[
https://issues.apache.org/jira/browse/CASSANDRA-17967?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17634957#comment-17634957
]
Andres de la Peña edited comment on CASSANDRA-17967 at 11/16/22 5:59 PM:
-------------------------------------------------------------------------
I have realized just before committing that [the call to
{{View#getSelectStatement}}|https://github.com/apache/cassandra/blob/a0ade85c4e9cf79e239cd6a18be18015662f6de9/src/java/org/apache/cassandra/db/view/View.java#L181]
is an internal call, as it's specified [on its
javaDoc|https://github.com/apache/cassandra/blob/a0ade85c4e9cf79e239cd6a18be18015662f6de9/src/java/org/apache/cassandra/db/view/View.java#L157-L158].
As such, its {{ClientState}} should be {{{}ClientState.forInternalCalls{}}},
so it's excluded from guardrail checks.
Incidentally it doesn't seem to hit any guardrail on its operation, but we
should nevertheless use the correct {{ClientState}} in case we add other
guardrails that do affect those internal queries in the future.
Patched and running CI again:
||PR||CI||
|[trunk|https://github.com/apache/cassandra/pull/1972]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/2492/workflows/9f3f1516-ed04-4772-8973-55c1ee498cbb]
[j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/2492/workflows/9cc458ef-92f4-4778-a3d5-23ba57d05483]|
was (Author: adelapena):
I have realized just before committing that the call to
{{View#getSelectStatement}} is an internal call, as it's specified on its
javaDoc. As such, its {{ClientState}} should be
{{{}ClientState.forInternalCalls{}}}, so it's excluded from guardrail checks.
Incidentally it doesn't seem to hit any guardrail on its operation, but we
should nevertheless use the correct {{ClientState}} in case we add other
guardrails that do affect those internal queries in the future.
Patched and running CI again:
||PR||CI||
|[trunk|https://github.com/apache/cassandra/pull/1972]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/2492/workflows/9f3f1516-ed04-4772-8973-55c1ee498cbb]
[j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/2492/workflows/9cc458ef-92f4-4778-a3d5-23ba57d05483]|
> Guardrail: allow_filtering_custom_error_message
> -----------------------------------------------
>
> Key: CASSANDRA-17967
> URL: https://issues.apache.org/jira/browse/CASSANDRA-17967
> Project: Cassandra
> Issue Type: Improvement
> Components: Feature/Guardrails
> Reporter: Sarma Pydipally
> Assignee: Andres de la Peña
> Priority: Normal
> Time Spent: 1h 50m
> Remaining Estimate: 0h
>
> in Apache Cassandra Release Version 4.1 :
> with "allow_filtering_enabled: false" option under guardrails :
> regular users cannot run queries with allow filtering clause in SELECT
> commands. Users get following error message :
> <stdin>:1:InvalidRequest: Error from server: code=2200 [Invalid query]
> message="Guardrail allow_filtering violated: Querying with ALLOW FILTERING is
> not allowed"
> I propose for a new parameter in conf file : something like :
> allow_filtering_custom_error_message and allow cluster operators to configure
> custom message
> so if someone runs a SELECT command along with "ALLOW FILTERING"
> it should print ERROR : InvalidRequest:code=2202:message="STOP using
> allow_filtering clause"
> so this will allow the operators to stop users from running allow filtering
> as well as give them to configure a custom error message.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
