[CASSANDRA-10168] CassandraAuthorizer.authorize must throw exception when lookup of any auth table fails - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 2.1.9, 2.2.1, 3.0 beta 2
Component/s: None
Labels:
None

Severity:
Normal

Description

The PermissionCache is refreshed in the background every permissions_update_interval_in_ms by looking up cassandra tables. This background refresher assumes the called methods to throw exception on cassandra failures. In such cases, it just serves the stale entry until the next refresh happens.

CassandraAuthorizer.authorize is throwing exception when it fails to lookup system_auth.users table. However when lookup on system_auth.permissions table fails, it swallows the exception and returns PERMISSION.NONE. In that case, the cache thinks that permission was revoked for the user until the next refresh succeeds. All the requests to that user on that cassandra instance fail incorrectly till the next refresh succeeds. This is bad.

CassandraAuthorizer.authorize must throw exception when lookup of any auth table fails.

I have attached a patch for cassandra 2.0 branch.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

authorizer.patch
24/Aug/15 16:41
0.7 kB
Vishy Kasar

Activity

People

Assignee:: Vishy Kasar

Reporter:: Vishy Kasar

Authors:: Vishy Kasar

Reviewers:: Sankalp Kohli

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 24/Aug/15 16:41

Updated:: 16/Apr/19 09:30

Resolved:: 25/Aug/15 01:01