[jira] [Updated] (CASSANDRA-8303) Create a capability limitation framework
[ https://issues.apache.org/jira/browse/CASSANDRA-8303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Aleksey Yeschenko updated CASSANDRA-8303: - Reviewer: (was: Aleksey Yeschenko) > Create a capability limitation framework > > > Key: CASSANDRA-8303 > URL: https://issues.apache.org/jira/browse/CASSANDRA-8303 > Project: Cassandra > Issue Type: Improvement > Components: Distributed Metadata >Reporter: Anupam Arora > Fix For: 3.x > > > In addition to our current Auth framework that acts as a white list, and > regulates access to data, functions, and roles, it would be beneficial to > have a different, capability limitation framework, that would be orthogonal > to Auth, and would act as a blacklist. > Example uses: > - take away the ability to TRUNCATE from all users but the admin (TRUNCATE > itself would still require MODIFY permission) > - take away the ability to use ALLOW FILTERING from all users but > Spark/Hadoop (SELECT would still require SELECT permission) > - take away the ability to use UNLOGGED BATCH from everyone (the operation > itself would still require MODIFY permission) > - take away the ability to use certain consistency levels (make certain > tables LWT-only for all users, for example) > Original description: > Please provide a "strict mode" option in cassandra that will kick out any CQL > queries that are expensive, e.g. any query with ALLOWS FILTERING, > multi-partition queries, secondary index queries, etc. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CASSANDRA-8303) Create a capability limitation framework
[ https://issues.apache.org/jira/browse/CASSANDRA-8303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sam Tunnicliffe updated CASSANDRA-8303: --- Assignee: (was: Sam Tunnicliffe) > Create a capability limitation framework > > > Key: CASSANDRA-8303 > URL: https://issues.apache.org/jira/browse/CASSANDRA-8303 > Project: Cassandra > Issue Type: Improvement > Components: Distributed Metadata >Reporter: Anupam Arora > Fix For: 3.x > > > In addition to our current Auth framework that acts as a white list, and > regulates access to data, functions, and roles, it would be beneficial to > have a different, capability limitation framework, that would be orthogonal > to Auth, and would act as a blacklist. > Example uses: > - take away the ability to TRUNCATE from all users but the admin (TRUNCATE > itself would still require MODIFY permission) > - take away the ability to use ALLOW FILTERING from all users but > Spark/Hadoop (SELECT would still require SELECT permission) > - take away the ability to use UNLOGGED BATCH from everyone (the operation > itself would still require MODIFY permission) > - take away the ability to use certain consistency levels (make certain > tables LWT-only for all users, for example) > Original description: > Please provide a "strict mode" option in cassandra that will kick out any CQL > queries that are expensive, e.g. any query with ALLOWS FILTERING, > multi-partition queries, secondary index queries, etc. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CASSANDRA-8303) Create a capability limitation framework
[ https://issues.apache.org/jira/browse/CASSANDRA-8303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Aleksey Yeschenko updated CASSANDRA-8303: - Status: Open (was: Patch Available) > Create a capability limitation framework > > > Key: CASSANDRA-8303 > URL: https://issues.apache.org/jira/browse/CASSANDRA-8303 > Project: Cassandra > Issue Type: Improvement > Components: Distributed Metadata >Reporter: Anupam Arora >Assignee: Sam Tunnicliffe > Fix For: 3.x > > > In addition to our current Auth framework that acts as a white list, and > regulates access to data, functions, and roles, it would be beneficial to > have a different, capability limitation framework, that would be orthogonal > to Auth, and would act as a blacklist. > Example uses: > - take away the ability to TRUNCATE from all users but the admin (TRUNCATE > itself would still require MODIFY permission) > - take away the ability to use ALLOW FILTERING from all users but > Spark/Hadoop (SELECT would still require SELECT permission) > - take away the ability to use UNLOGGED BATCH from everyone (the operation > itself would still require MODIFY permission) > - take away the ability to use certain consistency levels (make certain > tables LWT-only for all users, for example) > Original description: > Please provide a "strict mode" option in cassandra that will kick out any CQL > queries that are expensive, e.g. any query with ALLOWS FILTERING, > multi-partition queries, secondary index queries, etc. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CASSANDRA-8303) Create a capability limitation framework
[
https://issues.apache.org/jira/browse/CASSANDRA-8303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sam Tunnicliffe updated CASSANDRA-8303:
---
Status: Patch Available (was: In Progress)
I've pushed a branch with the bones of an implementation, there are a few
things left to do on it but nothing that needs to hold up review really. I've
also added a new dtest fixture.
As [~zznate] suggested, I've left out the generational cache stuff for now. My
preference is still to include this in the final patch, rather than defer it to
a separate ticket which I think should be feasible. It ought to be as
straightforward as dropping in a caching {{RestrictionHandler}} which delegates
to the table-based one to populate the cache. Obviously, there's slightly more
to consider, but I'm hopeful of getting it in before commit but if that's not
possible, at least it isn't blocking anything.
Other stuff which is outstanding & on my todo list:
* javadoc, in-tree docs and commenting new properties in cassandra.yaml
* metrics
* cqlsh help & completion
* there are a couple of unit tests which are just placeholders & need
implementing
* performance test
||branch||dtest branch||testall||dtest||
|[8303-trunk|https://github.com/beobal/cassandra/tree/8303-trunk]|[8303|https://github.com/beobal/cassandra-dtest/tree/8303]|[testall|http://cassci.datastax.com/view/Dev/view/beobal/job/beobal-8303-trunk-testall]|[dtest|http://cassci.datastax.com/view/Dev/view/beobal/job/beobal-8303-trunk-dtest]|
> Create a capability limitation framework
>
>
> Key: CASSANDRA-8303
> URL: https://issues.apache.org/jira/browse/CASSANDRA-8303
> Project: Cassandra
> Issue Type: Improvement
> Components: Distributed Metadata
>Reporter: Anupam Arora
>Assignee: Sam Tunnicliffe
> Fix For: 3.x
>
>
> In addition to our current Auth framework that acts as a white list, and
> regulates access to data, functions, and roles, it would be beneficial to
> have a different, capability limitation framework, that would be orthogonal
> to Auth, and would act as a blacklist.
> Example uses:
> - take away the ability to TRUNCATE from all users but the admin (TRUNCATE
> itself would still require MODIFY permission)
> - take away the ability to use ALLOW FILTERING from all users but
> Spark/Hadoop (SELECT would still require SELECT permission)
> - take away the ability to use UNLOGGED BATCH from everyone (the operation
> itself would still require MODIFY permission)
> - take away the ability to use certain consistency levels (make certain
> tables LWT-only for all users, for example)
> Original description:
> Please provide a "strict mode" option in cassandra that will kick out any CQL
> queries that are expensive, e.g. any query with ALLOWS FILTERING,
> multi-partition queries, secondary index queries, etc.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (CASSANDRA-8303) Create a capability limitation framework
[ https://issues.apache.org/jira/browse/CASSANDRA-8303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Aleksey Yeschenko updated CASSANDRA-8303: - Reviewer: Aleksey Yeschenko > Create a capability limitation framework > > > Key: CASSANDRA-8303 > URL: https://issues.apache.org/jira/browse/CASSANDRA-8303 > Project: Cassandra > Issue Type: Improvement > Components: Distributed Metadata >Reporter: Anupam Arora >Assignee: Sam Tunnicliffe > Fix For: 3.x > > > In addition to our current Auth framework that acts as a white list, and > regulates access to data, functions, and roles, it would be beneficial to > have a different, capability limitation framework, that would be orthogonal > to Auth, and would act as a blacklist. > Example uses: > - take away the ability to TRUNCATE from all users but the admin (TRUNCATE > itself would still require MODIFY permission) > - take away the ability to use ALLOW FILTERING from all users but > Spark/Hadoop (SELECT would still require SELECT permission) > - take away the ability to use UNLOGGED BATCH from everyone (the operation > itself would still require MODIFY permission) > - take away the ability to use certain consistency levels (make certain > tables LWT-only for all users, for example) > Original description: > Please provide a "strict mode" option in cassandra that will kick out any CQL > queries that are expensive, e.g. any query with ALLOWS FILTERING, > multi-partition queries, secondary index queries, etc. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CASSANDRA-8303) Create a capability limitation framework
[ https://issues.apache.org/jira/browse/CASSANDRA-8303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sam Tunnicliffe updated CASSANDRA-8303: --- Component/s: Distributed Metadata > Create a capability limitation framework > > > Key: CASSANDRA-8303 > URL: https://issues.apache.org/jira/browse/CASSANDRA-8303 > Project: Cassandra > Issue Type: Improvement > Components: Distributed Metadata >Reporter: Anupam Arora >Assignee: Sam Tunnicliffe > Fix For: 3.x > > > In addition to our current Auth framework that acts as a white list, and > regulates access to data, functions, and roles, it would be beneficial to > have a different, capability limitation framework, that would be orthogonal > to Auth, and would act as a blacklist. > Example uses: > - take away the ability to TRUNCATE from all users but the admin (TRUNCATE > itself would still require MODIFY permission) > - take away the ability to use ALLOW FILTERING from all users but > Spark/Hadoop (SELECT would still require SELECT permission) > - take away the ability to use UNLOGGED BATCH from everyone (the operation > itself would still require MODIFY permission) > - take away the ability to use certain consistency levels (make certain > tables LWT-only for all users, for example) > Original description: > Please provide a "strict mode" option in cassandra that will kick out any CQL > queries that are expensive, e.g. any query with ALLOWS FILTERING, > multi-partition queries, secondary index queries, etc. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CASSANDRA-8303) Create a capability limitation framework
[ https://issues.apache.org/jira/browse/CASSANDRA-8303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Aleksey Yeschenko updated CASSANDRA-8303: - Assignee: Sam Tunnicliffe Create a capability limitation framework Key: CASSANDRA-8303 URL: https://issues.apache.org/jira/browse/CASSANDRA-8303 Project: Cassandra Issue Type: Improvement Reporter: Anupam Arora Assignee: Sam Tunnicliffe Fix For: 3.0 In addition to our current Auth framework that acts as a white list, and regulates access to data, functions, and roles, it would be beneficial to have a different, capability limitation framework, that would be orthogonal to Auth, and would act as a blacklist. Example uses: - take away the ability to TRUNCATE from all users but the admin (TRUNCATE itself would still require MODIFY permission) - take away the ability to use ALLOW FILTERING from all users but Spark/Hadoop (SELECT would still require SELECT permission) - take away the ability to use UNLOGGED BATCH from everyone (the operation itself would still require MODIFY permission) - take away the ability to use certain consistency levels (make certain tables LWT-only for all users, for example) Original description: Please provide a strict mode option in cassandra that will kick out any CQL queries that are expensive, e.g. any query with ALLOWS FILTERING, multi-partition queries, secondary index queries, etc. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CASSANDRA-8303) Create a capability limitation framework
[ https://issues.apache.org/jira/browse/CASSANDRA-8303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Aleksey Yeschenko updated CASSANDRA-8303: - Description: In addition to our current Auth framework that acts as a white list, and regulates access to data, functions, and roles, it would be beneficial to have a different, capability limitation framework, that would be orthogonal to Auth, and would act as a blacklist. Example uses: - take away the ability to TRUNCATE from all users but the admin (TRUNCATE itself would still require MODIFY permission) - take away the ability to use ALLOW FILTERING from all users but Spark/Hadoop (SELECT would still require SELECT permission) - take away the ability to use UNLOGGED BATCH from everyone (the operation itself would still require MODIFY permission) - take away the ability to use certain consistency levels (make certain tables LWT-only for all users, for example) Original description: Please provide a strict mode option in cassandra that will kick out any CQL queries that are expensive, e.g. any query with ALLOWS FILTERING, multi-partition queries, secondary index queries, etc. was:Please provide a strict mode option in cassandra that will kick out any CQL queries that are expensive, e.g. any query with ALLOWS FILTERING, multi-partition queries, secondary index queries, etc. Create a capability limitation framework Key: CASSANDRA-8303 URL: https://issues.apache.org/jira/browse/CASSANDRA-8303 Project: Cassandra Issue Type: Improvement Reporter: Anupam Arora Fix For: 3.0 In addition to our current Auth framework that acts as a white list, and regulates access to data, functions, and roles, it would be beneficial to have a different, capability limitation framework, that would be orthogonal to Auth, and would act as a blacklist. Example uses: - take away the ability to TRUNCATE from all users but the admin (TRUNCATE itself would still require MODIFY permission) - take away the ability to use ALLOW FILTERING from all users but Spark/Hadoop (SELECT would still require SELECT permission) - take away the ability to use UNLOGGED BATCH from everyone (the operation itself would still require MODIFY permission) - take away the ability to use certain consistency levels (make certain tables LWT-only for all users, for example) Original description: Please provide a strict mode option in cassandra that will kick out any CQL queries that are expensive, e.g. any query with ALLOWS FILTERING, multi-partition queries, secondary index queries, etc. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CASSANDRA-8303) Create a capability limitation framework
[ https://issues.apache.org/jira/browse/CASSANDRA-8303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Aleksey Yeschenko updated CASSANDRA-8303: - Summary: Create a capability limitation framework (was: Provide strict mode for CQL Queries) Create a capability limitation framework Key: CASSANDRA-8303 URL: https://issues.apache.org/jira/browse/CASSANDRA-8303 Project: Cassandra Issue Type: Improvement Reporter: Anupam Arora Fix For: 3.0 Please provide a strict mode option in cassandra that will kick out any CQL queries that are expensive, e.g. any query with ALLOWS FILTERING, multi-partition queries, secondary index queries, etc. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
