mirrors/scylladb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
copilot/fix-host-variable-error
scylladb/cql3/statements/raw/batch_statement.hh
Paweł Zakrzewski 98f5e49ea8 audit: Add support to CQL statements 
Integrates audit functionality into CQL statement processing to enable tracking of database operations. Key changes:

- Add audit_info and statement_category to all CQL statements
- Implement audit categories for different statement types:
  - DDL: Schema altering statements (CREATE/ALTER/DROP)
  - DML: Data manipulation (INSERT/UPDATE/DELETE/TRUNCATE/USE)
  - DCL: Access control (GRANT/REVOKE/CREATE ROLE)
  - QUERY: SELECT statements
  - ADMIN: Service level operations

- Add audit inspection points in query processing:
  - Before statement execution
  - After access checks
  - After statement completion
  - On execution failures

- Add password sanitization for role management statements
  - Mask plaintext passwords in audit logs
  - Handle both direct password parameters and options maps
  - Preserve query structure while hiding sensitive data

- Modify prepared statement lifecycle to carry audit context
  - Pass audit info during statement preparation
  - Track audit info through statement execution
  - Support batch statement auditing

This change enables comprehensive auditing of CQL operations while ensuring sensitive data is properly masked in audit logs.
2025-01-15 11:10:36 +01:00

62 lines
1.6 KiB
C++
Raw Permalink Blame History

/*
* Modified by ScyllaDB
* Copyright (C) 2015-present ScyllaDB
*/
/*
* SPDX-License-Identifier: (LicenseRef-ScyllaDB-Source-Available-1.0 and Apache-2.0)
*/
#pragma once
#include "cql3/statements/raw/cf_statement.hh"
#include "cql3/statements/raw/modification_statement.hh"
#include "service/client_state.hh"
namespace cql3 {
namespace statements {
namespace raw {
class modification_statement;
class batch_statement : public raw::cf_statement {
public:
enum class type {
LOGGED, UNLOGGED, COUNTER
};
private:
type _type;
std::unique_ptr<attributes::raw> _attrs;
std::vector<std::unique_ptr<raw::modification_statement>> _parsed_statements;
public:
batch_statement(
type type_,
std::unique_ptr<attributes::raw> attrs,
std::vector<std::unique_ptr<raw::modification_statement>> parsed_statements)
: cf_statement(std::nullopt)
, _type(type_)
, _attrs(std::move(attrs))
, _parsed_statements(std::move(parsed_statements)) {
}
virtual void prepare_keyspace(const service::client_state& state) override {
for (auto&& s : _parsed_statements) {
s->prepare_keyspace(state);
}
}
virtual std::unique_ptr<prepared_statement> prepare(data_dictionary::database db, cql_stats& stats) override;
protected:
virtual audit::statement_category category() const override;
virtual audit::audit_info_ptr audit_info() const override {
// We don't audit batch statements. Instead we audit statements that are inside the batch.
return audit::audit::create_no_audit_info();
}
};
}
}
}
Reference in New Issue View Git Blame Copy Permalink