[jira] [Updated] (CASSANDRA-16697) generate-idea-files taks unnecessarily builds the project
[ https://issues.apache.org/jira/browse/CASSANDRA-16697?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacek Lewandowski updated CASSANDRA-16697: -- Fix Version/s: 3.11.x 3.0.x > generate-idea-files taks unnecessarily builds the project > - > > Key: CASSANDRA-16697 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16697 > Project: Cassandra > Issue Type: Improvement > Components: Build >Reporter: Jacek Lewandowski >Assignee: Jacek Lewandowski >Priority: Normal > Fix For: 3.0.x, 3.11.x, 4.0.x, 4.x > > Time Spent: 10m > Remaining Estimate: 0h > > This is especially painful when the project cannot be built because we are in > the middle of solving some merge conflicts, but we want to fetch and update > dependencies. It seems be to be unnecessary to build the project or to do > other checks when we just want to load the project into our IDE. > From what I've tested, it is enough to limit dependencies of that task to: > {{init,maven-ant-tasks-init,resolver-dist-lib,gen-cql3-grammar,generate-jflex-java,createVersionPropFile}} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16689) Flaky LeaveAndBootstrapTest
[ https://issues.apache.org/jira/browse/CASSANDRA-16689?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17364055#comment-17364055 ] Berenguer Blasi commented on CASSANDRA-16689: - Nice investigation! > Flaky LeaveAndBootstrapTest > --- > > Key: CASSANDRA-16689 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16689 > Project: Cassandra > Issue Type: Bug > Components: Test/unit >Reporter: Berenguer Blasi >Assignee: Brandon Williams >Priority: Normal > Fix For: 4.0-rc2, 4.0, 4.0-rc, 4.x > > > Failing in a circle run > [here|https://app.circleci.com/pipelines/github/bereng/cassandra/309/workflows/a645b956-dcd7-431e-b109-7857af3c523f/jobs/2937] > {noformat} > Testcase: > testStateJumpToNormal(org.apache.cassandra.service.LeaveAndBootstrapTest): > Caused an ERROR > [junit-timeout] null > [junit-timeout] java.lang.NullPointerException > [junit-timeout] at > org.apache.cassandra.service.StorageService.updatePeerInfo(StorageService.java:2418) > [junit-timeout] at > org.apache.cassandra.service.StorageService.handleStateNormal(StorageService.java:2756) > [junit-timeout] at > org.apache.cassandra.service.StorageService.onChange(StorageService.java:2299) > [junit-timeout] at > org.apache.cassandra.Util.createInitialRing(Util.java:236) > [junit-timeout] at > org.apache.cassandra.service.LeaveAndBootstrapTest.testStateJumpToNormal(LeaveAndBootstrapTest.java:550) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-15269) Cassandra fails to process OperationExecutionException which causes ClassCastException
[ https://issues.apache.org/jira/browse/CASSANDRA-15269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17364054#comment-17364054 ] Berenguer Blasi commented on CASSANDRA-15269: - There it goes: {noformat} [cqlsh 6.0.0 | Cassandra 4.0-rc2-SNAPSHOT | CQL spec 3.4.5 | Native protocol v5] Use HELP for help. cqlsh> select numerator % denominator from test.d; Traceback (most recent call last): File "/home/bereng/work/repos/bdpWS/15269/bin/cqlsh.py", line 1076, in perform_simple_statement result = future.result() File "/home/bereng/work/repos/bdpWS/15269/bin/../lib/cassandra-driver-internal-only-3.25.0.zip/cassandra-driver-3.25.0/cassandra/cluster.py", line 4894, in result raise self._final_exception cassandra.FunctionFailure: Error from server: code=1400 [User Defined Function failure] message="The operation 'decimal % decimal' failed: Division impossible" cqlsh> select * from test.d; numerator| denominator --+- 123456789112345678921234567893123456 | 2 (1 rows) {noformat} > Cassandra fails to process OperationExecutionException which causes > ClassCastException > -- > > Key: CASSANDRA-15269 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15269 > Project: Cassandra > Issue Type: Bug > Components: CQL/Interpreter >Reporter: Liudmila Kornilova >Assignee: Berenguer Blasi >Priority: Normal > Fix For: 4.0.x > > > While working on CASSANDRA-15232 I noticed that OperationExecutionException > is not processed correctly. > How to reproduce the issue: > 1. {{create table d (numerator decimal primary key, denominator decimal);}} > 2. {{insert into d (numerator, denominator) values > (123456789112345678921234567893123456, 2);}} > 3. {{select numerator % denominator from d;}} > What happens: > 1. remainder operation throws ArithmeticException (BigDecimal:1854) > 2. The exception is wrapped in OperationExecutionException > 3. ClassCastException appears (OperationExecutionException cannot be cast to > FunctionExecutionException at ErrorMessage.java:280) > What should happen: > OperationExecutionException with message "the operation 'decimal % decimal' > failed: Division impossible" should be delivered to user > Note that after fixing CASSANDRA-15232 {{select numerator % denominator from > d;}} will produce correct result of remainder operation. > Currently I am not aware of other cases when OperationExecutionException may > be treated as FunctionExecutionException -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16745) Fix test failures when running via IntelliJ
[ https://issues.apache.org/jira/browse/CASSANDRA-16745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363981#comment-17363981 ] Abe Ratnofsky commented on CASSANDRA-16745: --- Looks like this has been included in 3.11 and 4.0 actually, but it's still needed in 3.0. Updated fix versions and branch links above. > Fix test failures when running via IntelliJ > --- > > Key: CASSANDRA-16745 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16745 > Project: Cassandra > Issue Type: Improvement > Components: Test/unit >Reporter: Abe Ratnofsky >Assignee: Abe Ratnofsky >Priority: Low > Labels: IDE > Fix For: 3.0.x > > > After running `ant generate-idea-files` and opening the project in IntelliJ > IDEA 2021.1.2, tests that referenced PropertyFileSnitch (like > NetworkTopologyStrategyTest.testProperties) failed with error > org.apache.cassandra.exceptions.ConfigurationException: Unable to read > cassandra-topology.properties. > > I fixed this issue in IntelliJ by marking test/conf as Test Resources (under > Project Structure), and have patches to fix `ant generate-idea-files` so the > manual reconfiguration is not necessary: > > 3.0 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-3-0] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16745) Fix test failures when running via IntelliJ
[ https://issues.apache.org/jira/browse/CASSANDRA-16745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abe Ratnofsky updated CASSANDRA-16745: -- Fix Version/s: (was: 4.0.x) (was: 3.11.x) (was: 4.x) > Fix test failures when running via IntelliJ > --- > > Key: CASSANDRA-16745 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16745 > Project: Cassandra > Issue Type: Improvement > Components: Test/unit >Reporter: Abe Ratnofsky >Assignee: Abe Ratnofsky >Priority: Low > Labels: IDE > Fix For: 3.0.x > > > After running `ant generate-idea-files` and opening the project in IntelliJ > IDEA 2021.1.2, tests that referenced PropertyFileSnitch (like > NetworkTopologyStrategyTest.testProperties) failed with error > org.apache.cassandra.exceptions.ConfigurationException: Unable to read > cassandra-topology.properties. > > I fixed this issue in IntelliJ by marking test/conf as Test Resources (under > Project Structure), and have patches to fix `ant generate-idea-files` so the > manual reconfiguration is not necessary: > > 3.0 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-3-0] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16745) Fix test failures when running via IntelliJ
[ https://issues.apache.org/jira/browse/CASSANDRA-16745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abe Ratnofsky updated CASSANDRA-16745: -- Description: After running `ant generate-idea-files` and opening the project in IntelliJ IDEA 2021.1.2, tests that referenced PropertyFileSnitch (like NetworkTopologyStrategyTest.testProperties) failed with error org.apache.cassandra.exceptions.ConfigurationException: Unable to read cassandra-topology.properties. I fixed this issue in IntelliJ by marking test/conf as Test Resources (under Project Structure), and have patches to fix `ant generate-idea-files` so the manual reconfiguration is not necessary: 3.0 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-3-0] was: After running `ant generate-idea-files` and opening the project in IntelliJ IDEA 2021.1.2, tests that referenced PropertyFileSnitch (like NetworkTopologyStrategyTest.testProperties) failed with error org.apache.cassandra.exceptions.ConfigurationException: Unable to read cassandra-topology.properties. I fixed this issue in IntelliJ by marking test/conf as Test Resources (under Project Structure), and have patches to fix `ant generate-idea-files` so the manual reconfiguration is not necessary: 3.0 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-3-0] 3.11 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-3-11] 4.0 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-4-0] > Fix test failures when running via IntelliJ > --- > > Key: CASSANDRA-16745 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16745 > Project: Cassandra > Issue Type: Improvement > Components: Test/unit >Reporter: Abe Ratnofsky >Assignee: Abe Ratnofsky >Priority: Low > Labels: IDE > Fix For: 3.0.x, 3.11.x, 4.0.x, 4.x > > > After running `ant generate-idea-files` and opening the project in IntelliJ > IDEA 2021.1.2, tests that referenced PropertyFileSnitch (like > NetworkTopologyStrategyTest.testProperties) failed with error > org.apache.cassandra.exceptions.ConfigurationException: Unable to read > cassandra-topology.properties. > > I fixed this issue in IntelliJ by marking test/conf as Test Resources (under > Project Structure), and have patches to fix `ant generate-idea-files` so the > manual reconfiguration is not necessary: > > 3.0 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-3-0] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16745) Fix test failures when running via IntelliJ
[ https://issues.apache.org/jira/browse/CASSANDRA-16745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363927#comment-17363927 ] Brandon Williams commented on CASSANDRA-16745: -- +1 > Fix test failures when running via IntelliJ > --- > > Key: CASSANDRA-16745 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16745 > Project: Cassandra > Issue Type: Improvement > Components: Test/unit >Reporter: Abe Ratnofsky >Assignee: Abe Ratnofsky >Priority: Low > Labels: IDE > Fix For: 3.0.x, 3.11.x, 4.0.x, 4.x > > > After running `ant generate-idea-files` and opening the project in IntelliJ > IDEA 2021.1.2, tests that referenced PropertyFileSnitch (like > NetworkTopologyStrategyTest.testProperties) failed with error > org.apache.cassandra.exceptions.ConfigurationException: Unable to read > cassandra-topology.properties. > > I fixed this issue in IntelliJ by marking test/conf as Test Resources (under > Project Structure), and have patches to fix `ant generate-idea-files` so the > manual reconfiguration is not necessary: > > 3.0 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-3-0] > 3.11 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-3-11] > 4.0 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-4-0] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Comment Edited] (CASSANDRA-16663) Request-Based Native Transport Rate-Limiting
[ https://issues.apache.org/jira/browse/CASSANDRA-16663?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363913#comment-17363913 ] Caleb Rackliffe edited comment on CASSANDRA-16663 at 6/15/21, 9:34 PM: --- This is a coordinator rate limit, so I kicked off a few single node tests w/ tlp-stress. The goals here are a.) to determine how responsive back-pressure is around the configured limit, b.) make sure there isn't a visible regression in performance while under the limit, and c.) see what happens with a pathologically overloaded node. ex. {noformat} bin/tlp-stress run --compaction "{'class': 'org.apache.cassandra.db.compaction.LeveledCompactionStrategy', 'tombstone_compaction_interval': '864000', 'tombstone_threshold': '0.2'}" --compression "{'sstable_compression': 'LZ4Compressor'}" --readrate 1.0 --partitions 1 --populate 1 --rate 1000 --duration 5m KeyValue {noformat} *Native Protocol V4* |Backpressure|Limit (requests/second)|Client-Requested Rate|Client p99 (millis)|Client-Observed Rate| |disabled|n/a|1000|0.45|993.01| |enabled|1000|999|0.40|992.02| |enabled|1000|1001|171.93|992.23| |disabled|n/a|2000|0.63|1986.48| |enabled|1000|2000|220.05|993.75| *Native Protocol V5* |Backpressure|Limit (requests/second)|Client-Requested Rate|Client p99 (millis)|Client-Observed Rate| |disabled|n/a|1000|0.42|993.01| |enabled|1000|999|0.42|992.03| |enabled|1000|1001|161.82|993.17| |disabled|n/a|2000|0.36|1986.47| |enabled|1000|2000|162.61|993.26| In short, the behavior around the back-pressure thresholds here is a.) more or less the same between protocol versions and b.) exactly what we would expect. When the rate of client requests is below the limit, there is no visible degradation in p99 latency, and when the rate of client requests is above the limit, latencies increase over the course of the test (not visible in the tables above, as those are ending p99s) with observed throughput remaining constant. Next, I'll look at how things behave when we're throwing on overload... was (Author: maedhroz): This is a coordinator rate limit, so I kicked off a few single node tests w/ tlp-stress. The goals here are a.) to determine how responsive back-pressure is around the configured limit, b.) make sure there isn't a visible regression in performance while under the limit, and c.) see what happens with a pathologically overloaded node. ex. {noformat} bin/tlp-stress run --compaction "{'class': 'org.apache.cassandra.db.compaction.LeveledCompactionStrategy', 'tombstone_compaction_interval': '864000', 'tombstone_threshold': '0.2'}" --compression "{'sstable_compression': 'LZ4Compressor'}" --readrate 1.0 --partitions 1 --populate 1 --rate 1000 --duration 5m KeyValue {noformat} *Native Protocol V4* |Backpressure|Limit (requests/second)|Client-Requested Rate|Client p99 (millis)|Client-Observed Rate| |disabled|n/a|1000|0.45|993.01| |enabled|1000|999|0.40|992.02| |enabled|1000|1001|171.93|992.23| |disabled|n/a|2000|0.63|1986.48| |enabled|1000|2000|220.05|993.75| *Native Protocol V5* |Backpressure|Limit (requests/second)|Client-Requested Rate|Client p99 (millis)|Client-Observed Rate| |disabled|n/a|1000|0.42|993.01| |enabled|1000|999|0.42|992.03| |enabled|1000|1001|161.82|993.17| |disabled|n/a|2000|0.36|1986.47| |enabled|1000|2000|162.61|993.26| In short, the behavior around the back-pressure thresholds here is a.) more or less the same between protocol versions and b.) exactly what we would expect. When the rate of client requests is below the limit, there is no visible degradation in p99 latency, and when the rate of client requests is above the limit, latencies increase over the course of the test (not visible in the tables above, as those are ending 1-minute p99s) with observed throughput remaining constant. Next, I'll look at how things behave when we're throwing on overload... > Request-Based Native Transport Rate-Limiting > > > Key: CASSANDRA-16663 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16663 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Caleb Rackliffe >Assignee: Caleb Rackliffe >Priority: Normal > Fix For: 4.x > > Time Spent: 3h > Remaining Estimate: 0h > > Together, CASSANDRA-14855, CASSANDRA-15013, and CASSANDRA-15519 added support > for a runtime-configurable, per-coordinator limit on the number of bytes > allocated for concurrent requests over the native protocol. It supports > channel back-pressure by default, and optionally supports throwing > OverloadedException if that is requested in the relevant connection’s STARTUP > message. > This can be an effective tool to prevent the coordinator from running out of > memory, but it may
[jira] [Commented] (CASSANDRA-16663) Request-Based Native Transport Rate-Limiting
[ https://issues.apache.org/jira/browse/CASSANDRA-16663?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363913#comment-17363913 ] Caleb Rackliffe commented on CASSANDRA-16663: - This is a coordinator rate limit, so I kicked off a few single node tests w/ tlp-stress. The goals here are a.) to determine how responsive back-pressure is around the configured limit, b.) make sure there isn't a visible regression in performance while under the limit, and c.) see what happens with a pathologically overloaded node. ex. {noformat} bin/tlp-stress run --compaction "{'class': 'org.apache.cassandra.db.compaction.LeveledCompactionStrategy', 'tombstone_compaction_interval': '864000', 'tombstone_threshold': '0.2'}" --compression "{'sstable_compression': 'LZ4Compressor'}" --readrate 1.0 --partitions 1 --populate 1 --rate 1000 --duration 5m KeyValue {noformat} *Native Protocol V4* |Backpressure|Limit (requests/second)|Client-Requested Rate|Client p99 (millis)|Client-Observed Rate| |disabled|n/a|1000|0.45|993.01| |enabled|1000|999|0.40|992.02| |enabled|1000|1001|171.93|992.23| |disabled|n/a|2000|0.63|1986.48| |enabled|1000|2000|220.05|993.75| *Native Protocol V5* |Backpressure|Limit (requests/second)|Client-Requested Rate|Client p99 (millis)|Client-Observed Rate| |disabled|n/a|1000|0.42|993.01| |enabled|1000|999|0.42|992.03| |enabled|1000|1001|161.82|993.17| |disabled|n/a|2000|0.36|1986.47| |enabled|1000|2000|162.61|993.26| In short, the behavior around the back-pressure thresholds here is a.) more or less the same between protocol versions and b.) exactly what we would expect. When the rate of client requests is below the limit, there is no visible degradation in p99 latency, and when the rate of client requests is above the limit, latencies increase over the course of the test (not visible in the tables above, as those are ending 1-minute p99s) with observed throughput remaining constant. Next, I'll look at how things behave when we're throwing on overload... > Request-Based Native Transport Rate-Limiting > > > Key: CASSANDRA-16663 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16663 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Caleb Rackliffe >Assignee: Caleb Rackliffe >Priority: Normal > Fix For: 4.x > > Time Spent: 3h > Remaining Estimate: 0h > > Together, CASSANDRA-14855, CASSANDRA-15013, and CASSANDRA-15519 added support > for a runtime-configurable, per-coordinator limit on the number of bytes > allocated for concurrent requests over the native protocol. It supports > channel back-pressure by default, and optionally supports throwing > OverloadedException if that is requested in the relevant connection’s STARTUP > message. > This can be an effective tool to prevent the coordinator from running out of > memory, but it may not correspond to how expensive a queries are or provide a > direct conceptual mapping to how users think about request capacity. I > propose adding the option of request-based (or perhaps more correctly > message-based) back-pressure, coexisting with (and reusing the logic that > supports) the current bytes-based back-pressure. > _We can roll this forward in phases_, where the server’s cost accounting > becomes more accurate, we segment limits by operation type/keyspace/etc., and > the client/driver reacts more intelligently to (especially non-back-pressure) > overload, _but something minimally viable could look like this_: > 1.) Reuse most of the existing logic in Limits, et al. to support a simple > per-coordinator limit only on native transport requests per second. Under > this limit will be CQL reads and writes, but also auth requests, prepare > requests, and batches. This is obviously simplistic, and it does not account > for the variation in cost between individual queries, but even a fixed cost > model should be useful in aggregate. > * If the client specifies THROW_ON_OVERLOAD in its STARTUP message at > connection time, a breach of the per-node limit will result in an > OverloadedException being propagated to the client, and the server will > discard the request. > * If THROW_ON_OVERLOAD is not specified, the server will stop consuming > messages from the channel/socket, which should back-pressure the client, > while the message continues to be processed. > 2.) This limit is infinite by default (or simply disabled), and can be > enabled via the YAML config or JMX at runtime. (It might be cleaner to have a > no-op rate limiter that's used when the feature is disabled entirely.) > 3.) The current value of the limit is available via JMX, and metrics around > coordinator operations/second are already available to compare against it. > 4.) Any
[jira] [Commented] (CASSANDRA-16745) Fix test failures when running via IntelliJ
[ https://issues.apache.org/jira/browse/CASSANDRA-16745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363909#comment-17363909 ] Caleb Rackliffe commented on CASSANDRA-16745: - +1 Verified w/ IDEA 2021.1.1 > Fix test failures when running via IntelliJ > --- > > Key: CASSANDRA-16745 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16745 > Project: Cassandra > Issue Type: Improvement > Components: Test/unit >Reporter: Abe Ratnofsky >Assignee: Abe Ratnofsky >Priority: Low > Labels: IDE > Fix For: 3.0.x, 3.11.x, 4.0.x, 4.x > > > After running `ant generate-idea-files` and opening the project in IntelliJ > IDEA 2021.1.2, tests that referenced PropertyFileSnitch (like > NetworkTopologyStrategyTest.testProperties) failed with error > org.apache.cassandra.exceptions.ConfigurationException: Unable to read > cassandra-topology.properties. > > I fixed this issue in IntelliJ by marking test/conf as Test Resources (under > Project Structure), and have patches to fix `ant generate-idea-files` so the > manual reconfiguration is not necessary: > > 3.0 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-3-0] > 3.11 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-3-11] > 4.0 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-4-0] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16745) Fix test failures when running via IntelliJ
[ https://issues.apache.org/jira/browse/CASSANDRA-16745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Caleb Rackliffe updated CASSANDRA-16745: Status: Review In Progress (was: Patch Available) > Fix test failures when running via IntelliJ > --- > > Key: CASSANDRA-16745 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16745 > Project: Cassandra > Issue Type: Improvement > Components: Test/unit >Reporter: Abe Ratnofsky >Assignee: Abe Ratnofsky >Priority: Low > Labels: IDE > Fix For: 3.0.x, 3.11.x, 4.0.x, 4.x > > > After running `ant generate-idea-files` and opening the project in IntelliJ > IDEA 2021.1.2, tests that referenced PropertyFileSnitch (like > NetworkTopologyStrategyTest.testProperties) failed with error > org.apache.cassandra.exceptions.ConfigurationException: Unable to read > cassandra-topology.properties. > > I fixed this issue in IntelliJ by marking test/conf as Test Resources (under > Project Structure), and have patches to fix `ant generate-idea-files` so the > manual reconfiguration is not necessary: > > 3.0 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-3-0] > 3.11 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-3-11] > 4.0 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-4-0] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16745) Fix test failures when running via IntelliJ
[ https://issues.apache.org/jira/browse/CASSANDRA-16745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abe Ratnofsky updated CASSANDRA-16745: -- Test and Documentation Plan: To test: remove the .idea folder, then regenerate it with ant generate-idea-files, then open in IntelliJ. Run a test that references a PropertyFileSnitch (like NetworkTopologyStrategyTest.testProperties) and see all tests pass. Also, confirm in Project Structure > Modules that test/conf is marked as Test Resources. Status: Patch Available (was: Open) > Fix test failures when running via IntelliJ > --- > > Key: CASSANDRA-16745 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16745 > Project: Cassandra > Issue Type: Improvement > Components: Test/unit >Reporter: Abe Ratnofsky >Assignee: Abe Ratnofsky >Priority: Low > Labels: IDE > Fix For: 3.0.x, 3.11.x, 4.0.x, 4.x > > > After running `ant generate-idea-files` and opening the project in IntelliJ > IDEA 2021.1.2, tests that referenced PropertyFileSnitch (like > NetworkTopologyStrategyTest.testProperties) failed with error > org.apache.cassandra.exceptions.ConfigurationException: Unable to read > cassandra-topology.properties. > > I fixed this issue in IntelliJ by marking test/conf as Test Resources (under > Project Structure), and have patches to fix `ant generate-idea-files` so the > manual reconfiguration is not necessary: > > 3.0 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-3-0] > 3.11 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-3-11] > 4.0 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-4-0] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16745) Fix test failures when running via IntelliJ
[ https://issues.apache.org/jira/browse/CASSANDRA-16745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abe Ratnofsky updated CASSANDRA-16745: -- Change Category: Quality Assurance Complexity: Low Hanging Fruit Fix Version/s: 4.x 4.0.x 3.11.x 3.0.x Reviewers: Caleb Rackliffe Priority: Low (was: Normal) Status: Open (was: Triage Needed) > Fix test failures when running via IntelliJ > --- > > Key: CASSANDRA-16745 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16745 > Project: Cassandra > Issue Type: Improvement > Components: Test/unit >Reporter: Abe Ratnofsky >Assignee: Abe Ratnofsky >Priority: Low > Labels: IDE > Fix For: 3.0.x, 3.11.x, 4.0.x, 4.x > > > After running `ant generate-idea-files` and opening the project in IntelliJ > IDEA 2021.1.2, tests that referenced PropertyFileSnitch (like > NetworkTopologyStrategyTest.testProperties) failed with error > org.apache.cassandra.exceptions.ConfigurationException: Unable to read > cassandra-topology.properties. > > I fixed this issue in IntelliJ by marking test/conf as Test Resources (under > Project Structure), and have patches to fix `ant generate-idea-files` so the > manual reconfiguration is not necessary: > > 3.0 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-3-0] > 3.11 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-3-11] > 4.0 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-4-0] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16745) Fix test failures when running via IntelliJ
[ https://issues.apache.org/jira/browse/CASSANDRA-16745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Caleb Rackliffe updated CASSANDRA-16745: Component/s: Test/unit > Fix test failures when running via IntelliJ > --- > > Key: CASSANDRA-16745 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16745 > Project: Cassandra > Issue Type: Improvement > Components: Test/unit >Reporter: Abe Ratnofsky >Assignee: Abe Ratnofsky >Priority: Normal > Labels: IDE > > After running `ant generate-idea-files` and opening the project in IntelliJ > IDEA 2021.1.2, tests that referenced PropertyFileSnitch (like > NetworkTopologyStrategyTest.testProperties) failed with error > org.apache.cassandra.exceptions.ConfigurationException: Unable to read > cassandra-topology.properties. > > I fixed this issue in IntelliJ by marking test/conf as Test Resources (under > Project Structure), and have patches to fix `ant generate-idea-files` so the > manual reconfiguration is not necessary: > > 3.0 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-3-0] > 3.11 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-3-11] > 4.0 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-4-0] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16745) Fix test failures when running via IntelliJ
[ https://issues.apache.org/jira/browse/CASSANDRA-16745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Caleb Rackliffe updated CASSANDRA-16745: Labels: IDE (was: ) > Fix test failures when running via IntelliJ > --- > > Key: CASSANDRA-16745 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16745 > Project: Cassandra > Issue Type: Improvement >Reporter: Abe Ratnofsky >Assignee: Abe Ratnofsky >Priority: Normal > Labels: IDE > > After running `ant generate-idea-files` and opening the project in IntelliJ > IDEA 2021.1.2, tests that referenced PropertyFileSnitch (like > NetworkTopologyStrategyTest.testProperties) failed with error > org.apache.cassandra.exceptions.ConfigurationException: Unable to read > cassandra-topology.properties. > > I fixed this issue in IntelliJ by marking test/conf as Test Resources (under > Project Structure), and have patches to fix `ant generate-idea-files` so the > manual reconfiguration is not necessary: > > 3.0 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-3-0] > 3.11 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-3-11] > 4.0 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-4-0] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Assigned] (CASSANDRA-16745) Fix test failures when running via IntelliJ
[ https://issues.apache.org/jira/browse/CASSANDRA-16745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Caleb Rackliffe reassigned CASSANDRA-16745: --- Assignee: Abe Ratnofsky > Fix test failures when running via IntelliJ > --- > > Key: CASSANDRA-16745 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16745 > Project: Cassandra > Issue Type: Improvement >Reporter: Abe Ratnofsky >Assignee: Abe Ratnofsky >Priority: Normal > > After running `ant generate-idea-files` and opening the project in IntelliJ > IDEA 2021.1.2, tests that referenced PropertyFileSnitch (like > NetworkTopologyStrategyTest.testProperties) failed with error > org.apache.cassandra.exceptions.ConfigurationException: Unable to read > cassandra-topology.properties. > > I fixed this issue in IntelliJ by marking test/conf as Test Resources (under > Project Structure), and have patches to fix `ant generate-idea-files` so the > manual reconfiguration is not necessary: > > 3.0 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-3-0] > 3.11 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-3-11] > 4.0 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-4-0] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Comment Edited] (CASSANDRA-16689) Flaky LeaveAndBootstrapTest
[ https://issues.apache.org/jira/browse/CASSANDRA-16689?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363847#comment-17363847 ] Brandon Williams edited comment on CASSANDRA-16689 at 6/15/21, 9:00 PM: Added a clearUnsafe to Gossiper similar to TMD [here|https://github.com/driftx/cassandra/tree/CASSANDRA-16689] that allows us to pass the [10k test|https://app.circleci.com/pipelines/github/driftx/cassandra/152/workflows/4d317e35-ed5a-4ae1-a7cd-1b265afe149c/jobs/1287]. Given how many times I've seen this kind of problem with just ring delay alone, I almost added it to TMD.clearUnsafe since if you're clearing that, you probably want to clear the gossiper too, but I didn't want to make a large sweeping change. was (Author: brandon.williams): Added an clearUnsafe to Gossiper similar to TMD [here|https://github.com/driftx/cassandra/tree/CASSANDRA-16689] that allows us to pass the [10k test|https://app.circleci.com/pipelines/github/driftx/cassandra/152/workflows/4d317e35-ed5a-4ae1-a7cd-1b265afe149c/jobs/1287]. Given how many times I've seen this kind of problem with just ring delay alone, I almost added it to TMD.clearUnsafe since if you're clearing that, you probably want to clear the gossiper too, but I didn't want to make a large sweeping change. > Flaky LeaveAndBootstrapTest > --- > > Key: CASSANDRA-16689 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16689 > Project: Cassandra > Issue Type: Bug > Components: Test/unit >Reporter: Berenguer Blasi >Assignee: Brandon Williams >Priority: Normal > Fix For: 4.0-rc2, 4.0, 4.0-rc, 4.x > > > Failing in a circle run > [here|https://app.circleci.com/pipelines/github/bereng/cassandra/309/workflows/a645b956-dcd7-431e-b109-7857af3c523f/jobs/2937] > {noformat} > Testcase: > testStateJumpToNormal(org.apache.cassandra.service.LeaveAndBootstrapTest): > Caused an ERROR > [junit-timeout] null > [junit-timeout] java.lang.NullPointerException > [junit-timeout] at > org.apache.cassandra.service.StorageService.updatePeerInfo(StorageService.java:2418) > [junit-timeout] at > org.apache.cassandra.service.StorageService.handleStateNormal(StorageService.java:2756) > [junit-timeout] at > org.apache.cassandra.service.StorageService.onChange(StorageService.java:2299) > [junit-timeout] at > org.apache.cassandra.Util.createInitialRing(Util.java:236) > [junit-timeout] at > org.apache.cassandra.service.LeaveAndBootstrapTest.testStateJumpToNormal(LeaveAndBootstrapTest.java:550) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16689) Flaky LeaveAndBootstrapTest
[ https://issues.apache.org/jira/browse/CASSANDRA-16689?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Brandon Williams updated CASSANDRA-16689: - Since Version: NA Source Control Link: https://github.com/apache/cassandra/commit/658e08dc7e7561a6313675a73a6dbd43c73bbde4 Resolution: Fixed Status: Resolved (was: Ready to Commit) Committed w/nits addressed. Thanks! > Flaky LeaveAndBootstrapTest > --- > > Key: CASSANDRA-16689 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16689 > Project: Cassandra > Issue Type: Bug > Components: Test/unit >Reporter: Berenguer Blasi >Assignee: Brandon Williams >Priority: Normal > Fix For: 4.0-rc2, 4.0, 4.0-rc, 4.x > > > Failing in a circle run > [here|https://app.circleci.com/pipelines/github/bereng/cassandra/309/workflows/a645b956-dcd7-431e-b109-7857af3c523f/jobs/2937] > {noformat} > Testcase: > testStateJumpToNormal(org.apache.cassandra.service.LeaveAndBootstrapTest): > Caused an ERROR > [junit-timeout] null > [junit-timeout] java.lang.NullPointerException > [junit-timeout] at > org.apache.cassandra.service.StorageService.updatePeerInfo(StorageService.java:2418) > [junit-timeout] at > org.apache.cassandra.service.StorageService.handleStateNormal(StorageService.java:2756) > [junit-timeout] at > org.apache.cassandra.service.StorageService.onChange(StorageService.java:2299) > [junit-timeout] at > org.apache.cassandra.Util.createInitialRing(Util.java:236) > [junit-timeout] at > org.apache.cassandra.service.LeaveAndBootstrapTest.testStateJumpToNormal(LeaveAndBootstrapTest.java:550) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16689) Flaky LeaveAndBootstrapTest
[ https://issues.apache.org/jira/browse/CASSANDRA-16689?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Brandon Williams updated CASSANDRA-16689: - Status: Ready to Commit (was: Review In Progress) > Flaky LeaveAndBootstrapTest > --- > > Key: CASSANDRA-16689 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16689 > Project: Cassandra > Issue Type: Bug > Components: Test/unit >Reporter: Berenguer Blasi >Assignee: Brandon Williams >Priority: Normal > Fix For: 4.0-rc2, 4.0, 4.0-rc, 4.x > > > Failing in a circle run > [here|https://app.circleci.com/pipelines/github/bereng/cassandra/309/workflows/a645b956-dcd7-431e-b109-7857af3c523f/jobs/2937] > {noformat} > Testcase: > testStateJumpToNormal(org.apache.cassandra.service.LeaveAndBootstrapTest): > Caused an ERROR > [junit-timeout] null > [junit-timeout] java.lang.NullPointerException > [junit-timeout] at > org.apache.cassandra.service.StorageService.updatePeerInfo(StorageService.java:2418) > [junit-timeout] at > org.apache.cassandra.service.StorageService.handleStateNormal(StorageService.java:2756) > [junit-timeout] at > org.apache.cassandra.service.StorageService.onChange(StorageService.java:2299) > [junit-timeout] at > org.apache.cassandra.Util.createInitialRing(Util.java:236) > [junit-timeout] at > org.apache.cassandra.service.LeaveAndBootstrapTest.testStateJumpToNormal(LeaveAndBootstrapTest.java:550) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[cassandra] branch trunk updated (5d3b698 -> 597558f)
This is an automated email from the ASF dual-hosted git repository. brandonwilliams pushed a change to branch trunk in repository https://gitbox.apache.org/repos/asf/cassandra.git. from 5d3b698 Merge branch 'cassandra-4.0' into trunk new 658e08d add and use Gossiper.clearUnsafe to fix LeaveAndBootstrapTest new 379976d Merge branch 'cassandra-4.0.0' into cassandra-4.0 new 597558f Merge branch 'cassandra-4.0' into trunk The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: src/java/org/apache/cassandra/gms/Gossiper.java | 11 +++ .../org/apache/cassandra/service/LeaveAndBootstrapTest.java | 6 ++ 2 files changed, 17 insertions(+) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[cassandra] 01/01: Merge branch 'cassandra-4.0' into trunk
This is an automated email from the ASF dual-hosted git repository. brandonwilliams pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/cassandra.git commit 597558f4e3743c8887434b526377900de3ba3f3f Merge: 5d3b698 379976d Author: Brandon Williams AuthorDate: Tue Jun 15 14:53:17 2021 -0500 Merge branch 'cassandra-4.0' into trunk src/java/org/apache/cassandra/gms/Gossiper.java | 11 +++ .../org/apache/cassandra/service/LeaveAndBootstrapTest.java | 6 ++ 2 files changed, 17 insertions(+) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[cassandra] branch cassandra-4.0 updated: add and use Gossiper.clearUnsafe to fix LeaveAndBootstrapTest
This is an automated email from the ASF dual-hosted git repository. brandonwilliams pushed a commit to branch cassandra-4.0 in repository https://gitbox.apache.org/repos/asf/cassandra.git The following commit(s) were added to refs/heads/cassandra-4.0 by this push: new 658e08d add and use Gossiper.clearUnsafe to fix LeaveAndBootstrapTest new 379976d Merge branch 'cassandra-4.0.0' into cassandra-4.0 658e08d is described below commit 658e08dc7e7561a6313675a73a6dbd43c73bbde4 Author: Brandon Williams AuthorDate: Tue Jun 15 13:04:02 2021 -0500 add and use Gossiper.clearUnsafe to fix LeaveAndBootstrapTest Patch by brandonwilliams, reviewed by adelapena for CASSANDRA-16689 --- src/java/org/apache/cassandra/gms/Gossiper.java | 11 +++ .../org/apache/cassandra/service/LeaveAndBootstrapTest.java | 6 ++ 2 files changed, 17 insertions(+) diff --git a/src/java/org/apache/cassandra/gms/Gossiper.java b/src/java/org/apache/cassandra/gms/Gossiper.java index b041d23..39fe1fe 100644 --- a/src/java/org/apache/cassandra/gms/Gossiper.java +++ b/src/java/org/apache/cassandra/gms/Gossiper.java @@ -169,6 +169,17 @@ public class Gossiper implements IFailureDetectionEventListener, GossiperMBean */ private volatile boolean upgradeInProgressPossible = true; +public void clearUnsafe() +{ +unreachableEndpoints.clear(); +liveEndpoints.clear(); +justRemovedEndpoints.clear(); +expireTimeEndpointMap.clear(); +endpointStateMap.clear(); +endpointShadowStateMap.clear(); +seedsInShadowRound.clear(); +} + final Supplier> upgradeFromVersionSupplier = () -> { // Once there are no prior version nodes we don't need to keep rechecking diff --git a/test/unit/org/apache/cassandra/service/LeaveAndBootstrapTest.java b/test/unit/org/apache/cassandra/service/LeaveAndBootstrapTest.java index 018e3ea..02d625c 100644 --- a/test/unit/org/apache/cassandra/service/LeaveAndBootstrapTest.java +++ b/test/unit/org/apache/cassandra/service/LeaveAndBootstrapTest.java @@ -87,6 +87,7 @@ public class LeaveAndBootstrapTest TokenMetadata tmd = ss.getTokenMetadata(); tmd.clearUnsafe(); +Gossiper.instance.clearUnsafe(); IPartitioner partitioner = RandomPartitioner.instance; VersionedValue.VersionedValueFactory valueFactory = new VersionedValue.VersionedValueFactory(partitioner); @@ -158,6 +159,7 @@ public class LeaveAndBootstrapTest final int RING_SIZE = 10; TokenMetadata tmd = ss.getTokenMetadata(); tmd.clearUnsafe(); +Gossiper.instance.clearUnsafe(); IPartitioner partitioner = RandomPartitioner.instance; VersionedValue.VersionedValueFactory valueFactory = new VersionedValue.VersionedValueFactory(partitioner); @@ -461,6 +463,7 @@ public class LeaveAndBootstrapTest StorageService ss = StorageService.instance; TokenMetadata tmd = ss.getTokenMetadata(); tmd.clearUnsafe(); +Gossiper.instance.clearUnsafe(); IPartitioner partitioner = RandomPartitioner.instance; VersionedValue.VersionedValueFactory valueFactory = new VersionedValue.VersionedValueFactory(partitioner); @@ -538,6 +541,7 @@ public class LeaveAndBootstrapTest StorageService ss = StorageService.instance; TokenMetadata tmd = ss.getTokenMetadata(); tmd.clearUnsafe(); +Gossiper.instance.clearUnsafe(); IPartitioner partitioner = RandomPartitioner.instance; VersionedValue.VersionedValueFactory valueFactory = new VersionedValue.VersionedValueFactory(partitioner); @@ -580,6 +584,7 @@ public class LeaveAndBootstrapTest StorageService ss = StorageService.instance; TokenMetadata tmd = ss.getTokenMetadata(); tmd.clearUnsafe(); +Gossiper.instance.clearUnsafe(); IPartitioner partitioner = RandomPartitioner.instance; VersionedValue.VersionedValueFactory valueFactory = new VersionedValue.VersionedValueFactory(partitioner); @@ -630,6 +635,7 @@ public class LeaveAndBootstrapTest StorageService ss = StorageService.instance; TokenMetadata tmd = ss.getTokenMetadata(); tmd.clearUnsafe(); +Gossiper.instance.clearUnsafe(); IPartitioner partitioner = RandomPartitioner.instance; VersionedValue.VersionedValueFactory valueFactory = new VersionedValue.VersionedValueFactory(partitioner); - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[cassandra] branch cassandra-4.0.0 updated (f978bea -> 658e08d)
This is an automated email from the ASF dual-hosted git repository. brandonwilliams pushed a change to branch cassandra-4.0.0 in repository https://gitbox.apache.org/repos/asf/cassandra.git. from f978bea Obfuscate passwords in statements in QueryEvents new 658e08d add and use Gossiper.clearUnsafe to fix LeaveAndBootstrapTest The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: src/java/org/apache/cassandra/gms/Gossiper.java | 11 +++ .../org/apache/cassandra/service/LeaveAndBootstrapTest.java | 6 ++ 2 files changed, 17 insertions(+) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16689) Flaky LeaveAndBootstrapTest
[ https://issues.apache.org/jira/browse/CASSANDRA-16689?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andres de la Peña updated CASSANDRA-16689: -- Reviewers: Andres de la Peña, Andres de la Peña (was: Andres de la Peña) Andres de la Peña, Andres de la Peña Status: Review In Progress (was: Patch Available) > Flaky LeaveAndBootstrapTest > --- > > Key: CASSANDRA-16689 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16689 > Project: Cassandra > Issue Type: Bug > Components: Test/unit >Reporter: Berenguer Blasi >Assignee: Brandon Williams >Priority: Normal > Fix For: 4.0-rc2, 4.0, 4.0-rc, 4.x > > > Failing in a circle run > [here|https://app.circleci.com/pipelines/github/bereng/cassandra/309/workflows/a645b956-dcd7-431e-b109-7857af3c523f/jobs/2937] > {noformat} > Testcase: > testStateJumpToNormal(org.apache.cassandra.service.LeaveAndBootstrapTest): > Caused an ERROR > [junit-timeout] null > [junit-timeout] java.lang.NullPointerException > [junit-timeout] at > org.apache.cassandra.service.StorageService.updatePeerInfo(StorageService.java:2418) > [junit-timeout] at > org.apache.cassandra.service.StorageService.handleStateNormal(StorageService.java:2756) > [junit-timeout] at > org.apache.cassandra.service.StorageService.onChange(StorageService.java:2299) > [junit-timeout] at > org.apache.cassandra.Util.createInitialRing(Util.java:236) > [junit-timeout] at > org.apache.cassandra.service.LeaveAndBootstrapTest.testStateJumpToNormal(LeaveAndBootstrapTest.java:550) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Comment Edited] (CASSANDRA-16689) Flaky LeaveAndBootstrapTest
[ https://issues.apache.org/jira/browse/CASSANDRA-16689?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363880#comment-17363880 ] Andres de la Peña edited comment on CASSANDRA-16689 at 6/15/21, 7:45 PM: - Nice investigation! Looks good to me, +1. Adding the clearing of {{Gossiper}} to {{TokenMetadata}} sounds tempting but I agree that maybe it's better to leave that change for the future. I have left a trivial comment on the patch that can be addressed on commit, if needed. was (Author: adelapena): Nice investigation! Looks good to me, +1. Adding the clearing of {{Gossiper}} to {{TokenMetadata}} sounds tempting but I agree that maybe it's better to leave that change for the future. I have left a trivial comment of the patch that can be addressed on commit, if needed. > Flaky LeaveAndBootstrapTest > --- > > Key: CASSANDRA-16689 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16689 > Project: Cassandra > Issue Type: Bug > Components: Test/unit >Reporter: Berenguer Blasi >Assignee: Brandon Williams >Priority: Normal > Fix For: 4.0-rc2, 4.0, 4.0-rc, 4.x > > > Failing in a circle run > [here|https://app.circleci.com/pipelines/github/bereng/cassandra/309/workflows/a645b956-dcd7-431e-b109-7857af3c523f/jobs/2937] > {noformat} > Testcase: > testStateJumpToNormal(org.apache.cassandra.service.LeaveAndBootstrapTest): > Caused an ERROR > [junit-timeout] null > [junit-timeout] java.lang.NullPointerException > [junit-timeout] at > org.apache.cassandra.service.StorageService.updatePeerInfo(StorageService.java:2418) > [junit-timeout] at > org.apache.cassandra.service.StorageService.handleStateNormal(StorageService.java:2756) > [junit-timeout] at > org.apache.cassandra.service.StorageService.onChange(StorageService.java:2299) > [junit-timeout] at > org.apache.cassandra.Util.createInitialRing(Util.java:236) > [junit-timeout] at > org.apache.cassandra.service.LeaveAndBootstrapTest.testStateJumpToNormal(LeaveAndBootstrapTest.java:550) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16689) Flaky LeaveAndBootstrapTest
[ https://issues.apache.org/jira/browse/CASSANDRA-16689?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363880#comment-17363880 ] Andres de la Peña commented on CASSANDRA-16689: --- Nice investigation! Looks good to me, +1. Adding the clearing of {{Gossiper}} to {{TokenMetadata}} sounds tempting but I agree that maybe it's better to leave that change for the future. I have left a trivial comment of the patch that can be addressed on commit, if needed. > Flaky LeaveAndBootstrapTest > --- > > Key: CASSANDRA-16689 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16689 > Project: Cassandra > Issue Type: Bug > Components: Test/unit >Reporter: Berenguer Blasi >Assignee: Brandon Williams >Priority: Normal > Fix For: 4.0-rc2, 4.0, 4.0-rc, 4.x > > > Failing in a circle run > [here|https://app.circleci.com/pipelines/github/bereng/cassandra/309/workflows/a645b956-dcd7-431e-b109-7857af3c523f/jobs/2937] > {noformat} > Testcase: > testStateJumpToNormal(org.apache.cassandra.service.LeaveAndBootstrapTest): > Caused an ERROR > [junit-timeout] null > [junit-timeout] java.lang.NullPointerException > [junit-timeout] at > org.apache.cassandra.service.StorageService.updatePeerInfo(StorageService.java:2418) > [junit-timeout] at > org.apache.cassandra.service.StorageService.handleStateNormal(StorageService.java:2756) > [junit-timeout] at > org.apache.cassandra.service.StorageService.onChange(StorageService.java:2299) > [junit-timeout] at > org.apache.cassandra.Util.createInitialRing(Util.java:236) > [junit-timeout] at > org.apache.cassandra.service.LeaveAndBootstrapTest.testStateJumpToNormal(LeaveAndBootstrapTest.java:550) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Created] (CASSANDRA-16745) Fix test failures when running via IntelliJ
Abe Ratnofsky created CASSANDRA-16745: - Summary: Fix test failures when running via IntelliJ Key: CASSANDRA-16745 URL: https://issues.apache.org/jira/browse/CASSANDRA-16745 Project: Cassandra Issue Type: Improvement Reporter: Abe Ratnofsky After running `ant generate-idea-files` and opening the project in IntelliJ IDEA 2021.1.2, tests that referenced PropertyFileSnitch (like NetworkTopologyStrategyTest.testProperties) failed with error org.apache.cassandra.exceptions.ConfigurationException: Unable to read cassandra-topology.properties. I fixed this issue in IntelliJ by marking test/conf as Test Resources (under Project Structure), and have patches to fix `ant generate-idea-files` so the manual reconfiguration is not necessary: 3.0 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-3-0] 3.11 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-3-11] 4.0 - [https://github.com/aratno/cassandra/tree/abe-fix-intellij-test-4-0] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Comment Edited] (CASSANDRA-16689) Flaky LeaveAndBootstrapTest
[ https://issues.apache.org/jira/browse/CASSANDRA-16689?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363847#comment-17363847 ] Brandon Williams edited comment on CASSANDRA-16689 at 6/15/21, 6:51 PM: Added an clearUnsafe to Gossiper similar to TMD [here|https://github.com/driftx/cassandra/tree/CASSANDRA-16689] that allows us to pass the [10k test|https://app.circleci.com/pipelines/github/driftx/cassandra/152/workflows/4d317e35-ed5a-4ae1-a7cd-1b265afe149c/jobs/1287]. Given how many times I've seen this kind of problem with just ring delay alone, I almost added it to TMD.clearUnsafe since if you're clearing that, you probably want to clear the gossiper too, but I didn't want to make a large sweeping change. was (Author: brandon.williams): Added an clearUnsafe to Gossiper similar to TMD [here|https://github.com/driftx/cassandra/tree/CASSANDRA-16689] that allows us to pass the [10k test|https://app.circleci.com/pipelines/github/driftx/cassandra/152/workflows/4d317e35-ed5a-4ae1-a7cd-1b265afe149c/jobs/1287]. Given how many times I've seen this kind of problem with just ring delay alone, I almost added it to TMD.uclearUnsafe since if you're clearing that, you probably want to clear the gossiper too, but I didn't want to make a large sweeping change. > Flaky LeaveAndBootstrapTest > --- > > Key: CASSANDRA-16689 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16689 > Project: Cassandra > Issue Type: Bug > Components: Test/unit >Reporter: Berenguer Blasi >Assignee: Brandon Williams >Priority: Normal > Fix For: 4.0-rc2, 4.0, 4.0-rc, 4.x > > > Failing in a circle run > [here|https://app.circleci.com/pipelines/github/bereng/cassandra/309/workflows/a645b956-dcd7-431e-b109-7857af3c523f/jobs/2937] > {noformat} > Testcase: > testStateJumpToNormal(org.apache.cassandra.service.LeaveAndBootstrapTest): > Caused an ERROR > [junit-timeout] null > [junit-timeout] java.lang.NullPointerException > [junit-timeout] at > org.apache.cassandra.service.StorageService.updatePeerInfo(StorageService.java:2418) > [junit-timeout] at > org.apache.cassandra.service.StorageService.handleStateNormal(StorageService.java:2756) > [junit-timeout] at > org.apache.cassandra.service.StorageService.onChange(StorageService.java:2299) > [junit-timeout] at > org.apache.cassandra.Util.createInitialRing(Util.java:236) > [junit-timeout] at > org.apache.cassandra.service.LeaveAndBootstrapTest.testStateJumpToNormal(LeaveAndBootstrapTest.java:550) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Comment Edited] (CASSANDRA-16689) Flaky LeaveAndBootstrapTest
[ https://issues.apache.org/jira/browse/CASSANDRA-16689?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363847#comment-17363847 ] Brandon Williams edited comment on CASSANDRA-16689 at 6/15/21, 6:50 PM: Added an clearUnsafe to Gossiper similar to TMD [here|https://github.com/driftx/cassandra/tree/CASSANDRA-16689] that allows us to pass the [10k test|https://app.circleci.com/pipelines/github/driftx/cassandra/152/workflows/4d317e35-ed5a-4ae1-a7cd-1b265afe149c/jobs/1287]. Given how many times I've seen this kind of problem with just ring delay alone, I almost added it to TMD.uclearUnsafe since if you're clearing that, you probably want to clear the gossiper too, but I didn't want to make a large sweeping change. was (Author: brandon.williams): Added an unsafeClear to Gossiper similar to TMD [here|https://github.com/driftx/cassandra/tree/CASSANDRA-16689] that allows us to pass the [10k test|https://app.circleci.com/pipelines/github/driftx/cassandra/152/workflows/4d317e35-ed5a-4ae1-a7cd-1b265afe149c/jobs/1287]. Given how many times I've seen this kind of problem with just ring delay alone, I almost added it to TMD.unsafeClear since if you're clearing that, you probably want to clear the gossiper too, but I didn't want to make a large sweeping change. > Flaky LeaveAndBootstrapTest > --- > > Key: CASSANDRA-16689 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16689 > Project: Cassandra > Issue Type: Bug > Components: Test/unit >Reporter: Berenguer Blasi >Assignee: Brandon Williams >Priority: Normal > Fix For: 4.0-rc2, 4.0, 4.0-rc, 4.x > > > Failing in a circle run > [here|https://app.circleci.com/pipelines/github/bereng/cassandra/309/workflows/a645b956-dcd7-431e-b109-7857af3c523f/jobs/2937] > {noformat} > Testcase: > testStateJumpToNormal(org.apache.cassandra.service.LeaveAndBootstrapTest): > Caused an ERROR > [junit-timeout] null > [junit-timeout] java.lang.NullPointerException > [junit-timeout] at > org.apache.cassandra.service.StorageService.updatePeerInfo(StorageService.java:2418) > [junit-timeout] at > org.apache.cassandra.service.StorageService.handleStateNormal(StorageService.java:2756) > [junit-timeout] at > org.apache.cassandra.service.StorageService.onChange(StorageService.java:2299) > [junit-timeout] at > org.apache.cassandra.Util.createInitialRing(Util.java:236) > [junit-timeout] at > org.apache.cassandra.service.LeaveAndBootstrapTest.testStateJumpToNormal(LeaveAndBootstrapTest.java:550) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16689) Flaky LeaveAndBootstrapTest
[ https://issues.apache.org/jira/browse/CASSANDRA-16689?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363847#comment-17363847 ] Brandon Williams commented on CASSANDRA-16689: -- Added an unsafeClear to Gossiper similar to TMD [here|https://github.com/driftx/cassandra/tree/CASSANDRA-16689] that allows us to pass the [10k test|https://app.circleci.com/pipelines/github/driftx/cassandra/152/workflows/4d317e35-ed5a-4ae1-a7cd-1b265afe149c/jobs/1287]. Given how many times I've seen this kind of problem with just ring delay alone, I almost added it to TMD.unsafeClear since if you're clearing that, you probably want to clear the gossiper too, but I didn't want to make a large sweeping change. > Flaky LeaveAndBootstrapTest > --- > > Key: CASSANDRA-16689 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16689 > Project: Cassandra > Issue Type: Bug > Components: Test/unit >Reporter: Berenguer Blasi >Assignee: Brandon Williams >Priority: Normal > Fix For: 4.0-rc2, 4.0, 4.0-rc, 4.x > > > Failing in a circle run > [here|https://app.circleci.com/pipelines/github/bereng/cassandra/309/workflows/a645b956-dcd7-431e-b109-7857af3c523f/jobs/2937] > {noformat} > Testcase: > testStateJumpToNormal(org.apache.cassandra.service.LeaveAndBootstrapTest): > Caused an ERROR > [junit-timeout] null > [junit-timeout] java.lang.NullPointerException > [junit-timeout] at > org.apache.cassandra.service.StorageService.updatePeerInfo(StorageService.java:2418) > [junit-timeout] at > org.apache.cassandra.service.StorageService.handleStateNormal(StorageService.java:2756) > [junit-timeout] at > org.apache.cassandra.service.StorageService.onChange(StorageService.java:2299) > [junit-timeout] at > org.apache.cassandra.Util.createInitialRing(Util.java:236) > [junit-timeout] at > org.apache.cassandra.service.LeaveAndBootstrapTest.testStateJumpToNormal(LeaveAndBootstrapTest.java:550) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16689) Flaky LeaveAndBootstrapTest
[ https://issues.apache.org/jira/browse/CASSANDRA-16689?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Brandon Williams updated CASSANDRA-16689: - Status: Patch Available (was: Open) > Flaky LeaveAndBootstrapTest > --- > > Key: CASSANDRA-16689 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16689 > Project: Cassandra > Issue Type: Bug > Components: Test/unit >Reporter: Berenguer Blasi >Assignee: Brandon Williams >Priority: Normal > Fix For: 4.0-rc2, 4.0, 4.0-rc, 4.x > > > Failing in a circle run > [here|https://app.circleci.com/pipelines/github/bereng/cassandra/309/workflows/a645b956-dcd7-431e-b109-7857af3c523f/jobs/2937] > {noformat} > Testcase: > testStateJumpToNormal(org.apache.cassandra.service.LeaveAndBootstrapTest): > Caused an ERROR > [junit-timeout] null > [junit-timeout] java.lang.NullPointerException > [junit-timeout] at > org.apache.cassandra.service.StorageService.updatePeerInfo(StorageService.java:2418) > [junit-timeout] at > org.apache.cassandra.service.StorageService.handleStateNormal(StorageService.java:2756) > [junit-timeout] at > org.apache.cassandra.service.StorageService.onChange(StorageService.java:2299) > [junit-timeout] at > org.apache.cassandra.Util.createInitialRing(Util.java:236) > [junit-timeout] at > org.apache.cassandra.service.LeaveAndBootstrapTest.testStateJumpToNormal(LeaveAndBootstrapTest.java:550) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16689) Flaky LeaveAndBootstrapTest
[ https://issues.apache.org/jira/browse/CASSANDRA-16689?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363753#comment-17363753 ] Brandon Williams commented on CASSANDRA-16689: -- bq. so it doesn't seem a problem of interaction between tests. On the surface it doesn't but in that case it was actually previous runs of the same test interfering, which is the entire cause of the failures in all these tests, since the bootstrapping (gossip-only) clients are sometimes being expired due to the modified (1s) ring delay at just the right time to break things. With the ring delay changes removed these pass the 10k test: https://app.circleci.com/pipelines/github/driftx/cassandra/150/workflows/80a208ec-3b42-4de4-965c-f8a900311c30/jobs/1271 but obviously doing that is too broad for all the tests. I will work on another solution. > Flaky LeaveAndBootstrapTest > --- > > Key: CASSANDRA-16689 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16689 > Project: Cassandra > Issue Type: Bug > Components: Test/unit >Reporter: Berenguer Blasi >Assignee: Brandon Williams >Priority: Normal > Fix For: 4.0-rc2, 4.0, 4.0-rc, 4.x > > > Failing in a circle run > [here|https://app.circleci.com/pipelines/github/bereng/cassandra/309/workflows/a645b956-dcd7-431e-b109-7857af3c523f/jobs/2937] > {noformat} > Testcase: > testStateJumpToNormal(org.apache.cassandra.service.LeaveAndBootstrapTest): > Caused an ERROR > [junit-timeout] null > [junit-timeout] java.lang.NullPointerException > [junit-timeout] at > org.apache.cassandra.service.StorageService.updatePeerInfo(StorageService.java:2418) > [junit-timeout] at > org.apache.cassandra.service.StorageService.handleStateNormal(StorageService.java:2756) > [junit-timeout] at > org.apache.cassandra.service.StorageService.onChange(StorageService.java:2299) > [junit-timeout] at > org.apache.cassandra.Util.createInitialRing(Util.java:236) > [junit-timeout] at > org.apache.cassandra.service.LeaveAndBootstrapTest.testStateJumpToNormal(LeaveAndBootstrapTest.java:550) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16697) generate-idea-files taks unnecessarily builds the project
[ https://issues.apache.org/jira/browse/CASSANDRA-16697?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ekaterina Dimitrova updated CASSANDRA-16697: Reviewers: Ekaterina Dimitrova, Michael Semb Wever (was: Michael Semb Wever) > generate-idea-files taks unnecessarily builds the project > - > > Key: CASSANDRA-16697 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16697 > Project: Cassandra > Issue Type: Improvement > Components: Build >Reporter: Jacek Lewandowski >Assignee: Jacek Lewandowski >Priority: Normal > Fix For: 4.0.x, 4.x > > Time Spent: 10m > Remaining Estimate: 0h > > This is especially painful when the project cannot be built because we are in > the middle of solving some merge conflicts, but we want to fetch and update > dependencies. It seems be to be unnecessary to build the project or to do > other checks when we just want to load the project into our IDE. > From what I've tested, it is enough to limit dependencies of that task to: > {{init,maven-ant-tasks-init,resolver-dist-lib,gen-cql3-grammar,generate-jflex-java,createVersionPropFile}} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Comment Edited] (CASSANDRA-16669) Password obfuscation for DCL audit log statements
[ https://issues.apache.org/jira/browse/CASSANDRA-16669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363732#comment-17363732 ] Ekaterina Dimitrova edited comment on CASSANDRA-16669 at 6/15/21, 3:56 PM: --- Thank you all for your work! For visibility and the sake of completeness: * There is a failure in the Jenkins devbranch run which is because the branch with the patch was not rebased so the [patch|https://github.com/apache/cassandra/commit/a0af091a5cbceeaa2b8f724b1790b61ef512b033] for which the failing test was created was missing. No new failures introduced by this patch. The post-commit CI is still running but the cqlsh tests are already [successfully completed|https://jenkins-cm4.apache.org/blue/organizations/jenkins/Cassandra-4.0.0/detail/Cassandra-4.0.0/27/pipeline]. * {quote} - Add a test case for {{CREATE /*password*/ ROLE bla bla}} which would be a way to bypass - In the future move to lexer/parser level obfuscation - You can only hack the thing with useless stmnts like {{ALTER ROLE alicepassword...}} that lead nowhere{quote} These cases are covered in the latest patch as the patch is simple and drastic at this point until we work on the mentioned improvement for 4.0.1, It simply takes the DCL statement as a String and checks for password substring (upper case, mixed case, and lower case covered) and then obfuscates everything after it; non-valid statements are also covered which is visible from the test added by Vinay. was (Author: e.dimitrova): Thank you all for your work! For visibility and the sake of completeness: * There is a failure in the Jenkins devbranch run which is because the branch with the patch was not rebased so the [patch|https://github.com/apache/cassandra/commit/a0af091a5cbceeaa2b8f724b1790b61ef512b033] for which the failing test was created was missing. No new failures introduced by this patch. The post-commit CI is still running but the cqlsh tests are already [successfully completed|https://jenkins-cm4.apache.org/blue/organizations/jenkins/Cassandra-4.0.0/detail/Cassandra-4.0.0/27/pipeline]. * And my feedback would be: {quote} - Add a test case for {{CREATE /*password*/ ROLE bla bla}} which would be a way to bypass - In the future move to lexer/parser level obfuscation - You can only hack the thing with useless stmnts like {{ALTER ROLE alicepassword...}} that lead nowhere{quote} These cases are covered in the latest patch as the patch is simple and drastic at this point until we work on the mentioned improvement for 4.0.1, It simply takes the DCL statement as a String and checks for password substring (upper case, mixed case, and lower case covered) and then obfuscates everything after it; non-valid statements are also covered which is visible from the test added by Vinay. > Password obfuscation for DCL audit log statements > - > > Key: CASSANDRA-16669 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16669 > Project: Cassandra > Issue Type: Bug > Components: Tool/auditlogging >Reporter: Vinay Chella >Assignee: Sumanth Pasupuleti >Priority: Normal > Labels: audit, security > Fix For: 4.0-rc, 4.0.x, 4.x > > Time Spent: 6h 10m > Remaining Estimate: 0h > > The goal of this JIRA is to obfuscate passwords or any sensitive information > from DCL audit log statements. > Currently, (Cassandra version 4.0-rc1) logs query statements for any DCL > ([ROLE|https://cassandra.apache.org/doc/latest/cql/security.html#database-roles] > and [USER|https://cassandra.apache.org/doc/latest/cql/security.html#users] ) > queries with passwords in plaintext format in audit log files. > The current workaround to avoid plain text passwords from being logged in > audit log files is either by > [excluding|https://cassandra.apache.org/doc/latest/operating/audit_logging.html#options] > DCL statements from auditing or by excluding the user who is creating these > roles from auditing. > It would be ideal for Cassandra to provide an option or default to obfuscate > passwords or any sensitive information from DCL audit log statements. > Sample audit logs with DCL queries > {code:sh} > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190499676|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE new_role; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190505313|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE alice WITH PASSWORD = 'password_a' AND LOGIN = true; > Type: audit > LogMessage: >
[jira] [Comment Edited] (CASSANDRA-16669) Password obfuscation for DCL audit log statements
[ https://issues.apache.org/jira/browse/CASSANDRA-16669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363732#comment-17363732 ] Ekaterina Dimitrova edited comment on CASSANDRA-16669 at 6/15/21, 3:56 PM: --- Thank you all for your work! For visibility and the sake of completeness: * There is a failure in the Jenkins devbranch run which is because the branch with the patch was not rebased so the [patch|https://github.com/apache/cassandra/commit/a0af091a5cbceeaa2b8f724b1790b61ef512b033] for which the failing test was created was missing. No new failures introduced by this patch. The post-commit CI is still running but the cqlsh tests are already [successfully completed|https://jenkins-cm4.apache.org/blue/organizations/jenkins/Cassandra-4.0.0/detail/Cassandra-4.0.0/27/pipeline]. * And my feedback would be: {quote} - Add a test case for {{CREATE /*password*/ ROLE bla bla}} which would be a way to bypass - In the future move to lexer/parser level obfuscation - You can only hack the thing with useless stmnts like {{ALTER ROLE alicepassword...}} that lead nowhere{quote} These cases are covered in the latest patch as the patch is simple and drastic at this point until we work on the mentioned improvement for 4.0.1, It simply takes the DCL statement as a String and checks for password substring (upper case, mixed case, and lower case covered) and then obfuscates everything after it; non-valid statements are also covered which is visible from the test added by Vinay. was (Author: e.dimitrova): Thank you all for your work! For visibility and the sake of completeness: * There is a failure in the Jenkins devbranch run which is because the branch with the patch was not rebased so the [patch|https://github.com/apache/cassandra/commit/a0af091a5cbceeaa2b8f724b1790b61ef512b033] for which the failing test was created was missing. No new failures introduced by this patch. The post-commit is still running but the cqlsh tests are already [successfully completed|https://jenkins-cm4.apache.org/blue/organizations/jenkins/Cassandra-4.0.0/detail/Cassandra-4.0.0/27/pipeline]. * And my feedback would be: {quote} - Add a test case for {{CREATE /*password*/ ROLE bla bla}} which would be a way to bypass - In the future move to lexer/parser level obfuscation - You can only hack the thing with useless stmnts like {{ALTER ROLE alicepassword...}} that lead nowhere{quote} These cases are covered in the latest patch as the patch is simple and drastic at this point until we work on the mentioned improvement for 4.0.1, It simply takes the DCL statement as a String and checks for password substring (upper case, mixed case, and lower case covered) and then obfuscates everything after it; non-valid statements are also covered which is visible from the test added by Vinay. > Password obfuscation for DCL audit log statements > - > > Key: CASSANDRA-16669 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16669 > Project: Cassandra > Issue Type: Bug > Components: Tool/auditlogging >Reporter: Vinay Chella >Assignee: Sumanth Pasupuleti >Priority: Normal > Labels: audit, security > Fix For: 4.0-rc, 4.0.x, 4.x > > Time Spent: 6h 10m > Remaining Estimate: 0h > > The goal of this JIRA is to obfuscate passwords or any sensitive information > from DCL audit log statements. > Currently, (Cassandra version 4.0-rc1) logs query statements for any DCL > ([ROLE|https://cassandra.apache.org/doc/latest/cql/security.html#database-roles] > and [USER|https://cassandra.apache.org/doc/latest/cql/security.html#users] ) > queries with passwords in plaintext format in audit log files. > The current workaround to avoid plain text passwords from being logged in > audit log files is either by > [excluding|https://cassandra.apache.org/doc/latest/operating/audit_logging.html#options] > DCL statements from auditing or by excluding the user who is creating these > roles from auditing. > It would be ideal for Cassandra to provide an option or default to obfuscate > passwords or any sensitive information from DCL audit log statements. > Sample audit logs with DCL queries > {code:sh} > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190499676|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE new_role; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190505313|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE alice WITH PASSWORD = 'password_a' AND LOGIN = true; > Type: audit > LogMessage: >
[jira] [Comment Edited] (CASSANDRA-16669) Password obfuscation for DCL audit log statements
[ https://issues.apache.org/jira/browse/CASSANDRA-16669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363732#comment-17363732 ] Ekaterina Dimitrova edited comment on CASSANDRA-16669 at 6/15/21, 3:55 PM: --- Thank you all for your work! For visibility and the sake of completeness: * There is a failure in the Jenkins devbranch run which is because the branch with the patch was not rebased so the [patch|https://github.com/apache/cassandra/commit/a0af091a5cbceeaa2b8f724b1790b61ef512b033] for which the failing test was created was missing. No new failures introduced by this patch. The post-commit is still running but the cqlsh tests are already [successfully completed|https://jenkins-cm4.apache.org/blue/organizations/jenkins/Cassandra-4.0.0/detail/Cassandra-4.0.0/27/pipeline]. * And my feedback would be: {quote} - Add a test case for {{CREATE /*password*/ ROLE bla bla}} which would be a way to bypass - In the future move to lexer/parser level obfuscation - You can only hack the thing with useless stmnts like {{ALTER ROLE alicepassword...}} that lead nowhere{quote} These cases are covered in the latest patch as the patch is simple and drastic at this point until we work on the mentioned improvement for 4.0.1, It simply takes the DCL statement as a String and checks for password substring (upper case, mixed case, and lower case covered) and then obfuscates everything after it; non-valid statements are also covered which is visible from the test added by Vinay. was (Author: e.dimitrova): Thank you all for your work! For visibility and the sake of completeness: * There is a failure in the Jenkins devbranch run which is because the branch with the patch was not rebased so the [patch|https://github.com/apache/cassandra/commit/a0af091a5cbceeaa2b8f724b1790b61ef512b033] for which the failing test was created was missing. No new failures introduced by this patch. The post-commit is still running but the cqlsh tests are already [successfully completed|https://jenkins-cm4.apache.org/blue/organizations/jenkins/Cassandra-4.0.0/detail/Cassandra-4.0.0/27/pipeline]. * {quote}{quote}And my feedback would be: {quote} - Add a test case for {{CREATE /*password*/ ROLE bla bla}} which would be a way to bypass - In the future move to lexer/parser level obfuscation - You can only hack the thing with useless stmnts like {{ALTER ROLE alicepassword...}} that lead nowhere{quote} These cases are covered in the latest patch as the patch is simple and drastic at this point until we work on the mentioned improvement for 4.0.1, It simply takes the DCL statement as a String and checks for password substring (upper case, mixed case, and lower case covered) and then obfuscates everything after it. > Password obfuscation for DCL audit log statements > - > > Key: CASSANDRA-16669 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16669 > Project: Cassandra > Issue Type: Bug > Components: Tool/auditlogging >Reporter: Vinay Chella >Assignee: Sumanth Pasupuleti >Priority: Normal > Labels: audit, security > Fix For: 4.0-rc, 4.0.x, 4.x > > Time Spent: 6h 10m > Remaining Estimate: 0h > > The goal of this JIRA is to obfuscate passwords or any sensitive information > from DCL audit log statements. > Currently, (Cassandra version 4.0-rc1) logs query statements for any DCL > ([ROLE|https://cassandra.apache.org/doc/latest/cql/security.html#database-roles] > and [USER|https://cassandra.apache.org/doc/latest/cql/security.html#users] ) > queries with passwords in plaintext format in audit log files. > The current workaround to avoid plain text passwords from being logged in > audit log files is either by > [excluding|https://cassandra.apache.org/doc/latest/operating/audit_logging.html#options] > DCL statements from auditing or by excluding the user who is creating these > roles from auditing. > It would be ideal for Cassandra to provide an option or default to obfuscate > passwords or any sensitive information from DCL audit log statements. > Sample audit logs with DCL queries > {code:sh} > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190499676|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE new_role; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190505313|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE alice WITH PASSWORD = 'password_a' AND LOGIN = true; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190519521|type:REQUEST_FAILURE|category:ERROR|operation:ALTER > ROLE bob WITH PASSWORD =
[jira] [Commented] (CASSANDRA-16669) Password obfuscation for DCL audit log statements
[ https://issues.apache.org/jira/browse/CASSANDRA-16669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363732#comment-17363732 ] Ekaterina Dimitrova commented on CASSANDRA-16669: - Thank you all for your work! For visibility and the sake of completeness: * There is a failure in the Jenkins devbranch run which is because the branch with the patch was not rebased so the [patch|https://github.com/apache/cassandra/commit/a0af091a5cbceeaa2b8f724b1790b61ef512b033] for which the failing test was created was missing. No new failures introduced by this patch. The post-commit is still running but the cqlsh tests are already [successfully completed|https://jenkins-cm4.apache.org/blue/organizations/jenkins/Cassandra-4.0.0/detail/Cassandra-4.0.0/27/pipeline]. * {quote}{quote}And my feedback would be: {quote} - Add a test case for {{CREATE /*password*/ ROLE bla bla}} which would be a way to bypass - In the future move to lexer/parser level obfuscation - You can only hack the thing with useless stmnts like {{ALTER ROLE alicepassword...}} that lead nowhere{quote} These cases are covered in the latest patch as the patch is simple and drastic at this point until we work on the mentioned improvement for 4.0.1, It simply takes the DCL statement as a String and checks for password substring (upper case, mixed case, and lower case covered) and then obfuscates everything after it. > Password obfuscation for DCL audit log statements > - > > Key: CASSANDRA-16669 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16669 > Project: Cassandra > Issue Type: Bug > Components: Tool/auditlogging >Reporter: Vinay Chella >Assignee: Sumanth Pasupuleti >Priority: Normal > Labels: audit, security > Fix For: 4.0-rc, 4.0.x, 4.x > > Time Spent: 6h 10m > Remaining Estimate: 0h > > The goal of this JIRA is to obfuscate passwords or any sensitive information > from DCL audit log statements. > Currently, (Cassandra version 4.0-rc1) logs query statements for any DCL > ([ROLE|https://cassandra.apache.org/doc/latest/cql/security.html#database-roles] > and [USER|https://cassandra.apache.org/doc/latest/cql/security.html#users] ) > queries with passwords in plaintext format in audit log files. > The current workaround to avoid plain text passwords from being logged in > audit log files is either by > [excluding|https://cassandra.apache.org/doc/latest/operating/audit_logging.html#options] > DCL statements from auditing or by excluding the user who is creating these > roles from auditing. > It would be ideal for Cassandra to provide an option or default to obfuscate > passwords or any sensitive information from DCL audit log statements. > Sample audit logs with DCL queries > {code:sh} > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190499676|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE new_role; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190505313|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE alice WITH PASSWORD = 'password_a' AND LOGIN = true; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190519521|type:REQUEST_FAILURE|category:ERROR|operation:ALTER > ROLE bob WITH PASSWORD = 'PASSWORD_B' AND SUPERUSER = false;; bob doesn't > exist > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190525376|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE bob WITH PASSWORD = 'password_b' AND LOGIN = true AND SUPERUSER = true; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190532462|type:ALTER_ROLE|category:DCL|operation:ALTER > ROLE bob WITH PASSWORD = 'PASSWORD_B' AND SUPERUSER = false; > {code} > It is also ideal to document this workaround or assumption in Cassandra audit > log documentation until we close this JIRA -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16744) Consolidate test options in build.xml
[ https://issues.apache.org/jira/browse/CASSANDRA-16744?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Brandon Williams updated CASSANDRA-16744: - Change Category: Code Clarity Complexity: Normal Component/s: Test/unit Status: Open (was: Triage Needed) > Consolidate test options in build.xml > - > > Key: CASSANDRA-16744 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16744 > Project: Cassandra > Issue Type: Improvement > Components: Test/unit >Reporter: Brandon Williams >Priority: Normal > > There are quite a few different targets where we add things such as : > {noformat} > > > > {noformat} > It would be good to not repeat these so much and have a more unified place to > adjust them. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Created] (CASSANDRA-16744) Consolidate test options in build.xml
Brandon Williams created CASSANDRA-16744: Summary: Consolidate test options in build.xml Key: CASSANDRA-16744 URL: https://issues.apache.org/jira/browse/CASSANDRA-16744 Project: Cassandra Issue Type: Improvement Reporter: Brandon Williams There are quite a few different targets where we add things such as : {noformat} {noformat} It would be good to not repeat these so much and have a more unified place to adjust them. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16612) RingTest has inconsistent assertion
[ https://issues.apache.org/jira/browse/CASSANDRA-16612?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ekaterina Dimitrova updated CASSANDRA-16612: Fix Version/s: (was: 4.0-rc2) (was: 4.0) > RingTest has inconsistent assertion > --- > > Key: CASSANDRA-16612 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16612 > Project: Cassandra > Issue Type: Bug > Components: Test/unit >Reporter: Jacek Lewandowski >Assignee: Ekaterina Dimitrova >Priority: Normal > Fix For: 4.0.x > > > There is an assertion for the node current load like: > {noformat} > assertThat(hostRing, matchesPattern(".*\\d+\\.\\d+ KiB.*")); > {noformat} > while we are formatting that value with {{#.##}}. Therefore if we say have 46 > KiB, it will be formatted as 46 KiB rather than 46.00 KiB which is expected > by the test. We need to either change this assertion or change the format > string to {{#0.00}} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16612) RingTest has inconsistent assertion
[ https://issues.apache.org/jira/browse/CASSANDRA-16612?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363663#comment-17363663 ] Ekaterina Dimitrova commented on CASSANDRA-16612: - Yes, seems I didn't commit that change. :( All valid points, I suggest a quick commit only to trunk > RingTest has inconsistent assertion > --- > > Key: CASSANDRA-16612 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16612 > Project: Cassandra > Issue Type: Bug > Components: Test/unit >Reporter: Jacek Lewandowski >Assignee: Ekaterina Dimitrova >Priority: Normal > Fix For: 4.0-rc2, 4.0, 4.0.x > > > There is an assertion for the node current load like: > {noformat} > assertThat(hostRing, matchesPattern(".*\\d+\\.\\d+ KiB.*")); > {noformat} > while we are formatting that value with {{#.##}}. Therefore if we say have 46 > KiB, it will be formatted as 46 KiB rather than 46.00 KiB which is expected > by the test. We need to either change this assertion or change the format > string to {{#0.00}} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16612) RingTest has inconsistent assertion
[ https://issues.apache.org/jira/browse/CASSANDRA-16612?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363629#comment-17363629 ] Andres de la Peña commented on CASSANDRA-16612: --- I think that the unpatched test is never going to fail because it always has a load of {{45.84 KiB}}. [Here|https://app.circleci.com/pipelines/github/adelapena/cassandra/597/workflows/974af381-2c2d-4dc4-a203-4671a1caba64] are 10K multiplexer rounds showing how at least 4.0.0 seems to be unaffected. Nevertheless I agree that the regex is incorrect and we should fix it, although I'm not sure that we need to do it in 4.0.0. As for the patch, it seems that it contains the cosmetic changes but I think that [the relevant change|https://github.com/apache/cassandra/blob/31c1bbe87f8e376f353df2a16881124122045936/test/unit/org/apache/cassandra/tools/nodetool/StatusTest.java#L91] in the regex is missed. > RingTest has inconsistent assertion > --- > > Key: CASSANDRA-16612 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16612 > Project: Cassandra > Issue Type: Bug > Components: Test/unit >Reporter: Jacek Lewandowski >Assignee: Ekaterina Dimitrova >Priority: Normal > Fix For: 4.0-rc2, 4.0, 4.0.x > > > There is an assertion for the node current load like: > {noformat} > assertThat(hostRing, matchesPattern(".*\\d+\\.\\d+ KiB.*")); > {noformat} > while we are formatting that value with {{#.##}}. Therefore if we say have 46 > KiB, it will be formatted as 46 KiB rather than 46.00 KiB which is expected > by the test. We need to either change this assertion or change the format > string to {{#0.00}} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16697) generate-idea-files taks unnecessarily builds the project
[ https://issues.apache.org/jira/browse/CASSANDRA-16697?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Semb Wever updated CASSANDRA-16697: --- Reviewers: Michael Semb Wever Status: Review In Progress (was: Patch Available) > generate-idea-files taks unnecessarily builds the project > - > > Key: CASSANDRA-16697 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16697 > Project: Cassandra > Issue Type: Improvement > Components: Build >Reporter: Jacek Lewandowski >Assignee: Jacek Lewandowski >Priority: Normal > Time Spent: 10m > Remaining Estimate: 0h > > This is especially painful when the project cannot be built because we are in > the middle of solving some merge conflicts, but we want to fetch and update > dependencies. It seems be to be unnecessary to build the project or to do > other checks when we just want to load the project into our IDE. > From what I've tested, it is enough to limit dependencies of that task to: > {{init,maven-ant-tasks-init,resolver-dist-lib,gen-cql3-grammar,generate-jflex-java,createVersionPropFile}} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16697) generate-idea-files taks unnecessarily builds the project
[ https://issues.apache.org/jira/browse/CASSANDRA-16697?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Semb Wever updated CASSANDRA-16697: --- Fix Version/s: 4.x 4.0.x > generate-idea-files taks unnecessarily builds the project > - > > Key: CASSANDRA-16697 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16697 > Project: Cassandra > Issue Type: Improvement > Components: Build >Reporter: Jacek Lewandowski >Assignee: Jacek Lewandowski >Priority: Normal > Fix For: 4.0.x, 4.x > > Time Spent: 10m > Remaining Estimate: 0h > > This is especially painful when the project cannot be built because we are in > the middle of solving some merge conflicts, but we want to fetch and update > dependencies. It seems be to be unnecessary to build the project or to do > other checks when we just want to load the project into our IDE. > From what I've tested, it is enough to limit dependencies of that task to: > {{init,maven-ant-tasks-init,resolver-dist-lib,gen-cql3-grammar,generate-jflex-java,createVersionPropFile}} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16697) generate-idea-files taks unnecessarily builds the project
[ https://issues.apache.org/jira/browse/CASSANDRA-16697?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacek Lewandowski updated CASSANDRA-16697: -- Test and Documentation Plan: Try generate project in intellij + compile it + run some tests For branches with modified test code - run unit tests Status: Patch Available (was: Open) > generate-idea-files taks unnecessarily builds the project > - > > Key: CASSANDRA-16697 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16697 > Project: Cassandra > Issue Type: Improvement > Components: Build >Reporter: Jacek Lewandowski >Assignee: Jacek Lewandowski >Priority: Normal > Time Spent: 10m > Remaining Estimate: 0h > > This is especially painful when the project cannot be built because we are in > the middle of solving some merge conflicts, but we want to fetch and update > dependencies. It seems be to be unnecessary to build the project or to do > other checks when we just want to load the project into our IDE. > From what I've tested, it is enough to limit dependencies of that task to: > {{init,maven-ant-tasks-init,resolver-dist-lib,gen-cql3-grammar,generate-jflex-java,createVersionPropFile}} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16697) generate-idea-files taks unnecessarily builds the project
[ https://issues.apache.org/jira/browse/CASSANDRA-16697?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacek Lewandowski updated CASSANDRA-16697: -- Change Category: Code Clarity Complexity: Low Hanging Fruit Status: Open (was: Triage Needed) > generate-idea-files taks unnecessarily builds the project > - > > Key: CASSANDRA-16697 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16697 > Project: Cassandra > Issue Type: Improvement > Components: Build >Reporter: Jacek Lewandowski >Assignee: Jacek Lewandowski >Priority: Normal > Time Spent: 10m > Remaining Estimate: 0h > > This is especially painful when the project cannot be built because we are in > the middle of solving some merge conflicts, but we want to fetch and update > dependencies. It seems be to be unnecessary to build the project or to do > other checks when we just want to load the project into our IDE. > From what I've tested, it is enough to limit dependencies of that task to: > {{init,maven-ant-tasks-init,resolver-dist-lib,gen-cql3-grammar,generate-jflex-java,createVersionPropFile}} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16697) generate-idea-files taks unnecessarily builds the project
[ https://issues.apache.org/jira/browse/CASSANDRA-16697?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363619#comment-17363619 ] Jacek Lewandowski commented on CASSANDRA-16697: --- I've tested the above by generating idea files for a freshly checked out project, building it in idea and running some tests in idea. > generate-idea-files taks unnecessarily builds the project > - > > Key: CASSANDRA-16697 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16697 > Project: Cassandra > Issue Type: Improvement > Components: Build >Reporter: Jacek Lewandowski >Assignee: Jacek Lewandowski >Priority: Normal > Time Spent: 10m > Remaining Estimate: 0h > > This is especially painful when the project cannot be built because we are in > the middle of solving some merge conflicts, but we want to fetch and update > dependencies. It seems be to be unnecessary to build the project or to do > other checks when we just want to load the project into our IDE. > From what I've tested, it is enough to limit dependencies of that task to: > {{init,maven-ant-tasks-init,resolver-dist-lib,gen-cql3-grammar,generate-jflex-java,createVersionPropFile}} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16697) generate-idea-files taks unnecessarily builds the project
[ https://issues.apache.org/jira/browse/CASSANDRA-16697?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363618#comment-17363618 ] Jacek Lewandowski commented on CASSANDRA-16697: --- https://github.com/apache/cassandra/pull/1069 (3.0) https://github.com/apache/cassandra/pull/1070 (3.11) https://github.com/apache/cassandra/pull/1071 (4.0) [~mck] / [~edimitrova] could you review? > generate-idea-files taks unnecessarily builds the project > - > > Key: CASSANDRA-16697 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16697 > Project: Cassandra > Issue Type: Improvement > Components: Build >Reporter: Jacek Lewandowski >Assignee: Jacek Lewandowski >Priority: Normal > Time Spent: 10m > Remaining Estimate: 0h > > This is especially painful when the project cannot be built because we are in > the middle of solving some merge conflicts, but we want to fetch and update > dependencies. It seems be to be unnecessary to build the project or to do > other checks when we just want to load the project into our IDE. > From what I've tested, it is enough to limit dependencies of that task to: > {{init,maven-ant-tasks-init,resolver-dist-lib,gen-cql3-grammar,generate-jflex-java,createVersionPropFile}} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16669) Password obfuscation for DCL audit log statements
[ https://issues.apache.org/jira/browse/CASSANDRA-16669?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Stefan Miklosovic updated CASSANDRA-16669: -- Since Version: 4.0-alpha1 Source Control Link: https://github.com/apache/cassandra/commit/f978bea272409109e312a27a121f849879650bdb Resolution: Fixed Status: Resolved (was: Ready to Commit) > Password obfuscation for DCL audit log statements > - > > Key: CASSANDRA-16669 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16669 > Project: Cassandra > Issue Type: Bug > Components: Tool/auditlogging >Reporter: Vinay Chella >Assignee: Sumanth Pasupuleti >Priority: Normal > Labels: audit, security > Fix For: 4.0-rc, 4.0.x, 4.x > > Time Spent: 6h 10m > Remaining Estimate: 0h > > The goal of this JIRA is to obfuscate passwords or any sensitive information > from DCL audit log statements. > Currently, (Cassandra version 4.0-rc1) logs query statements for any DCL > ([ROLE|https://cassandra.apache.org/doc/latest/cql/security.html#database-roles] > and [USER|https://cassandra.apache.org/doc/latest/cql/security.html#users] ) > queries with passwords in plaintext format in audit log files. > The current workaround to avoid plain text passwords from being logged in > audit log files is either by > [excluding|https://cassandra.apache.org/doc/latest/operating/audit_logging.html#options] > DCL statements from auditing or by excluding the user who is creating these > roles from auditing. > It would be ideal for Cassandra to provide an option or default to obfuscate > passwords or any sensitive information from DCL audit log statements. > Sample audit logs with DCL queries > {code:sh} > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190499676|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE new_role; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190505313|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE alice WITH PASSWORD = 'password_a' AND LOGIN = true; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190519521|type:REQUEST_FAILURE|category:ERROR|operation:ALTER > ROLE bob WITH PASSWORD = 'PASSWORD_B' AND SUPERUSER = false;; bob doesn't > exist > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190525376|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE bob WITH PASSWORD = 'password_b' AND LOGIN = true AND SUPERUSER = true; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190532462|type:ALTER_ROLE|category:DCL|operation:ALTER > ROLE bob WITH PASSWORD = 'PASSWORD_B' AND SUPERUSER = false; > {code} > It is also ideal to document this workaround or assumption in Cassandra audit > log documentation until we close this JIRA -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16669) Password obfuscation for DCL audit log statements
[ https://issues.apache.org/jira/browse/CASSANDRA-16669?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Stefan Miklosovic updated CASSANDRA-16669: -- Status: Ready to Commit (was: Review In Progress) > Password obfuscation for DCL audit log statements > - > > Key: CASSANDRA-16669 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16669 > Project: Cassandra > Issue Type: Bug > Components: Tool/auditlogging >Reporter: Vinay Chella >Assignee: Sumanth Pasupuleti >Priority: Normal > Labels: audit, security > Fix For: 4.0-rc, 4.0.x, 4.x > > Time Spent: 6h 10m > Remaining Estimate: 0h > > The goal of this JIRA is to obfuscate passwords or any sensitive information > from DCL audit log statements. > Currently, (Cassandra version 4.0-rc1) logs query statements for any DCL > ([ROLE|https://cassandra.apache.org/doc/latest/cql/security.html#database-roles] > and [USER|https://cassandra.apache.org/doc/latest/cql/security.html#users] ) > queries with passwords in plaintext format in audit log files. > The current workaround to avoid plain text passwords from being logged in > audit log files is either by > [excluding|https://cassandra.apache.org/doc/latest/operating/audit_logging.html#options] > DCL statements from auditing or by excluding the user who is creating these > roles from auditing. > It would be ideal for Cassandra to provide an option or default to obfuscate > passwords or any sensitive information from DCL audit log statements. > Sample audit logs with DCL queries > {code:sh} > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190499676|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE new_role; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190505313|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE alice WITH PASSWORD = 'password_a' AND LOGIN = true; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190519521|type:REQUEST_FAILURE|category:ERROR|operation:ALTER > ROLE bob WITH PASSWORD = 'PASSWORD_B' AND SUPERUSER = false;; bob doesn't > exist > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190525376|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE bob WITH PASSWORD = 'password_b' AND LOGIN = true AND SUPERUSER = true; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190532462|type:ALTER_ROLE|category:DCL|operation:ALTER > ROLE bob WITH PASSWORD = 'PASSWORD_B' AND SUPERUSER = false; > {code} > It is also ideal to document this workaround or assumption in Cassandra audit > log documentation until we close this JIRA -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[cassandra] 01/01: Merge branch 'cassandra-4.0' into trunk
This is an automated email from the ASF dual-hosted git repository. smiklosovic pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/cassandra.git commit 5d3b698c65e4fe4f41bc727b7828e59e3ad7a412 Merge: 58e1982 6d21bd9 Author: Stefan Miklosovic AuthorDate: Tue Jun 15 14:38:29 2021 +0200 Merge branch 'cassandra-4.0' into trunk CHANGES.txt| 1 + doc/source/new/auditlogging.rst| 66 + doc/source/new/fqllogging.rst | 4 + .../apache/cassandra/audit/AuditLogManager.java| 2 +- .../apache/cassandra/cql3/PasswordObfuscator.java | 40 + .../org/apache/cassandra/cql3/QueryEvents.java | 33 - .../cassandra/audit/AuditLoggerAuthTest.java | 37 - .../cassandra/cql3/PasswordObfuscatorTest.java | 162 + 8 files changed, 298 insertions(+), 47 deletions(-) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[cassandra] branch trunk updated (58e1982 -> 5d3b698)
This is an automated email from the ASF dual-hosted git repository. smiklosovic pushed a change to branch trunk in repository https://gitbox.apache.org/repos/asf/cassandra.git. from 58e1982 Merge branch 'cassandra-4.0' into trunk add f978bea Obfuscate passwords in statements in QueryEvents add 6d21bd9 Merge branch 'cassandra-4.0.0' into cassandra-4.0 new 5d3b698 Merge branch 'cassandra-4.0' into trunk The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: CHANGES.txt| 1 + doc/source/new/auditlogging.rst| 66 + doc/source/new/fqllogging.rst | 4 + .../apache/cassandra/audit/AuditLogManager.java| 2 +- .../{RoleName.java => PasswordObfuscator.java} | 36 ++--- .../org/apache/cassandra/cql3/QueryEvents.java | 33 - .../cassandra/audit/AuditLoggerAuthTest.java | 37 - .../cassandra/cql3/PasswordObfuscatorTest.java | 162 + 8 files changed, 273 insertions(+), 68 deletions(-) copy src/java/org/apache/cassandra/cql3/{RoleName.java => PasswordObfuscator.java} (59%) create mode 100644 test/unit/org/apache/cassandra/cql3/PasswordObfuscatorTest.java - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[cassandra] branch cassandra-4.0 updated (4816ad2 -> 6d21bd9)
This is an automated email from the ASF dual-hosted git repository. smiklosovic pushed a change to branch cassandra-4.0 in repository https://gitbox.apache.org/repos/asf/cassandra.git. from 4816ad2 Merge branch 'cassandra-4.0.0' into cassandra-4.0 add f978bea Obfuscate passwords in statements in QueryEvents add 6d21bd9 Merge branch 'cassandra-4.0.0' into cassandra-4.0 No new revisions were added by this update. Summary of changes: CHANGES.txt| 1 + doc/source/new/auditlogging.rst| 66 + doc/source/new/fqllogging.rst | 4 + .../apache/cassandra/audit/AuditLogManager.java| 2 +- .../{RoleName.java => PasswordObfuscator.java} | 36 ++--- .../org/apache/cassandra/cql3/QueryEvents.java | 33 - .../cassandra/audit/AuditLoggerAuthTest.java | 37 - .../cassandra/cql3/PasswordObfuscatorTest.java | 162 + 8 files changed, 273 insertions(+), 68 deletions(-) copy src/java/org/apache/cassandra/cql3/{RoleName.java => PasswordObfuscator.java} (59%) create mode 100644 test/unit/org/apache/cassandra/cql3/PasswordObfuscatorTest.java - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[cassandra] branch cassandra-4.0.0 updated (1579d20 -> f978bea)
This is an automated email from the ASF dual-hosted git repository. smiklosovic pushed a change to branch cassandra-4.0.0 in repository https://gitbox.apache.org/repos/asf/cassandra.git. from 1579d20 ninja remove noisly line during cqlsh export add f978bea Obfuscate passwords in statements in QueryEvents No new revisions were added by this update. Summary of changes: CHANGES.txt| 1 + doc/source/new/auditlogging.rst| 66 + doc/source/new/fqllogging.rst | 4 + .../apache/cassandra/audit/AuditLogManager.java| 2 +- .../{RoleName.java => PasswordObfuscator.java} | 36 ++--- .../org/apache/cassandra/cql3/QueryEvents.java | 33 - .../cassandra/audit/AuditLoggerAuthTest.java | 37 - .../cassandra/cql3/PasswordObfuscatorTest.java | 162 + 8 files changed, 273 insertions(+), 68 deletions(-) copy src/java/org/apache/cassandra/cql3/{RoleName.java => PasswordObfuscator.java} (59%) create mode 100644 test/unit/org/apache/cassandra/cql3/PasswordObfuscatorTest.java - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16612) RingTest has inconsistent assertion
[ https://issues.apache.org/jira/browse/CASSANDRA-16612?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andres de la Peña updated CASSANDRA-16612: -- Reviewers: Andres de la Peña, Andres de la Peña (was: Andres de la Peña) Andres de la Peña, Andres de la Peña Status: Review In Progress (was: Patch Available) > RingTest has inconsistent assertion > --- > > Key: CASSANDRA-16612 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16612 > Project: Cassandra > Issue Type: Bug > Components: Test/unit >Reporter: Jacek Lewandowski >Assignee: Ekaterina Dimitrova >Priority: Normal > Fix For: 4.0-rc2, 4.0, 4.0.x > > > There is an assertion for the node current load like: > {noformat} > assertThat(hostRing, matchesPattern(".*\\d+\\.\\d+ KiB.*")); > {noformat} > while we are formatting that value with {{#.##}}. Therefore if we say have 46 > KiB, it will be formatted as 46 KiB rather than 46.00 KiB which is expected > by the test. We need to either change this assertion or change the format > string to {{#0.00}} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-12519) dtest failure in offline_tools_test.TestOfflineTools.sstableofflinerelevel_test
[ https://issues.apache.org/jira/browse/CASSANDRA-12519?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363524#comment-17363524 ] Andres de la Peña commented on CASSANDRA-12519: --- Ok, I've changed the fix version. I guess that we will just ignore the occasional test failure if it appears in 4.0.0. > dtest failure in > offline_tools_test.TestOfflineTools.sstableofflinerelevel_test > --- > > Key: CASSANDRA-12519 > URL: https://issues.apache.org/jira/browse/CASSANDRA-12519 > Project: Cassandra > Issue Type: Improvement > Components: Test/dtest/python >Reporter: Sean McCarthy >Assignee: Andres de la Peña >Priority: Normal > Fix For: 3.0.x, 3.11.x, 4.0.x, 4.x > > Attachments: node1.log, node1_debug.log, node1_gc.log > > Time Spent: 1h > Remaining Estimate: 0h > > example failure: > http://cassci.datastax.com/job/trunk_offheap_dtest/379/testReport/offline_tools_test/TestOfflineTools/sstableofflinerelevel_test/ > {code} > Stacktrace > File "/usr/lib/python2.7/unittest/case.py", line 329, in run > testMethod() > File "/home/automaton/cassandra-dtest/offline_tools_test.py", line 209, in > sstableofflinerelevel_test > self.assertGreater(max(final_levels), 1) > File "/usr/lib/python2.7/unittest/case.py", line 942, in assertGreater > self.fail(self._formatMessage(msg, standardMsg)) > File "/usr/lib/python2.7/unittest/case.py", line 410, in fail > raise self.failureException(msg) > "1 not greater than 1 > {code} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-12519) dtest failure in offline_tools_test.TestOfflineTools.sstableofflinerelevel_test
[ https://issues.apache.org/jira/browse/CASSANDRA-12519?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andres de la Peña updated CASSANDRA-12519: -- Fix Version/s: (was: 4.0-rc2) (was: 4.0-rc) (was: 4.0) 4.0.x > dtest failure in > offline_tools_test.TestOfflineTools.sstableofflinerelevel_test > --- > > Key: CASSANDRA-12519 > URL: https://issues.apache.org/jira/browse/CASSANDRA-12519 > Project: Cassandra > Issue Type: Improvement > Components: Test/dtest/python >Reporter: Sean McCarthy >Assignee: Andres de la Peña >Priority: Normal > Fix For: 3.0.x, 3.11.x, 4.0.x, 4.x > > Attachments: node1.log, node1_debug.log, node1_gc.log > > Time Spent: 1h > Remaining Estimate: 0h > > example failure: > http://cassci.datastax.com/job/trunk_offheap_dtest/379/testReport/offline_tools_test/TestOfflineTools/sstableofflinerelevel_test/ > {code} > Stacktrace > File "/usr/lib/python2.7/unittest/case.py", line 329, in run > testMethod() > File "/home/automaton/cassandra-dtest/offline_tools_test.py", line 209, in > sstableofflinerelevel_test > self.assertGreater(max(final_levels), 1) > File "/usr/lib/python2.7/unittest/case.py", line 942, in assertGreater > self.fail(self._formatMessage(msg, standardMsg)) > File "/usr/lib/python2.7/unittest/case.py", line 410, in fail > raise self.failureException(msg) > "1 not greater than 1 > {code} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16669) Password obfuscation for DCL audit log statements
[ https://issues.apache.org/jira/browse/CASSANDRA-16669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363449#comment-17363449 ] Stefan Miklosovic commented on CASSANDRA-16669: --- https://ci-cassandra.apache.org/view/patches/job/Cassandra-devbranch/864/ > Password obfuscation for DCL audit log statements > - > > Key: CASSANDRA-16669 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16669 > Project: Cassandra > Issue Type: Bug > Components: Tool/auditlogging >Reporter: Vinay Chella >Assignee: Sumanth Pasupuleti >Priority: Normal > Labels: audit, security > Fix For: 4.0-rc, 4.0.x, 4.x > > Time Spent: 6h 10m > Remaining Estimate: 0h > > The goal of this JIRA is to obfuscate passwords or any sensitive information > from DCL audit log statements. > Currently, (Cassandra version 4.0-rc1) logs query statements for any DCL > ([ROLE|https://cassandra.apache.org/doc/latest/cql/security.html#database-roles] > and [USER|https://cassandra.apache.org/doc/latest/cql/security.html#users] ) > queries with passwords in plaintext format in audit log files. > The current workaround to avoid plain text passwords from being logged in > audit log files is either by > [excluding|https://cassandra.apache.org/doc/latest/operating/audit_logging.html#options] > DCL statements from auditing or by excluding the user who is creating these > roles from auditing. > It would be ideal for Cassandra to provide an option or default to obfuscate > passwords or any sensitive information from DCL audit log statements. > Sample audit logs with DCL queries > {code:sh} > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190499676|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE new_role; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190505313|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE alice WITH PASSWORD = 'password_a' AND LOGIN = true; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190519521|type:REQUEST_FAILURE|category:ERROR|operation:ALTER > ROLE bob WITH PASSWORD = 'PASSWORD_B' AND SUPERUSER = false;; bob doesn't > exist > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190525376|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE bob WITH PASSWORD = 'password_b' AND LOGIN = true AND SUPERUSER = true; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190532462|type:ALTER_ROLE|category:DCL|operation:ALTER > ROLE bob WITH PASSWORD = 'PASSWORD_B' AND SUPERUSER = false; > {code} > It is also ideal to document this workaround or assumption in Cassandra audit > log documentation until we close this JIRA -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16669) Password obfuscation for DCL audit log statements
[ https://issues.apache.org/jira/browse/CASSANDRA-16669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363442#comment-17363442 ] Stefan Miklosovic commented on CASSANDRA-16669: --- I think we complicate this already, I am just fine how it is with a test from Vinay in GH I added. I am going to merge this today. > Password obfuscation for DCL audit log statements > - > > Key: CASSANDRA-16669 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16669 > Project: Cassandra > Issue Type: Bug > Components: Tool/auditlogging >Reporter: Vinay Chella >Assignee: Sumanth Pasupuleti >Priority: Normal > Labels: audit, security > Fix For: 4.0-rc, 4.0.x, 4.x > > Time Spent: 6h 10m > Remaining Estimate: 0h > > The goal of this JIRA is to obfuscate passwords or any sensitive information > from DCL audit log statements. > Currently, (Cassandra version 4.0-rc1) logs query statements for any DCL > ([ROLE|https://cassandra.apache.org/doc/latest/cql/security.html#database-roles] > and [USER|https://cassandra.apache.org/doc/latest/cql/security.html#users] ) > queries with passwords in plaintext format in audit log files. > The current workaround to avoid plain text passwords from being logged in > audit log files is either by > [excluding|https://cassandra.apache.org/doc/latest/operating/audit_logging.html#options] > DCL statements from auditing or by excluding the user who is creating these > roles from auditing. > It would be ideal for Cassandra to provide an option or default to obfuscate > passwords or any sensitive information from DCL audit log statements. > Sample audit logs with DCL queries > {code:sh} > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190499676|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE new_role; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190505313|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE alice WITH PASSWORD = 'password_a' AND LOGIN = true; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190519521|type:REQUEST_FAILURE|category:ERROR|operation:ALTER > ROLE bob WITH PASSWORD = 'PASSWORD_B' AND SUPERUSER = false;; bob doesn't > exist > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190525376|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE bob WITH PASSWORD = 'password_b' AND LOGIN = true AND SUPERUSER = true; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190532462|type:ALTER_ROLE|category:DCL|operation:ALTER > ROLE bob WITH PASSWORD = 'PASSWORD_B' AND SUPERUSER = false; > {code} > It is also ideal to document this workaround or assumption in Cassandra audit > log documentation until we close this JIRA -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16669) Password obfuscation for DCL audit log statements
[ https://issues.apache.org/jira/browse/CASSANDRA-16669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363429#comment-17363429 ] Berenguer Blasi commented on CASSANDRA-16669: - I wanted to give a hand here and went over the PR. I focused on: - Invalid stmnts which do indeed obfuscate - Bypassing Audit logging through: inline cql comments, lexer & parser token hacking and similar corner cases - Generic review And my feedback would be: - Add a test case for {{CREATE /*password*/ ROLE bla bla}} which would be a way to bypass - In the future move to lexer/parser level obfuscation - You can only hack the thing with useless stmnts like {{ALTER ROLE alicepassword...}} that lead nowhere - So overall +1 > Password obfuscation for DCL audit log statements > - > > Key: CASSANDRA-16669 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16669 > Project: Cassandra > Issue Type: Bug > Components: Tool/auditlogging >Reporter: Vinay Chella >Assignee: Sumanth Pasupuleti >Priority: Normal > Labels: audit, security > Fix For: 4.0-rc, 4.0.x, 4.x > > Time Spent: 6h 10m > Remaining Estimate: 0h > > The goal of this JIRA is to obfuscate passwords or any sensitive information > from DCL audit log statements. > Currently, (Cassandra version 4.0-rc1) logs query statements for any DCL > ([ROLE|https://cassandra.apache.org/doc/latest/cql/security.html#database-roles] > and [USER|https://cassandra.apache.org/doc/latest/cql/security.html#users] ) > queries with passwords in plaintext format in audit log files. > The current workaround to avoid plain text passwords from being logged in > audit log files is either by > [excluding|https://cassandra.apache.org/doc/latest/operating/audit_logging.html#options] > DCL statements from auditing or by excluding the user who is creating these > roles from auditing. > It would be ideal for Cassandra to provide an option or default to obfuscate > passwords or any sensitive information from DCL audit log statements. > Sample audit logs with DCL queries > {code:sh} > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190499676|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE new_role; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190505313|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE alice WITH PASSWORD = 'password_a' AND LOGIN = true; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190519521|type:REQUEST_FAILURE|category:ERROR|operation:ALTER > ROLE bob WITH PASSWORD = 'PASSWORD_B' AND SUPERUSER = false;; bob doesn't > exist > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190525376|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE bob WITH PASSWORD = 'password_b' AND LOGIN = true AND SUPERUSER = true; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190532462|type:ALTER_ROLE|category:DCL|operation:ALTER > ROLE bob WITH PASSWORD = 'PASSWORD_B' AND SUPERUSER = false; > {code} > It is also ideal to document this workaround or assumption in Cassandra audit > log documentation until we close this JIRA -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Comment Edited] (CASSANDRA-16669) Password obfuscation for DCL audit log statements
[ https://issues.apache.org/jira/browse/CASSANDRA-16669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363429#comment-17363429 ] Berenguer Blasi edited comment on CASSANDRA-16669 at 6/15/21, 7:29 AM: --- I wanted to give a hand here and went over the PR. I focused on: - Invalid stmnts which do indeed obfuscate - Bypassing Audit logging through: inline cql comments, lexer & parser token hacking and similar corner cases - Generic review And my feedback would be: - Add a test case for {{CREATE /\*password\*/ ROLE bla bla}} which would be a way to bypass - In the future move to lexer/parser level obfuscation - You can only hack the thing with useless stmnts like {{ALTER ROLE alicepassword...}} that lead nowhere - So overall +1 was (Author: bereng): I wanted to give a hand here and went over the PR. I focused on: - Invalid stmnts which do indeed obfuscate - Bypassing Audit logging through: inline cql comments, lexer & parser token hacking and similar corner cases - Generic review And my feedback would be: - Add a test case for {{CREATE /*password*/ ROLE bla bla}} which would be a way to bypass - In the future move to lexer/parser level obfuscation - You can only hack the thing with useless stmnts like {{ALTER ROLE alicepassword...}} that lead nowhere - So overall +1 > Password obfuscation for DCL audit log statements > - > > Key: CASSANDRA-16669 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16669 > Project: Cassandra > Issue Type: Bug > Components: Tool/auditlogging >Reporter: Vinay Chella >Assignee: Sumanth Pasupuleti >Priority: Normal > Labels: audit, security > Fix For: 4.0-rc, 4.0.x, 4.x > > Time Spent: 6h 10m > Remaining Estimate: 0h > > The goal of this JIRA is to obfuscate passwords or any sensitive information > from DCL audit log statements. > Currently, (Cassandra version 4.0-rc1) logs query statements for any DCL > ([ROLE|https://cassandra.apache.org/doc/latest/cql/security.html#database-roles] > and [USER|https://cassandra.apache.org/doc/latest/cql/security.html#users] ) > queries with passwords in plaintext format in audit log files. > The current workaround to avoid plain text passwords from being logged in > audit log files is either by > [excluding|https://cassandra.apache.org/doc/latest/operating/audit_logging.html#options] > DCL statements from auditing or by excluding the user who is creating these > roles from auditing. > It would be ideal for Cassandra to provide an option or default to obfuscate > passwords or any sensitive information from DCL audit log statements. > Sample audit logs with DCL queries > {code:sh} > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190499676|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE new_role; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190505313|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE alice WITH PASSWORD = 'password_a' AND LOGIN = true; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190519521|type:REQUEST_FAILURE|category:ERROR|operation:ALTER > ROLE bob WITH PASSWORD = 'PASSWORD_B' AND SUPERUSER = false;; bob doesn't > exist > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190525376|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE bob WITH PASSWORD = 'password_b' AND LOGIN = true AND SUPERUSER = true; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190532462|type:ALTER_ROLE|category:DCL|operation:ALTER > ROLE bob WITH PASSWORD = 'PASSWORD_B' AND SUPERUSER = false; > {code} > It is also ideal to document this workaround or assumption in Cassandra audit > log documentation until we close this JIRA -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16669) Password obfuscation for DCL audit log statements
[ https://issues.apache.org/jira/browse/CASSANDRA-16669?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Berenguer Blasi updated CASSANDRA-16669: Reviewers: Berenguer Blasi, Ekaterina Dimitrova, Stefan Miklosovic, Vinay Chella (was: Ekaterina Dimitrova, Stefan Miklosovic, Vinay Chella) > Password obfuscation for DCL audit log statements > - > > Key: CASSANDRA-16669 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16669 > Project: Cassandra > Issue Type: Bug > Components: Tool/auditlogging >Reporter: Vinay Chella >Assignee: Sumanth Pasupuleti >Priority: Normal > Labels: audit, security > Fix For: 4.0-rc, 4.0.x, 4.x > > Time Spent: 6h 10m > Remaining Estimate: 0h > > The goal of this JIRA is to obfuscate passwords or any sensitive information > from DCL audit log statements. > Currently, (Cassandra version 4.0-rc1) logs query statements for any DCL > ([ROLE|https://cassandra.apache.org/doc/latest/cql/security.html#database-roles] > and [USER|https://cassandra.apache.org/doc/latest/cql/security.html#users] ) > queries with passwords in plaintext format in audit log files. > The current workaround to avoid plain text passwords from being logged in > audit log files is either by > [excluding|https://cassandra.apache.org/doc/latest/operating/audit_logging.html#options] > DCL statements from auditing or by excluding the user who is creating these > roles from auditing. > It would be ideal for Cassandra to provide an option or default to obfuscate > passwords or any sensitive information from DCL audit log statements. > Sample audit logs with DCL queries > {code:sh} > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190499676|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE new_role; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190505313|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE alice WITH PASSWORD = 'password_a' AND LOGIN = true; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190519521|type:REQUEST_FAILURE|category:ERROR|operation:ALTER > ROLE bob WITH PASSWORD = 'PASSWORD_B' AND SUPERUSER = false;; bob doesn't > exist > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190525376|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE bob WITH PASSWORD = 'password_b' AND LOGIN = true AND SUPERUSER = true; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190532462|type:ALTER_ROLE|category:DCL|operation:ALTER > ROLE bob WITH PASSWORD = 'PASSWORD_B' AND SUPERUSER = false; > {code} > It is also ideal to document this workaround or assumption in Cassandra audit > log documentation until we close this JIRA -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Comment Edited] (CASSANDRA-16669) Password obfuscation for DCL audit log statements
[ https://issues.apache.org/jira/browse/CASSANDRA-16669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363396#comment-17363396 ] Vinay Chella edited comment on CASSANDRA-16669 at 6/15/21, 7:06 AM: [~e.dimitrova] Latest changes LGTM, except for a couple of minor nitpicks at latest [PR|https://github.com/ekaterinadimitrova2/cassandra/pull/140]. I confirm that the local testing of valid/invalid DCL statements obfuscated passwords *before* {code:java} Type: audit LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:62542|timestamp:1621049034578|type:REQUEST_FAILURE|category:ERROR|operation:CREATE ROLE bob WITH PASSWORD='password_b' AND LOGIN = true AND SUPERUSER = true;; bob already exists Type: audit LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:62542|timestamp:1621049057271|type:REQUEST_FAILURE|category:ERROR|operation:CREATE ROLE bob WITH PASSWORD='password_b' AND LOGIN = true AND SUPERUSER = true;; bob already exists {code} *after* {code:java} Type: audit LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:59634|timestamp:1623736337400|type:REQUEST_FAILURE|category:ERROR|operation:CREATE ROLE bob WITH PASSWORD ***; bob already exists Type: audit LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:59634|timestamp:1623736351148|type:REQUEST_FAILURE|category:ERROR|operation:CREATE ROLE bob1 WITH PASSWORD ***; bob1 already exists Type: audit LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:59634|timestamp:1623736356902|type:CREATE_ROLE|category:DCL|operation:CREATE ROLE bob12 WITH PASSWORD *** {code} *CircleCI Tests:* I could not run tests due to circleci account restrictions on my side, so I am leaning your test results. was (Author: vinaykumarcse): [~e.dimitrova] Latest changes LGTM, except for a couple of minor nitpicks. I confirm that the local testing of valid/invalid DCL statements obfuscated passwords *before* {code:java} Type: audit LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:62542|timestamp:1621049034578|type:REQUEST_FAILURE|category:ERROR|operation:CREATE ROLE bob WITH PASSWORD='password_b' AND LOGIN = true AND SUPERUSER = true;; bob already exists Type: audit LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:62542|timestamp:1621049057271|type:REQUEST_FAILURE|category:ERROR|operation:CREATE ROLE bob WITH PASSWORD='password_b' AND LOGIN = true AND SUPERUSER = true;; bob already exists {code} *after* {code:java} Type: audit LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:59634|timestamp:1623736337400|type:REQUEST_FAILURE|category:ERROR|operation:CREATE ROLE bob WITH PASSWORD ***; bob already exists Type: audit LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:59634|timestamp:1623736351148|type:REQUEST_FAILURE|category:ERROR|operation:CREATE ROLE bob1 WITH PASSWORD ***; bob1 already exists Type: audit LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:59634|timestamp:1623736356902|type:CREATE_ROLE|category:DCL|operation:CREATE ROLE bob12 WITH PASSWORD *** {code} *CircleCI Tests:* I could not run tests due to circleci account restrictions on my side, so I am leaning your test results. > Password obfuscation for DCL audit log statements > - > > Key: CASSANDRA-16669 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16669 > Project: Cassandra > Issue Type: Bug > Components: Tool/auditlogging >Reporter: Vinay Chella >Assignee: Sumanth Pasupuleti >Priority: Normal > Labels: audit, security > Fix For: 4.0-rc, 4.0.x, 4.x > > Time Spent: 6h 10m > Remaining Estimate: 0h > > The goal of this JIRA is to obfuscate passwords or any sensitive information > from DCL audit log statements. > Currently, (Cassandra version 4.0-rc1) logs query statements for any DCL > ([ROLE|https://cassandra.apache.org/doc/latest/cql/security.html#database-roles] > and [USER|https://cassandra.apache.org/doc/latest/cql/security.html#users] ) > queries with passwords in plaintext format in audit log files. > The current workaround to avoid plain text passwords from being logged in > audit log files is either by > [excluding|https://cassandra.apache.org/doc/latest/operating/audit_logging.html#options] > DCL statements from auditing or by excluding the user who is creating these > roles from auditing. > It would be ideal for Cassandra to provide an option or default to obfuscate > passwords or any sensitive information from DCL audit log statements. > Sample audit logs with DCL queries
[jira] [Commented] (CASSANDRA-16669) Password obfuscation for DCL audit log statements
[ https://issues.apache.org/jira/browse/CASSANDRA-16669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17363396#comment-17363396 ] Vinay Chella commented on CASSANDRA-16669: -- [~e.dimitrova] Latest changes LGTM, except for a couple of minor nitpicks. I confirm that the local testing of valid/invalid DCL statements obfuscated passwords *before* {code:java} Type: audit LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:62542|timestamp:1621049034578|type:REQUEST_FAILURE|category:ERROR|operation:CREATE ROLE bob WITH PASSWORD='password_b' AND LOGIN = true AND SUPERUSER = true;; bob already exists Type: audit LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:62542|timestamp:1621049057271|type:REQUEST_FAILURE|category:ERROR|operation:CREATE ROLE bob WITH PASSWORD='password_b' AND LOGIN = true AND SUPERUSER = true;; bob already exists {code} *after* {code:java} Type: audit LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:59634|timestamp:1623736337400|type:REQUEST_FAILURE|category:ERROR|operation:CREATE ROLE bob WITH PASSWORD ***; bob already exists Type: audit LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:59634|timestamp:1623736351148|type:REQUEST_FAILURE|category:ERROR|operation:CREATE ROLE bob1 WITH PASSWORD ***; bob1 already exists Type: audit LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:59634|timestamp:1623736356902|type:CREATE_ROLE|category:DCL|operation:CREATE ROLE bob12 WITH PASSWORD *** {code} *CircleCI Tests:* I could not run tests due to circleci account restrictions on my side, so I am leaning your test results. > Password obfuscation for DCL audit log statements > - > > Key: CASSANDRA-16669 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16669 > Project: Cassandra > Issue Type: Bug > Components: Tool/auditlogging >Reporter: Vinay Chella >Assignee: Sumanth Pasupuleti >Priority: Normal > Labels: audit, security > Fix For: 4.0-rc, 4.0.x, 4.x > > Time Spent: 6h 10m > Remaining Estimate: 0h > > The goal of this JIRA is to obfuscate passwords or any sensitive information > from DCL audit log statements. > Currently, (Cassandra version 4.0-rc1) logs query statements for any DCL > ([ROLE|https://cassandra.apache.org/doc/latest/cql/security.html#database-roles] > and [USER|https://cassandra.apache.org/doc/latest/cql/security.html#users] ) > queries with passwords in plaintext format in audit log files. > The current workaround to avoid plain text passwords from being logged in > audit log files is either by > [excluding|https://cassandra.apache.org/doc/latest/operating/audit_logging.html#options] > DCL statements from auditing or by excluding the user who is creating these > roles from auditing. > It would be ideal for Cassandra to provide an option or default to obfuscate > passwords or any sensitive information from DCL audit log statements. > Sample audit logs with DCL queries > {code:sh} > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190499676|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE new_role; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190505313|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE alice WITH PASSWORD = 'password_a' AND LOGIN = true; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190519521|type:REQUEST_FAILURE|category:ERROR|operation:ALTER > ROLE bob WITH PASSWORD = 'PASSWORD_B' AND SUPERUSER = false;; bob doesn't > exist > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190525376|type:CREATE_ROLE|category:DCL|operation:CREATE > ROLE bob WITH PASSWORD = 'password_b' AND LOGIN = true AND SUPERUSER = true; > Type: audit > LogMessage: > user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190532462|type:ALTER_ROLE|category:DCL|operation:ALTER > ROLE bob WITH PASSWORD = 'PASSWORD_B' AND SUPERUSER = false; > {code} > It is also ideal to document this workaround or assumption in Cassandra audit > log documentation until we close this JIRA -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org