Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Flag for Custom Authenticators in Cassandra Storage #5628

Merged
merged 12 commits into from
Jun 18, 2024
9 changes: 5 additions & 4 deletions pkg/cassandra/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,8 +50,8 @@

// Authenticator holds the authentication properties needed to connect to a Cassandra cluster
type Authenticator struct {
Basic BasicAuthenticator `yaml:"basic" mapstructure:",squash"`
// TODO: add more auth types
Basic BasicAuthenticator `yaml:"basic" mapstructure:",squash"`
AllowedAuthenticators []string `yaml:"allowedAuthenticators" mapstructure:"allowedAuthenticators"`
}

// BasicAuthenticator holds the username and password for a password authenticator for a Cassandra cluster
Expand Down Expand Up @@ -143,8 +143,9 @@

if c.Authenticator.Basic.Username != "" && c.Authenticator.Basic.Password != "" {
cluster.Authenticator = gocql.PasswordAuthenticator{
Username: c.Authenticator.Basic.Username,
Password: c.Authenticator.Basic.Password,
Username: c.Authenticator.Basic.Username,
Password: c.Authenticator.Basic.Password,
AllowedAuthenticators: c.Authenticator.AllowedAuthenticators,

Check warning on line 148 in pkg/cassandra/config/config.go

View check run for this annotation

Codecov / codecov/patch

pkg/cassandra/config/config.go#L146-L148

Added lines #L146 - L148 were not covered by tests
}
}
tlsCfg, err := c.TLS.Config(logger)
Expand Down
8 changes: 7 additions & 1 deletion plugin/storage/cassandra/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ const (
suffixSocketKeepAlive = ".socket-keep-alive"
suffixUsername = ".username"
suffixPassword = ".password"

suffixAuth = ".auth"
// common storage settings
suffixSpanStoreWriteCacheTTL = ".span-store-write-cache-ttl"
suffixIndexTagsBlacklist = ".index.tag-blacklist"
Expand Down Expand Up @@ -214,6 +214,10 @@ func addFlags(flagSet *flag.FlagSet, nsConfig namespaceConfig) {
nsConfig.namespace+suffixPassword,
nsConfig.Authenticator.Basic.Password,
"Password for password authentication for Cassandra")
flagSet.String(
nsConfig.namespace+suffixAuth,
"",
"The comma-separated list of Allowed password authentication for Cassandra.")
}

// InitFromViper initializes Options with properties from viper
Expand Down Expand Up @@ -256,6 +260,8 @@ func (cfg *namespaceConfig) initFromViper(v *viper.Viper) {
cfg.SocketKeepAlive = v.GetDuration(cfg.namespace + suffixSocketKeepAlive)
cfg.Authenticator.Basic.Username = v.GetString(cfg.namespace + suffixUsername)
cfg.Authenticator.Basic.Password = v.GetString(cfg.namespace + suffixPassword)
authentication := stripWhiteSpace(v.GetString(cfg.namespace + suffixAuth))
cfg.Authenticator.AllowedAuthenticators = strings.Split(authentication, ",")
cfg.DisableCompression = v.GetBool(cfg.namespace + suffixDisableCompression)
var err error
cfg.TLS, err = tlsFlagsConfig.InitFromViper(v)
Expand Down
4 changes: 4 additions & 0 deletions plugin/storage/cassandra/options_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,17 +64,20 @@ func TestOptionsWithFlags(t *testing.T) {
"--cas.index.tag-whitelist=flerg, flarg,florg ",
"--cas.index.tags=true",
"--cas.index.process-tags=false",
"--cas.auth=org.apache.cassandra.auth.PasswordAuthenticator,com.datastax.bdp.cassandra.auth.DseAuthenticator",
// enable aux with a couple overrides
"--cas-aux.enabled=true",
"--cas-aux.keyspace=jaeger-archive",
"--cas-aux.servers=3.3.3.3, 4.4.4.4",
"--cas-aux.auth=org.apache.cassandra.auth.PasswordAuthenticator,com.ericsson.bss.cassandra.ecaudit.auth.AuditAuthenticator",
})
opts.InitFromViper(v)

primary := opts.GetPrimary()
assert.Equal(t, "jaeger", primary.Keyspace)
assert.Equal(t, "mojave", primary.LocalDC)
assert.Equal(t, []string{"1.1.1.1", "2.2.2.2"}, primary.Servers)
assert.Equal(t, []string{"org.apache.cassandra.auth.PasswordAuthenticator", "com.datastax.bdp.cassandra.auth.DseAuthenticator"}, primary.Authenticator.AllowedAuthenticators)
assert.Equal(t, "ONE", primary.Consistency)
assert.Equal(t, []string{"blerg", "blarg", "blorg"}, opts.TagIndexBlacklist())
assert.Equal(t, []string{"flerg", "flarg", "florg"}, opts.TagIndexWhitelist())
Expand All @@ -86,6 +89,7 @@ func TestOptionsWithFlags(t *testing.T) {
require.NotNil(t, aux)
assert.Equal(t, "jaeger-archive", aux.Keyspace)
assert.Equal(t, []string{"3.3.3.3", "4.4.4.4"}, aux.Servers)
assert.Equal(t, []string{"org.apache.cassandra.auth.PasswordAuthenticator", "com.ericsson.bss.cassandra.ecaudit.auth.AuditAuthenticator"}, aux.Authenticator.AllowedAuthenticators)
assert.Equal(t, 42, aux.ConnectionsPerHost)
assert.Equal(t, 42, aux.MaxRetryAttempts)
assert.Equal(t, 42*time.Second, aux.Timeout)
Expand Down
Loading