Versions Compared

Old Version 3

changes.mady.by.user Brian Houser

Saved on

compared with

New Version Current

changes.mady.by.user Stefan Miklosovic

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents


...

Status

Current state: ImplementingDone

Discussion threadDev List

...

To make these work with the new system we would extend the cqlshrc file to have a configuration as the following:

[AuthProviderauth_provider]

classname=<class name>
module=<path to module>

[AuthProviderExtendedProperties]
extendedparam1
classname=<MyProvider>
other = <propertyvalue
someother to be fed into a dict during initialization>
... 
= somevalue


Cqlsh, when invoked with this configuration, would create an instance of the given class name from the given module.

...

[AuthProvider]

classname=SaslAuthProvider
module=cassandra.auth

[AuthProviderExtendedProperties]
service = something
mechanism = GSSAPI
qops = auth


Of course, there needs to be also server side of this implementation (or any other implementation, for that matter) but this is outside of the scope of this ticket and server-side custom authenticators are already possible to implement by implementing respective interfaces.

Adding additional cqlshrc properties to allow instantiation of plugin authenticator

...

The new heading for the cqlshrc would appear to be the following:

[AuthProviderauth_provider]

classname = <class name>
module = <path to module>
path = <path to python lib>

[AuthProviderExtendedProperties]
param1
other = <customvalue
someother property= sent to AuthProvider's constructor>
somevalue


module and path would correspond to the arguments that are part of the built-in importlib functionality of Python. classname would correspond to the class name loaded.

To allow flexibility, all additional properties in AuthProviderExtendedProperties section would be sent to the constructor of the class as simple named properties.  This would allow a custom plugin to easily handle additional properties unique to its context (KDC, LDAP server, etc).

To support CLI operation, these could be overloaded at the command line using the options --AuthProvider  and  --AuthProviderExtended

These are accessible with standard period/context notation using <section Name>.<Property>.  For example to override the authprovider class name...

...

$ cqlsh --AuthProvider.classname=SaslAuthProvider


Dynamic loading of Custom AuthProvider class in cqlsh utility

Cqlsh would use the AuthProvider auth_provider section to instantiate the AuthProvider class, through the use of importlib and getattr functions.  The constructed AuthProvider auth_provider instance would then be passed as the auth_provider property of the Cluster constructor when cqlsh created the connection.

...

To configure cqlsh to work I would add the following section to my cqlshrc file...

[AuthProviderauth_provider]

classname=SAMLAuthProvider
module=com.example.cassandra.driver.auth
path=~/samlplugin


[AuthProviderExtendedProperties]
saml_file_path=~/saml.conf

...