Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-10135

Quoting changed for username in GRANT statement

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Low
    • Resolution: Fixed
    • Fix Version/s: 2.2.1, 3.0 beta 2
    • Component/s: Legacy/CQL
    • Labels:
      None
    • Environment:

      cassandra 2.2.0

    • Severity:
      Low
    • Since Version:

      Description

      We may have uncovered an undocumented api change between cassandra 2.1.x and 2.2.0.
      When granting permissions to a username containing special characters, 2.1.x needed single quotes around the username and refused doubles.
      2.2.0 needs doubles and refuses singles.

      Working example for 2.1.x:

      GRANT SELECT ON ALL KEYSPACES TO 'vault-readonly-root-79840dbb-917e-ed90-38e0-578226e6c1c6-1440017797';
      

      Enclosing the username in double quotes instead of singles fails with the following error message:

      cassandra@cqlsh> GRANT SELECT ON ALL KEYSPACES TO "vault-readonly-root-79840dbb-917e-ed90-38e0-578226e6c1c6-1440017797";
      SyntaxException: <ErrorMessage code=2000 [Syntax error in CQL query] message="line 1:33 mismatched input 'vault-readonly-root-79840dbb-917e-ed90-38e0-578226e6c1c6-1440017797' expecting set null (...SELECT ON ALL KEYSPACES TO ["vault-readonly-root-79840dbb-917e-ed90-38e0-578226e6c1c6-144001779]...)">

      Singles fail in 2.2.0:

      cassandra@cqlsh> GRANT SELECT ON ALL KEYSPACES TO 'vault-readonly-root-e04e7a84-a7ba-d84f-f3c0-1e50e7590179-1440019308';
      SyntaxException: <ErrorMessage code=2000 [Syntax error in CQL query] message="line 1:33 no viable alternative at input 'vault-readonly-root-e04e7a84-a7ba-d84f-f3c0-1e50e7590179-1440019308' (...SELECT ON ALL KEYSPACES TO ['vault-readonly-root-e04e7a84-a7ba-d84f-f3c0-1e50e7590179-144001930]...)">

      ... whereas double quotes succeed:

      GRANT SELECT ON ALL KEYSPACES TO "vault-readonly-root-e04e7a84-a7ba-d84f-f3c0-1e50e7590179-1440019308";
      

      If this is a deliberate change, I don't think it is reflected in the documentation. I am temped to consider this a bug introduced with the role additions.

      Motivation for this report: https://github.com/hashicorp/vault/pull/545#issuecomment-132634630

        Attachments

          Activity

            People

            • Assignee:
              samt Sam Tunnicliffe
              Reporter:
              bkw Bernhard K. Weisshuhn
              Authors:
              Sam Tunnicliffe
              Reviewers:
              Aleksey Yeschenko
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: