mirrors/scylladb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fd4e577db0acb1eddf1ebb8bcff6776a7e65b6c2
scylladb/auth
History
Andrzej Jackowski 86fc513bd9 auth: allow dropping roles in saslauthd_authenticator 
Before this change, `saslauthd_authenticator` prevented dropping
roles. The current documentation instructs users to `Ensure Scylla has
the same users and roles as listed in the LDAP directory`. Therefore,
ScyllaDB should allow dropping roles so administrators can remove
obsolete roles from both LDAP and ScyllaDB.

The code change is minimal — dropping a role is a no-op, similar to the
existing no-op implementations for successful `create` and `alter`
operations.

`saslauthd_authenticator_test` is updated to verify that dropping
a role doesn't throw anymore.

Fixes: scylladb/scylladb#25571

Closes scylladb/scylladb#25574
2025-08-22 09:40:44 +03:00
..
allow_all_authenticator.cc
auth: move passwords::check call to alien thread
2025-07-15 23:29:13 +02:00
allow_all_authenticator.hh
auth: move passwords::check call to alien thread
2025-07-15 23:29:13 +02:00
allow_all_authorizer.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
allow_all_authorizer.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
authenticated_user.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
authenticated_user.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
authentication_options.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
authenticator.cc
Introduce LDAP role manager & saslauthd authenticator
2025-01-12 14:50:29 +02:00
authenticator.hh
auth: ensure default superuser password is set before serving CQL
2025-02-06 10:30:55 +01:00
authorizer.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
certificate_authenticator.cc
auth: move passwords::check call to alien thread
2025-07-15 23:29:13 +02:00
certificate_authenticator.hh
auth: move passwords::check call to alien thread
2025-07-15 23:29:13 +02:00
CMakeLists.txt
Introduce LDAP role manager & saslauthd authenticator
2025-01-12 14:50:29 +02:00
common.cc
everywhere: use utils::chunked_vector for list of mutations
2025-07-13 19:13:11 +03:00
common.hh
auth: split auth-v2 logic for adding default superuser role
2025-06-26 12:28:08 +02:00
default_authorizer.cc
tree: Remove unused boost headers
2025-02-15 20:32:22 +02:00
default_authorizer.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
ldap_role_manager.cc
auth: ldap: fix waiting for underlying role manager
2025-06-26 12:28:08 +02:00
ldap_role_manager.hh
tree: remove unused "#include"s
2025-01-28 14:12:06 +03:00
maintenance_socket_role_manager.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
maintenance_socket_role_manager.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
password_authenticator.cc
Merge 'auth: move passwords::check call to alien thread' from Andrzej Jackowski
2025-07-16 13:15:54 +03:00
password_authenticator.hh
auth: move passwords::check call to alien thread
2025-07-15 23:29:13 +02:00
passwords.cc
auth: make SHA-512 the only password hashing scheme for new passwords
2025-07-15 23:28:33 +02:00
passwords.hh
auth: make SHA-512 the only password hashing scheme for new passwords
2025-07-15 23:28:33 +02:00
permission.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
permission.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
permissions_cache.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
permissions_cache.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
resource.cc
auth: resource: simplify some range transformations
2025-08-12 10:30:06 +03:00
resource.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
role_manager.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
role_or_anonymous.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
role_or_anonymous.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
roles-metadata.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
roles-metadata.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
sasl_challenge.cc
audit: Add service level support to CQL login process
2025-01-15 11:10:36 +01:00
sasl_challenge.hh
audit: Add service level support to CQL login process
2025-01-15 11:10:36 +01:00
saslauthd_authenticator.cc
auth: allow dropping roles in saslauthd_authenticator
2025-08-22 09:40:44 +03:00
saslauthd_authenticator.hh
auth: move passwords::check call to alien thread
2025-07-15 23:29:13 +02:00
service.cc
Merge 'auth: move passwords::check call to alien thread' from Andrzej Jackowski
2025-07-16 13:15:54 +03:00
service.hh
auth: move passwords::check call to alien thread
2025-07-15 23:29:13 +02:00
standard_role_manager.cc
test: sl: verify that legacy auth is not queried in sl to raft upgrade
2025-07-29 11:39:17 +02:00
standard_role_manager.hh
auth: split auth-v2 logic for adding default superuser role
2025-06-26 12:28:08 +02:00
transitional.cc
auth: move passwords::check call to alien thread
2025-07-15 23:29:13 +02:00