cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adam Holmberg (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-10594) Inconsistent permissions results return
Date Tue, 10 Nov 2015 16:07:10 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-10594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14998819#comment-14998819
] 

Adam Holmberg commented on CASSANDRA-10594:
-------------------------------------------

bq. The drivers are pretty good at changing this type of behavior based on the protocol version
in use, so I don't think this would be problematic for them.
I don't even view this as a protocol issue -- it's more like a contract for what type of result
message comes back from this CQL statement. The drivers make no assumptions about that. It's
just confusing for integrators who can get either void or rows for the same query. Not that
big a deal, just thought it was worth pointing out the inconsistency

> Inconsistent permissions results return
> ---------------------------------------
>
>                 Key: CASSANDRA-10594
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-10594
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Adam Holmberg
>            Assignee: Sam Tunnicliffe
>            Priority: Minor
>
> The server returns inconsistent results when listing permissions, depending on whether
a user is configured.
> *Observed with Cassandra 3.0:*
> Only super user configured:
> {code}
> cassandra@cqlsh> list all;
>  role | resource | permissions
> ------+----------+-------------
> (0 rows)
> {code}
> VOID result type is returned (meaning no result meta is returned and cqlsh must use the
table meta to determine columns)
> With one user configured, no grants:
> {code}
> cassandra@cqlsh> create user holmberg with password 'tmp';
> cassandra@cqlsh> list all;
> results meta: system_auth permissions 4
>  role      | username  | resource    | permission
> -----------+-----------+-------------+------------
>  cassandra | cassandra | <role holmberg> |      ALTER
>  cassandra | cassandra | <role holmberg> |       DROP
>  cassandra | cassandra | <role holmberg> |  AUTHORIZE
> (3 rows)
> {code}
> Now a ROWS result message is returned with the cassandra super user grants. 
> Dropping the regular user causes the VOID message to be returned again.
> *Slightly different behavior on 2.2 branch:* VOID message with no result meta is returned,
even if regular user is configured, until permissions are added to that user.
> *Expected:*
> It would be nice if the query always resulted in a ROWS result, even if there are no
explicit permissions defined. This would provide the correct result metadata even if there
are no rows.
> Additionally, it is strange that the 'cassandra' super user only appears in the results
when another user is configured. I would expect it to always appear, or never.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message