You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by be...@apache.org on 2022/01/25 06:18:19 UTC
[cassandra] branch trunk updated (8ace479 -> ff4d63d)
This is an automated email from the ASF dual-hosted git repository.
bereng pushed a change to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra.git.
from 8ace479 Merge branch 'cassandra-4.0' into trunk
new 85248da PasswordObfuscator should not assume PASSWORD is the last item in the WITH clause
new ff4d63d Merge branch 'cassandra-4.0' into trunk
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
CHANGES.txt | 1 +
NEWS.txt | 1 +
doc/modules/cassandra/pages/new/auditlogging.adoc | 13 +-
.../apache/cassandra/audit/AuditLogManager.java | 32 ++++-
.../apache/cassandra/cql3/PasswordObfuscator.java | 41 +++++-
.../org/apache/cassandra/cql3/QueryEvents.java | 42 +++---
.../cql3/statements/AlterRoleStatement.java | 7 +
.../cql3/statements/AuthenticationStatement.java | 5 +
.../cql3/statements/CreateRoleStatement.java | 7 +
.../cassandra/audit/AuditLoggerAuthTest.java | 73 ++++++++--
.../cassandra/cql3/PasswordObfuscatorTest.java | 156 +++++++++++++++------
11 files changed, 293 insertions(+), 85 deletions(-)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org
[cassandra] 01/01: Merge branch 'cassandra-4.0' into trunk
Posted by be...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
bereng pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra.git
commit ff4d63d392c89e27ca6e02e38457a5199a24f6a9
Merge: 8ace479 85248da
Author: Bereng <be...@gmail.com>
AuthorDate: Tue Jan 25 07:10:41 2022 +0100
Merge branch 'cassandra-4.0' into trunk
CHANGES.txt | 1 +
NEWS.txt | 1 +
doc/modules/cassandra/pages/new/auditlogging.adoc | 13 +-
.../apache/cassandra/audit/AuditLogManager.java | 32 ++++-
.../apache/cassandra/cql3/PasswordObfuscator.java | 41 +++++-
.../org/apache/cassandra/cql3/QueryEvents.java | 42 +++---
.../cql3/statements/AlterRoleStatement.java | 7 +
.../cql3/statements/AuthenticationStatement.java | 5 +
.../cql3/statements/CreateRoleStatement.java | 7 +
.../cassandra/audit/AuditLoggerAuthTest.java | 73 ++++++++--
.../cassandra/cql3/PasswordObfuscatorTest.java | 156 +++++++++++++++------
11 files changed, 293 insertions(+), 85 deletions(-)
diff --cc NEWS.txt
index a41c470,749b531..560b56c
--- a/NEWS.txt
+++ b/NEWS.txt
@@@ -38,45 -39,8 +38,46 @@@ using the provided 'sstableupgrade' too
New features
------------
- - Full support for Java 11, it is not experimental anymore.
+ - Added ability to configure auth caches through corresponding `nodetool` commands.
+ - CDC data flushing now can be configured to be non-blocking with the configuration cdc_block_writes. Setting to true,
+ any writes to the CDC-enabled tables will be blocked when reaching to the limit for CDC data on disk, which is the
+ existing and the default behavior. Setting to false, the writes to the CDC-enabled tables will be accepted and
+ the oldest CDC data on disk will be deleted to ensure the size constraint.
+ - New native functions to convert unix time values into C* native types: toDate(bigint), toTimestamp(bigint),
+ mintimeuuid(bigint) and maxtimeuuid(bigint)
+ - Support for multiple permission in a single GRANT/REVOKE/LIST statement has been added. It allows to
+ grant/revoke/list multiple permissions using a single statement by providing a list of comma-separated
+ permissions.
+ - A new ALL TABLES IN KEYSPACE resource has been added. It allows to grant permissions for all tables and user types
+ in a keyspace while preventing the user to use those permissions on the keyspace itself.
+ - Added support for type casting in the WHERE clause components and in the values of INSERT and UPDATE statements.
+ - Warn/abort thresholds added to read queries notifying clients when these thresholds trigger (by
+ emitting a client warning or aborting the query). This feature is disabled by default, scheduled
+ to be enabled in 4.2; it is controlled with the configuration track_warnings.enabled,
+ setting to true will enable this feature. Each check has its own warn/abort thresholds, currently
+ tombstones (tombstone_warn_threshold, and tombstone_failure_threshold), coordinator result set
+ materialized size (track_warnings.coordinator_large_read.warn_threshold_kb, and
+ track_warnings.coordinator_large_read.abort_threshold_kb), local read materialized heap size
+ (track_warnings.local_read_size.warn_threshold_kb and track_warnings.local_read_size.abort_threshold_kb),
+ and RowIndexEntry estimated memory size (track_warnings.row_index_size.warn_threshold_kb and
+ track_warnings.row_index_size.abort_threshold_kb) are supported; more checks will be added over time.
+ - Prior to this version, the hint system was storing a window of hints as defined by
+ configuration property max_hint_window_in_ms, however this window is not persistent across restarts.
+ For example, if a node is restarted, it will be still eligible for a hint to be sent to it because it
+ was down less than max_hint_window_in_ms. Hence if that node continues restarting without hint delivery completing,
+ hints will be sent to that node indefinitely which would occupy more and more disk space.
+ This behaviour was changed in CASSANDRA-14309. From now on, by default, if a node is not down longer than
+ max_hint_window_in_ms, there is an additional check to see if there is a hint to be delivered which is older
+ than max_window_in_ms. If there is, a hint is not persisted. If there is not, it is.
+ This behaviour might be reverted as it was in previous version by property hint_window_persistent_enabled by
+ setting it to false. This property is by default set to true.
+ - Added a new feature to allow denylisting (i.e. blocking read, write, or range read configurable) access to partition
+ keys in configured keyspaces and tables. See doc/operating/denylisting_partitions.rst for details on using this new
+ feature. Also see CASSANDRA-12106.
+ - Information about pending hints is now available through `nodetool listpendinghints` and `pending_hints` virtual
+ table.
+ - Added ability to invalidate auth caches through corresponding `nodetool` commands and virtual tables.
+ - DCL statements in audit logs will now obscure only the password if they don't fail to parse.
Upgrading
---------
diff --cc src/java/org/apache/cassandra/audit/AuditLogManager.java
index 8126f09,88e0251..ed10460
--- a/src/java/org/apache/cassandra/audit/AuditLogManager.java
+++ b/src/java/org/apache/cassandra/audit/AuditLogManager.java
@@@ -25,9 -25,10 +25,11 @@@ import java.util.List
import java.util.UUID;
import javax.annotation.Nullable;
+import javax.management.openmbean.CompositeData;
import com.google.common.annotations.VisibleForTesting;
+ import com.google.common.collect.ImmutableList;
+
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org