You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by sa...@apache.org on 2019/07/11 16:15:50 UTC

[cassandra-dtest] branch master updated: Clear roles cache when revoking login privilege (CASSANDRA-15089)

This is an automated email from the ASF dual-hosted git repository.

samt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cassandra-dtest.git


The following commit(s) were added to refs/heads/master by this push:
     new c4334b9  Clear roles cache when revoking login privilege (CASSANDRA-15089)
c4334b9 is described below

commit c4334b996ee8d0129e1d22fefa1c95d37e36e8bc
Author: Sam Tunnicliffe <sa...@beobal.com>
AuthorDate: Wed Apr 17 12:46:37 2019 +0100

    Clear roles cache when revoking login privilege (CASSANDRA-15089)
---
 auth_test.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/auth_test.py b/auth_test.py
index 93e6d9b..3c3bd26 100644
--- a/auth_test.py
+++ b/auth_test.py
@@ -3076,6 +3076,11 @@ class TestNetworkAuth(Tester):
     def assertWontConnectTo(self, username, node):
         self.assertUnauthorized(lambda: self.exclusive_cql_connection(node, user=username, password='password'))
 
+    def clear_roles_cache(self, node):
+        mbean = make_mbean('auth', type='RolesCache')
+        with JolokiaAgent(node) as jmx:
+            jmx.execute_method(mbean, 'invalidate')
+
     def clear_network_auth_cache(self, node):
         mbean = make_mbean('auth', type='NetworkAuthCache')
         with JolokiaAgent(node) as jmx:
@@ -3131,6 +3136,7 @@ class TestNetworkAuth(Tester):
         If the login flag is set to false for a user with a current connection,
         all their requests should fail once the cache is cleared. Here because it has
         more in common with these tests that the other auth tests
+        the roles cache is also cleared to invalidate the cached LOGIN privilege
         """
         username = self.username()
         superuser = self.patient_exclusive_cql_connection(self.dc1_node, user='cassandra', password='cassandra')
@@ -3141,6 +3147,7 @@ class TestNetworkAuth(Tester):
         # connect to the dc2 node, then remove permission for it
         session = self.exclusive_cql_connection(self.dc2_node, user=username, password='password')
         superuser.execute("ALTER ROLE %s WITH LOGIN=false" % username)
+        self.clear_roles_cache(self.dc2_node)
         self.clear_network_auth_cache(self.dc2_node)
         self.assertUnauthorized(lambda: session.execute("SELECT * FROM ks.tbl"))
 


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org