You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by ma...@apache.org on 2022/02/07 12:09:36 UTC
[cassandra] branch trunk updated (e256b98 -> 210793f)
This is an automated email from the ASF dual-hosted git repository.
marcuse pushed a change to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra.git.
from e256b98 Merge branch 'cassandra-4.0' into trunk
new 5c9ba06 Extend operator control over the UDF threading model
new b022aec Merge branch 'cassandra-3.0' into cassandra-3.11
new 66d792a Merge branch 'cassandra-3.11' into cassandra-4.0
new 210793f Merge branch 'cassandra-4.0' into trunk
The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
src/java/org/apache/cassandra/config/Config.java | 13 +++++++++++++
.../apache/cassandra/config/DatabaseDescriptor.java | 16 ++++++++++++++++
.../apache/cassandra/cql3/functions/UDFunction.java | 19 ++++++++++++++++++-
.../security/ThreadAwareSecurityManager.java | 5 +++++
4 files changed, 52 insertions(+), 1 deletion(-)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org
[cassandra] 01/01: Merge branch 'cassandra-4.0' into trunk
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
marcuse pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra.git
commit 210793f943dc522161fd26b6192f38a5c83fa131
Merge: e256b98 66d792a
Author: Marcus Eriksson <ma...@apache.org>
AuthorDate: Mon Feb 7 13:00:57 2022 +0100
Merge branch 'cassandra-4.0' into trunk
src/java/org/apache/cassandra/config/Config.java | 13 +++++++++++++
.../apache/cassandra/config/DatabaseDescriptor.java | 16 ++++++++++++++++
.../apache/cassandra/cql3/functions/UDFunction.java | 19 ++++++++++++++++++-
.../security/ThreadAwareSecurityManager.java | 5 +++++
4 files changed, 52 insertions(+), 1 deletion(-)
diff --cc src/java/org/apache/cassandra/config/Config.java
index d3e6783,80c8435..1d01581
--- a/src/java/org/apache/cassandra/config/Config.java
+++ b/src/java/org/apache/cassandra/config/Config.java
@@@ -497,17 -396,26 +497,30 @@@ public class Confi
* "tell" a user that there's something really wrong with the UDF.
* When you disable async UDF execution, users MUST pay attention to read-timeouts since these may indicate
* UDFs that run too long or forever - and this can destabilize the cluster.
+ *
+ * This requires allow_insecure_udfs to be true
*/
- public boolean enable_user_defined_functions_threads = true;
+ // Below parameter is not presented in cassandra.yaml but to be on the safe side that no one was directly using it
+ // I still added backward compatibility (CASSANDRA-15234)
+ @Replaces(oldName = "enable_user_defined_functions_threads", converter = Converters.IDENTITY, deprecated = true)
+ public boolean user_defined_functions_threads_enabled = true;
+
+ /**
+ * Set this to true to allow running insecure UDFs.
+ */
+ public boolean allow_insecure_udfs = false;
+
+ /**
+ * Set this to allow UDFs accessing java.lang.System.* methods, which basically allows UDFs to execute any arbitrary code on the system.
+ */
+ public boolean allow_extra_insecure_udfs = false;
+
/**
* Time in milliseconds after a warning will be emitted to the log and to the client that a UDF runs too long.
- * (Only valid, if enable_user_defined_functions_threads==true)
+ * (Only valid, if user_defined_functions_threads_enabled==true)
*/
- public long user_defined_function_warn_timeout = 500;
+ //No need of unit conversion as this parameter is not exposed in the yaml file
+ public long user_defined_function_warn_timeout_in_ms = 500;
/**
* Time in milliseconds after a fatal UDF run-time situation is detected and action according to
* user_function_timeout_policy will take place.
diff --cc src/java/org/apache/cassandra/config/DatabaseDescriptor.java
index 59cc169,6958422..cfa3945
--- a/src/java/org/apache/cassandra/config/DatabaseDescriptor.java
+++ b/src/java/org/apache/cassandra/config/DatabaseDescriptor.java
@@@ -724,33 -739,39 +724,39 @@@ public class DatabaseDescripto
}
// if set to empty/"auto" then use 5% of Heap size
- indexSummaryCapacityInMB = (conf.index_summary_capacity_in_mb == null)
+ indexSummaryCapacityInMiB = (conf.index_summary_capacity == null)
? Math.max(1, (int) (Runtime.getRuntime().totalMemory() * 0.05 / 1024 / 1024))
- : conf.index_summary_capacity_in_mb;
+ : conf.index_summary_capacity.toMebibytes();
- if (indexSummaryCapacityInMB < 0)
- throw new ConfigurationException("index_summary_capacity_in_mb option was set incorrectly to '"
- + conf.index_summary_capacity_in_mb + "', it should be a non-negative integer.", false);
+ if (indexSummaryCapacityInMiB < 0)
+ throw new ConfigurationException("index_summary_capacity option was set incorrectly to '"
+ + conf.index_summary_capacity.toString() + "', it should be a non-negative integer.", false);
- if (conf.user_defined_function_fail_timeout < 0)
- throw new ConfigurationException("user_defined_function_fail_timeout must not be negative", false);
- if (conf.user_defined_function_warn_timeout < 0)
- throw new ConfigurationException("user_defined_function_warn_timeout must not be negative", false);
+ if (conf.user_defined_function_fail_timeout_in_ms < 0)
+ throw new ConfigurationException("user_defined_function_fail_timeout_in_ms must not be negative", false);
+ if (conf.user_defined_function_warn_timeout_in_ms < 0)
+ throw new ConfigurationException("user_defined_function_warn_timeout_in_ms must not be negative", false);
- if (conf.user_defined_function_fail_timeout < conf.user_defined_function_warn_timeout)
- throw new ConfigurationException("user_defined_function_warn_timeout must less than user_defined_function_fail_timeout", false);
+ if (conf.user_defined_function_fail_timeout_in_ms < conf.user_defined_function_warn_timeout_in_ms)
+ throw new ConfigurationException("user_defined_function_warn_timeout_in_ms must less than user_defined_function_fail_timeout_in_ms", false);
- if (!conf.allow_insecure_udfs && !conf.enable_user_defined_functions_threads)
++ if (!conf.allow_insecure_udfs && !conf.user_defined_functions_threads_enabled)
+ throw new ConfigurationException("To be able to set enable_user_defined_functions_threads: false you need to set allow_insecure_udfs: true - this is an unsafe configuration and is not recommended.");
+
+ if (conf.allow_extra_insecure_udfs)
+ logger.warn("Allowing java.lang.System.* access in UDFs is dangerous and not recommended. Set allow_extra_insecure_udfs: false to disable.");
+
- if (conf.commitlog_segment_size_in_mb <= 0)
- throw new ConfigurationException("commitlog_segment_size_in_mb must be positive, but was "
- + conf.commitlog_segment_size_in_mb, false);
- else if (conf.commitlog_segment_size_in_mb >= 2048)
- throw new ConfigurationException("commitlog_segment_size_in_mb must be smaller than 2048, but was "
- + conf.commitlog_segment_size_in_mb, false);
+ if (conf.commitlog_segment_size.toMebibytes() == 0)
+ throw new ConfigurationException("commitlog_segment_size must be positive, but was "
+ + conf.commitlog_segment_size.toString(), false);
+ else if (conf.commitlog_segment_size.toMebibytes() >= 2048)
+ throw new ConfigurationException("commitlog_segment_size must be smaller than 2048, but was "
+ + conf.commitlog_segment_size.toString(), false);
- if (conf.max_mutation_size_in_kb == null)
- conf.max_mutation_size_in_kb = conf.commitlog_segment_size_in_mb * 1024 / 2;
- else if (conf.commitlog_segment_size_in_mb * 1024 < 2 * conf.max_mutation_size_in_kb)
- throw new ConfigurationException("commitlog_segment_size_in_mb must be at least twice the size of max_mutation_size_in_kb / 1024", false);
+ if (conf.max_mutation_size == null)
+ conf.max_mutation_size = SmallestDataStorageKibibytes.inKibibytes(conf.commitlog_segment_size.toKibibytes() / 2);
+ else if (conf.commitlog_segment_size.toKibibytes() < 2 * conf.max_mutation_size.toKibibytes())
+ throw new ConfigurationException("commitlog_segment_size must be at least twice the size of max_mutation_size / 1024", false);
// native transport encryption options
if (conf.client_encryption_options != null)
@@@ -3108,27 -2928,37 +3114,37 @@@
public static void setUserDefinedFunctionWarnTimeout(long userDefinedFunctionWarnTimeout)
{
- conf.user_defined_function_warn_timeout = userDefinedFunctionWarnTimeout;
+ conf.user_defined_function_warn_timeout_in_ms = userDefinedFunctionWarnTimeout;
}
+ public static boolean allowInsecureUDFs()
+ {
+ return conf.allow_insecure_udfs;
+ }
+
+ public static boolean allowExtraInsecureUDFs()
+ {
+ return conf.allow_extra_insecure_udfs;
+ }
+
- public static boolean getEnableMaterializedViews()
+ public static boolean getMaterializedViewsEnabled()
{
- return conf.enable_materialized_views;
+ return conf.materialized_views_enabled;
}
- public static void setEnableMaterializedViews(boolean enableMaterializedViews)
+ public static void setMaterializedViewsEnabled(boolean enableMaterializedViews)
{
- conf.enable_materialized_views = enableMaterializedViews;
+ conf.materialized_views_enabled = enableMaterializedViews;
}
- public static boolean getEnableSASIIndexes()
+ public static boolean getSASIIndexesEnabled()
{
- return conf.enable_sasi_indexes;
+ return conf.sasi_indexes_enabled;
}
- public static void setEnableSASIIndexes(boolean enableSASIIndexes)
+ public static void setSASIIndexesEnabled(boolean enableSASIIndexes)
{
- conf.enable_sasi_indexes = enableSASIIndexes;
+ conf.sasi_indexes_enabled = enableSASIIndexes;
}
public static boolean isTransientReplicationEnabled()
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org