New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cassandra 16669 4.0.0 #140
base: cassandra-4.0.0
Are you sure you want to change the base?
Conversation
patch by Sumanth Pasupuleti; reviewed by Ekaterina Dimitrova, Stefan Miklosovic and Vinay Chella for CASSANDRA-16669
@@ -89,6 +89,8 @@ Audit logging does not log: | |||
|
|||
1. Configuration changes made in ``cassandra.yaml`` | |||
2. Nodetool Commands | |||
3. Passwords mentioned as part of DCL statements. Instead everything after the appearance of the word password in DCL |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: should we also add and also failed to parse statements?
executeWithCredentials(Arrays.asList(createTestRoleCQL), CASS_USER, CASS_PW, AuditLogEntryType.LOGIN_SUCCESS); | ||
assertTrue(getInMemAuditLogger().size() > 0); | ||
AuditLogEntry logEntry = getInMemAuditLogger().poll(); | ||
assertLogEntry(logEntry, AuditLogEntryType.CREATE_ROLE, createTestRoleCQL, CASS_USER); | ||
assertLogEntry(logEntry, AuditLogEntryType.CREATE_ROLE, getCreateRoleCql(TEST_ROLE, true, false, true), CASS_USER); | ||
assertEquals(0, getInMemAuditLogger().size()); | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it possible to add a test case covering an invalid DCL statement, something that you identified in review? if it is already added, ignore my comment.
INFO [Native-Transport-Requests-1] 2021-06-09 23:38:05,965 FileAuditLogger.java:51 - user:anonymous|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:63360|timestamp:1623296285965|type:REQUEST_FAILURE|category:ERROR|operation:BEGIN BATCH CREATE ROLE alice WITH PASSWORD = 'password_a' AND LOGIN = true; CREATE ROLE new_role; APPLY BATCH;; line 1:12 mismatched input 'CREATE' expecting K_APPLY (BEGIN BATCH [CREATE]...)
a rough test case that could cover this case
diff --git a/test/unit/org/apache/cassandra/audit/AuditLoggerAuthTest.java b/test/unit/org/apache/cassandra/audit/AuditLoggerAuthTest.java
index 7f227af352..9ea39c26f6 100644
--- a/test/unit/org/apache/cassandra/audit/AuditLoggerAuthTest.java
+++ b/test/unit/org/apache/cassandra/audit/AuditLoggerAuthTest.java
@@ -32,6 +32,7 @@ import org.junit.runner.RunWith;
import com.datastax.driver.core.Cluster;
import com.datastax.driver.core.Session;
import com.datastax.driver.core.exceptions.AuthenticationException;
+import com.datastax.driver.core.exceptions.SyntaxError;
import com.datastax.driver.core.exceptions.UnauthorizedException;
import org.apache.cassandra.OrderedJUnit4ClassRunner;
import org.apache.cassandra.config.DatabaseDescriptor;
@@ -128,6 +129,18 @@ public class AuditLoggerAuthTest
createTestRole();
}
+ @Test
+ public void testCqlCreateRoleSyntaxError()
+ {
+ String createTestRoleCQL = String.format("CREATE ROLE %s WITH LOGIN = %s ANDSUPERUSER = %s AND PASSWORD", TEST_ROLE, true, false) +CASS_PW;
+ String createTestRoleCQLExpected = String.format("CREATE ROLE %s WITH LOGIN = %s ANDSUPERUSER = %s AND PASSWORD", TEST_ROLE, true, false) +PasswordObfuscator.OBFUSCATION_TOKEN;
+ executeWithCredentials(Arrays.asList(createTestRoleCQL), CASS_USER, CASS_PW, AuditLogEntryType.LOGIN_SUCCESS);
+ assertTrue(getInMemAuditLogger().size() > 0);
+ AuditLogEntry logEntry = getInMemAuditLogger().poll();
+ assertLogEntry(logEntry, AuditLogEntryType.REQUEST_FAILURE, createTestRoleCQLExpected, CASS_USER);
+ assertEquals(0, getInMemAuditLogger().size());
+ }
+
@Test
public void testCqlALTERRoleAuditing()
{
@@ -232,6 +245,11 @@ public class AuditLoggerAuthTest
{
//no-op, taken care by caller
}
+ catch (SyntaxError e)
+ {
+ //no-op, taken care by caller
+
+ }
}
if (expectedType != null)
… and per-table indexes for SAI (#140) * STAR-512 Add guardrails for total and per-table indexes for SAI Co-authored-by: Paulo Ricardo Motta Gomes <pauloricardomg@users.noreply.github.com> * STAR-515 Add guardrail for SASI Co-authored-by: Zhao Yang <jasonstack.zhao@gmail.com> Co-authored-by: Paulo Ricardo Motta Gomes <pauloricardomg@users.noreply.github.com> Co-authored-by: Zhao Yang <jasonstack.zhao@gmail.com> (cherry picked from commit e2ae18e) (cherry picked from commit eaf8c59)
No description provided.