private void preventSystemKSSchemaModification(String keyspace, DataResource resource, Permission perm) throws UnauthorizedException { // we only care about DDL statements if (perm != Permission.ALTER && perm != Permission.DROP && perm != Permission.CREATE) return; // prevent ALL local system keyspace modification if (SchemaConstants.isLocalSystemKeyspace(keyspace)) throw new UnauthorizedException(keyspace + " keyspace is not user-modifiable."); if (SchemaConstants.isReplicatedSystemKeyspace(keyspace)) { // allow users with sufficient privileges to alter replication params of replicated system keyspaces if (perm == Permission.ALTER && resource.isKeyspaceLevel()) return; // allow users with sufficient privileges to drop legacy tables in replicated system keyspaces if (perm == Permission.DROP && DROPPABLE_SYSTEM_AUTH_TABLES.contains(resource)) return; // prevent all other modifications of replicated system keyspaces throw new UnauthorizedException(String.format("Cannot %s %s", perm, resource)); } }
private void preventSystemKSSchemaModification(String keyspace, DataResource resource, Permission perm) throws UnauthorizedException { // we only care about DDL statements if (perm != Permission.ALTER && perm != Permission.DROP && perm != Permission.CREATE) return; // prevent ALL local system keyspace modification if (SchemaConstants.isLocalSystemKeyspace(keyspace)) throw new UnauthorizedException(keyspace + " keyspace is not user-modifiable."); if (SchemaConstants.isReplicatedSystemKeyspace(keyspace)) { // allow users with sufficient privileges to alter replication params of replicated system keyspaces if (perm == Permission.ALTER && resource.isKeyspaceLevel()) return; // allow users with sufficient privileges to drop legacy tables in replicated system keyspaces if (perm == Permission.DROP && DROPPABLE_SYSTEM_AUTH_TABLES.contains(resource)) return; // prevent all other modifications of replicated system keyspaces throw new UnauthorizedException(String.format("Cannot %s %s", perm, resource)); } }
private void preventSystemKSSchemaModification(String keyspace, DataResource resource, Permission perm) throws UnauthorizedException { // we only care about DDL statements if (perm != Permission.ALTER && perm != Permission.DROP && perm != Permission.CREATE) return; // prevent ALL local system keyspace modification if (SchemaConstants.isLocalSystemKeyspace(keyspace)) throw new UnauthorizedException(keyspace + " keyspace is not user-modifiable."); if (SchemaConstants.isReplicatedSystemKeyspace(keyspace)) { // allow users with sufficient privileges to alter replication params of replicated system keyspaces if (perm == Permission.ALTER && resource.isKeyspaceLevel()) return; // allow users with sufficient privileges to drop legacy tables in replicated system keyspaces if (perm == Permission.DROP && DROPPABLE_SYSTEM_AUTH_TABLES.contains(resource)) return; // prevent all other modifications of replicated system keyspaces throw new UnauthorizedException(String.format("Cannot %s %s", perm, resource)); } }
/** * @param ephemeral If this flag is set to true, the snapshot will be cleaned during next startup */ public Set<SSTableReader> snapshotWithoutFlush(String snapshotName, Predicate<SSTableReader> predicate, boolean ephemeral) { Set<SSTableReader> snapshottedSSTables = new HashSet<>(); for (ColumnFamilyStore cfs : concatWithIndexes()) { final JSONArray filesJSONArr = new JSONArray(); try (RefViewFragment currentView = cfs.selectAndReference(View.select(SSTableSet.CANONICAL, (x) -> predicate == null || predicate.apply(x)))) { for (SSTableReader ssTable : currentView.sstables) { File snapshotDirectory = Directories.getSnapshotDirectory(ssTable.descriptor, snapshotName); ssTable.createLinks(snapshotDirectory.getPath()); // hard links filesJSONArr.add(ssTable.descriptor.relativeFilenameFor(Component.DATA)); if (logger.isTraceEnabled()) logger.trace("Snapshot for {} keyspace data file {} created in {}", keyspace, ssTable.getFilename(), snapshotDirectory); snapshottedSSTables.add(ssTable); } writeSnapshotManifest(filesJSONArr, snapshotName); if (!SchemaConstants.isLocalSystemKeyspace(metadata.ksName) && !SchemaConstants.isReplicatedSystemKeyspace(metadata.ksName)) writeSnapshotSchema(snapshotName); } } if (ephemeral) createEphemeralSnapshotMarkerFile(snapshotName); return snapshottedSSTables; }
if (!SchemaConstants.isLocalSystemKeyspace(metadata.ksName) && !SchemaConstants.isReplicatedSystemKeyspace(metadata.ksName)) writeSnapshotSchema(snapshotName);
/** * @param ephemeral If this flag is set to true, the snapshot will be cleaned during next startup */ public Set<SSTableReader> snapshotWithoutFlush(String snapshotName, Predicate<SSTableReader> predicate, boolean ephemeral) { Set<SSTableReader> snapshottedSSTables = new HashSet<>(); for (ColumnFamilyStore cfs : concatWithIndexes()) { final JSONArray filesJSONArr = new JSONArray(); try (RefViewFragment currentView = cfs.selectAndReference(View.select(SSTableSet.CANONICAL, (x) -> predicate == null || predicate.apply(x)))) { for (SSTableReader ssTable : currentView.sstables) { File snapshotDirectory = Directories.getSnapshotDirectory(ssTable.descriptor, snapshotName); ssTable.createLinks(snapshotDirectory.getPath()); // hard links filesJSONArr.add(ssTable.descriptor.relativeFilenameFor(Component.DATA)); if (logger.isTraceEnabled()) logger.trace("Snapshot for {} keyspace data file {} created in {}", keyspace, ssTable.getFilename(), snapshotDirectory); snapshottedSSTables.add(ssTable); } writeSnapshotManifest(filesJSONArr, snapshotName); if (!SchemaConstants.isLocalSystemKeyspace(metadata.ksName) && !SchemaConstants.isReplicatedSystemKeyspace(metadata.ksName)) writeSnapshotSchema(snapshotName); } } if (ephemeral) createEphemeralSnapshotMarkerFile(snapshotName); return snapshottedSSTables; }