fix: add auth for cassandra #2478
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Description This builds on top of #2478 and shouldn't merge until after that does. This configures our cassandra test fixture to require auth. It just uses the default passwordAuthenticator, and only has the default superuser role (username = cassandra, password = cassandra). Adding this in means we don't have a test for the "unauthenticated". To add a test for the "unauthenticated" scenario would be a bit of a pain given how it's configured through `cassandra.yaml` and requires node restarts. If we do add in a test for that scenario, I'd suggest creating a second cassandra container that doesn't mount in our custom `cassandra.yaml` and running a really basic smoke test, since the only thing we're testing that alters from the auth tests is that we can create data sources and use our table func without auth params. ## FAQS ### What are the changes to the script? At a high level: 0. Build a custom image that mounts in `cassandra.yaml` that requires user/pass auth 1. Instead of creating a second container to seed data, just mount the files in the first time and use `docker exec` 2. Additional waits for the authentication role to apply 3. `-u cassandra` and `-p cassandra` to `cqlsh` ### Why do we need a new Dockerfile? It's very hard to change `YAML` values in a running service (which requires restarting the service). One might think "ah ok volume mount", which is the first thing I tried. Except each time I ran the script, it would change some networking values. Having the git working tree dirty after each run felt odd. ### What's with the `cassandra.yaml` ? I ran the former script and copied the default config. I changed one value `authenticator` after following the documentation https://cassandra.apache.org/doc/stable/cassandra/operating/security.html and pasted it. I tried pasting only a subset of it, and the container would fail to start. Felt it was safest to pass the entire thing in with that one value changed. This is why the diff is so large :(
greyscaled
approved these changes
Jan 25, 2024
tychoish
added a commit
that referenced
this pull request
Feb 1, 2024
Co-authored-by: Grey <grey@glaredb.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
someone else should test this more thoroughly.