[jira] [Commented] (CASSANDRA-19556) Guardrail to block DDL/DCL queries

Tue, 30 Apr 2024 02:01:51 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-19556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17842304#comment-17842304
 ] 

Stefan Miklosovic commented on CASSANDRA-19556:
-----------------------------------------------

[~yukei] why don't we do something like this (1)? 

What I do not like about the current patch is that it is spread all over the 
codebase, in each statement etc ... This tends to be error prone because we 
need to always have this in mind if some new statement is introduced (if ever) 
and it is just too verbose to my taste. That will also automatically cover all 
statements and we do not need to do any mental work when it comes to where to 
put it. 

The tests are not working in the patch I did because how the way queries are 
executed in CQL tester is that it will bypass the code path the current 
decision logic is in. You would need to rewrite them, probably to implement the 
tests are in-jvm distributed test instead.

(1) https://github.com/apache/cassandra/pull/3277/files

[~adelapena] [~blerer] thoughts about these approaches?

> Guardrail to block DDL/DCL queries
> ----------------------------------
>
>                 Key: CASSANDRA-19556
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-19556
>             Project: Cassandra
>          Issue Type: New Feature
>          Components: Feature/Guardrails
>            Reporter: Yuqi Yan
>            Assignee: Yuqi Yan
>            Priority: Normal
>             Fix For: 5.x
>
>          Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> Sometimes we want to block DDL/DCL queries to stop new schemas being created 
> or roles created. (e.g. when doing live-upgrade)
> For DDL guardrail current implementation won't block the query if it's no-op 
> (e.g. CREATE TABLE...IF NOT EXISTS, but table already exists, etc. The 
> guardrail check is added in apply() right after all the existence check)
> I don't have preference on either block every DDL query or check whether if 
> it's no-op here. Just we have some users always run CREATE..IF NOT EXISTS.. 
> at startup, which is no-op but will be blocked by this guardrail and failed 
> to start.
>  
> 4.1 PR: [https://github.com/apache/cassandra/pull/3248]
> trunk PR: [https://github.com/apache/cassandra/pull/3275]
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to