scylladb

Files

Pavel Emelyanov 2f4f0eb060 Merge 'Alternator: a few RBAC fixes' from Nadav Har'El

The main goal of this PR is to fix a bug (#20619) in the alternator_enforce_authorization=false setting - which didn't do its job (i.e, _don't_ check permissions) when authorization is configured in CQL but not wanted in Alternator.

The series also a few smaller bugs in the code that were discovered while debugging the main issue:
1. A potential use-after-free (that didn't seem to hit us in practice) is fixed.
2. A confusing error message (that was also reported in #20619) is improved.
3. Make the alternator_enforce_authorization live-updatable. There was no reason why it shouldn't be, and as this series needs to make this flag available to more code, let's just do it properly and assume the flag is live-updatable.

Because the RBAC feature has not been backported to any open-source branches, neither should these fixes. But if some private branch received a backport of the RBAC feature, it should get these fixes too.

Fixes #20619.

Closes scylladb/scylladb#20640

* github.com:scylladb/scylladb:
  alternator: make alternator_enforce_authorization live-updateable
  alternator: fix alternator_enforce_authorization=false
  alternator: improve error message when unauthenticated
  alternator: avoid use-after-free in RBAC

2024-09-18 14:02:09 +03:00

auth.cc

treewide: use seastar::format() or fmt::format() explicitly

2024-09-11 23:21:40 +03:00

auth.hh

alternator: add support for auth-v2

2024-03-01 16:25:14 +01:00

CMakeLists.txt

build: bring abseil submodule back

2024-05-05 23:31:09 +03:00

conditions.cc

treewide: use seastar::format() or fmt::format() explicitly