[jira] [Commented] (CASSANDRA-7968) permissions_validity_in_ms should be settable via JMX
[ https://issues.apache.org/jira/browse/CASSANDRA-7968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14299318#comment-14299318 ] Aleksey Yeschenko commented on CASSANDRA-7968: -- And finally, I believe that Vishy ultimately got what he wanted in CASSANDRA-8194, which is in the released 2.0.12 now. > permissions_validity_in_ms should be settable via JMX > - > > Key: CASSANDRA-7968 > URL: https://issues.apache.org/jira/browse/CASSANDRA-7968 > Project: Cassandra > Issue Type: Improvement > Components: Core >Reporter: Brandon Williams >Assignee: Brandon Williams >Priority: Minor > Fix For: 2.0.11, 2.1.1 > > Attachments: 7968.txt > > > Oftentimes people don't think about auth problems and just run with the > default of RF=2 and 2000ms until it's too late, and at that point doing a > rolling restart to change the permissions cache can be a bit painful vs > setting it via JMX everywhere and then updating the yaml for future restarts. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-7968) permissions_validity_in_ms should be settable via JMX
[ https://issues.apache.org/jira/browse/CASSANDRA-7968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14299288#comment-14299288 ] Aleksey Yeschenko commented on CASSANDRA-7968: -- Can't get rid of something that's never been in, can you? I'm against adding this because I want that whole cache thing gone in favor of pushing that responsibility to individual implementations. Would be silly to add it, and almost immediately deprecate it. > permissions_validity_in_ms should be settable via JMX > - > > Key: CASSANDRA-7968 > URL: https://issues.apache.org/jira/browse/CASSANDRA-7968 > Project: Cassandra > Issue Type: Improvement > Components: Core >Reporter: Brandon Williams >Assignee: Brandon Williams >Priority: Minor > Fix For: 2.0.11, 2.1.1 > > Attachments: 7968.txt > > > Oftentimes people don't think about auth problems and just run with the > default of RF=2 and 2000ms until it's too late, and at that point doing a > rolling restart to change the permissions cache can be a bit painful vs > setting it via JMX everywhere and then updating the yaml for future restarts. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-7968) permissions_validity_in_ms should be settable via JMX
[ https://issues.apache.org/jira/browse/CASSANDRA-7968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14299285#comment-14299285 ] Richard Low commented on CASSANDRA-7968: As Benedict says, there is at least one user who cares :) > permissions_validity_in_ms should be settable via JMX > - > > Key: CASSANDRA-7968 > URL: https://issues.apache.org/jira/browse/CASSANDRA-7968 > Project: Cassandra > Issue Type: Improvement > Components: Core >Reporter: Brandon Williams >Assignee: Brandon Williams >Priority: Minor > Fix For: 2.0.11, 2.1.1 > > Attachments: 7968.txt > > > Oftentimes people don't think about auth problems and just run with the > default of RF=2 and 2000ms until it's too late, and at that point doing a > rolling restart to change the permissions cache can be a bit painful vs > setting it via JMX everywhere and then updating the yaml for future restarts. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-7968) permissions_validity_in_ms should be settable via JMX
[ https://issues.apache.org/jira/browse/CASSANDRA-7968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14299283#comment-14299283 ] Benedict commented on CASSANDRA-7968: - I assume the reason it's being discussed is because somebody cares. So at least one person, rather than nobody. Then factor in it's only been a few months since it was introduced, including the holiday period, and that most people have slow release cycles, and it's probably a bit premature to be rid of it? > permissions_validity_in_ms should be settable via JMX > - > > Key: CASSANDRA-7968 > URL: https://issues.apache.org/jira/browse/CASSANDRA-7968 > Project: Cassandra > Issue Type: Improvement > Components: Core >Reporter: Brandon Williams >Assignee: Brandon Williams >Priority: Minor > Fix For: 2.0.11, 2.1.1 > > Attachments: 7968.txt > > > Oftentimes people don't think about auth problems and just run with the > default of RF=2 and 2000ms until it's too late, and at that point doing a > rolling restart to change the permissions cache can be a bit painful vs > setting it via JMX everywhere and then updating the yaml for future restarts. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-7968) permissions_validity_in_ms should be settable via JMX
[ https://issues.apache.org/jira/browse/CASSANDRA-7968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14299278#comment-14299278 ] Aleksey Yeschenko commented on CASSANDRA-7968: -- It failed the ultimate usefulness test - presence of anyone caring. So let's keep it that way. > permissions_validity_in_ms should be settable via JMX > - > > Key: CASSANDRA-7968 > URL: https://issues.apache.org/jira/browse/CASSANDRA-7968 > Project: Cassandra > Issue Type: Improvement > Components: Core >Reporter: Brandon Williams >Assignee: Brandon Williams >Priority: Minor > Fix For: 2.0.11, 2.1.1 > > Attachments: 7968.txt > > > Oftentimes people don't think about auth problems and just run with the > default of RF=2 and 2000ms until it's too late, and at that point doing a > rolling restart to change the permissions cache can be a bit painful vs > setting it via JMX everywhere and then updating the yaml for future restarts. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-7968) permissions_validity_in_ms should be settable via JMX
[ https://issues.apache.org/jira/browse/CASSANDRA-7968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14299276#comment-14299276 ] Brandon Williams commented on CASSANDRA-7968: - Maybe we should put it back... and register it this time. > permissions_validity_in_ms should be settable via JMX > - > > Key: CASSANDRA-7968 > URL: https://issues.apache.org/jira/browse/CASSANDRA-7968 > Project: Cassandra > Issue Type: Improvement > Components: Core >Reporter: Brandon Williams >Assignee: Brandon Williams >Priority: Minor > Fix For: 2.0.11, 2.1.1 > > Attachments: 7968.txt > > > Oftentimes people don't think about auth problems and just run with the > default of RF=2 and 2000ms until it's too late, and at that point doing a > rolling restart to change the permissions cache can be a bit painful vs > setting it via JMX everywhere and then updating the yaml for future restarts. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-7968) permissions_validity_in_ms should be settable via JMX
[ https://issues.apache.org/jira/browse/CASSANDRA-7968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14299275#comment-14299275 ] Aleksey Yeschenko commented on CASSANDRA-7968: -- Yeah. It wasn't being registered, and nobody really cared, at all. So it's gone entirely in 2.1 and trunk. > permissions_validity_in_ms should be settable via JMX > - > > Key: CASSANDRA-7968 > URL: https://issues.apache.org/jira/browse/CASSANDRA-7968 > Project: Cassandra > Issue Type: Improvement > Components: Core >Reporter: Brandon Williams >Assignee: Brandon Williams >Priority: Minor > Fix For: 2.0.11, 2.1.1 > > Attachments: 7968.txt > > > Oftentimes people don't think about auth problems and just run with the > default of RF=2 and 2000ms until it's too late, and at that point doing a > rolling restart to change the permissions cache can be a bit painful vs > setting it via JMX everywhere and then updating the yaml for future restarts. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-7968) permissions_validity_in_ms should be settable via JMX
[ https://issues.apache.org/jira/browse/CASSANDRA-7968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14299269#comment-14299269 ] Richard Low commented on CASSANDRA-7968: How is this meant to work? The MBean is never registered so how do I call it? > permissions_validity_in_ms should be settable via JMX > - > > Key: CASSANDRA-7968 > URL: https://issues.apache.org/jira/browse/CASSANDRA-7968 > Project: Cassandra > Issue Type: Improvement > Components: Core >Reporter: Brandon Williams >Assignee: Brandon Williams >Priority: Minor > Fix For: 2.0.11, 2.1.1 > > Attachments: 7968.txt > > > Oftentimes people don't think about auth problems and just run with the > default of RF=2 and 2000ms until it's too late, and at that point doing a > rolling restart to change the permissions cache can be a bit painful vs > setting it via JMX everywhere and then updating the yaml for future restarts. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-7968) permissions_validity_in_ms should be settable via JMX
[ https://issues.apache.org/jira/browse/CASSANDRA-7968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14138610#comment-14138610 ] Benedict commented on CASSANDRA-7968: - Well, let's do it then, and just make sure anyone who cares about compliance realises they need to run JMX over SSL with authentication > permissions_validity_in_ms should be settable via JMX > - > > Key: CASSANDRA-7968 > URL: https://issues.apache.org/jira/browse/CASSANDRA-7968 > Project: Cassandra > Issue Type: Improvement > Components: Core >Reporter: Brandon Williams >Assignee: Brandon Williams >Priority: Minor > Fix For: 2.0.11, 2.1.1 > > Attachments: 7968.txt > > > Oftentimes people don't think about auth problems and just run with the > default of RF=2 and 2000ms until it's too late, and at that point doing a > rolling restart to change the permissions cache can be a bit painful vs > setting it via JMX everywhere and then updating the yaml for future restarts. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-7968) permissions_validity_in_ms should be settable via JMX
[ https://issues.apache.org/jira/browse/CASSANDRA-7968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14138605#comment-14138605 ] Aleksey Yeschenko commented on CASSANDRA-7968: -- The goal as requested by the particular user is to raise it without having to shut down several hundred nodes to change a single yaml config. > permissions_validity_in_ms should be settable via JMX > - > > Key: CASSANDRA-7968 > URL: https://issues.apache.org/jira/browse/CASSANDRA-7968 > Project: Cassandra > Issue Type: Improvement > Components: Core >Reporter: Brandon Williams >Assignee: Brandon Williams >Priority: Minor > Fix For: 2.0.11, 2.1.1 > > Attachments: 7968.txt > > > Oftentimes people don't think about auth problems and just run with the > default of RF=2 and 2000ms until it's too late, and at that point doing a > rolling restart to change the permissions cache can be a bit painful vs > setting it via JMX everywhere and then updating the yaml for future restarts. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-7968) permissions_validity_in_ms should be settable via JMX
[ https://issues.apache.org/jira/browse/CASSANDRA-7968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14138599#comment-14138599 ] Benedict commented on CASSANDRA-7968: - Presumably the main goal of this function is to _reduce_ the window? So perhaps we support only that direction (or perhaps a raise to within the config defined value) > permissions_validity_in_ms should be settable via JMX > - > > Key: CASSANDRA-7968 > URL: https://issues.apache.org/jira/browse/CASSANDRA-7968 > Project: Cassandra > Issue Type: Improvement > Components: Core >Reporter: Brandon Williams >Assignee: Brandon Williams >Priority: Minor > Fix For: 2.0.11, 2.1.1 > > Attachments: 7968.txt > > > Oftentimes people don't think about auth problems and just run with the > default of RF=2 and 2000ms until it's too late, and at that point doing a > rolling restart to change the permissions cache can be a bit painful vs > setting it via JMX everywhere and then updating the yaml for future restarts. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-7968) permissions_validity_in_ms should be settable via JMX
[ https://issues.apache.org/jira/browse/CASSANDRA-7968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14138592#comment-14138592 ] Benedict commented on CASSANDRA-7968: - Well, before having their permissions revoked somebody could increase the permission_validity_ms dramatically, retaining them past their permitted window, breaking compliance. > permissions_validity_in_ms should be settable via JMX > - > > Key: CASSANDRA-7968 > URL: https://issues.apache.org/jira/browse/CASSANDRA-7968 > Project: Cassandra > Issue Type: Improvement > Components: Core >Reporter: Brandon Williams >Assignee: Brandon Williams >Priority: Minor > Fix For: 2.0.11, 2.1.1 > > Attachments: 7968.txt > > > Oftentimes people don't think about auth problems and just run with the > default of RF=2 and 2000ms until it's too late, and at that point doing a > rolling restart to change the permissions cache can be a bit painful vs > setting it via JMX everywhere and then updating the yaml for future restarts. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-7968) permissions_validity_in_ms should be settable via JMX
[ https://issues.apache.org/jira/browse/CASSANDRA-7968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14138590#comment-14138590 ] Aleksey Yeschenko commented on CASSANDRA-7968: -- I don't really see how that's the case. > permissions_validity_in_ms should be settable via JMX > - > > Key: CASSANDRA-7968 > URL: https://issues.apache.org/jira/browse/CASSANDRA-7968 > Project: Cassandra > Issue Type: Improvement > Components: Core >Reporter: Brandon Williams >Assignee: Brandon Williams >Priority: Minor > Fix For: 2.0.11, 2.1.1 > > Attachments: 7968.txt > > > Oftentimes people don't think about auth problems and just run with the > default of RF=2 and 2000ms until it's too late, and at that point doing a > rolling restart to change the permissions cache can be a bit painful vs > setting it via JMX everywhere and then updating the yaml for future restarts. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-7968) permissions_validity_in_ms should be settable via JMX
[ https://issues.apache.org/jira/browse/CASSANDRA-7968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14138588#comment-14138588 ] Benedict commented on CASSANDRA-7968: - Well, it depends what you mean by deeper trouble. I don't think anybody with access to JMX can get access to any raw data, so you won't be at any risk of breaking a data policy or data _laws_. This potentially introduces that risk > permissions_validity_in_ms should be settable via JMX > - > > Key: CASSANDRA-7968 > URL: https://issues.apache.org/jira/browse/CASSANDRA-7968 > Project: Cassandra > Issue Type: Improvement > Components: Core >Reporter: Brandon Williams >Assignee: Brandon Williams >Priority: Minor > Fix For: 2.0.11, 2.1.1 > > Attachments: 7968.txt > > > Oftentimes people don't think about auth problems and just run with the > default of RF=2 and 2000ms until it's too late, and at that point doing a > rolling restart to change the permissions cache can be a bit painful vs > setting it via JMX everywhere and then updating the yaml for future restarts. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-7968) permissions_validity_in_ms should be settable via JMX
[ https://issues.apache.org/jira/browse/CASSANDRA-7968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14138585#comment-14138585 ] Aleksey Yeschenko commented on CASSANDRA-7968: -- bq. Isn't this a security flaw? You mean someone increasing the validity period? I'd say it's no big deal. Or, rather, that if someone who shouldn't have JMX access to your nodes has it, you are in much deeper trouble. > permissions_validity_in_ms should be settable via JMX > - > > Key: CASSANDRA-7968 > URL: https://issues.apache.org/jira/browse/CASSANDRA-7968 > Project: Cassandra > Issue Type: Improvement > Components: Core >Reporter: Brandon Williams >Assignee: Brandon Williams >Priority: Minor > Fix For: 2.0.11, 2.1.1 > > Attachments: 7968.txt > > > Oftentimes people don't think about auth problems and just run with the > default of RF=2 and 2000ms until it's too late, and at that point doing a > rolling restart to change the permissions cache can be a bit painful vs > setting it via JMX everywhere and then updating the yaml for future restarts. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-7968) permissions_validity_in_ms should be settable via JMX
[ https://issues.apache.org/jira/browse/CASSANDRA-7968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14138577#comment-14138577 ] Benedict commented on CASSANDRA-7968: - Isn't this a security flaw? > permissions_validity_in_ms should be settable via JMX > - > > Key: CASSANDRA-7968 > URL: https://issues.apache.org/jira/browse/CASSANDRA-7968 > Project: Cassandra > Issue Type: Improvement > Components: Core >Reporter: Brandon Williams >Assignee: Brandon Williams >Priority: Minor > Fix For: 2.0.11, 2.1.1 > > Attachments: 7968.txt > > > Oftentimes people don't think about auth problems and just run with the > default of RF=2 and 2000ms until it's too late, and at that point doing a > rolling restart to change the permissions cache can be a bit painful vs > setting it via JMX everywhere and then updating the yaml for future restarts. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-7968) permissions_validity_in_ms should be settable via JMX
[ https://issues.apache.org/jira/browse/CASSANDRA-7968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14138574#comment-14138574 ] Aleksey Yeschenko commented on CASSANDRA-7968: -- +1 Nits: - a bunch of unused imports left over in ClientState, o.a.c.u.Pair import in the wrong place in Auth - Auth#initPermissionsCache() should be made private, and (subjective preference) accept the previous cache (or null) as an argument instead of accessing Auth.permissionsCache > permissions_validity_in_ms should be settable via JMX > - > > Key: CASSANDRA-7968 > URL: https://issues.apache.org/jira/browse/CASSANDRA-7968 > Project: Cassandra > Issue Type: Improvement > Components: Core >Reporter: Brandon Williams >Assignee: Brandon Williams >Priority: Minor > Fix For: 2.0.11, 2.1.1 > > Attachments: 7968.txt > > > Oftentimes people don't think about auth problems and just run with the > default of RF=2 and 2000ms until it's too late, and at that point doing a > rolling restart to change the permissions cache can be a bit painful vs > setting it via JMX everywhere and then updating the yaml for future restarts. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-7968) permissions_validity_in_ms should be settable via JMX
[ https://issues.apache.org/jira/browse/CASSANDRA-7968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14138409#comment-14138409 ] Brandon Williams commented on CASSANDRA-7968: - Guess I don't really need that null check on oldCache, I'll remove it on commit. > permissions_validity_in_ms should be settable via JMX > - > > Key: CASSANDRA-7968 > URL: https://issues.apache.org/jira/browse/CASSANDRA-7968 > Project: Cassandra > Issue Type: Improvement > Components: Core >Reporter: Brandon Williams >Assignee: Brandon Williams >Priority: Minor > Fix For: 2.0.11, 2.1.1 > > Attachments: 7968.txt > > > Oftentimes people don't think about auth problems and just run with the > default of RF=2 and 2000ms until it's too late, and at that point doing a > rolling restart to change the permissions cache can be a bit painful vs > setting it via JMX everywhere and then updating the yaml for future restarts. -- This message was sent by Atlassian JIRA (v6.3.4#6332)