cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sam Tunnicliffe (JIRA)" <>
Subject [jira] [Commented] (CASSANDRA-13041) Do not allow removal of a DC from system_auth replication settings if the DC has active Cassandra instances
Date Mon, 06 Feb 2017 15:37:41 GMT


Sam Tunnicliffe commented on CASSANDRA-13041:

Neither DropTest, nor the snippet pasted above actually emulate the behaviour of a real client
as they call the statement's execute method directly. The restriction on dropping the keyspace,
along with most other modifications to system tables, is enforced by {{ClientState::preventSystemKSSchemaModification}}
which CQLTester tends to bypass by calling {{QueryProcessor::executeInternal}}. So a piece
of internal code could perform modifications to the system tables (including system_auth),
but a real client could not. CQLTester does have methods which exercise the client code path
though, so we can fix the tests to use those.

Regarding the replication config, I don't see any harm in adding this constraint. Just to
note though, it is possible to have authn/authz disabled for a particular DC, in which case
having no replicas in that DC wouldn't cause a problem for connecting clients. I would imagine
this is a pretty rare use-case though, and even in this case, it's generally such a tiny dataset
that having it replicated even where it isn't strictly needed doesn't seem like much of a

If you're OK with this, I'd like to remove the changes to DropKeyspaceStatement, fix DropTest
to use the same path as an actual client and add an entry in NEWS.txt. I've pushed a rebased
branch with those changes and kicked off CI runs, if you wouldn't mind taking a look. 


> Do not allow removal of a DC from system_auth replication settings if the DC has active
Cassandra instances
> -----------------------------------------------------------------------------------------------------------
>                 Key: CASSANDRA-13041
>                 URL:
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Distributed Metadata
>            Reporter: Nachiket Patil
>            Assignee: Nachiket Patil
>            Priority: Minor
>             Fix For: 4.x
>         Attachments: trunk.diff
> I don’t believe it is ever correct to remove a DC from the system_auth replication
settings while there are nodes up in that DC. Cassandra should not allow this change if there
are hosts which are currently members of the cluster in that DC, as any request which is routed
to these hosts will meet an unavailable. Also dropping the keyspace system_auth should not
be allowed.

This message was sent by Atlassian JIRA

View raw message