Details
-
Bug
-
Status: Resolved
-
Low
-
Resolution: Fixed
-
None
-
cassandra 2.2.0
-
Low
Description
We may have uncovered an undocumented api change between cassandra 2.1.x and 2.2.0.
When granting permissions to a username containing special characters, 2.1.x needed single quotes around the username and refused doubles.
2.2.0 needs doubles and refuses singles.
Working example for 2.1.x:
GRANT SELECT ON ALL KEYSPACES TO 'vault-readonly-root-79840dbb-917e-ed90-38e0-578226e6c1c6-1440017797';
Enclosing the username in double quotes instead of singles fails with the following error message:
cassandra@cqlsh> GRANT SELECT ON ALL KEYSPACES TO "vault-readonly-root-79840dbb-917e-ed90-38e0-578226e6c1c6-1440017797";
SyntaxException: <ErrorMessage code=2000 [Syntax error in CQL query] message="line 1:33 mismatched input 'vault-readonly-root-79840dbb-917e-ed90-38e0-578226e6c1c6-1440017797' expecting set null (...SELECT ON ALL KEYSPACES TO ["vault-readonly-root-79840dbb-917e-ed90-38e0-578226e6c1c6-144001779]...)">
Singles fail in 2.2.0:
cassandra@cqlsh> GRANT SELECT ON ALL KEYSPACES TO 'vault-readonly-root-e04e7a84-a7ba-d84f-f3c0-1e50e7590179-1440019308';
SyntaxException: <ErrorMessage code=2000 [Syntax error in CQL query] message="line 1:33 no viable alternative at input 'vault-readonly-root-e04e7a84-a7ba-d84f-f3c0-1e50e7590179-1440019308' (...SELECT ON ALL KEYSPACES TO ['vault-readonly-root-e04e7a84-a7ba-d84f-f3c0-1e50e7590179-144001930]...)">
... whereas double quotes succeed:
GRANT SELECT ON ALL KEYSPACES TO "vault-readonly-root-e04e7a84-a7ba-d84f-f3c0-1e50e7590179-1440019308";
If this is a deliberate change, I don't think it is reflected in the documentation. I am temped to consider this a bug introduced with the role additions.
Motivation for this report: https://github.com/hashicorp/vault/pull/545#issuecomment-132634630