45628cf041
Introduce maintenance_socket_authenticator and rework maintenance_socket_role_manager to support role management operations. Maintenance auth service uses allow_all_authenticator. To allow role modification statements over the maintenance socket connections, we need to treat the maintenance socket connections as superusers and give them proper access rights. Possible approaches are: 1. Modify allow_all_authenticator with conditional logic that password_authenticator already does 2. Modify password_authenticator with conditional logic specific for the maintenance socket connections 3. Extend password_authenticator, overriding the methods that differ Option 3 is chosen: maintenance_socket_authenticator extends password_authenticator with authentication disabled. The maintenance_socket_role_manager is reworked to lazily create a standard_role_manager once the node joins the cluster, delegating role operations to it. In maintenance mode role operations remain disabled. Refs SCYLLADB-409
32 lines
636 B
C++
32 lines
636 B
C++
/*
|
|
* Copyright (C) 2026-present ScyllaDB
|
|
*
|
|
* Modified by ScyllaDB
|
|
*/
|
|
|
|
/*
|
|
* SPDX-License-Identifier: (LicenseRef-ScyllaDB-Source-Available-1.0 and Apache-2.0)
|
|
*/
|
|
|
|
#include "auth/maintenance_socket_authenticator.hh"
|
|
|
|
|
|
namespace auth {
|
|
|
|
maintenance_socket_authenticator::~maintenance_socket_authenticator() {
|
|
}
|
|
|
|
future<> maintenance_socket_authenticator::start() {
|
|
return make_ready_future<>();
|
|
}
|
|
|
|
future<> maintenance_socket_authenticator::ensure_superuser_is_created() const {
|
|
return make_ready_future<>();
|
|
}
|
|
|
|
bool maintenance_socket_authenticator::require_authentication() const {
|
|
return false;
|
|
}
|
|
|
|
} // namespace auth
|