| 23 Collaborator |
|
Štefan Miklošovič , Caleb Rackliffe , Mick Semb Wever , Marcus Eriksson , David Capwell , Josh McKenzie , Jon Meredith , Yifan Cai , Francisco Guerrero , Paulo Motta , Doug Rohrer , Chris Lohfink , Andy Tolbert , Yuki Morishita , Abe Ratnofsky , Jyothsna Konisa , Bernardo Botella , Shailaja Koppu , Natnael Adere , Saranya Krishnakumar , jkonisa , Yuriy Semchyshyn , Andrew Tolbert |
| 7 Patch |
23 Review |
|
f078c02cb58bddd735490b07548f7352f0eb09aa,
1ba6ef93d0721741b5f6d6d72cba3da03fe78438,
695ef5ef66eb8f1759f7dccbe199e7da863167b8,
48af78d1d4b5f285d3dd4991afd4df3101e3983a,
07cb6fea534a65152862cabc36e260c6d3776f36,
ea4b44e0ed0a4f0bbe9b18fb40ad927b49a73a32,
369355a061a24d8e36a578fd88cc8fa459e0f18c |
98a0b54c4025ef21aa3fb56f1962c4771e095652,
d336dda1123af0c272c69e42b6214577e30447e1,
bb68141861e77623f0d0b13f72846651a71c1017,
a0af41f666c23a840d9df3f06729ed5fd2c06cd1,
c09d0d929baeaa02f3438313c7979ccf6b4b3c5a,
b9586501a6b6cdfe465302448018785652c9b966,
6ffa43f68b8d10ca84d4a00bf81269527b4e14df,
9c796dfb272daa3ce57a2dc5cbeadd9273e1ac72,
933137fb14d4ebfe38d0d2c8e23b765aa1c89333,
f078c02cb58bddd735490b07548f7352f0eb09aa,
aafb4d19448f12ce600dc4e84a5b181308825b32,
acd815898d1e5669e7d8ee2469808f6e8a14a7df,
4444721b6de555352bf0ac3ef7e36f94dc832f41,
145dbd1f0875ae4c54392125e09ed05153c0dd8f,
4526b3fcbde22d09065820286dd434d93ecc89ba,
a250126f0f277b43a18cb665ccd02a105271bc33,
e87a1e0c0a19c64ed2edc2d340c0f8af16776e2c,
3a6f6907314670fdb2b316db8f08ffd85da88851,
df16b3750dc2c1b6b9bcdece6f81dfd3de7ebdfa,
d336dda1123af0c272c69e42b6214577e30447e1,
933137fb14d4ebfe38d0d2c8e23b765aa1c89333,
0448f15e3db392f2f60db332fabf6309aa3d5089,
1e3bc4c3b34eae563547899645bfb3f0a1948c79 |
bb68141861e77623f0d0b13f72846651a71c1017 | Author: Francisco Guerrero <frank.guerrero@gmail.com>
| 2024-05-29 13:38:02-07:00
CASSANDRA-19669: Audit Log entries are missing identity for mTLS connections
Patch by Francisco Guerrero; Reviewed by Bernardo Botella, Andrew Tolbert, Dinesh Joshi for CASSANDRA-19669
a0af41f666c23a840d9df3f06729ed5fd2c06cd1 | Author: Francisco Guerrero <frank.guerrero@gmail.com>
| 2024-02-15 13:19:28-08:00
CASSANDRA-18951: Add option for MutualTlsAuthenticator to restrict the certificate validity period
In this commit, we introduce two new optional options for the `server_encryption_options`
and the `client_encryption_options`. The options are `max_certificate_validity_period` and
`certificate_validity_warn_threshold`. Both options can be configured as a duration
configuration parameter as defined by the `DurationSpec` (see CASSANDRA-15234). The resolution
for these new properties is minutes.
When specified, the certificate validation implementation will take that information
and reject certificates that are older than the maximum allowed certificate validity period,
translating into a rejection from the authenticating user.
The `certificate_validity_warn_threshold` option can be configured to emit warnings (log entries)
when the certificate exceeds the validity threshold.
patch by Francisco Guerrero; reviewed by Andy Tolbert, Abe Ratnofsky, Dinesh Joshi for CASSANDRA-18951
c09d0d929baeaa02f3438313c7979ccf6b4b3c5a | Author: Andy Tolbert <andy_tolbert@apple.com>
| 2024-01-30 16:41:54-08:00
Allow CQL client certificate authentication to work without sending an AUTHENTICATE request
patch by Andy Tolbert; reviewed by Abe Ratnofsky, Dinesh Joshi, Francisco Guerrero, Jyothsna Konisa for CASSANDRA-18857
b9586501a6b6cdfe465302448018785652c9b966 | Author: Jon Meredith <jonmeredith@apache.org>
| 2023-09-21 16:07:29-06:00
Internode legacy SSL storage port certificate is not hot reloaded on update
patch by Jon Meredith; reviewed by Dinesh Joshi, Francisco Guerrero for CASSANDRA-18681
6ffa43f68b8d10ca84d4a00bf81269527b4e14df | Author: Francisco Guerrero <frank.guerrero@gmail.com>
| 2023-08-25 11:10:48-06:00
Support Dynamic Port Allocation for in-jvm dtest framework
patch by Francisco Guerrero; reviewed by Dinesh Joshi, Jon Meredith, Yifan Cai for CASSANDRA-18722
9c796dfb272daa3ce57a2dc5cbeadd9273e1ac72 | Author: Francisco Guerrero <frank.guerrero@gmail.com>
| 2023-07-28 09:26:20-07:00
Skip ColumnFamilyStore#topPartitions initialization when client or tool mode
This commit skips the initialization of `topPartitions` in `org.apache.cassandra.db.ColumnFamilyStore`
when running in client or tool mode. The `TopPartitionTracker` class will attempt to query the system
keyspace, which when running in client or tool mode will not be part of the KeyspaceMetadata. This
causes a warning to be printed out with a stacktrace that can be misleading. The warning is similar to
this:
```
WARN org.apache.cassandra.db.SystemKeyspace: Could not load stored top SIZES partitions for ...
org.apache.cassandra.db.KeyspaceNotDefinedException: keyspace system does not exist
at org.apache.cassandra.schema.Schema.validateTable(Schema.java:xxx) ~[?:?]
at org.apache.cassandra.cql3.statements.SelectStatement$RawStatement.prepare(SelectStatement.java:xxx) ~[?:?]
at org.apache.cassandra.cql3.statements.SelectStatement$RawStatement.prepare(SelectStatement.java:xxx) ~[?:?]
at org.apache.cassandra.cql3.statements.SelectStatement$RawStatement.prepare(SelectStatement.java:xxx) ~[?:?]
at org.apache.cassandra.cql3.QueryProcessor.parseAndPrepare(QueryProcessor.java:xxx) ~[?:?]
...
```
In this commit, we check whether we run in client or tool mode, and skip initialization
of `topPartitions` in those cases.
Patch by Francisco Guerrero; Reviewed by Dinesh Joshi, Yifan Cai for CASSANDRA-18697
933137fb14d4ebfe38d0d2c8e23b765aa1c89333 | Author: Shailaja Koppu <s_koppu@apple.com>
| 2023-06-13 17:18:29+01:00
CIDR filtering authorizer
Patch by Shailaja Koppu, Yifan Cai; Reviewed by Dinesh Joshi, Yifan Cai for CASSANDRA-18592
Co-Authored-By: Yifan Cai <ycai@apache.org>
933137fb14d4ebfe38d0d2c8e23b765aa1c89333 | Author: Shailaja Koppu <s_koppu@apple.com>
| 2023-06-13 17:18:29+01:00
CIDR filtering authorizer
Patch by Shailaja Koppu, Yifan Cai; Reviewed by Dinesh Joshi, Yifan Cai for CASSANDRA-18592
Co-Authored-By: Yifan Cai <ycai@apache.org>
f078c02cb58bddd735490b07548f7352f0eb09aa | Author: jkonisa <jkonisa@apple.com>
| 2023-05-22 22:15:22-07:00
Adding Mutual TLS authenticators for client & internode connections
Patch by Jyothsna Konisa & Dinesh Joshi; reviewed by Yifan Cai, Jon Meredith,
Yuki Morishita & Dinesh Joshi for CASSANDRA-18554
Co-Authored-By: Dinesh Joshi <djoshi@apache.org>
1e3bc4c3b34eae563547899645bfb3f0a1948c79 | Author: Doug Rohrer <doug@therohrers.org>
| 2023-05-18 20:44:43-04:00
Add JMX utility class to in-jvm dtest to ease development of new tests using JMX
While reviewing CASSANDRA-18511, some repetitive code was identified across the 4 branches,
and 2 different tests, that would also be repeated for any new usages of the JMX support
in the in-jvm dtest framework. Therefore, a utility class should be added to the dtest-api's
`shared` package that will simplify some of this repetitive and error-prone code.
patch by Doug Rohrer; reviewed by Jon Meredith, Dinesh Joshi for CASSANDRA-18537
4444721b6de555352bf0ac3ef7e36f94dc832f41 | Author: Natnael Adere <natnael_adere@apple.com>
| 2023-03-24 09:28:37-07:00
Provide summary of failed SessionInfo's in StreamResultFuture
patch by Natnael Adere; reviewed by David Capwell, Dinesh Joshi, Jon Meredith for CASSANDRA-17199
145dbd1f0875ae4c54392125e09ed05153c0dd8f | Author: Saranya Krishnakumar <saranya_k@apple.com>
| 2022-10-19 16:58:41-07:00
Add flag to exclude nodes from local DC when running nodetool rebuild
Patch by Saranya Krishnakumar; reviewed by Dinesh Joshi, Marcus Eriksson, Yifan Cai for CASSANDRA-17870
4526b3fcbde22d09065820286dd434d93ecc89ba | Author: Josh McKenzie <jmckenzie@apache.org>
| 2022-08-16 14:19:46-04:00
Add ability to log load profiles at fixed intervals
Patch by Yifan Cai; reviewed by Josh McKenzie, Dinesh Joshi, and Chris Lohfink for CASSANDRA-17821
Co-authored-by: Yifan Cai <ycai@apache.org>
Co-authored-by: Josh McKenzie <jmckenzie@apache.org>
df16b3750dc2c1b6b9bcdece6f81dfd3de7ebdfa | Author: David Capwell <dcapwell@apache.org>
| 2022-02-04 10:15:58-08:00
When streaming sees a ClosedChannelException this triggers the disk failure policy
patch by David Capwell, Francisco Guerrero; reviewed by Caleb Rackliffe, Dinesh Joshi for CASSANDRA-17116
0448f15e3db392f2f60db332fabf6309aa3d5089 | Author: David Capwell <David Capwell>
| 2022-02-04 10:15:46-08:00
When streaming sees a ClosedChannelException this triggers the disk failure policy
patch by David Capwell, Francisco Guerrero; reviewed by Caleb Rackliffe, Dinesh Joshi for CASSANDRA-17116