Add API endpoint for getting view tables names #17958
Comments
|
Erm, what's wrong with |
It requires CQL credentials, which the Manager doesn't always have. |
|
I don't know Scylla policy, but vendors usually don't provide unauthorized access to user data, and view names are user generated. CQL way is the standard way. I mean, when does this stop? Next Scylla Manager needs to read data or DROP KEYSPACE, and we add an endpoint? @tzach please approve. |
|
You can already list all keyspace and table names via the API. Adding a filter for views is hardly an information breach. Note that the API can only be accessed from localhost. If you have access to the node, you already have access to this information (you have access to the data dir). |
|
It can be accessed by any user on the local host. The data on disk can be encrypted, the api is not. |
|
On the other hand, is it so problematic that we keep these credentials in Scylla Manager and query system keyspace ? If user doesn't want to provide credentials, he cannot restore (using manager ofc). |
|
I agree that the current API should be limited to Admin, not data, |
Directory names are not encrypted. But I see your point. I think eventually we should add TLS+auth to our API. Then we could expose it on public IPs. |
Knowing which tables are views (both indexes and materialized) is useful information for Scylla Manager for:
Right now Scylla Manager check this information by querying
system_schema.viewstable which requires CQL access (which is not always granted). Having a dedicated endpoint for getting all view tables would be really useful for reducing repair/backup dependency on CQL access.From Scylla Manager perspective, such endpoint could just return all view table names, but making it accept
keyspacepath param could make it more versatile.cc: @karol-kokoszka @denesb @asias
The text was updated successfully, but these errors were encountered: