[
https://issues.apache.org/jira/browse/CASSANDRA-19556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17845934#comment-17845934
]
Stefan Miklosovic edited comment on CASSANDRA-19556 at 5/13/24 1:57 PM:
------------------------------------------------------------------------
So deprecation of alter_table_enabled is probably out of window because it was
never released in a GA so deprecating something on the very first introduction
does not make sense to me either. It would be just better if we removed
alter_table_enabled altogether in that case so we can just put ddl_enabled to
5.1.
Plus we are not going to deprecate it in 5.0.x either.
Individual guardrail per group, as explained on the mailing list, is IMHO
overkill. All the explanation is there.
Having two rules at the same time leads to kind of inconsistency / unexpected
behavior. If we have ddl_enabled, it will, functionally, shadow
alter_table_enabled. If the former is disabled but the latter is enabled, we
can not alter tables which I find rather confusing for a user. I think there is
no such case yet which would behave similarly.
I really think that the silver bullet _does_ exist and that is just removing
alter_table_enabled while it is not late and introducing ddl_enabled in 5.0 GA.
was (Author: smiklosovic):
So deprecation of alter_table_enabled is probably out of window because it was
never released in a GA so deprecating something on the very first introduction
does not make sense to me either. It would be just better if we removed
alter_table_enabled altogether in that case so we can just put ddl_enabled to
5.1.
Plus we are not going to deprecate it in 5.0.x either.
Individual guardrail per group, as explained on the mailing list, is IMHO
overkill. All the explanation is there.
I really think that the silver bullet _does_ exist and that is just removing
alter_table_enabled while it is not late and introducing ddl_enabled in 5.0 GA.
> Add guardrail to block DDL/DCL queries and replace alter_table_enabled
> guardrail
> --------------------------------------------------------------------------------
>
> Key: CASSANDRA-19556
> URL: https://issues.apache.org/jira/browse/CASSANDRA-19556
> Project: Cassandra
> Issue Type: New Feature
> Components: Feature/Guardrails
> Reporter: Yuqi Yan
> Assignee: Yuqi Yan
> Priority: Normal
> Fix For: 5.0-rc, 5.x
>
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> Sometimes we want to block DDL/DCL queries to stop new schemas being created
> or roles created. (e.g. when doing live-upgrade)
> For DDL guardrail current implementation won't block the query if it's no-op
> (e.g. CREATE TABLE...IF NOT EXISTS, but table already exists, etc. The
> guardrail check is added in apply() right after all the existence check)
> I don't have preference on either block every DDL query or check whether if
> it's no-op here. Just we have some users always run CREATE..IF NOT EXISTS..
> at startup, which is no-op but will be blocked by this guardrail and failed
> to start.
>
> 4.1 PR: [https://github.com/apache/cassandra/pull/3248]
> trunk PR: [https://github.com/apache/cassandra/pull/3275]
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
