[jira] [Commented] (CASSANDRA-19556) Guardrail to block DDL/DCL queries

Fri, 03 May 2024 12:17:04 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-19556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17843322#comment-17843322
 ] 

Josh McKenzie commented on CASSANDRA-19556:
-------------------------------------------

Hm. So two paths become immediately clear going from where we are (table only 
DDL guardrail) to a more broadly encompassing set of guardrails.
 * *Path 1:* we have a single DDL guardrail. On or off.
 * {*}Path 2{*}: we have separate guardrails for categories of DDL, so 
Keyspaces, roles, Tables, etc. Can be toggled on or off individually

I don't think I have an opinion either way right now. I can't think of cases in 
which it makes sense to have DDL enabled for some but not other operations 
off-hand, but I also favor flexibility and composability in general. So for me 
it's a wash.

Given this is sort of API-ish, it'd probably be useful to hit the dev ML with a 
[DISCUSS] thread and see what other people think?

 

> Guardrail to block DDL/DCL queries
> ----------------------------------
>
>                 Key: CASSANDRA-19556
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-19556
>             Project: Cassandra
>          Issue Type: New Feature
>          Components: Feature/Guardrails
>            Reporter: Yuqi Yan
>            Assignee: Yuqi Yan
>            Priority: Normal
>             Fix For: 5.x
>
>          Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> Sometimes we want to block DDL/DCL queries to stop new schemas being created 
> or roles created. (e.g. when doing live-upgrade)
> For DDL guardrail current implementation won't block the query if it's no-op 
> (e.g. CREATE TABLE...IF NOT EXISTS, but table already exists, etc. The 
> guardrail check is added in apply() right after all the existence check)
> I don't have preference on either block every DDL query or check whether if 
> it's no-op here. Just we have some users always run CREATE..IF NOT EXISTS.. 
> at startup, which is no-op but will be blocked by this guardrail and failed 
> to start.
>  
> 4.1 PR: [https://github.com/apache/cassandra/pull/3248]
> trunk PR: [https://github.com/apache/cassandra/pull/3275]
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to