Isaac Reath created CASSSIDECAR-331:
---------------------------------------
Summary: NullPointerException When Authentication Is Enabled but
sidecar_internal Schema Is Disabled
Key: CASSSIDECAR-331
URL: https://issues.apache.org/jira/browse/CASSSIDECAR-331
Project: Sidecar for Apache Cassandra
Issue Type: Bug
Reporter: Isaac Reath
When authentication is enabled but the sidecar_internal schema is disabled, a
NullPointerException occurs in Sidecar. This results in a generic 401
Unauthorized response:
{{{"status":"Unauthorized","code":401,"message":"Unexpected error encountered
in handler"}}}
The issue originates in
{{{}SystemAuthDatabaseAccessor#findRoleFromIdentity{}}}, where {{tableSchema}}
is null. The {{SystemAuthDatabaseAccessor.tableSchema}} object initialized
through the {{SidecarInternalKeyspace#registerTableSchema}} function on
startup. Although {{SidecarInternalKeyspace#registerTableSchema}} is always
called on startup, it is a no-op if {{is_enabled}} is set to {{{}false{}}}. As
a result, {{tableSchema}} is never initialized, leading to the NPE when we go
to use it for authentication. Diagnosing this requires running Sidecar in a
debugger, as Vert.x does not log the root exception clearly.
Since access_control.enabled implicitly depends on {{{}schema.is_enabled{}}},
this should be validated at startup. If {{access_control}} is enabled but
{{schema}} is not, Sidecar should fail fast with a clear error.
Proposed Fix:
Add startup validation to check for this config mismatch & fail with a clear
error stating that authentication requires sidecar_internal to be enabled.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
