mirrors/scylladb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
af07718fff494cb6232387fbc29955d70abe2ec2
scylladb/test/lib
History
Marcin Maliszkiewicz c7d3f80863 Merge 'auth: do not create default 'cassandra:cassandra' superuser' from Dario Mirovic 
This patch series removes creation of default 'cassandra:cassandra' superuser on system start.

Disable creation of a superuser with default 'cassandra:cassandra' credentials to improve security. The current flow requires clients to create another superuser and then drop the default `cassandra:cassandra' role. For those who do, there is a time window where the default credentials exist. For those who do not, that role stays. We want to improve security by forcing the client to either use config to specify default values for default superuser name and password or use cqlsh over maintenance socket connection to explicitly create/alter a superuser role.

The patch series:
- Enable role modification over the maintenance socket
- Stop using default 'cassandra' value for default superuser, skipping creation instead

Design document: https://scylladb.atlassian.net/wiki/spaces/RND/pages/165773327/Drop+default+cassandra+superuser

Fixes scylladb/scylla-enterprise#5657

This is an improvement. It does not need a backport.

Closes scylladb/scylladb#27215

* github.com:scylladb/scylladb:
  config: enable maintenance socket in workdir by default
  docs: auth: do not specify password with -p option
  docs: update documentation related to default superuser
  test: maintenance socket role management
  test: cluster: add logs to test_maintenance_socket.py
  test: pylib: fix connect_driver handling when adding and starting server
  auth: do not create default 'cassandra:cassandra' superuser
  auth: remove redundant DEFAULT_USER_NAME from password authenticator
  auth: enable role management operations via maintenance socket
  client_state: add has_superuser method
  client_state: add _bypass_auth_checks flag
  auth: let maintenance_socket_role_manager know if node is in maintenance mode
  auth: remove class registrator usage
  auth: instantiate auth service with factory functors
  auth: add service constructor with factory functors
  auth: add transitional.hh file
  service: qos: handle special scheduling group case for maintenance socket
  service: qos: use _auth_integration as condition for using _auth_integration
2026-03-04 09:43:57 +01:00
..
aws_kms_fixture.cc
test::lib::aws_kms_fixture: Add a fixture object to run mock AWS KMS
2025-11-05 10:22:21 +00:00
aws_kms_fixture.hh
test::lib::aws_kms_fixture: Add a fixture object to run mock AWS KMS
2025-11-05 10:22:21 +00:00
azure_kms_fixture.cc
test::lib: Add azure mock/real server fixture
2025-11-05 10:22:22 +00:00
azure_kms_fixture.hh
test::lib: Add azure mock/real server fixture
2025-11-05 10:22:22 +00:00
boost_test_tree_lister.cc
test/lib/boost_test_tree_lister.cc: Record empty test suites
2026-01-19 18:03:24 +01:00
boost_test_tree_lister.hh
test: Implement describing Boost tests in JSON format
2025-12-23 15:53:06 +02:00
boost_tree_lister_injector.cc
test: Implement describing Boost tests in JSON format
2025-12-23 15:53:06 +02:00
CMakeLists.txt
code: Move limiting data source to test/lib
2026-01-26 12:49:42 +03:00
cql_assertions.cc
test/lib/cql_assertions: is_rows(): add dump parameter
2026-02-20 07:03:46 +02:00
cql_assertions.hh
test/lib/cql_assertions: is_rows(): add dump parameter
2026-02-20 07:03:46 +02:00
cql_test_env.cc
Merge 'auth: do not create default 'cassandra:cassandra' superuser' from Dario Mirovic
2026-03-04 09:43:57 +01:00
cql_test_env.hh
Merge 'batchlog: make replay (flush) faster' from Botond Dénes
2025-12-15 15:05:19 +03:00
data_model.cc
treewide: Move type related files to a type directory As requested in #22110, moved the files and fixed other includes and build system.
2025-09-17 17:32:19 +03:00
data_model.hh
dummy_sharder.cc
dummy_sharder.hh
error_injection.hh
test/lib: introduce error_injection.hh
2025-12-02 14:21:26 +02:00
eventually.cc
eventually.hh
exception_utils.cc
code: Stop using seastar::compat::source_location
2025-11-27 19:10:11 +02:00
exception_utils.hh
code: Stop using seastar::compat::source_location
2025-11-27 19:10:11 +02:00
expr_test_utils.cc
cql: vector: fix vector dimension type
2026-02-26 14:46:53 +02:00
expr_test_utils.hh
cql: vector: fix vector dimension type
2026-02-26 14:46:53 +02:00
failure_injecting_allocation_strategy.hh
fragment_scatterer.hh
gcs_fixture.cc
test::lib::gcs_fixture: Only set port if running docker image + more retry
2025-11-05 10:22:21 +00:00
gcs_fixture.hh
tests::lib::gcs_fixture: Add a reusable test fixture for real/fake GS/GCS
2025-10-13 08:53:26 +00:00
index_reader_assertions.hh
test/lib/index_reader_assertions: skip some row index checks for BTI indexes
2025-09-29 22:15:25 +02:00
key_utils.cc
key_utils.hh
limiting_data_source.cc
code: Move limiting data source to test/lib
2026-01-26 12:49:42 +03:00
limiting_data_source.hh
code: Move limiting data source to test/lib
2026-01-26 12:49:42 +03:00
log.cc
log.hh
make_random_string.hh
memtable_snapshot_source.hh
mutation_assertions.cc
mutation_assertions.hh
mutation_diff
mutation_reader_assertions.hh
mutation_source_test.cc
test/lib: allow to disable compression in random_mutation_generator
2025-11-13 14:08:33 +01:00
mutation_source_test.hh
test/lib: allow to disable compression in random_mutation_generator
2025-11-13 14:08:33 +01:00
nondeterministic_choice_stack.hh
proc_utils.cc
proc_utils.hh
random_schema.cc
test/lib/random_schema: add some constraints for generated uuid and time/date values
2025-09-07 00:32:02 +02:00
random_schema.hh
test/lib/random_schema: add random_schema(schema_ptr) constructor
2025-09-25 11:28:34 +03:00
random_utils.hh
reader_concurrency_semaphore.hh
reader_lifecycle_policy.hh
result_set_assertions.cc
result_set_assertions.hh
treewide: Move query related files to a new query directory
2025-09-16 23:40:47 +03:00
scylla_test_case.hh
scylla_tests_cmdline_options.hh
simple_position_reader_queue.hh
simple_schema.hh
sstable_run_based_compaction_strategy_for_tests.cc
compaction: remove using namespace {compaction,sstables}
2025-09-25 15:03:57 +03:00
sstable_run_based_compaction_strategy_for_tests.hh
compaction: remove using namespace {compaction,sstables}
2025-09-25 15:03:57 +03:00
sstable_test_env.hh
tests::boost: Add GS object storage cases to mirror S3 ones
2025-10-13 08:53:27 +00:00
sstable_utils.cc
compaction: remove using namespace {compaction,sstables}
2025-09-25 15:03:57 +03:00
sstable_utils.hh
test,sstables: add helper to set sstable first and last keys
2025-12-08 12:30:23 +02:00
test_services.cc
test: sstables::test_env: adjust file open limit
2026-02-15 14:27:37 +02:00
test_services.hh
compaction: move code to namespace compaction
2025-09-25 15:03:56 +03:00
test_utils.cc
test: extract cql_test_env's adjust_rlimit() for reuse
2026-02-15 14:26:46 +02:00
test_utils.hh
test: extract cql_test_env's adjust_rlimit() for reuse
2026-02-15 14:26:46 +02:00
tmpdir.cc
tmpdir.hh
topology_builder.hh
test: lib: topology_builder: Introduce add_draining_request()
2026-01-18 15:36:07 +01:00