mirror of
https://github.com/scylladb/scylladb.git
synced 2026-04-24 02:20:37 +00:00
03608d269e
This series takes Scylla most of the way to supporting roles, and eliminates old user-based code. All the old user-based CQL statements and functionality should exist as they did before, except now they are backed internally by roles. While all the functionality for supporting roles should be present, role-specific features like granting a role to another role still warn as "unimplemented". This will continue until the next series addresses the final touches. These remaining items are: - A slightly revised CQL syntax consistent with Apache Cassandra's revised role syntax. - A user is automatically granted permissions on resources they create. Users running a previous version of Scylla should be able to seamlessly upgrade to a version of Scylla with this series merged. When a newly upgraded node starts, it detects the presence of old metadata and copies it to the new metadata tables if no nondefault new metadata yet exists. A new gossiper feature flag, ROLES, also ensures that access-control data is not modified while a cluster is in a partially-upgraded state. If, when the cluster is in a partially upgraded state, a client connects to an un-upgraded node then likely the change will not be propogated to the new metadata table. We will document that changes to access-control are not supported while upgrading in order to account for both cases (a client connecting to an upgraded and a non-upgraded node). All unit tests pass (except those which also fail on `master`). I've run auth-related dtests and they all pass, except for tests which depend on the old security model and which are therefore invalid. Upstream dtests have been updated to account for this new security model, and I will open an appropriate pull request to to similarly update our own version. I have also done a test-run cluster upgrade procedure with ccm consisting of a 3 node cluster. I began by creating the cluster from `master` and increasing the replication factor of the `system_auth` keyspace to 3 and repairing the nodes. I then created several users and granted them permissions on some resources. I then stopped a node, updated its hardlinked executable to Scylla built from this patch series , and restarted the node. I observed the migration of legacy data starting and finishing. Connecting to the node, I observed all the new roles functionality was working correctly. I verified that attempting to change access-control information failed with a message about an upgrading cluster. I repeated the process, node by node, with the remaining two nodes and finally observed that the entire cluster had upgraded and that I could modify access-control information freely. I will encapsulate this test into a dtest if possible. Fixes #1941. * 'jhk/switch_to_roles/v6' of https://github.com/hakuch/scylla: (83 commits) cql3: Remove some unimplemented warnings cql3: Prevent unhandled exception for anonymous user auth: Add alias for set of role names auth: Revoke permissions on dropped role resources auth: Move definition to corresponding .cc file cql3: Fix life-time of `user` from `client_state` auth: Migrate legacy data on boot auth: Check protected resources of the role-manager auth: Protect authenticator resources service/client_state: Correct erroneous comment client_state: Fix error message cql3: Fix error handling for GRANT and REVOKE auth: Remove unnecessary `sstring` allocation cql3: Rename variables to reflect roles auth: Decouple authorization and role management auth: Add code to expand a resource family cql: Also add `username` col. for LIST PERMISSIONS cql3: Fix error handling in LIST PERMISSIONS auth: Change error messages to pass dtests cql3: Handle errors more precisely for roles ...