cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sam Tunnicliffe (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-10135) Quoting changed for username in GRANT statement
Date Thu, 20 Aug 2015 12:53:47 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-10135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14704818#comment-14704818
] 

Sam Tunnicliffe commented on CASSANDRA-10135:
---------------------------------------------

Thi is mostly discussed in CASSANDRA-8850, tl;dr the initial proposal was to make role names
quoted strings, but in the end it was decided to stick with identifiers as had previously
been the case for user names. 

2.1 and 2.2 define a user/role name as either an identifier - an unquoted, case-insensitive
string which matches the rule {{LETTER (LETTER | DIGIT | '_')*}} - or as a string literal,
which are single quoted & non-case sensitive. From 2.2, string literals also support extended
postgres syntax (CASSANDRA-7769).

There is a divergence between user and role names in the 2.2 CQL grammar though; role are
defined as identifiers, unreserved keywords or quoted names. Quoted names are much like the
2.1 string literals, except are double quoted and in this usage, case-sensitive. They do not
support the postgres {{$$}} syntax.

I've pushed a branch [here|https://github.com/apache/cassandra/compare/cassandra-2.2...beobal:10135-2.2]
which adds string literal as a supported production for role names, along with some additional
tests which exercise the various syntax options. To preserve backwards compatibility, a quoted
string role name (either singly quoted or using pg syntax) is *not* case sensitive.


> Quoting changed for username in GRANT statement
> -----------------------------------------------
>
>                 Key: CASSANDRA-10135
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-10135
>             Project: Cassandra
>          Issue Type: Bug
>          Components: API
>         Environment: cassandra 2.2.0
>            Reporter: Bernhard K. Weisshuhn
>            Priority: Minor
>
> We may have uncovered an undocumented api change between cassandra 2.1.x and 2.2.0.
> When granting permissions to a username containing special characters, 2.1.x needed single
quotes around the username and refused doubles.
> 2.2.0 needs doubles and refuses singles.
> Working example for 2.1.x:
> {code:sql}
> GRANT SELECT ON ALL KEYSPACES TO 'vault-readonly-root-79840dbb-917e-ed90-38e0-578226e6c1c6-1440017797';
> {code}
> Enclosing the username in double quotes instead of singles fails with the following error
message:
> {quote}
> cassandra@cqlsh> GRANT SELECT ON ALL KEYSPACES TO "vault-readonly-root-79840dbb-917e-ed90-38e0-578226e6c1c6-1440017797";
> SyntaxException: <ErrorMessage code=2000 [Syntax error in CQL query] message="line
1:33 mismatched input 'vault-readonly-root-79840dbb-917e-ed90-38e0-578226e6c1c6-1440017797'
expecting set null (...SELECT ON ALL KEYSPACES TO ["vault-readonly-root-79840dbb-917e-ed90-38e0-578226e6c1c6-144001779]...)">
> {quote}
> Singles fail in 2.2.0:
> {quote}
> cassandra@cqlsh> GRANT SELECT ON ALL KEYSPACES TO 'vault-readonly-root-e04e7a84-a7ba-d84f-f3c0-1e50e7590179-1440019308';
> SyntaxException: <ErrorMessage code=2000 [Syntax error in CQL query] message="line
1:33 no viable alternative at input 'vault-readonly-root-e04e7a84-a7ba-d84f-f3c0-1e50e7590179-1440019308'
(...SELECT ON ALL KEYSPACES TO ['vault-readonly-root-e04e7a84-a7ba-d84f-f3c0-1e50e7590179-144001930]...)">
> {quote}
> ... whereas double quotes succeed:
> {code:sql}
> GRANT SELECT ON ALL KEYSPACES TO "vault-readonly-root-e04e7a84-a7ba-d84f-f3c0-1e50e7590179-1440019308";
> {code}
> If this is a deliberate change, I don't think it is reflected in the documentation. I
am temped to consider this a bug introduced with the role additions.
> Motivation for this report: https://github.com/hashicorp/vault/pull/545#issuecomment-132634630



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message