mirror of
https://github.com/scylladb/scylladb.git
synced 2026-04-23 01:50:35 +00:00
fbc97626c4
This change allows for seamless migration of the legacy users metadata to the new role-based metadata tables. This process is summarized in `docs/migrating-from-users-to-roles.md`. In general, if any nondefault metadata exists in the new tables, then no migration happens. If, in this case, legacy metadata still exists then a warning is written to the log. If no nondefault metadata exists in the new tables and the legacy tables exist, then each node will copy the data from the legacy tables to the new tables, performing transformations as necessary. An informational message is written to the log when the migration process starts, and when the process ends. During the process of copying, data is overwritten so that multiple nodes racing to migrate data do not conflict. Since Apache Cassandra's auth. schema uses the same table for managing roles and authentication information, some useful functions in `roles-metadata.hh` have been added to avoid code duplication. Because a superuser should be able to drop the legacy users tables from `system_auth` once the cluster has migrated to roles and is functioning correctly, we remove the restriction on altering anything in the "system_auth" keyspace. Individual tables in `system_auth` are still protected later in the function. When a cluster is upgrading from one that does not support roles to one that does, some nodes will be running old code which accesses old metadata and some will be running new code which access new metadata. With the help of the gossiper `feature` mechanism, clients connecting to upgraded nodes will be notified (through code in the relevant CQL statements) that modifications are not allowed until the entire cluster has upgraded.