f9b495bceaff82f2d0a05e6cb88f2b454ac8e0a4 | Author: Andy Tolbert <6889771+tolbertam@users.noreply.github.com>
| 2024-08-25 19:53:09-05:00
Regenerate testdata/pki and include script for regenerating
The existing certificates in testdata/pki expire on September 16 2024.
This commit includes a 'generate_certs.sh' script for regenerating
private keys and certificates as needed.
As I couldn't find the original steps used to generate these, it's
possible these certificates are generated differently, but they are
done in a nominal way.
One slight derivation with the original certificates is that I have
opted to use PKCS12 format instead of the propertiary java JKS format
for the .truststore and .keystore file. The cassandra and gocql
certificates also embed a spiffe in the SAN so they can eventually
be used for mTLS authentication testing.
patch by Andy Tolbert; reviewed by Bret McGuire for CASSANDRA-19862
445d97428fb6eb28de06a06e24743caf4c479270 | Author: Andy Tolbert <6889771+tolbertam@users.noreply.github.com>
| 2024-08-22 22:49:15-05:00
Don't restrict server authenticator in PasswordAuthenticator
Currently gocql will only allow authenticating with authenticators
defined in defaultApprovedAuthenticators in conn.go.
There have been multiple occurrences of implementers needing to update
this list, either when a vendor would like to add their authenticator,
or a new authenticator being added.
It would probably reduce friction to just accept any authenticator
provided by the server. From what I know, other drivers behave in this
way.
If a user wanted to restrict this, they could use the existing
configuration PasswordAuthenticator.AllowedAuthenticators.
patch by Andy Tolbert; reviewed by Joao Reis, Lukasz Antoniak for CASSGO-19
6d3ba47631ebde78460168a2d33c4facde0bd731 | Author: Jason Koch <jkoch@netflix.com>
| 2024-08-12 22:52:13-07:00
Reduce lock held duration in ConcurrencyLimitingRequestThrottler
It might take some (small) time for callback handling when the
throttler request proceeds to submission.
Before this change, the throttler proceed request will happen while
holding the lock, preventing other tasks from proceeding when there is
spare capacity and even preventing tasks from enqueuing until the
callback completes.
By tracking the expected outcome, we can perform the callback outside
of the lock. This means that request registration and submission can
proceed even when a long callback is being processed.
patch by Jason Koch; Reviewed by Andy Tolbert and Chris Lohfink for CASSANDRA-19922
a40e7587b175cc198fb533eadabd31e94f837369 | Author: Christian Aistleitner <christian.aistleitner@outlook.com>
| 2024-06-06 09:14:16+02:00
Fix uncaught exception during graceful channel shutdown
after exceeding max orphan ids
patch by Christian Aistleitner; reviewed by Andy Tolbert, and Bret McGuire for #1938
4c7133c72e136d23dbcea795e0041df764568931 | Author: Andy Tolbert <6889771+tolbertam@users.noreply.github.com>
| 2024-01-23 10:21:02-06:00
Replace uses of AttributeKey.newInstance
The java driver uses netty channel attributes to decorate a
connection's channel with the cluster name (returned from
the system.local table) and the map from the OPTIONS response, both
of which are obtained on connection initialization.
There's an issue here that I wouldn't expect to see in practice in
that the AttributeKey's used are created using
AttributeKey.newInstance, which throws an exception if an
AttributeKey of that name is defined anywhere else in evaluated code.
This change attempts to resolve this issue by changing AttributeKey
initialiation in DriverChannel from newInstance to valueOf, which avoids
throwing an exception if an AttributeKey of the same name was previously
instantiated.
patch by Andy Tolbert; reviewed by Bret McGuire, Alexandre Dutra, Abe Ratnofsky for CASSANDRA-19290