUser(username));
         }
         catch (RequestExecutionException e)
         {
@@ -125,7 +128,8 @@ public class PasswordAuthenticator implements IAuthenticator
                               Auth.AUTH_KS,
                               CREDENTIALS_CF,
                               escape(username),
-                              escape(hashpw(password))));
+                              escape(hashpw(password))),
+                consistencyForUser(username));
     }
 
     public void alter(String username, Map<Option, Object> options) throws RequestExecutionException
@@ -134,12 +138,14 @@ public class PasswordAuthenticator implements IAuthenticator
                               Auth.AUTH_KS,
                               CREDENTIALS_CF,
                               escape(hashpw((String) options.get(Option.PASSWORD))),
-                              escape(username)));
+                              escape(username)),
+                consistencyForUser(username));
     }
 
     public void drop(String username) throws RequestExecutionException
     {
-        process(String.format("DELETE FROM %s.%s WHERE username = '%s'", Auth.AUTH_KS, CREDENTIALS_CF,
escape(username)));
+        process(String.format("DELETE FROM %s.%s WHERE username = '%s'", Auth.AUTH_KS, CREDENTIALS_CF,
escape(username)),
+                consistencyForUser(username));
     }
 
     public Set<DataResource> protectedResources()
@@ -158,15 +164,18 @@ public class PasswordAuthenticator implements IAuthenticator
         // the delay is here to give the node some time to see its peers - to reduce
         // "skipped default user setup: some nodes are were not ready" log spam.
         // It's the only reason for the delay.
-        StorageService.tasks.schedule(new Runnable()
-                                      {
-                                          public void run()
-                                          {
-                                              setupDefaultUser();
+        if (DatabaseDescriptor.getSeeds().contains(FBUtilities.getBroadcastAddress()) ||
!DatabaseDescriptor.isAutoBootstrap())
+        {
+            StorageService.tasks.schedule(new Runnable()
+                                              {
+                                              public void run()
+                                              {
+                                                  setupDefaultUser();
                                           }
-                                      },
-                                      DEFAULT_USER_SETUP_DELAY,
-                                      TimeUnit.SECONDS);
+                                          },
+                                          DEFAULT_USER_SETUP_DELAY,
+                                          TimeUnit.SECONDS);
+        }
     }
 
     private void setupCredentialsTable()
@@ -175,7 +184,7 @@ public class PasswordAuthenticator implements IAuthenticator
         {
             try
             {
-                process(CREDENTIALS_CF_SCHEMA);
+                process(CREDENTIALS_CF_SCHEMA, ConsistencyLevel.ANY);
             }
             catch (RequestExecutionException e)
             {
@@ -190,13 +199,14 @@ public class PasswordAuthenticator implements IAuthenticator
         try
         {
             // insert a default superuser if AUTH_KS.CREDENTIALS_CF is empty.
-            if (process(String.format("SELECT * FROM %s.%s", Auth.AUTH_KS, CREDENTIALS_CF)).isEmpty())
+            if (process(String.format("SELECT * FROM %s.%s", Auth.AUTH_KS, CREDENTIALS_CF),
ConsistencyLevel.QUORUM).isEmpty())
             {
                 process(String.format("INSERT INTO %s.%s (username, salted_hash) VALUES ('%s',
'%s') USING TIMESTAMP 0",
                                       Auth.AUTH_KS,
                                       CREDENTIALS_CF,
                                       DEFAULT_USER_NAME,
-                                      escape(hashpw(DEFAULT_USER_PASSWORD))));
+                                      escape(hashpw(DEFAULT_USER_PASSWORD))),
+                        ConsistencyLevel.QUORUM);
                 logger.info("PasswordAuthenticator created default user '{}'", DEFAULT_USER_NAME);
             }
         }
@@ -216,8 +226,16 @@ public class PasswordAuthenticator implements IAuthenticator
         return StringUtils.replace(name, "'", "''");
     }
 
-    private static UntypedResultSet process(String query) throws RequestExecutionException
+    private static UntypedResultSet process(String query, ConsistencyLevel cl) throws RequestExecutionException
+    {
+        return QueryProcessor.process(query, cl);
+    }
+
+    private static ConsistencyLevel consistencyForUser(String username)
     {
-        return QueryProcessor.process(query, ConsistencyLevel.QUORUM);
+        if (username.equals(DEFAULT_USER_NAME))
+            return ConsistencyLevel.QUORUM;
+        else
+            return ConsistencyLevel.ONE;
     }
 }


Mime
View raw message