You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Frank Yang (Created) (JIRA)" <ji...@apache.org> on 2011/10/05 20:10:29 UTC
[jira] [Created] (CASSANDRA-3319) IAuthority implementation to
allow all keyspace access based on r/w on keyspace only
IAuthority implementation to allow all keyspace access based on r/w on keyspace only
------------------------------------------------------------------------------------
Key: CASSANDRA-3319
URL: https://issues.apache.org/jira/browse/CASSANDRA-3319
Project: Cassandra
Issue Type: New Feature
Components: Contrib
Affects Versions: 0.8.7
Reporter: Frank Yang
SimpleAuthority checks CF access based on specific instructions for that CF in the access.properties file.
This is not usable. eg, every time a developer adds a CF, the admin needs to modify the access.properties file, on all the nodes.
A different, friendlier implementation should grant CF access based on keyspace permissions.
Keyspace1.<rw> ==> modify keyspace1 AND any CF inside of it.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CASSANDRA-3319) IAuthority implementation to
allow all keyspace access based on r/w on keyspace only
Posted by "Frank Yang (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CASSANDRA-3319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13121324#comment-13121324 ]
Frank Yang commented on CASSANDRA-3319:
---------------------------------------
jonathan, but how are we suppose to control access in production without an usable implementation?
> IAuthority implementation to allow all keyspace access based on r/w on keyspace only
> ------------------------------------------------------------------------------------
>
> Key: CASSANDRA-3319
> URL: https://issues.apache.org/jira/browse/CASSANDRA-3319
> Project: Cassandra
> Issue Type: New Feature
> Components: Contrib
> Affects Versions: 0.8.7
> Reporter: Frank Yang
> Labels: patch
> Attachments: SimpleKeyspaceBasedAuthority.java
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> SimpleAuthority checks CF access based on specific instructions for that CF in the access.properties file.
> This is not usable. eg, every time a developer adds a CF, the admin needs to modify the access.properties file, on all the nodes.
> A different, friendlier implementation should grant CF access based on keyspace permissions.
> Keyspace1.<rw> ==> modify keyspace1 AND any CF inside of it.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CASSANDRA-3319) IAuthority implementation to
allow all keyspace access based on r/w on keyspace only
Posted by "Frank Yang (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CASSANDRA-3319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13121455#comment-13121455 ]
Frank Yang commented on CASSANDRA-3319:
---------------------------------------
so, let me understand it correctly.
I can implement my own hook, and configure the yaml to use it. no problem.
but, during each production upgrade to the next version of cassie, i need to remember to carry my hook with it?
that is certainly doable, but not desirable. If our implementations are added to the standard releases, then, we wouldn't have to worry about, right? the conditions for inclusion should only be that 1. it builds and 2. the naming makes sense. and 3. some documentation is included so that others can also benefit from it. IMO.
> IAuthority implementation to allow all keyspace access based on r/w on keyspace only
> ------------------------------------------------------------------------------------
>
> Key: CASSANDRA-3319
> URL: https://issues.apache.org/jira/browse/CASSANDRA-3319
> Project: Cassandra
> Issue Type: New Feature
> Components: Contrib
> Affects Versions: 0.8.7
> Reporter: Frank Yang
> Labels: patch
> Attachments: SimpleKeyspaceBasedAuthority.java
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> SimpleAuthority checks CF access based on specific instructions for that CF in the access.properties file.
> This is not usable. eg, every time a developer adds a CF, the admin needs to modify the access.properties file, on all the nodes.
> A different, friendlier implementation should grant CF access based on keyspace permissions.
> Keyspace1.<rw> ==> modify keyspace1 AND any CF inside of it.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CASSANDRA-3319) IAuthority implementation to
allow all keyspace access based on r/w on keyspace only
Posted by "Jonathan Ellis (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CASSANDRA-3319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13121331#comment-13121331 ]
Jonathan Ellis commented on CASSANDRA-3319:
-------------------------------------------
You're "supposed" to interface with something like LDAP. SimpleAuthority is not reasonable from either a workflow or a performance perspective.
> IAuthority implementation to allow all keyspace access based on r/w on keyspace only
> ------------------------------------------------------------------------------------
>
> Key: CASSANDRA-3319
> URL: https://issues.apache.org/jira/browse/CASSANDRA-3319
> Project: Cassandra
> Issue Type: New Feature
> Components: Contrib
> Affects Versions: 0.8.7
> Reporter: Frank Yang
> Labels: patch
> Attachments: SimpleKeyspaceBasedAuthority.java
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> SimpleAuthority checks CF access based on specific instructions for that CF in the access.properties file.
> This is not usable. eg, every time a developer adds a CF, the admin needs to modify the access.properties file, on all the nodes.
> A different, friendlier implementation should grant CF access based on keyspace permissions.
> Keyspace1.<rw> ==> modify keyspace1 AND any CF inside of it.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CASSANDRA-3319) IAuthority implementation to
allow all keyspace access based on r/w on keyspace only
Posted by "Jonathan Ellis (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CASSANDRA-3319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13121438#comment-13121438 ]
Jonathan Ellis commented on CASSANDRA-3319:
-------------------------------------------
Correct. Ted added the auth hooks but nobody has implemented a production quality API with it, for LDAP or anything else. It's a "roll your own" API.
> IAuthority implementation to allow all keyspace access based on r/w on keyspace only
> ------------------------------------------------------------------------------------
>
> Key: CASSANDRA-3319
> URL: https://issues.apache.org/jira/browse/CASSANDRA-3319
> Project: Cassandra
> Issue Type: New Feature
> Components: Contrib
> Affects Versions: 0.8.7
> Reporter: Frank Yang
> Labels: patch
> Attachments: SimpleKeyspaceBasedAuthority.java
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> SimpleAuthority checks CF access based on specific instructions for that CF in the access.properties file.
> This is not usable. eg, every time a developer adds a CF, the admin needs to modify the access.properties file, on all the nodes.
> A different, friendlier implementation should grant CF access based on keyspace permissions.
> Keyspace1.<rw> ==> modify keyspace1 AND any CF inside of it.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CASSANDRA-3319) IAuthority implementation to
allow all keyspace access based on r/w on keyspace only
Posted by "Frank Yang (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CASSANDRA-3319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13121337#comment-13121337 ]
Frank Yang commented on CASSANDRA-3319:
---------------------------------------
ok. Let me search on that. Any pointers are appreciated.
> IAuthority implementation to allow all keyspace access based on r/w on keyspace only
> ------------------------------------------------------------------------------------
>
> Key: CASSANDRA-3319
> URL: https://issues.apache.org/jira/browse/CASSANDRA-3319
> Project: Cassandra
> Issue Type: New Feature
> Components: Contrib
> Affects Versions: 0.8.7
> Reporter: Frank Yang
> Labels: patch
> Attachments: SimpleKeyspaceBasedAuthority.java
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> SimpleAuthority checks CF access based on specific instructions for that CF in the access.properties file.
> This is not usable. eg, every time a developer adds a CF, the admin needs to modify the access.properties file, on all the nodes.
> A different, friendlier implementation should grant CF access based on keyspace permissions.
> Keyspace1.<rw> ==> modify keyspace1 AND any CF inside of it.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CASSANDRA-3319) IAuthority implementation to
allow all keyspace access based on r/w on keyspace only
Posted by "Jonathan Ellis (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CASSANDRA-3319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13122329#comment-13122329 ]
Jonathan Ellis commented on CASSANDRA-3319:
-------------------------------------------
You're right, it should be in a non-system keyspace.
> IAuthority implementation to allow all keyspace access based on r/w on keyspace only
> ------------------------------------------------------------------------------------
>
> Key: CASSANDRA-3319
> URL: https://issues.apache.org/jira/browse/CASSANDRA-3319
> Project: Cassandra
> Issue Type: New Feature
> Components: Contrib
> Affects Versions: 0.8.7
> Reporter: Frank Yang
> Labels: patch
> Attachments: SimpleKeyspaceBasedAuthority.java
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> SimpleAuthority checks CF access based on specific instructions for that CF in the access.properties file.
> This is not usable. eg, every time a developer adds a CF, the admin needs to modify the access.properties file, on all the nodes.
> A different, friendlier implementation should grant CF access based on keyspace permissions.
> Keyspace1.<rw> ==> modify keyspace1 AND any CF inside of it.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CASSANDRA-3319) IAuthority implementation to
allow all keyspace access based on r/w on keyspace only
Posted by "Frank Yang (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CASSANDRA-3319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13121406#comment-13121406 ]
Frank Yang commented on CASSANDRA-3319:
---------------------------------------
i tracked down https://issues.apache.org/jira/browse/CASSANDRA-547, where Ted talked about a stage 2 to implement LDAP, but then the trail seems to be lost.
> IAuthority implementation to allow all keyspace access based on r/w on keyspace only
> ------------------------------------------------------------------------------------
>
> Key: CASSANDRA-3319
> URL: https://issues.apache.org/jira/browse/CASSANDRA-3319
> Project: Cassandra
> Issue Type: New Feature
> Components: Contrib
> Affects Versions: 0.8.7
> Reporter: Frank Yang
> Labels: patch
> Attachments: SimpleKeyspaceBasedAuthority.java
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> SimpleAuthority checks CF access based on specific instructions for that CF in the access.properties file.
> This is not usable. eg, every time a developer adds a CF, the admin needs to modify the access.properties file, on all the nodes.
> A different, friendlier implementation should grant CF access based on keyspace permissions.
> Keyspace1.<rw> ==> modify keyspace1 AND any CF inside of it.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CASSANDRA-3319) IAuthority implementation to
allow all keyspace access based on r/w on keyspace only
Posted by "Frank Yang (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CASSANDRA-3319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13121474#comment-13121474 ]
Frank Yang commented on CASSANDRA-3319:
---------------------------------------
ok, 2 part reply.
1. as a "customer", i feel unsatisfied. but i will have to deal, i guess. i can put my implementation in a separate jar file and that does ease the pain somewhat.
2. as for implement what you suggested, i can file a ticket as soon as i find time to do it.
> IAuthority implementation to allow all keyspace access based on r/w on keyspace only
> ------------------------------------------------------------------------------------
>
> Key: CASSANDRA-3319
> URL: https://issues.apache.org/jira/browse/CASSANDRA-3319
> Project: Cassandra
> Issue Type: New Feature
> Components: Contrib
> Affects Versions: 0.8.7
> Reporter: Frank Yang
> Labels: patch
> Attachments: SimpleKeyspaceBasedAuthority.java
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> SimpleAuthority checks CF access based on specific instructions for that CF in the access.properties file.
> This is not usable. eg, every time a developer adds a CF, the admin needs to modify the access.properties file, on all the nodes.
> A different, friendlier implementation should grant CF access based on keyspace permissions.
> Keyspace1.<rw> ==> modify keyspace1 AND any CF inside of it.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CASSANDRA-3319) IAuthority implementation to
allow all keyspace access based on r/w on keyspace only
Posted by "Jonathan Ellis (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CASSANDRA-3319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13121466#comment-13121466 ]
Jonathan Ellis commented on CASSANDRA-3319:
-------------------------------------------
If you come up with something that is generally useful, we're happy to add that to the tree. Nobody has done this yet. To be honest I don't think many people besides Ted actually use auth/auth.
Storing things in flat files doesn't qualify as "generally useful," though. Probably the simplest thing that would, would be an implementation that stores information in Cassandra's system keyspace.
> IAuthority implementation to allow all keyspace access based on r/w on keyspace only
> ------------------------------------------------------------------------------------
>
> Key: CASSANDRA-3319
> URL: https://issues.apache.org/jira/browse/CASSANDRA-3319
> Project: Cassandra
> Issue Type: New Feature
> Components: Contrib
> Affects Versions: 0.8.7
> Reporter: Frank Yang
> Labels: patch
> Attachments: SimpleKeyspaceBasedAuthority.java
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> SimpleAuthority checks CF access based on specific instructions for that CF in the access.properties file.
> This is not usable. eg, every time a developer adds a CF, the admin needs to modify the access.properties file, on all the nodes.
> A different, friendlier implementation should grant CF access based on keyspace permissions.
> Keyspace1.<rw> ==> modify keyspace1 AND any CF inside of it.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (CASSANDRA-3319) IAuthority implementation to
allow all keyspace access based on r/w on keyspace only
Posted by "Jonathan Ellis (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CASSANDRA-3319?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Ellis resolved CASSANDRA-3319.
---------------------------------------
Resolution: Won't Fix
SimpleAuthority is an example, not a production tool.
> IAuthority implementation to allow all keyspace access based on r/w on keyspace only
> ------------------------------------------------------------------------------------
>
> Key: CASSANDRA-3319
> URL: https://issues.apache.org/jira/browse/CASSANDRA-3319
> Project: Cassandra
> Issue Type: New Feature
> Components: Contrib
> Affects Versions: 0.8.7
> Reporter: Frank Yang
> Labels: patch
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> SimpleAuthority checks CF access based on specific instructions for that CF in the access.properties file.
> This is not usable. eg, every time a developer adds a CF, the admin needs to modify the access.properties file, on all the nodes.
> A different, friendlier implementation should grant CF access based on keyspace permissions.
> Keyspace1.<rw> ==> modify keyspace1 AND any CF inside of it.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (CASSANDRA-3319) IAuthority implementation to
allow all keyspace access based on r/w on keyspace only
Posted by "Frank Yang (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CASSANDRA-3319?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Frank Yang updated CASSANDRA-3319:
----------------------------------
Attachment: SimpleKeyspaceBasedAuthority.java
patch added.
> IAuthority implementation to allow all keyspace access based on r/w on keyspace only
> ------------------------------------------------------------------------------------
>
> Key: CASSANDRA-3319
> URL: https://issues.apache.org/jira/browse/CASSANDRA-3319
> Project: Cassandra
> Issue Type: New Feature
> Components: Contrib
> Affects Versions: 0.8.7
> Reporter: Frank Yang
> Labels: patch
> Attachments: SimpleKeyspaceBasedAuthority.java
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> SimpleAuthority checks CF access based on specific instructions for that CF in the access.properties file.
> This is not usable. eg, every time a developer adds a CF, the admin needs to modify the access.properties file, on all the nodes.
> A different, friendlier implementation should grant CF access based on keyspace permissions.
> Keyspace1.<rw> ==> modify keyspace1 AND any CF inside of it.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CASSANDRA-3319) IAuthority implementation to
allow all keyspace access based on r/w on keyspace only
Posted by "Frank Yang (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CASSANDRA-3319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13122323#comment-13122323 ]
Frank Yang commented on CASSANDRA-3319:
---------------------------------------
i took a look at the system keyspace. in cassandra 0.8.5, (that's the source i have, assuming that part hasn't changed too much?), it is created with replication factor 1.
It seems unfeasible, then, to store the authorization information there. this info needs to be replicated to ALL the nodes in the cluster, right?
> IAuthority implementation to allow all keyspace access based on r/w on keyspace only
> ------------------------------------------------------------------------------------
>
> Key: CASSANDRA-3319
> URL: https://issues.apache.org/jira/browse/CASSANDRA-3319
> Project: Cassandra
> Issue Type: New Feature
> Components: Contrib
> Affects Versions: 0.8.7
> Reporter: Frank Yang
> Labels: patch
> Attachments: SimpleKeyspaceBasedAuthority.java
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> SimpleAuthority checks CF access based on specific instructions for that CF in the access.properties file.
> This is not usable. eg, every time a developer adds a CF, the admin needs to modify the access.properties file, on all the nodes.
> A different, friendlier implementation should grant CF access based on keyspace permissions.
> Keyspace1.<rw> ==> modify keyspace1 AND any CF inside of it.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira