[
https://issues.apache.org/jira/browse/CASSANDRA-16456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17520483#comment-17520483
]
Stefan Miklosovic edited comment on CASSANDRA-16456 at 4/11/22 10:39 AM:
-------------------------------------------------------------------------
Hi [~bhouser], I put more comments into PR. It would be nice if you find some
time to take care of them, thanks in advance.
Few observations, though. If we are using auth provider in cqlshrc like this:
{code:java}
[auth_provider]
module = cassandra.auth
classname = PlainTextAuthProvider
[auth_provider_config]
username = cassandra
password = cassandra
{code}
and if you also have ~/.cassandra/credentials like this:
{code:java}
cat ~/.cassandra/credentials
[plain_text_auth]
username = cassandra
password = cassandra
{code}
that credentials file will take precedence over what is in cqlshrc, which makes
sense, but, specifically for PlainTextAuthProvider, if you go with that
solution and you leave username and password from your config, like this:
{code:java}
$ cat ~/.cassandra/cqlshrc
[auth_provider]
module = cassandra.auth
classname = PlainTextAuthProvider
{code}
It will error out like this:
{code:java}
./bin/cqlsh
Traceback (most recent call last):
File
"/home/smiklosovic/dev/cassandra/cassandra-instaclustr/cassandra/bin/cqlsh.py",
line 2386, in <module>
main(*read_options(sys.argv[1:], os.environ))
File
"/home/smiklosovic/dev/cassandra/cassandra-instaclustr/cassandra/bin/cqlsh.py",
line 2355, in main
auth_provider=authproviderhandling.load_custom_auth_provider(CONFIG_FILE))
File
"/home/smiklosovic/dev/cassandra/cassandra-instaclustr/cassandra/bin/../pylib/cqlshlib/authproviderhandling.py",
line 79, in load_custom_auth_provider
return auth_provider_klass()
TypeError: __init__() missing 2 required positional arguments: 'username' and
'password'
{code}
I would expect that it will take the username and password from cli, then from
~/.cassandra/credentials then from cqlshrc's username and password (up to now
it is done like that) and finally from config properties of auth provider and
error out only in case none of these are set. I think the solution is to pass
username and password to the method resolving the custom auth and add them into
class arguments manually of they are not None.
The second observation is, and maybe this is a little bit radical bu hear me
out here: do we need auth_provider_config? Why it can not be the part of
auth_config directly? If we know what module and classname is the stuff we need
in order to instantiate it, can not we treat all other parameters as config
values for that provider already?
I am looking for something simple for the end user. It is easier for him to put
everything into auth_provider that to split it into multiple sections. These
two sections are inherently related to each other.
was (Author: smiklosovic):
Hi [~bhouser], I put more comments into PR. It would be nice if you find some
time to take care of them, thanks in advance.
Few observations, though. If we are using auth provider in cqlshrc like this:
{code}
[auth_provider]
module = cassandra.auth
classname = PlainTextAuthProvider
[auth_provider_config]
username = cassandra
password = cassandra
{code}
and if you also have ~/.cassandra/credentials like this:
{code}
cat ~/.cassandra/credentials
[plain_text_auth]
username = cassandra
password = cassandra
{code}
that credentials file will take predence over what is in cqlshrc, which makes
sense, but, specifically for PlainTextAuthProvider, if you go with that
solution and you leave username and password from your config, like this:
{code} $ cat ~/.cassandra/cqlshrc
[auth_provider]
module = cassandra.auth
classname = PlainTextAuthProvider
{code}
It will error out like this:
{code}
./bin/cqlsh
Traceback (most recent call last):
File
"/home/smiklosovic/dev/cassandra/cassandra-instaclustr/cassandra/bin/cqlsh.py",
line 2386, in <module>
main(*read_options(sys.argv[1:], os.environ))
File
"/home/smiklosovic/dev/cassandra/cassandra-instaclustr/cassandra/bin/cqlsh.py",
line 2355, in main
auth_provider=authproviderhandling.load_custom_auth_provider(CONFIG_FILE))
File
"/home/smiklosovic/dev/cassandra/cassandra-instaclustr/cassandra/bin/../pylib/cqlshlib/authproviderhandling.py",
line 79, in load_custom_auth_provider
return auth_provider_klass()
TypeError: __init__() missing 2 required positional arguments: 'username' and
'password'
{code}
I would expect that it will take the username and password from cli, then from
~/.cassandra/credentials then from cqlshrc's username and password (up to now
it is done like that) and finally from config properties of auth provider and
error out only in case none of these are set. I think the solution is to pass
username and password to the method resolving the custom auth and add them into
class arguments manually of they are not None.
The second observation is, and maybe this is a little bit radical bu hear me
out here: do we need auth_provider_config? Why it can not be the part of
auth_config directly? If we know what module and classname is the stuff we need
in order to instantiate it, can not we treat all other parameters as config
values for that provider already?
I am looking for something simple for the end user. It is easier for him to put
everything into auth_provider that to split it into multiple sections. These
two sections are inherently related to each other.
> Add Plugin Support for CQLSH
> ----------------------------
>
> Key: CASSANDRA-16456
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16456
> Project: Cassandra
> Issue Type: New Feature
> Components: Tool/cqlsh
> Reporter: Brian Houser
> Assignee: Brian Houser
> Priority: Normal
> Labels: gsoc2021, mentor
> Time Spent: 2h
> Remaining Estimate: 0h
>
> Currently the Cassandra drivers offer a plugin authenticator architecture for
> the support of different authentication methods. This has been leveraged to
> provide support for LDAP, Kerberos, and Sigv4 authentication. Unfortunately,
> cqlsh, the included CLI tool, does not offer such support. Switching to a new
> enhanced authentication scheme thus means being cut off from using cqlsh in
> normal operation.
> We should have a means of using the same plugins and authentication providers
> as the Python Cassandra driver.
> Here's a link to an initial draft of
> [CEP|https://docs.google.com/document/d/1_G-OZCAEmDyuQuAN2wQUYUtZBEJpMkHWnkYELLhqvKc/edit?usp=sharing].
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
