You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@geode.apache.org by "Juan Ramos (Jira)" <ji...@apache.org> on 2019/12/04 17:12:00 UTC

[jira] [Resolved] (GEODE-7497) QueryConfigurationService: Execute CQ Sanity Check Before Changing the MethodInvocationAuthorizer

     [ https://issues.apache.org/jira/browse/GEODE-7497?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Juan Ramos resolved GEODE-7497.
-------------------------------
    Fix Version/s: 1.12.0
       Resolution: Fixed

> QueryConfigurationService: Execute CQ Sanity Check Before Changing the MethodInvocationAuthorizer
> -------------------------------------------------------------------------------------------------
>
>                 Key: GEODE-7497
>                 URL: https://issues.apache.org/jira/browse/GEODE-7497
>             Project: Geode
>          Issue Type: Improvement
>          Components: management, querying
>            Reporter: Juan Ramos
>            Assignee: Juan Ramos
>            Priority: Major
>              Labels: GeodeCommons
>             Fix For: 1.12.0
>
>          Time Spent: 3.5h
>  Remaining Estimate: 0h
>
> The {{QueryConfigurationService}} currently updates the configured {{MethodInvocationAuthorizer}} without executing any validation regarding the currently running {{CQs}} within the member, which could potentially leave already running {{CQs}} in a bad state whenever the queries use methods not allowed by the new authorizer, without the user knowing about it.
> Users trying to modify the currently {{MethodInvocationAuthorizer}} should provide a flag in order to determine wether it's okay for the {{QueryConfigurationService}} to apply the changes:
> * If the flag is {{true}} and there are no running {{CQs}}, change the {{MethodInvocationAuthorizer}}.
> * If the flag is {{false}} and there are no running {{CQs}}, change the {{MethodInvocationAuthorizer}}.
> * If the flag is {{true}} and there are {{CQs}} running, change the {{MethodInvocationAuthorizer}} and invalidate the internal cache used by running {{CQs}}.
> * If the flag is {{false}} and there are {{CQs}} running, throw an {{Exception}} and don't change the {{MethodInvocationAuthorizer}}.
> Add an extra parameter ({{false}} by default) to the {{alter query-service}} command so users can set this flag, and update the documentation to clearly reflect the differences.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)