bahman/scylla
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
db49ccccb05c2e6cdcf25a18469ead75b85e32cf
scylla/auth/standard_role_manager.hh
Calle Wilund 69217662bd auth: Allow specifying initial superuser name + passwd (salted) in config 
Instead of locking this to "cassandra:cassandra", allow setting in scylla.yaml
or commandline. Note that config values become redundant as soon as auth tables
are initialized.
2023-06-26 15:00:20 +00:00

95 lines
2.7 KiB
C++
Raw Blame History

/*
* Copyright (C) 2017-present ScyllaDB
*/
/*
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
#pragma once
#include "auth/role_manager.hh"
#include <string_view>
#include <unordered_set>
#include <seastar/core/abort_source.hh>
#include <seastar/core/future.hh>
#include <seastar/core/sstring.hh>
#include "seastarx.hh"
namespace cql3 {
class query_processor;
}
namespace service {
class migration_manager;
}
namespace auth {
class standard_role_manager final : public role_manager {
cql3::query_processor& _qp;
::service::migration_manager& _migration_manager;
future<> _stopped;
seastar::abort_source _as;
std::string _superuser;
public:
standard_role_manager(cql3::query_processor&, ::service::migration_manager&);
virtual std::string_view qualified_java_name() const noexcept override;
virtual const resource_set& protected_resources() const override;
virtual future<> start() override;
virtual future<> stop() override;
virtual future<> create(std::string_view role_name, const role_config&) override;
virtual future<> drop(std::string_view role_name) override;
virtual future<> alter(std::string_view role_name, const role_config_update&) override;
virtual future<> grant(std::string_view grantee_name, std::string_view role_name) override;
virtual future<> revoke(std::string_view revokee_name, std::string_view role_name) override;
virtual future<role_set> query_granted(std::string_view grantee_name, recursive_role_query) override;
virtual future<role_set> query_all() override;
virtual future<bool> exists(std::string_view role_name) override;
virtual future<bool> is_superuser(std::string_view role_name) override;
virtual future<bool> can_login(std::string_view role_name) override;
virtual future<std::optional<sstring>> get_attribute(std::string_view role_name, std::string_view attribute_name) override;
virtual future<role_manager::attribute_vals> query_attribute_for_all(std::string_view attribute_name) override;
virtual future<> set_attribute(std::string_view role_name, std::string_view attribute_name, std::string_view attribute_value) override;
virtual future<> remove_attribute(std::string_view role_name, std::string_view attribute_name) override;
private:
enum class membership_change { add, remove };
future<> create_metadata_tables_if_missing() const;
bool legacy_metadata_exists();
future<> migrate_legacy_metadata() const;
future<> create_default_role_if_missing() const;
future<> create_or_replace(std::string_view role_name, const role_config&) const;
future<> modify_membership(std::string_view role_name, std::string_view grantee_name, membership_change) const;
};
}
Reference in New Issue View Git Blame Copy Permalink