[feature/dao] cassandra authentication + client encryption #405
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
thibaultcha
added
the
pr/ready (but hold merge)
thibaultcha
force-pushed
the
feat/cassandra-auth
branch
3 times, most recently
from
f974675
to
769e1ea
Compare
thibaultcha
changed the title
Switch to lua-cassandra 0.3.3-0 and add some code to be able to use authentication and SSL encryption to communicate with a Cassandra cluster Properties to add to the cassandra.properties settings: ssl: true ssl_verify: true ssl_certificate: "/path/to/cluster-ca-certificate.pem" user: cassandra password: cassandra
thibaultcha
force-pushed
the
feat/cassandra-auth
branch
from
769e1ea
to
f0e9d7e
Compare
|
Merging this to start testing it + I'll need it for an upcoming fix about the DAO in plugins-migrations. |
thibaultcha
added a commit
that referenced
this pull request
Aug 4, 2015
[feature/dao] cassandra authentication + client encryption
ctranxuan
pushed a commit
to streamdataio/kong
that referenced
this pull request
Aug 25, 2015
[feature/dao] cassandra authentication + client encryption Former-commit-id: 24397407beb1296088567ae389206d877e4e3ae7
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR addresses #373 (Cassandra authentication). Kong can now be used with any authenticated/encrypted Cassandra cluster (ie. instaclustr.com).
In order to do this and as an investment for Cassandra related features to move faster in the future, the Cassandra driver was switched from jbochi/lua-resty-cassandra to a new one, which supports both binary protocols v2 and v3, as well as authentication and client encryption.
Changes
The driver supports all those features for both Luasocket and OpenResty environments. For it to work in Kong, this is the changes one would have to make to their configuration file:
This makes Kong fully compatible with Cassandra provisioning services such as https://www.instaclustr.com.
I would recommend not merging this for the upcoming 0.4.0 since the switch of the underlying Cassandra driver is a potential breaking change. This could be part of an eventual 0.4.1 or 0.5.0 (in a shorter time span then 0.3.2 -> 0.4.0).