Cassandra 16669 4.0.0 #140
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
patch by Sumanth Pasupuleti; reviewed by Ekaterina Dimitrova, Stefan Miklosovic and Vinay Chella for CASSANDRA-16669
| @@ -89,6 +89,8 @@ Audit logging does not log: | |||
|
|
|||
| 1. Configuration changes made in ``cassandra.yaml`` | |||
| 2. Nodetool Commands | |||
| 3. Passwords mentioned as part of DCL statements. Instead everything after the appearance of the word password in DCL | |||
There was a problem hiding this comment.
nit: should we also add and also failed to parse statements?
| executeWithCredentials(Arrays.asList(createTestRoleCQL), CASS_USER, CASS_PW, AuditLogEntryType.LOGIN_SUCCESS); | ||
| assertTrue(getInMemAuditLogger().size() > 0); | ||
| AuditLogEntry logEntry = getInMemAuditLogger().poll(); | ||
| assertLogEntry(logEntry, AuditLogEntryType.CREATE_ROLE, createTestRoleCQL, CASS_USER); | ||
| assertLogEntry(logEntry, AuditLogEntryType.CREATE_ROLE, getCreateRoleCql(TEST_ROLE, true, false, true), CASS_USER); | ||
| assertEquals(0, getInMemAuditLogger().size()); | ||
| } | ||
| } |
There was a problem hiding this comment.
Is it possible to add a test case covering an invalid DCL statement, something that you identified in review? if it is already added, ignore my comment.
INFO [Native-Transport-Requests-1] 2021-06-09 23:38:05,965 FileAuditLogger.java:51 - user:anonymous|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:63360|timestamp:1623296285965|type:REQUEST_FAILURE|category:ERROR|operation:BEGIN BATCH CREATE ROLE alice WITH PASSWORD = 'password_a' AND LOGIN = true; CREATE ROLE new_role; APPLY BATCH;; line 1:12 mismatched input 'CREATE' expecting K_APPLY (BEGIN BATCH [CREATE]...)
a rough test case that could cover this case
diff --git a/test/unit/org/apache/cassandra/audit/AuditLoggerAuthTest.java b/test/unit/org/apache/cassandra/audit/AuditLoggerAuthTest.java
index 7f227af352..9ea39c26f6 100644
--- a/test/unit/org/apache/cassandra/audit/AuditLoggerAuthTest.java
+++ b/test/unit/org/apache/cassandra/audit/AuditLoggerAuthTest.java
@@ -32,6 +32,7 @@ import org.junit.runner.RunWith;
import com.datastax.driver.core.Cluster;
import com.datastax.driver.core.Session;
import com.datastax.driver.core.exceptions.AuthenticationException;
+import com.datastax.driver.core.exceptions.SyntaxError;
import com.datastax.driver.core.exceptions.UnauthorizedException;
import org.apache.cassandra.OrderedJUnit4ClassRunner;
import org.apache.cassandra.config.DatabaseDescriptor;
@@ -128,6 +129,18 @@ public class AuditLoggerAuthTest
createTestRole();
}
+ @Test
+ public void testCqlCreateRoleSyntaxError()
+ {
+ String createTestRoleCQL = String.format("CREATE ROLE %s WITH LOGIN = %s ANDSUPERUSER = %s AND PASSWORD", TEST_ROLE, true, false) +CASS_PW;
+ String createTestRoleCQLExpected = String.format("CREATE ROLE %s WITH LOGIN = %s ANDSUPERUSER = %s AND PASSWORD", TEST_ROLE, true, false) +PasswordObfuscator.OBFUSCATION_TOKEN;
+ executeWithCredentials(Arrays.asList(createTestRoleCQL), CASS_USER, CASS_PW, AuditLogEntryType.LOGIN_SUCCESS);
+ assertTrue(getInMemAuditLogger().size() > 0);
+ AuditLogEntry logEntry = getInMemAuditLogger().poll();
+ assertLogEntry(logEntry, AuditLogEntryType.REQUEST_FAILURE, createTestRoleCQLExpected, CASS_USER);
+ assertEquals(0, getInMemAuditLogger().size());
+ }
+
@Test
public void testCqlALTERRoleAuditing()
{
@@ -232,6 +245,11 @@ public class AuditLoggerAuthTest
{
//no-op, taken care by caller
}
+ catch (SyntaxError e)
+ {
+ //no-op, taken care by caller
+
+ }
}
if (expectedType != null)
ekaterinadimitrova2
pushed a commit
that referenced
this pull request
Aug 23, 2021
… and per-table indexes for SAI (#140) * STAR-512 Add guardrails for total and per-table indexes for SAI Co-authored-by: Paulo Ricardo Motta Gomes <pauloricardomg@users.noreply.github.com> * STAR-515 Add guardrail for SASI Co-authored-by: Zhao Yang <jasonstack.zhao@gmail.com> Co-authored-by: Paulo Ricardo Motta Gomes <pauloricardomg@users.noreply.github.com> Co-authored-by: Zhao Yang <jasonstack.zhao@gmail.com> (cherry picked from commit e2ae18e) (cherry picked from commit eaf8c59)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.