acb0ddaf3d
In raft mode (auth-v2) we need to do atomic write after read as
we give stricter consistency guarantees. Instead of patching
legacy logic this commit adds different path as:
- old code may be less tested now so it's best to not change it
- new code path avoids quorum selects in a typical flow (passwords set)
There may be a case when user deletes a superuser or password
right before restarting a node, in such case we may ommit
updating a password but:
- this is a trade-off between quorum reads on startup
- it's far more important to not update password when it shouldn't be
- if needed password will be updated on next node restart
If there is no quorum on startup we'll skip creating password
because we can't perform any raft operation.
Additionally this fixes a problem when password is created despite
having non default superuser in auth-v2.
(cherry picked from commit f85d73d405)
102 lines
2.8 KiB
C++
102 lines
2.8 KiB
C++
/*
|
|
* Copyright (C) 2016-present ScyllaDB
|
|
*
|
|
* Modified by ScyllaDB
|
|
*/
|
|
|
|
/*
|
|
* SPDX-License-Identifier: (LicenseRef-ScyllaDB-Source-Available-1.0 and Apache-2.0)
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
#include <seastar/core/abort_source.hh>
|
|
#include <seastar/core/shared_future.hh>
|
|
|
|
#include "db/consistency_level_type.hh"
|
|
#include "auth/authenticator.hh"
|
|
#include "service/raft/raft_group0_client.hh"
|
|
|
|
namespace db {
|
|
class config;
|
|
}
|
|
|
|
namespace cql3 {
|
|
|
|
class query_processor;
|
|
|
|
} // namespace cql3
|
|
|
|
namespace service {
|
|
class migration_manager;
|
|
}
|
|
|
|
namespace auth {
|
|
|
|
extern const std::string_view password_authenticator_name;
|
|
|
|
class password_authenticator : public authenticator {
|
|
cql3::query_processor& _qp;
|
|
::service::raft_group0_client& _group0_client;
|
|
::service::migration_manager& _migration_manager;
|
|
future<> _stopped;
|
|
abort_source _as;
|
|
std::string _superuser; // default superuser name from the config (may or may not be present in roles table)
|
|
shared_promise<> _superuser_created_promise;
|
|
|
|
public:
|
|
static db::consistency_level consistency_for_user(std::string_view role_name);
|
|
static std::string default_superuser(const db::config&);
|
|
|
|
password_authenticator(cql3::query_processor&, ::service::raft_group0_client&, ::service::migration_manager&);
|
|
|
|
~password_authenticator();
|
|
|
|
virtual future<> start() override;
|
|
|
|
virtual future<> stop() override;
|
|
|
|
virtual std::string_view qualified_java_name() const override;
|
|
|
|
virtual bool require_authentication() const override;
|
|
|
|
virtual authentication_option_set supported_options() const override;
|
|
|
|
virtual authentication_option_set alterable_options() const override;
|
|
|
|
virtual future<authenticated_user> authenticate(const credentials_map& credentials) const override;
|
|
|
|
virtual future<> create(std::string_view role_name, const authentication_options& options, ::service::group0_batch& mc) override;
|
|
|
|
virtual future<> alter(std::string_view role_name, const authentication_options& options, ::service::group0_batch&) override;
|
|
|
|
virtual future<> drop(std::string_view role_name, ::service::group0_batch&) override;
|
|
|
|
virtual future<custom_options> query_custom_options(std::string_view role_name) const override;
|
|
|
|
virtual bool uses_password_hashes() const override;
|
|
|
|
virtual future<std::optional<sstring>> get_password_hash(std::string_view role_name) const override;
|
|
|
|
virtual const resource_set& protected_resources() const override;
|
|
|
|
virtual ::shared_ptr<sasl_challenge> new_sasl_challenge() const override;
|
|
|
|
virtual future<> ensure_superuser_is_created() const override;
|
|
|
|
private:
|
|
bool legacy_metadata_exists() const;
|
|
|
|
future<> migrate_legacy_metadata() const;
|
|
|
|
future<> legacy_create_default_if_missing();
|
|
|
|
future<> maybe_create_default_password();
|
|
future<> maybe_create_default_password_with_retries();
|
|
|
|
sstring update_row_query() const;
|
|
};
|
|
|
|
}
|
|
|