You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by ad...@apache.org on 2021/10/27 17:26:41 UTC
[cassandra] branch cassandra-4.0 updated (530bc91 -> 6c9d5ab)
This is an automated email from the ASF dual-hosted git repository.
adelapena pushed a change to branch cassandra-4.0
in repository https://gitbox.apache.org/repos/asf/cassandra.git.
from 530bc91 Merge branch 'cassandra-3.11' into cassandra-4.0
new 969531a Allow users to view permissions of the roles they created
new 3d74cad Merge branch 'cassandra-3.0' into cassandra-3.11
new 6c9d5ab Merge branch 'cassandra-3.11' into cassandra-4.0
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
CHANGES.txt | 1 +
.../apache/cassandra/auth/CassandraAuthorizer.java | 16 ++--
.../org/apache/cassandra/auth/RoleResource.java | 3 +-
.../cql3/statements/CreateRoleStatement.java | 2 +-
.../cassandra/auth/CassandraAuthorizerTest.java | 97 ++++++++++++++++++++++
.../auth/CassandraNetworkAuthorizerTest.java | 42 +---------
.../org/apache/cassandra/auth/RoleTestUtils.java | 50 +++++++++++
7 files changed, 163 insertions(+), 48 deletions(-)
create mode 100644 test/unit/org/apache/cassandra/auth/CassandraAuthorizerTest.java
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org
[cassandra] 01/01: Merge branch 'cassandra-3.11' into cassandra-4.0
Posted by ad...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
adelapena pushed a commit to branch cassandra-4.0
in repository https://gitbox.apache.org/repos/asf/cassandra.git
commit 6c9d5abbc56c043b8d89232bbc2d145482e297c3
Merge: 530bc91 3d74cad
Author: Andrés de la Peña <a....@gmail.com>
AuthorDate: Wed Oct 27 18:12:42 2021 +0100
Merge branch 'cassandra-3.11' into cassandra-4.0
CHANGES.txt | 1 +
.../apache/cassandra/auth/CassandraAuthorizer.java | 16 ++--
.../org/apache/cassandra/auth/RoleResource.java | 3 +-
.../cql3/statements/CreateRoleStatement.java | 2 +-
.../cassandra/auth/CassandraAuthorizerTest.java | 97 ++++++++++++++++++++++
.../auth/CassandraNetworkAuthorizerTest.java | 42 +---------
.../org/apache/cassandra/auth/RoleTestUtils.java | 50 +++++++++++
7 files changed, 163 insertions(+), 48 deletions(-)
diff --cc CHANGES.txt
index 0ad423e,ae98091..2093f0c
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -1,23 -1,17 +1,24 @@@
-3.11.12
- * Upgrade snakeyaml to 1.26 in 3.11 (CASSANDRA=17028)
+4.0.2
+ * Push initial client connection messages to trace (CASSANDRA-17038)
+ * Correct the internode message timestamp if sending node has wrapped (CASSANDRA-16997)
+ * Avoid race causing us to return null in RangesAtEndpoint (CASSANDRA-16965)
+ * Avoid rewriting all sstables during cleanup when transient replication is enabled (CASSANDRA-16966)
+ * Prevent CQLSH from failure on Python 3.10 (CASSANDRA-16987)
+ * Avoid trying to acquire 0 permits from the rate limiter when taking snapshot (CASSANDRA-16872)
+ * Upgrade Caffeine to 2.5.6 (CASSANDRA-15153)
+ * Include SASI components to snapshots (CASSANDRA-15134)
+ * Fix missed wait latencies in the output of `nodetool tpstats -F` (CASSANDRA-16938)
+ * Remove all the state pollution between tests in SSTableReaderTest (CASSANDRA-16888)
+ * Delay auth setup until after gossip has settled to avoid unavailables on startup (CASSANDRA-16783)
+ * Fix clustering order logic in CREATE MATERIALIZED VIEW (CASSANDRA-16898)
+ * org.apache.cassandra.db.rows.ArrayCell#unsharedHeapSizeExcludingData includes data twice (CASSANDRA-16900)
+ * Exclude Jackson 1.x transitive dependency of hadoop* provided dependencies (CASSANDRA-16854)
+Merged from 3.11:
* Add key validation to ssstablescrub (CASSANDRA-16969)
* Update Jackson from 2.9.10 to 2.12.5 (CASSANDRA-16851)
- * Include SASI components to snapshots (CASSANDRA-15134)
* Make assassinate more resilient to missing tokens (CASSANDRA-16847)
- * Exclude Jackson 1.x transitive dependency of hadoop* provided dependencies (CASSANDRA-16854)
- * Validate SASI tokenizer options before adding index to schema (CASSANDRA-15135)
- * Fixup scrub output when no data post-scrub and clear up old use of row, which really means partition (CASSANDRA-16835)
- * Fix ant-junit dependency issue (CASSANDRA-16827)
- * Reduce thread contention in CommitLogSegment and HintsBuffer (CASSANDRA-16072)
- * Avoid sending CDC column if not enabled (CASSANDRA-16770)
Merged from 3.0:
+ * Allow users to view permissions of the roles they created (CASSANDRA-16902)
* Fix failure handling in inter-node communication (CASSANDRA-16334)
* Log more information when a node runs out of commitlog space (CASSANDRA-11323)
* Don't take snapshots when truncating system tables (CASSANDRA-16839)
diff --cc test/unit/org/apache/cassandra/auth/CassandraAuthorizerTest.java
index 0000000,0000000..61235d2
new file mode 100644
--- /dev/null
+++ b/test/unit/org/apache/cassandra/auth/CassandraAuthorizerTest.java
@@@ -1,0 -1,0 +1,97 @@@
++/*
++ * Licensed to the Apache Software Foundation (ASF) under one
++ * or more contributor license agreements. See the NOTICE file
++ * distributed with this work for additional information
++ * regarding copyright ownership. The ASF licenses this file
++ * to you under the Apache License, Version 2.0 (the
++ * "License"); you may not use this file except in compliance
++ * with the License. You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++package org.apache.cassandra.auth;
++
++import java.util.Collections;
++
++import org.junit.BeforeClass;
++import org.junit.Test;
++
++import org.apache.cassandra.SchemaLoader;
++import org.apache.cassandra.config.DatabaseDescriptor;
++import org.apache.cassandra.cql3.CQLTester;
++import org.apache.cassandra.cql3.QueryProcessor;
++import org.apache.cassandra.cql3.UntypedResultSet;
++import org.apache.cassandra.cql3.statements.CreateRoleStatement;
++import org.apache.cassandra.cql3.statements.ListPermissionsStatement;
++import org.apache.cassandra.exceptions.UnauthorizedException;
++import org.apache.cassandra.service.ClientState;
++import org.apache.cassandra.transport.messages.ResultMessage;
++import org.assertj.core.api.Assertions;
++
++import static org.apache.cassandra.auth.AuthenticatedUser.SYSTEM_USER;
++
++public class CassandraAuthorizerTest extends CQLTester
++{
++ private static final RoleResource PARENT_ROLE = RoleResource.role("parent");
++ private static final RoleResource CHILD_ROLE = RoleResource.role("child");
++ private static final RoleResource OTHER_ROLE = RoleResource.role("other");
++
++ @BeforeClass
++ public static void setupClass()
++ {
++ CQLTester.setUpClass();
++ SchemaLoader.setupAuth(new RoleTestUtils.LocalCassandraRoleManager(),
++ new PasswordAuthenticator(),
++ new RoleTestUtils.LocalCassandraAuthorizer(),
++ new RoleTestUtils.LocalCassandraNetworkAuthorizer());
++ }
++
++ @Test
++ public void testListPermissionsOfChildByParent()
++ {
++ // create parent role by system user
++ DatabaseDescriptor.getRoleManager()
++ .createRole(SYSTEM_USER, PARENT_ROLE, RoleTestUtils.getLoginRoleOptions());
++
++ // create child role by parent
++ String createRoleQuery = String.format("CREATE ROLE %s", CHILD_ROLE.getRoleName());
++ CreateRoleStatement createRoleStatement = (CreateRoleStatement) QueryProcessor.parseStatement(createRoleQuery)
++ .prepare(ClientState.forInternalCalls());
++ createRoleStatement.execute(getClientState(PARENT_ROLE.getRoleName()));
++
++ // grant SELECT permission on ALL KEYSPACES to child
++ DatabaseDescriptor.getAuthorizer()
++ .grant(SYSTEM_USER,
++ Collections.singleton(Permission.SELECT),
++ DataResource.root(),
++ CHILD_ROLE);
++
++ // list child permissions by parent
++ String listPermissionsQuery = String.format("LIST ALL PERMISSIONS OF %s", CHILD_ROLE.getRoleName());
++ ListPermissionsStatement listPermissionsStatement = (ListPermissionsStatement) QueryProcessor.parseStatement(listPermissionsQuery)
++ .prepare(ClientState.forInternalCalls());
++ ResultMessage message = listPermissionsStatement.execute(getClientState(PARENT_ROLE.getRoleName()));
++ assertRows(UntypedResultSet.create(((ResultMessage.Rows) message).result),
++ row("child", "child", "<all keyspaces>", "SELECT"));
++
++ // list child permissions by other user that is not their parent
++ DatabaseDescriptor.getRoleManager().createRole(SYSTEM_USER, OTHER_ROLE, RoleTestUtils.getLoginRoleOptions());
++ Assertions.assertThatThrownBy(() -> listPermissionsStatement.execute(getClientState(OTHER_ROLE.getRoleName())))
++ .isInstanceOf(UnauthorizedException.class)
++ .hasMessage("You are not authorized to view child's permissions");
++ }
++
++ private static ClientState getClientState(String username)
++ {
++ ClientState state = ClientState.forInternalCalls();
++ state.login(new AuthenticatedUser(username));
++ return state;
++ }
++}
diff --cc test/unit/org/apache/cassandra/auth/CassandraNetworkAuthorizerTest.java
index 31af270,0000000..350ee20
mode 100644,000000..100644
--- a/test/unit/org/apache/cassandra/auth/CassandraNetworkAuthorizerTest.java
+++ b/test/unit/org/apache/cassandra/auth/CassandraNetworkAuthorizerTest.java
@@@ -1,258 -1,0 +1,220 @@@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.cassandra.auth;
+
+import java.util.Set;
+
+import com.google.common.collect.Iterables;
+import com.google.common.collect.Sets;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import org.apache.cassandra.SchemaLoader;
+import org.apache.cassandra.config.DatabaseDescriptor;
+import org.apache.cassandra.cql3.CQLStatement;
- import org.apache.cassandra.cql3.QueryOptions;
+import org.apache.cassandra.cql3.QueryProcessor;
+import org.apache.cassandra.cql3.UntypedResultSet;
+import org.apache.cassandra.cql3.statements.AlterRoleStatement;
+import org.apache.cassandra.cql3.statements.AuthenticationStatement;
- import org.apache.cassandra.cql3.statements.BatchStatement;
+import org.apache.cassandra.cql3.statements.CreateRoleStatement;
+import org.apache.cassandra.cql3.statements.DropRoleStatement;
- import org.apache.cassandra.cql3.statements.SelectStatement;
+import org.apache.cassandra.db.Keyspace;
+import org.apache.cassandra.db.marshal.UTF8Type;
+import org.apache.cassandra.exceptions.ConfigurationException;
- import org.apache.cassandra.exceptions.RequestExecutionException;
+import org.apache.cassandra.service.ClientState;
- import org.apache.cassandra.service.QueryState;
- import org.apache.cassandra.transport.messages.ResultMessage;
+
+import static org.apache.cassandra.auth.AuthKeyspace.NETWORK_PERMISSIONS;
+import static org.apache.cassandra.auth.RoleTestUtils.LocalCassandraRoleManager;
+import static org.apache.cassandra.schema.SchemaConstants.AUTH_KEYSPACE_NAME;
+import static org.apache.cassandra.auth.RoleTestUtils.getReadCount;
+
+public class CassandraNetworkAuthorizerTest
+{
- private static class LocalCassandraAuthorizer extends CassandraAuthorizer
- {
- ResultMessage.Rows select(SelectStatement statement, QueryOptions options)
- {
- return statement.executeLocally(QueryState.forInternalCalls(), options);
- }
-
- UntypedResultSet process(String query) throws RequestExecutionException
- {
- return QueryProcessor.executeInternal(query);
- }
-
- @Override
- void processBatch(BatchStatement statement)
- {
- statement.executeLocally(QueryState.forInternalCalls(), QueryOptions.DEFAULT);
- }
- }
-
- private static class LocalCassandraNetworkAuthorizer extends CassandraNetworkAuthorizer
- {
- ResultMessage.Rows select(SelectStatement statement, QueryOptions options)
- {
- return statement.executeLocally(QueryState.forInternalCalls(), options);
- }
-
- void process(String query)
- {
- QueryProcessor.executeInternal(query);
- }
- }
-
+ private static void setupSuperUser()
+ {
+ QueryProcessor.executeInternal(String.format("INSERT INTO %s.%s (role, is_superuser, can_login, salted_hash) "
+ + "VALUES ('%s', true, true, '%s')",
+ AUTH_KEYSPACE_NAME,
+ AuthKeyspace.ROLES,
+ CassandraRoleManager.DEFAULT_SUPERUSER_NAME,
+ "xxx"));
+ }
+
+ @BeforeClass
+ public static void defineSchema() throws ConfigurationException
+ {
+ SchemaLoader.prepareServer();
+ SchemaLoader.setupAuth(new LocalCassandraRoleManager(),
+ new PasswordAuthenticator(),
- new LocalCassandraAuthorizer(),
- new LocalCassandraNetworkAuthorizer());
++ new RoleTestUtils.LocalCassandraAuthorizer(),
++ new RoleTestUtils.LocalCassandraNetworkAuthorizer());
+ setupSuperUser();
+ // not strictly necessary to init the cache here, but better to be explicit
+ Roles.initRolesCache(DatabaseDescriptor.getRoleManager(), () -> true);
+ }
+
+ @Before
+ public void clear()
+ {
+ Keyspace.open(AUTH_KEYSPACE_NAME).getColumnFamilyStore(NETWORK_PERMISSIONS).truncateBlocking();
+ }
+
+ private static void assertNoDcPermRow(String username)
+ {
+ String query = String.format("SELECT dcs FROM %s.%s WHERE role = '%s'",
+ AUTH_KEYSPACE_NAME,
+ NETWORK_PERMISSIONS,
+ RoleResource.role(username).getName());
+ UntypedResultSet results = QueryProcessor.executeInternal(query);
+ Assert.assertTrue(results.isEmpty());
+ }
+
+ private static void assertDcPermRow(String username, String... dcs)
+ {
+ Set<String> expected = Sets.newHashSet(dcs);
+ String query = String.format("SELECT dcs FROM %s.%s WHERE role = '%s'",
+ AUTH_KEYSPACE_NAME,
+ NETWORK_PERMISSIONS,
+ RoleResource.role(username).getName());
+ UntypedResultSet results = QueryProcessor.executeInternal(query);
+ UntypedResultSet.Row row = Iterables.getOnlyElement(results);
+ Set<String> actual = row.getFrozenSet("dcs", UTF8Type.instance);
+ Assert.assertEquals(expected, actual);
+ }
+
+ private static String createName()
+ {
+ return RandomStringUtils.randomAlphabetic(8).toLowerCase();
+ }
+
+ private static ClientState getClientState()
+ {
+ ClientState state = ClientState.forInternalCalls();
+ state.login(new AuthenticatedUser(CassandraRoleManager.DEFAULT_SUPERUSER_NAME));
+ return state;
+ }
+
+ private static void auth(String query, Object... args)
+ {
+ CQLStatement statement = QueryProcessor.parseStatement(String.format(query, args)).prepare(ClientState.forInternalCalls());
+ assert statement instanceof CreateRoleStatement
+ || statement instanceof AlterRoleStatement
+ || statement instanceof DropRoleStatement;
+ AuthenticationStatement authStmt = (AuthenticationStatement) statement;
+
+ // invalidate roles cache so that any changes to the underlying roles are picked up
+ Roles.clearCache();
+ authStmt.execute(getClientState());
+ }
+
+ private static DCPermissions dcPerms(String username)
+ {
+ AuthenticatedUser user = new AuthenticatedUser(username);
+ return DatabaseDescriptor.getNetworkAuthorizer().authorize(user.getPrimaryRole());
+ }
+
+ @Test
+ public void create()
+ {
+ String username = createName();
+
+ // user should implicitly have access to all datacenters
+ assertNoDcPermRow(username);
+ auth("CREATE ROLE %s WITH password = 'password' AND LOGIN = true AND ACCESS TO DATACENTERS {'dc1', 'dc2'}", username);
+ Assert.assertEquals(DCPermissions.subset("dc1", "dc2"), dcPerms(username));
+ assertDcPermRow(username, "dc1", "dc2");
+ }
+
+ @Test
+ public void alter()
+ {
+
+ String username = createName();
+
+ assertNoDcPermRow(username);
+ // user should implicitly have access to all datacenters
+ auth("CREATE ROLE %s WITH password = 'password' AND LOGIN = true", username);
+ Assert.assertEquals(DCPermissions.all(), dcPerms(username));
+ assertDcPermRow(username);
+
+ // unless explicitly restricted
+ auth("ALTER ROLE %s WITH ACCESS TO DATACENTERS {'dc1', 'dc2'}", username);
+ Assert.assertEquals(DCPermissions.subset("dc1", "dc2"), dcPerms(username));
+ assertDcPermRow(username, "dc1", "dc2");
+
+ auth("ALTER ROLE %s WITH ACCESS TO DATACENTERS {'dc1'}", username);
+ Assert.assertEquals(DCPermissions.subset("dc1"), dcPerms(username));
+ assertDcPermRow(username, "dc1");
+
+ auth("ALTER ROLE %s WITH ACCESS TO ALL DATACENTERS", username);
+ Assert.assertEquals(DCPermissions.all(), dcPerms(username));
+ assertDcPermRow(username);
+ }
+
+ @Test
+ public void drop()
+ {
+ String username = createName();
+
+ assertNoDcPermRow(username);
+ // user should implicitly have access to all datacenters
+ auth("CREATE ROLE %s WITH password = 'password' AND LOGIN = true AND ACCESS TO DATACENTERS {'dc1'}", username);
+ assertDcPermRow(username, "dc1");
+
+ auth("DROP ROLE %s", username);
+ assertNoDcPermRow(username);
+ }
+
+ @Test
+ public void superUser()
+ {
+ String username = createName();
+ auth("CREATE ROLE %s WITH password = 'password' AND LOGIN = true AND ACCESS TO DATACENTERS {'dc1'}", username);
+ Assert.assertEquals(DCPermissions.subset("dc1"), dcPerms(username));
+ assertDcPermRow(username, "dc1");
+
+ // clear the roles cache to lose the (non-)superuser status for the user
+ Roles.clearCache();
+ auth("ALTER ROLE %s WITH superuser = true", username);
+ Assert.assertEquals(DCPermissions.all(), dcPerms(username));
+ }
+
+ @Test
+ public void cantLogin()
+ {
+ String username = createName();
+ auth("CREATE ROLE %s", username);
+ Assert.assertEquals(DCPermissions.none(), dcPerms(username));
+ }
+
+ @Test
+ public void getLoginPrivilegeFromRolesCache() throws Exception
+ {
+ String username = createName();
+ auth("CREATE ROLE %s", username);
+ long readCount = getReadCount();
+ dcPerms(username);
+ Assert.assertEquals(++readCount, getReadCount());
+ dcPerms(username);
+ Assert.assertEquals(readCount, getReadCount());
+ }
+}
diff --cc test/unit/org/apache/cassandra/auth/RoleTestUtils.java
index e2d1006,0000000..bcbdf83
mode 100644,000000..100644
--- a/test/unit/org/apache/cassandra/auth/RoleTestUtils.java
+++ b/test/unit/org/apache/cassandra/auth/RoleTestUtils.java
@@@ -1,85 -1,0 +1,135 @@@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.cassandra.auth;
+
+import java.util.concurrent.Callable;
+
+import org.apache.cassandra.cql3.QueryOptions;
+import org.apache.cassandra.cql3.QueryProcessor;
+import org.apache.cassandra.cql3.UntypedResultSet;
++import org.apache.cassandra.cql3.statements.BatchStatement;
+import org.apache.cassandra.cql3.statements.SelectStatement;
+import org.apache.cassandra.db.ColumnFamilyStore;
+import org.apache.cassandra.db.ConsistencyLevel;
+import org.apache.cassandra.db.Keyspace;
++import org.apache.cassandra.exceptions.RequestExecutionException;
+import org.apache.cassandra.schema.SchemaConstants;
+import org.apache.cassandra.service.QueryState;
+import org.apache.cassandra.transport.messages.ResultMessage;
+
+
+public class RoleTestUtils
+{
+
+ public static final RoleResource ROLE_A = RoleResource.role("role_a");
+ public static final RoleResource ROLE_B = RoleResource.role("role_b");
+ public static final RoleResource ROLE_B_1 = RoleResource.role("role_b_1");
+ public static final RoleResource ROLE_B_2 = RoleResource.role("role_b_2");
+ public static final RoleResource ROLE_B_3 = RoleResource.role("role_b_3");
+ public static final RoleResource ROLE_C = RoleResource.role("role_c");
+ public static final RoleResource ROLE_C_1 = RoleResource.role("role_c_1");
+ public static final RoleResource ROLE_C_2 = RoleResource.role("role_c_2");
+ public static final RoleResource ROLE_C_3 = RoleResource.role("role_c_3");
+ public static final RoleResource[] ALL_ROLES = new RoleResource[] {ROLE_A,
+ ROLE_B, ROLE_B_1, ROLE_B_2, ROLE_B_3,
+ ROLE_C, ROLE_C_1, ROLE_C_2, ROLE_C_3};
+ /**
+ * This just extends the internal IRoleManager implementation to ensure that
+ * all access to underlying tables is made via
+ * QueryProcessor.executeOnceInternal/CQLStatement.executeInternal and not
+ * StorageProxy so that it can be used in unit tests.
+ */
+ public static class LocalCassandraRoleManager extends CassandraRoleManager
+ {
++ @Override
+ ResultMessage.Rows select(SelectStatement statement, QueryOptions options)
+ {
+ return statement.executeLocally(QueryState.forInternalCalls(), options);
+ }
+
++ @Override
+ UntypedResultSet process(String query, ConsistencyLevel consistencyLevel)
+ {
+ return QueryProcessor.executeInternal(query);
+ }
+
++ @Override
+ protected void scheduleSetupTask(final Callable<Void> setupTask)
+ {
+ // skip data migration or setting up default role for tests
+ }
+ }
+
++ public static class LocalCassandraAuthorizer extends CassandraAuthorizer
++ {
++ @Override
++ ResultMessage.Rows select(SelectStatement statement, QueryOptions options)
++ {
++ return statement.executeLocally(QueryState.forInternalCalls(), options);
++ }
++
++ @Override
++ UntypedResultSet process(String query) throws RequestExecutionException
++ {
++ return QueryProcessor.executeInternal(query);
++ }
++
++ @Override
++ void processBatch(BatchStatement statement)
++ {
++ statement.executeLocally(QueryState.forInternalCalls(), QueryOptions.DEFAULT);
++ }
++ }
++
++ public static class LocalCassandraNetworkAuthorizer extends CassandraNetworkAuthorizer
++ {
++ @Override
++ ResultMessage.Rows select(SelectStatement statement, QueryOptions options)
++ {
++ return statement.executeLocally(QueryState.forInternalCalls(), options);
++ }
++
++ @Override
++ void process(String query)
++ {
++ QueryProcessor.executeInternal(query);
++ }
++ }
++
+ public static void grantRolesTo(IRoleManager roleManager, RoleResource grantee, RoleResource...granted)
+ {
+ for(RoleResource toGrant : granted)
+ roleManager.grantRole(AuthenticatedUser.ANONYMOUS_USER, toGrant, grantee);
+ }
+
+ public static long getReadCount()
+ {
+ ColumnFamilyStore rolesTable = Keyspace.open(SchemaConstants.AUTH_KEYSPACE_NAME).getColumnFamilyStore(AuthKeyspace.ROLES);
+ return rolesTable.metric.readLatency.latency.getCount();
+ }
++
++ public static RoleOptions getLoginRoleOptions()
++ {
++ RoleOptions roleOptions = new RoleOptions();
++ roleOptions.setOption(IRoleManager.Option.SUPERUSER, false);
++ roleOptions.setOption(IRoleManager.Option.LOGIN, true);
++ roleOptions.setOption(IRoleManager.Option.PASSWORD, "ignored");
++ return roleOptions;
++ }
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org