You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Benjamin Lerer (Jira)" <ji...@apache.org> on 2021/07/14 11:35:00 UTC
[jira] [Comment Edited] (CASSANDRA-16404) Provide a nodetool way of
invalidating auth caches
[ https://issues.apache.org/jira/browse/CASSANDRA-16404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17380512#comment-17380512 ]
Benjamin Lerer edited comment on CASSANDRA-16404 at 7/14/21, 11:34 AM:
-----------------------------------------------------------------------
I agree that we would like to move away from JMX and Nodetool. Nevertheless, we never had some clear discussion around it and I imagine that they will still be there for several releases and I wonder if having an hybride between the 2 approach is necessarily a good thing.
I also want to raise the fact that so far the Virtual Tables that we expose do not support updates. The mechanism is there but has not really been used (TRUNCATE is not supported at at). Now, I really love your suggestion [~samt].
Will it not make sense to support both approach until Virtual Tables provide the same level of functionalities that JMX and NodeTool or an extended version?
If yes, my suggestion would be to split the task in 2 (or more if some extra changes are needed in the Virtual Table framework). Finish the current patch and open a new ticket to provide the same functionality through some Virtual Tables.
[~samt] What is your opinion?
was (Author: blerer):
I agree that we would like to move away from JMX and Nodetool. Nevertheless, We never had some clear discussion around it and I imagine that they will still be there for several releases and I am wonder if having an hybride between the 2 approach is necessarily a good approach.
I also want to raise the fact that so far the Virtual Tables that we expose do not support updates. The mechanism is there but has not really been used (TRUNCATE is not supported at at). Now, I really love your suggestion [~samt].
Will it not make sense to support both approach until Virtual Tables provide the same level of functionalities that JMX and NodeTool or an extended version?
If yes, my suggestion would be to split the task in 2 (or more if some extra changes are needed in the Virtual Table framework). Finish the current patch and open a new ticket to provide the same functionality through some Virtual Tables.
[~samt] What is your opinion?
> Provide a nodetool way of invalidating auth caches
> --------------------------------------------------
>
> Key: CASSANDRA-16404
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16404
> Project: Cassandra
> Issue Type: Improvement
> Components: Feature/Authorization
> Reporter: Sumanth Pasupuleti
> Assignee: Aleksei Zotov
> Priority: Normal
> Fix For: 4.x
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> We currently have nodetool commands to invalidate certain caches like KeyCache, RowCache and CounterCache.
> Being able to invalidate auth caches as well can come in handy in situations where, critical backend auth changes may need to be in effect right away for all the connections, especially in configurations where cache validity is chosen to be for a longer duration. An example can be that an authenticated user "User1" is no longer authorized to access a table resource "table1" and it is vital that this change is reflected right away, without having to wait for cache expiry/refresh to trigger.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org