[
https://issues.apache.org/jira/browse/CASSANDRA-13041?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15854216#comment-15854216
]
Sam Tunnicliffe commented on CASSANDRA-13041:
---------------------------------------------
Neither DropTest, nor the snippet pasted above actually emulate the behaviour
of a real client as they call the statement's execute method directly. The
restriction on dropping the keyspace, along with most other modifications to
system tables, is enforced by
{{ClientState::preventSystemKSSchemaModification}} which CQLTester tends to
bypass by calling {{QueryProcessor::executeInternal}}. So a piece of internal
code could perform modifications to the system tables (including system_auth),
but a real client could not. CQLTester does have methods which exercise the
client code path though, so we can fix the tests to use those.
Regarding the replication config, I don't see any harm in adding this
constraint. Just to note though, it is possible to have authn/authz disabled
for a particular DC, in which case having no replicas in that DC wouldn't cause
a problem for connecting clients. I would imagine this is a pretty rare
use-case though, and even in this case, it's generally such a tiny dataset that
having it replicated even where it isn't strictly needed doesn't seem like much
of a problem.
If you're OK with this, I'd like to remove the changes to
DropKeyspaceStatement, fix DropTest to use the same path as an actual client
and add an entry in NEWS.txt. I've pushed a rebased branch with those changes
and kicked off CI runs, if you wouldn't mind taking a look.
||branch||testall||dtest||
|[13041-trunk|https://github.com/beobal/cassandra/tree/13041-trunk]|[testall|http://cassci.datastax.com/view/Dev/view/beobal/job/beobal-13041-trunk-testall]|[dtest|http://cassci.datastax.com/view/Dev/view/beobal/job/beobal-13041-trunk-dtest]|
> Do not allow removal of a DC from system_auth replication settings if the DC
> has active Cassandra instances
> -----------------------------------------------------------------------------------------------------------
>
> Key: CASSANDRA-13041
> URL: https://issues.apache.org/jira/browse/CASSANDRA-13041
> Project: Cassandra
> Issue Type: Improvement
> Components: Distributed Metadata
> Reporter: Nachiket Patil
> Assignee: Nachiket Patil
> Priority: Minor
> Fix For: 4.x
>
> Attachments: trunk.diff
>
>
> I don’t believe it is ever correct to remove a DC from the system_auth
> replication settings while there are nodes up in that DC. Cassandra should
> not allow this change if there are hosts which are currently members of the
> cluster in that DC, as any request which is routed to these hosts will meet
> an unavailable. Also dropping the keyspace system_auth should not be allowed.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
