Re: CASSANDRA-18554 - mTLS based client and internode authenticators

2023-06-28 Thread Yuki Morishita
Thinking more about "CREATE ROLE" permission, if we can extend CREATE ROLE/ALTER ROLE statements, it may look streamlined: I don't have the good example, but something like: ``` CREATE ROLE dev WITH LOGIN = true AND IDENTITIES = {'spiffe://xxx'}; ALTER ROLE dev ADD IDENTITY 'xxx'; LIST ROLES; ```

Re: CASSANDRA-18554 - mTLS based client and internode authenticators

2023-06-28 Thread Yuki Morishita
Hi Jyothsna, I think for the *initial* commit, the description looks fine to me. I'd like to see/contribute to the future improvement though: * ADD IDENTITY requires SUPERUSER, this means that the brand new cluster needs to start with PasswordAuthenticator/CassandraAuthorizer first, and then chan

Re: [VOTE] CEP 33 - CIDR filtering authorizer

2023-06-28 Thread C. Scott Andreas
+1nbOn Jun 28, 2023, at 6:40 PM, Abe Ratnofsky wrote:+1 (nb)On Jun 28, 2023, at 18:38, guo Maxwell wrote:+1 Nate McCall 于2023年6月29日 周四上午9:25写道:+1 On Wed, Jun 28, 2023 at 5:17 AM Shailaja Koppu wrote:Hi Team,(Starting a new thread for VOTE instead of reusi

Re: [VOTE] CEP 33 - CIDR filtering authorizer

2023-06-28 Thread Abe Ratnofsky
+1 (nb)On Jun 28, 2023, at 18:38, guo Maxwell wrote:+1 Nate McCall 于2023年6月29日 周四上午9:25写道:+1 On Wed, Jun 28, 2023 at 5:17 AM Shailaja Koppu wrote:Hi Team,(Starting a new thread for VOTE instead of reusing the DISCUSS thread, to follow usual procedure).Pleas

Re: [VOTE] CEP 33 - CIDR filtering authorizer

2023-06-28 Thread guo Maxwell
+1 Nate McCall 于2023年6月29日 周四上午9:25写道: > +1 > > On Wed, Jun 28, 2023 at 5:17 AM Shailaja Koppu wrote: > >> Hi Team, >> >> (Starting a new thread for VOTE instead of reusing the DISCUSS thread, to >> follow usual procedure). >> >> Please vote on CEP 33 - CIDR filtering authorizer >> https://cwiki

Re: [VOTE] CEP 33 - CIDR filtering authorizer

2023-06-28 Thread Nate McCall
+1 On Wed, Jun 28, 2023 at 5:17 AM Shailaja Koppu wrote: > Hi Team, > > (Starting a new thread for VOTE instead of reusing the DISCUSS thread, to > follow usual procedure). > > Please vote on CEP 33 - CIDR filtering authorizer > https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-33%3A+CID

Re: CASSANDRA-18554 - mTLS based client and internode authenticators

2023-06-28 Thread Jyothsna Konisa
Hi Yuki, I have added cassandra docs for CQL syntax that we are adding and how to get started with using mTLS authenticators along with the migration plan. Please review it and let me know if it looks good. Thanks, Jyothsna Konisa. On Wed, Jun 21, 2023 at 10:46 AM Jyothsna Konisa wrote: > Hi Y

Final Reminder: Community Over Code call for presentations closing soon

2023-06-28 Thread Rich Bowen
[Note: You're receiving this email because you are subscribed to one or more project dev@ mailing lists at the Apache Software Foundation.] This is your final reminder that the Call for Presentations for Community Over Code (formerly known as ApacheCon) is closing soon - on Thursday, 13 July 2023

Re: [VOTE] CEP 33 - CIDR filtering authorizer

2023-06-28 Thread Jeremy Hanna
+1 (nb) will be great to get this into the project. > On Jun 28, 2023, at 12:15 PM, Patrick McFadin wrote: > > +1 > > On Wed, Jun 28, 2023 at 3:42 AM Brandon Williams > wrote: >> +1 >> >> Kind Regards, >> Brandon >> >> >> On Tue, Jun 27, 2023 at 12:17 PM Shailaja Ko

Re: [VOTE] CEP 33 - CIDR filtering authorizer

2023-06-28 Thread Patrick McFadin
+1 On Wed, Jun 28, 2023 at 3:42 AM Brandon Williams wrote: > +1 > > Kind Regards, > Brandon > > > On Tue, Jun 27, 2023 at 12:17 PM Shailaja Koppu wrote: > > > > Hi Team, > > > > (Starting a new thread for VOTE instead of reusing the DISCUSS thread, > to follow usual procedure). > > > > Please v

Re: [DISCUSS] Maintain backwards compatibility after dependency upgrade in the 5.0

2023-06-28 Thread Bowen Song via dev
IMHO, anyone upgrading software between major versions should expect to see breaking changes. Introducing breaking or major changes is the whole point of bumping major version numbers. Since the library upgrade need to happen sooner or later, I don't see any reason why it should not happen in

Re: [DISCUSS] Maintain backwards compatibility after dependency upgrade in the 5.0

2023-06-28 Thread Josh McKenzie
Reasons 1 and 2 (getting into CVE coverage pipeline proactively rather than reactively, JDK consistency) seem compelling enough to justify the upgrade on their own to me. > This is a problem for applications/tools that rely on the cassandra > classpath (lib/jars) as after the upgrade they may be

Re: [VOTE] CEP 33 - CIDR filtering authorizer

2023-06-28 Thread Brandon Williams
+1 Kind Regards, Brandon On Tue, Jun 27, 2023 at 12:17 PM Shailaja Koppu wrote: > > Hi Team, > > (Starting a new thread for VOTE instead of reusing the DISCUSS thread, to > follow usual procedure). > > Please vote on CEP 33 - CIDR filtering authorizer > https://cwiki.apache.org/confluence/dis