[jira] [Commented] (CASSANDRA-10190) Python 3 support for cqlsh
[ https://issues.apache.org/jira/browse/CASSANDRA-10190?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16883359#comment-16883359 ] Patrick Bannister commented on CASSANDRA-10190: --- Rebased my dtest branch on the latest dtest master, no regressions in the cqlsh tests. > Python 3 support for cqlsh > -- > > Key: CASSANDRA-10190 > URL: https://issues.apache.org/jira/browse/CASSANDRA-10190 > Project: Cassandra > Issue Type: Improvement > Components: Legacy/Tools >Reporter: Andrew Pennebaker >Assignee: Patrick Bannister >Priority: Normal > Labels: cqlsh > Attachments: coverage_notes.txt > > > Users who operate in a Python 3 environment may have trouble launching cqlsh. > Could we please update cqlsh's syntax to run in Python 3? > As a workaround, users can setup pyenv, and cd to a directory with a > .python-version containing "2.7". But it would be nice if cqlsh supported > modern Python versions out of the box. -- This message was sent by Atlassian JIRA (v7.6.14#76016) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-15205) Update community page to include Slack details, deprecate IRC
[ https://issues.apache.org/jira/browse/CASSANDRA-15205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16883346#comment-16883346 ] Jeremy Hanna commented on CASSANDRA-15205: -- Ah, you're right - I updated the docs to point to IRC but not the website page. Sorry for missing that. > Update community page to include Slack details, deprecate IRC > - > > Key: CASSANDRA-15205 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15205 > Project: Cassandra > Issue Type: Task > Components: Documentation/Website >Reporter: Nate McCall >Assignee: Nate McCall >Priority: Normal > > Slack transition has been seemless so let's update the community page > (http://cassandra.apache.org/community/) to include the slack rooms and > signup details. We should keep IRC links around for references for now but > call them 'deprecated.' -- This message was sent by Atlassian JIRA (v7.6.14#76016) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-10190) Python 3 support for cqlsh
[ https://issues.apache.org/jira/browse/CASSANDRA-10190?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16883278#comment-16883278 ] Patrick Bannister commented on CASSANDRA-10190: --- I rebased my cassandra branch on the latest trunk, addressed some failures in the dtests, and introduced a new --python option to the `cqlsh` launcher script so that a user may specify the path to a Python interpreter that they would like to use to run cqlsh. > Python 3 support for cqlsh > -- > > Key: CASSANDRA-10190 > URL: https://issues.apache.org/jira/browse/CASSANDRA-10190 > Project: Cassandra > Issue Type: Improvement > Components: Legacy/Tools >Reporter: Andrew Pennebaker >Assignee: Patrick Bannister >Priority: Normal > Labels: cqlsh > Attachments: coverage_notes.txt > > > Users who operate in a Python 3 environment may have trouble launching cqlsh. > Could we please update cqlsh's syntax to run in Python 3? > As a workaround, users can setup pyenv, and cd to a directory with a > .python-version containing "2.7". But it would be nice if cqlsh supported > modern Python versions out of the box. -- This message was sent by Atlassian JIRA (v7.6.14#76016) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-15089) CassandraNetworkAuthorizer::authorize should get role details from Roles, not directly from IRoleManager
[
https://issues.apache.org/jira/browse/CASSANDRA-15089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sam Tunnicliffe updated CASSANDRA-15089:
Source Control Link:
https://github.com/apache/cassandra/commit/149caf01e08f58f306ff51379ab189c7a4b1ca6d
Since Version: 4.0
Status: Resolved (was: Ready to Commit)
Resolution: Fixed
Thanks, committed to trunk in {{149caf01e08f58f306ff51379ab189c7a4b1ca6d}}
> CassandraNetworkAuthorizer::authorize should get role details from Roles, not
> directly from IRoleManager
>
>
> Key: CASSANDRA-15089
> URL: https://issues.apache.org/jira/browse/CASSANDRA-15089
> Project: Cassandra
> Issue Type: Bug
> Components: Feature/Authorization
>Reporter: Sam Tunnicliffe
>Assignee: Sam Tunnicliffe
>Priority: Normal
> Fix For: 4.0
>
>
> If the network permissions cache doesn't contain any entry for a role, the
> authorize method is invoked on the configured INetworkAuthorizer. In the case
> of CassandraNetworkAuthorizer, this immediately checks whether the role in
> question has the LOGIN privilege set. It does this using the configured
> IRoleManager directly, which causes a read from the underlying table in
> system_auth. It should fetch the flag from Roles::canLogin, which uses the
> RolesCache, falling back to the IRoleManager if necessary.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[cassandra-dtest] branch master updated: Clear roles cache when revoking login privilege (CASSANDRA-15089)
This is an automated email from the ASF dual-hosted git repository.
samt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cassandra-dtest.git
The following commit(s) were added to refs/heads/master by this push:
new c4334b9 Clear roles cache when revoking login privilege
(CASSANDRA-15089)
c4334b9 is described below
commit c4334b996ee8d0129e1d22fefa1c95d37e36e8bc
Author: Sam Tunnicliffe
AuthorDate: Wed Apr 17 12:46:37 2019 +0100
Clear roles cache when revoking login privilege (CASSANDRA-15089)
---
auth_test.py | 7 +++
1 file changed, 7 insertions(+)
diff --git a/auth_test.py b/auth_test.py
index 93e6d9b..3c3bd26 100644
--- a/auth_test.py
+++ b/auth_test.py
@@ -3076,6 +3076,11 @@ class TestNetworkAuth(Tester):
def assertWontConnectTo(self, username, node):
self.assertUnauthorized(lambda: self.exclusive_cql_connection(node,
user=username, password='password'))
+def clear_roles_cache(self, node):
+mbean = make_mbean('auth', type='RolesCache')
+with JolokiaAgent(node) as jmx:
+jmx.execute_method(mbean, 'invalidate')
+
def clear_network_auth_cache(self, node):
mbean = make_mbean('auth', type='NetworkAuthCache')
with JolokiaAgent(node) as jmx:
@@ -3131,6 +3136,7 @@ class TestNetworkAuth(Tester):
If the login flag is set to false for a user with a current connection,
all their requests should fail once the cache is cleared. Here because
it has
more in common with these tests that the other auth tests
+the roles cache is also cleared to invalidate the cached LOGIN
privilege
"""
username = self.username()
superuser = self.patient_exclusive_cql_connection(self.dc1_node,
user='cassandra', password='cassandra')
@@ -3141,6 +3147,7 @@ class TestNetworkAuth(Tester):
# connect to the dc2 node, then remove permission for it
session = self.exclusive_cql_connection(self.dc2_node, user=username,
password='password')
superuser.execute("ALTER ROLE %s WITH LOGIN=false" % username)
+self.clear_roles_cache(self.dc2_node)
self.clear_network_auth_cache(self.dc2_node)
self.assertUnauthorized(lambda: session.execute("SELECT * FROM
ks.tbl"))
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[cassandra] branch trunk updated: CassandraNetworkAuthorizer gets login privilege from RolesCache
This is an automated email from the ASF dual-hosted git repository.
samt pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra.git
The following commit(s) were added to refs/heads/trunk by this push:
new 149caf0 CassandraNetworkAuthorizer gets login privilege from
RolesCache
149caf0 is described below
commit 149caf01e08f58f306ff51379ab189c7a4b1ca6d
Author: Sam Tunnicliffe
AuthorDate: Tue Apr 16 16:33:59 2019 +0100
CassandraNetworkAuthorizer gets login privilege from RolesCache
Patch by Sam Tunnicliffe; reviewed by Blake Eggleston for CASSANDRA-15089
---
CHANGES.txt | 2 ++
.../cassandra/auth/CassandraNetworkAuthorizer.java | 2 +-
.../cassandra/auth/CassandraNetworkAuthorizerTest.java | 17 +
3 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/CHANGES.txt b/CHANGES.txt
index 3248cfe..cbdd91f 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,6 @@
4.0
+ * CassandraNetworkAuthorizer uses cached roles info (CASSANDRA-15089)
+ * Introduce optional timeouts for idle client sessions (CASSANDRA-11097)
* Fix AlterTableStatement dropped type validation order (CASSANDRA-15203)
* Update Netty dependencies to latest, clean up SocketFactory
(CASSANDRA-15195)
* Native Transport - Apply noSpamLogger to ConnectionLimitHandler
(CASSANDRA-15167)
diff --git a/src/java/org/apache/cassandra/auth/CassandraNetworkAuthorizer.java
b/src/java/org/apache/cassandra/auth/CassandraNetworkAuthorizer.java
index 34a0140..6fdcd69 100644
--- a/src/java/org/apache/cassandra/auth/CassandraNetworkAuthorizer.java
+++ b/src/java/org/apache/cassandra/auth/CassandraNetworkAuthorizer.java
@@ -78,7 +78,7 @@ public class CassandraNetworkAuthorizer implements
INetworkAuthorizer
public DCPermissions authorize(RoleResource role)
{
-if (!DatabaseDescriptor.getRoleManager().canLogin(role))
+if (!Roles.canLogin(role))
{
return DCPermissions.none();
}
diff --git
a/test/unit/org/apache/cassandra/auth/CassandraNetworkAuthorizerTest.java
b/test/unit/org/apache/cassandra/auth/CassandraNetworkAuthorizerTest.java
index c24a769..2e57173 100644
--- a/test/unit/org/apache/cassandra/auth/CassandraNetworkAuthorizerTest.java
+++ b/test/unit/org/apache/cassandra/auth/CassandraNetworkAuthorizerTest.java
@@ -51,6 +51,7 @@ import org.apache.cassandra.transport.messages.ResultMessage;
import static org.apache.cassandra.auth.AuthKeyspace.NETWORK_PERMISSIONS;
import static
org.apache.cassandra.auth.RoleTestUtils.LocalCassandraRoleManager;
import static org.apache.cassandra.schema.SchemaConstants.AUTH_KEYSPACE_NAME;
+import static org.apache.cassandra.auth.RoleTestUtils.getReadCount;
public class CassandraNetworkAuthorizerTest
{
@@ -105,6 +106,8 @@ public class CassandraNetworkAuthorizerTest
new LocalCassandraAuthorizer(),
new LocalCassandraNetworkAuthorizer());
setupSuperUser();
+// not strictly necessary to init the cache here, but better to be
explicit
+Roles.initRolesCache(DatabaseDescriptor.getRoleManager(), () -> true);
}
@Before
@@ -227,6 +230,8 @@ public class CassandraNetworkAuthorizerTest
Assert.assertEquals(DCPermissions.subset("dc1"), dcPerms(username));
assertDcPermRow(username, "dc1");
+// clear the roles cache to lose the (non-)superuser status for the
user
+Roles.clearCache();
auth("ALTER ROLE %s WITH superuser = true", username);
Assert.assertEquals(DCPermissions.all(), dcPerms(username));
}
@@ -238,4 +243,16 @@ public class CassandraNetworkAuthorizerTest
auth("CREATE ROLE %s", username);
Assert.assertEquals(DCPermissions.none(), dcPerms(username));
}
+
+@Test
+public void getLoginPrivilegeFromRolesCache() throws Exception
+{
+String username = createName();
+auth("CREATE ROLE %s", username);
+long readCount = getReadCount();
+dcPerms(username);
+Assert.assertEquals(++readCount, getReadCount());
+dcPerms(username);
+Assert.assertEquals(readCount, getReadCount());
+}
}
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-15013) Message Flusher queue can grow unbounded, potentially running JVM out of memory
[ https://issues.apache.org/jira/browse/CASSANDRA-15013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Benedict updated CASSANDRA-15013: - Status: Ready to Commit (was: Review In Progress) [~sumanth.pasupuleti]: this looks good to go. Could you prepare the patch for commit, and submit 3.0, 3.x and trunk versions for me to merge? Thanks! > Message Flusher queue can grow unbounded, potentially running JVM out of > memory > --- > > Key: CASSANDRA-15013 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15013 > Project: Cassandra > Issue Type: Bug > Components: Messaging/Client >Reporter: Sumanth Pasupuleti >Assignee: Sumanth Pasupuleti >Priority: Normal > Labels: pull-request-available > Fix For: 4.0, 3.0.x, 3.11.x > > Attachments: BlockedEpollEventLoopFromHeapDump.png, > BlockedEpollEventLoopFromThreadDump.png, RequestExecutorQueueFull.png, heap > dump showing each ImmediateFlusher taking upto 600MB.png, > perftest2_15013_base_flamegraph.svg, perftest2_15013_patch_flamegraph.svg, > perftest2_blocked_threadpool.png, perftest2_cpu_usage.png, > perftest2_heap.png, perftest2_read_latency_99th.png, > perftest2_read_latency_avg.png, perftest2_readops.png, > perftest2_write_latency_99th.png, perftest2_write_latency_avg.png, > perftest2_writeops.png, perftest_blockedthreads.png, > perftest_connections_count.png, perftest_cpu_usage.png, > perftest_heap_usage.png, perftest_readlatency_99th.png, > perftest_readlatency_avg.png, perftest_readops.png, > perftest_writelatency_99th.png, perftest_writelatency_avg.png, > perftest_writeops.png > > > This is a follow-up ticket out of CASSANDRA-14855, to make the Flusher queue > bounded, since, in the current state, items get added to the queue without > any checks on queue size, nor with any checks on netty outbound buffer to > check the isWritable state. > We are seeing this issue hit our production 3.0 clusters quite often. -- This message was sent by Atlassian JIRA (v7.6.14#76016) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-15013) Message Flusher queue can grow unbounded, potentially running JVM out of memory
[ https://issues.apache.org/jira/browse/CASSANDRA-15013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Benedict updated CASSANDRA-15013: - Status: Review In Progress (was: Patch Available) > Message Flusher queue can grow unbounded, potentially running JVM out of > memory > --- > > Key: CASSANDRA-15013 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15013 > Project: Cassandra > Issue Type: Bug > Components: Messaging/Client >Reporter: Sumanth Pasupuleti >Assignee: Sumanth Pasupuleti >Priority: Normal > Labels: pull-request-available > Fix For: 4.0, 3.0.x, 3.11.x > > Attachments: BlockedEpollEventLoopFromHeapDump.png, > BlockedEpollEventLoopFromThreadDump.png, RequestExecutorQueueFull.png, heap > dump showing each ImmediateFlusher taking upto 600MB.png, > perftest2_15013_base_flamegraph.svg, perftest2_15013_patch_flamegraph.svg, > perftest2_blocked_threadpool.png, perftest2_cpu_usage.png, > perftest2_heap.png, perftest2_read_latency_99th.png, > perftest2_read_latency_avg.png, perftest2_readops.png, > perftest2_write_latency_99th.png, perftest2_write_latency_avg.png, > perftest2_writeops.png, perftest_blockedthreads.png, > perftest_connections_count.png, perftest_cpu_usage.png, > perftest_heap_usage.png, perftest_readlatency_99th.png, > perftest_readlatency_avg.png, perftest_readops.png, > perftest_writelatency_99th.png, perftest_writelatency_avg.png, > perftest_writeops.png > > > This is a follow-up ticket out of CASSANDRA-14855, to make the Flusher queue > bounded, since, in the current state, items get added to the queue without > any checks on queue size, nor with any checks on netty outbound buffer to > check the isWritable state. > We are seeing this issue hit our production 3.0 clusters quite often. -- This message was sent by Atlassian JIRA (v7.6.14#76016) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-10190) Python 3 support for cqlsh
[ https://issues.apache.org/jira/browse/CASSANDRA-10190?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16882929#comment-16882929 ] Patrick Bannister commented on CASSANDRA-10190: --- [~spo...@gmail.com], yes, those are the current branches. For this ticket, the immediate goals are: * Port cqlshlib to run on Python 3.6 and Python 2.7 * Get the cqlshlib unit tests to parity between Python 2.7 and Python 3.6, except for documented cases with external problems, such as cases where Python 3 breaks the driver The dtest branch we're using doesn't enable the remaining dtests, it only gets the currently enabled dtests working. I would like to merge these changes to get cqlshlib ported first, before taking on the remaining dtests. It's more urgent to port cqlshlib. It would also help manage the scope of the problem to take care of cqlshlib before dealing with the remaining dtests. As for breaking out the cqlshlib tests, my recommendation is to continue delivering them as part of cqlshlib itself, because it feels wrong to break the tests away from the repo. But we can address this question separately, on CASSANDRA-14990. > Python 3 support for cqlsh > -- > > Key: CASSANDRA-10190 > URL: https://issues.apache.org/jira/browse/CASSANDRA-10190 > Project: Cassandra > Issue Type: Improvement > Components: Legacy/Tools >Reporter: Andrew Pennebaker >Assignee: Patrick Bannister >Priority: Normal > Labels: cqlsh > Attachments: coverage_notes.txt > > > Users who operate in a Python 3 environment may have trouble launching cqlsh. > Could we please update cqlsh's syntax to run in Python 3? > As a workaround, users can setup pyenv, and cd to a directory with a > .python-version containing "2.7". But it would be nice if cqlsh supported > modern Python versions out of the box. -- This message was sent by Atlassian JIRA (v7.6.14#76016) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
