bbotella commented on code in PR #250:
URL: https://github.com/apache/cassandra-sidecar/pull/250#discussion_r2316749669
##########
server/src/main/java/org/apache/cassandra/sidecar/acl/AuthCache.java:
##########
@@ -119,6 +119,18 @@ public Map<K, V> getAll()
return Collections.unmodifiableMap(cache.asMap());
}
+ /**
+ * Invalidate a key.
+ * @param k key to invalidate
+ */
+ public void invalidate(K k)
Review Comment:
Where is this method being used?
##########
server/src/main/java/org/apache/cassandra/sidecar/acl/authentication/MutualTlsAuthenticationHandlerFactory.java:
##########
@@ -106,4 +107,16 @@ private MutualTlsAuthenticationHandler
createInternal(Vertx vertx,
MutualTlsAuthentication mTLSAuthProvider = new
MutualTlsAuthenticationImpl(vertx, certificateValidator,
certificateIdentityExtractor);
return new MutualTlsAuthenticationHandler(mTLSAuthProvider,
identityToRoleCache);
}
+
+ @Override
+ public void validatePrerequisites(SidecarConfiguration
sidecarConfiguration) throws ConfigurationException
+ {
+ boolean isSidecarSchemaEnabled =
sidecarConfiguration.serviceConfiguration()
+
.schemaKeyspaceConfiguration()
+ .isEnabled();
+ if (!isSidecarSchemaEnabled)
+ {
+ throw new
ConfigurationException("MutualTlsAuthenticationHandlerFactory requires Sidecar
schema to be enabled for role processing");
Review Comment:
What about mentioning explicitly the flag that needs to be enabled on the
config?
##########
server/src/main/java/org/apache/cassandra/sidecar/modules/AuthModule.java:
##########
@@ -180,6 +181,10 @@ AuthorizationProvider
authorizationProvider(SidecarConfiguration sidecarConfigur
}
if
(config.className().equalsIgnoreCase(RoleBasedAuthorizationProvider.class.getName()))
{
+ if
(!sidecarConfiguration.serviceConfiguration().schemaKeyspaceConfiguration().isEnabled())
+ {
+ throw new ConfigurationException(config.className() + "
requires Sidecar schema to be enabled for role permissions used by Sidecar");
Review Comment:
What about mentioning explicitly the flag that needs to be enabled on the
config?
##########
server/src/main/java/org/apache/cassandra/sidecar/acl/authentication/JwtAuthenticationHandlerFactory.java:
##########
@@ -65,4 +66,16 @@ protected JwtParameters parameterParser(Map<String, String>
parameters)
{
return new JwtParameterExtractor(parameters);
}
+
+ @Override
+ public void validatePrerequisites(SidecarConfiguration
sidecarConfiguration) throws ConfigurationException
+ {
+ boolean isSidecarSchemaEnabled =
sidecarConfiguration.serviceConfiguration()
+
.schemaKeyspaceConfiguration()
+ .isEnabled();
+ if (!isSidecarSchemaEnabled)
+ {
+ throw new ConfigurationException("JwtAuthenticationHandlerFactory
requires Sidecar schema to be enabled for role processing");
+ }
Review Comment:
Why not having this implementation in the default implementation of the
interface?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
