This is an automated email from the ASF dual-hosted git repository.
edimitrova pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra.git
commit 4f112af6156b0ed35eb85124eaa525e5e0b9a059
Merge: e0954fa 4bb6f41
Author: Ekaterina Dimitrova <ekaterina.dimitr...@datastax.com>
AuthorDate: Wed Nov 10 16:41:03 2021 -0500
Merge branch 'cassandra-4.0' into trunk
CHANGES.txt | 1 +
conf/cassandra.yaml | 28 ++++++++++++++--------------
2 files changed, 15 insertions(+), 14 deletions(-)
diff --cc CHANGES.txt
index d11c3af,3994ede..be50bde
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -1,62 -1,5 +1,63 @@@
-4.0.2
+4.1
+ * Introduce separate rate limiting settings for entire SSTable streaming
(CASSANDRA-17065)
+ * Implement Virtual Tables for Auth Caches (CASSANDRA-16914)
+ * Actively update auth cache in the background (CASSANDRA-16957)
+ * Add unix time conversion functions (CASSANDRA-17029)
+ * JVMStabilityInspector.forceHeapSpaceOomMaybe should handle all non-heap
OOMs rather than only supporting direct only (CASSANDRA-17128)
+ * Forbid other Future implementations with checkstyle (CASSANDRA-17055)
+ * commit log was switched from non-daemon to daemon threads, which causes
the JVM to exit in some case as no non-daemon threads are active
(CASSANDRA-17085)
+ * Add a Denylist to block reads and writes on specific partition keys
(CASSANDRA-12106)
+ * v4+ protocol did not clean up client warnings, which caused leaking the
state (CASSANDRA-17054)
+ * Remove duplicate toCQLString in ReadCommand (CASSANDRA-17023)
+ * Ensure hint window is persistent across restarts of a node
(CASSANDRA-14309)
+ * Allow to GRANT or REVOKE multiple permissions in a single statement
(CASSANDRA-17030)
+ * Allow to grant permission for all tables in a keyspace (CASSANDRA-17027)
+ * Log time spent writing keys during compaction (CASSANDRA-17037)
+ * Make nodetool compactionstats and sstable_tasks consistent
(CASSANDRA-16976)
+ * Add metrics and logging around index summary redistribution
(CASSANDRA-17036)
+ * Add configuration options for minimum allowable replication factor and
default replication factor (CASSANDRA-14557)
+ * Expose information about stored hints via a nodetool command and a virtual
table (CASSANDRA-14795)
+ * Add broadcast_rpc_address to system.local (CASSANDRA-11181)
+ * Add support for type casting in WHERE clause components and in the values
of INSERT/UPDATE statements (CASSANDRA-14337)
+ * add credentials file support to CQLSH (CASSANDRA-16983)
+ * Skip remaining bytes in the Envelope buffer when a ProtocolException is
thrown to avoid double decoding (CASSANDRA-17026)
+ * Allow reverse iteration of resources during permissions checking
(CASSANDRA-17016)
+ * Add feature to verify correct ownership of attached locations on disk at
startup (CASSANDRA-16879)
+ * Make SSLContext creation pluggable/extensible (CASSANDRA-16666)
+ * Add soft/hard limits to local reads to protect against reading too much
data in a single query (CASSANDRA-16896)
+ * Avoid token cache invalidation for removing a non-member node
(CASSANDRA-15290)
+ * Allow configuration of consistency levels on auth operations
(CASSANDRA-12988)
+ * Add number of sstables in a compaction to compactionstats output
(CASSANDRA-16844)
+ * Upgrade Caffeine to 2.9.2 (CASSANDRA-15153)
+ * Allow DELETE and TRUNCATE to work on Virtual Tables if the implementation
allows it (CASSANDRA-16806)
+ * Include SASI components to snapshots (CASSANDRA-15134)
+ * Fix missed wait latencies in the output of `nodetool tpstats -F`
(CASSANDRA-16938)
+ * Reduce native transport max frame size to 16MB (CASSANDRA-16886)
+ * Add support for filtering using IN restrictions (CASSANDRA-14344)
+ * Provide a nodetool command to invalidate auth caches (CASSANDRA-16404)
+ * Catch read repair timeout exceptions and add metric (CASSANDRA-16880)
+ * Exclude Jackson 1.x transitive dependency of hadoop* provided dependencies
(CASSANDRA-16854)
+ * Add client warnings and abort to tombstone and coordinator reads which go
past a low/high watermark (CASSANDRA-16850)
+ * Add TTL support to nodetool snapshots (CASSANDRA-16789)
+ * Allow CommitLogSegmentReader to optionally skip sync marker CRC checks
(CASSANDRA-16842)
+ * allow blocking IPs from updating metrics about traffic (CASSANDRA-16859)
+ * Request-Based Native Transport Rate-Limiting (CASSANDRA-16663)
+ * Implement nodetool getauditlog command (CASSANDRA-16725)
+ * Clean up repair code (CASSANDRA-13720)
+ * Background schedule to clean up orphaned hints files (CASSANDRA-16815)
+ * Modify SecondaryIndexManager#indexPartition() to retrieve only columns for
which indexes are actually being built (CASSANDRA-16776)
+ * Batch the token metadata update to improve the speed (CASSANDRA-15291)
+ * Reduce the log level on "expected" repair exceptions (CASSANDRA-16775)
+ * Make JMXTimer expose attributes using consistent time unit
(CASSANDRA-16760)
+ * Remove check on gossip status from DynamicEndpointSnitch::updateScores
(CASSANDRA-11671)
+ * Fix AbstractReadQuery::toCQLString not returning valid CQL
(CASSANDRA-16510)
+ * Log when compacting many tombstones (CASSANDRA-16780)
+ * Display bytes per level in tablestats for LCS tables (CASSANDRA-16799)
+ * Add isolated flush timer to CommitLogMetrics and ensure writes correspond
to single WaitingOnCommit data points (CASSANDRA-16701)
+ * Add a system property to set hostId if not yet initialized
(CASSANDRA-14582)
+ * GossiperTest.testHasVersion3Nodes didn't take into account trunk version
changes, fixed to rely on latest version (CASSANDRA-16651)
+Merged from 4.0:
+ * Fix cassandra.yaml formatting of parameters (CASSANDRA-17131)
* Add backward compatibility for CQLSSTableWriter Date fields
(CASSANDRA-17117)
* Push initial client connection messages to trace (CASSANDRA-17038)
* Correct the internode message timestamp if sending node has wrapped
(CASSANDRA-16997)
diff --cc conf/cassandra.yaml
index c47f223,f8f898b..3e0a1a6
--- a/conf/cassandra.yaml
+++ b/conf/cassandra.yaml
@@@ -157,13 -139,6 +157,13 @@@ role_manager: CassandraRoleManage
# increase system_auth keyspace replication factor if you use this
authorizer.
network_authorizer: AllowAllNetworkAuthorizer
+# Depending on the auth strategy of the cluster, it can be beneficial to
iterate
+# from root to table (root -> ks -> table) instead of table to root (table ->
ks -> root).
+# As the auth entries are whitelisting, once a permission is found you know
it to be
+# valid. We default to false as the legacy behavior is to query at the table
level then
+# move back up to the root. See CASSANDRA-17016 for details.
- # traverse_auth_from_root = false
++# traverse_auth_from_root: false
+
# Validity period for roles cache (fetching granted roles can be an expensive
# operation depending on the role manager, CassandraRoleManager is one
example)
# Granted roles are cached for authenticated sessions in AuthenticatedUser and
@@@ -1072,36 -1001,6 +1072,36 @@@ slow_query_log_timeout_in_ms: 50
# bound (for example a few nodes with big files).
# streaming_connections_per_host: 1
+# Allows denying configurable access (rw/rr) to operations on configured ks,
table, and partitions, intended for use by
+# operators to manage cluster health vs application access. See
CASSANDRA-12106 and CEP-13 for more details.
- # enable_partition_denylist = false;
++# enable_partition_denylist: false
+
- # enable_denylist_writes = true;
- # enable_denylist_reads = true;
- # enable_denylist_range_reads = true;
++# enable_denylist_writes: true
++# enable_denylist_reads: true
++# enable_denylist_range_reads: true
+
+# The interval at which keys in the cache for denylisting will "expire" and
async refresh from the backing DB.
+# Note: this serves only as a fail-safe, as the usage pattern is expected to
be "mutate state, refresh cache" on any
+# changes to the underlying denylist entries. See documentation for details.
- # denylist_refresh_seconds = 600;
++# denylist_refresh_seconds: 600
+
+# In the event of errors on attempting to load the denylist cache, retry on
this interval.
- # denylist_initial_load_retry_seconds = 5;
++# denylist_initial_load_retry_seconds: 5
+
+# We cap the number of denylisted keys allowed per table to keep things from
growing unbounded. Nodes will warn above
+# this limit while allowing new denylisted keys to be inserted. Denied keys
are loaded in natural query / clustering
+# ordering by partition key in case of overflow.
- # denylist_max_keys_per_table = 1000;
++# denylist_max_keys_per_table: 1000
+
+# We cap the total number of denylisted keys allowed in the cluster to keep
things from growing unbounded.
+# Nodes will warn on initial cache load that there are too many keys and be
direct the operator to trim down excess
+# entries to within the configured limits.
- # denylist_max_keys_total = 10000;
++# denylist_max_keys_total: 10000
+
+# Since the denylist in many ways serves to protect the health of the cluster
from partitions operators have identified
+# as being in a bad state, we usually want more robustness than just CL.ONE
on operations to/from these tables to
+# ensure that these safeguards are in place. That said, we allow users to
configure this if they're so inclined.
- # denylist_consistency_level = ConsistencyLevel.QUORUM;
++# denylist_consistency_level: QUORUM
# phi value that must be reached for a host to be marked down.
# most users should never need to adjust this.
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
