search

datastax / cql-proxy

A client-side CQL proxy/sidecar.
Apache License 2.0
172 stars 82 forks source link

Add support for AstraAuthenticator #123

Closed absurdfarce closed 7 months ago

absurdfarce commented 8 months ago

AstraAuthenticator appears to be used in AD4D (DSE feature support on Astra). To confirm that that following test sequence was performed:

  1. cql-proxy (built from main) against a stock Astra serverless instance:
$ ./cql-proxy --astra-bundle 'astra-scb.zip' --username 'token' --password 'myastratoken'
{"level":"info","ts":1705706131.924702,"caller":"proxycore/cluster.go:263","msg":"adding host to the cluster","host":"f7db89d0-f403-4f89-b763-3f0f5679d0f1-us-east-1.db.astra-dev.datastax.com:30047:26fe35c3-ff99-4181-8957-24b32bad1f93"}
...

cqlsh> select * from system.local;

 key   | rpc_address | data_center | rack  | tokens                   | release_version | partitioner                                 | cluster_name | cql_version | schema_version                       | native_protocol_version | host_id
-------+-------------+-------------+-------+--------------------------+-----------------+---------------------------------------------+--------------+-------------+--------------------------------------+-------------------------+--------------------------------------
 local |   127.0.0.1 |   us-east-2 | rack1 | {'-9223372036854775808'} |      4.0.0.6816 | org.apache.cassandra.dht.Murmur3Partitioner |    cql-proxy |       3.4.5 | 4f2b29e6-59b5-4e2d-8fd6-01e32e67f0d7 |   ProtocolVersion OSS 4 | f528764d-624d-3129-b32c-21fbca0cb8d6

(1 rows)
  1. Same cql-proxy instance (again, built from main) against AD4D instance:
$ ./cql-proxy --astra-bundle 'ad4d-scb.zip' --username 'token' --password 'myastratoken'
cql-proxy: error: unable to connect to cluster unknown authenticator: org.apache.cassandra.auth.AstraAuthenticator
  1. Switch to feature branch, rebuild and test against same AD4D instance:
$ go clean
$ go build
$ ./cql-proxy --astra-bundle 'ad4d-scb.zip' --username 'token' --password 'myastratoken'
{"level":"info","ts":1705706131.924702,"caller":"proxycore/cluster.go:263","msg":"adding host to the cluster","host":"f7db89d0-f403-4f89-b763-3f0f5679d0f1-us-east-1.db.astra-dev.datastax.com:30047:26fe35c3-ff99-4181-8957-24b32bad1f93"}
...

cqlsh> select * from system.local;

 key   | rpc_address | data_center | dse_version | rack  | tokens                   | release_version | partitioner                                 | cluster_name | cql_version | schema_version                       | native_protocol_version | host_id
-------+-------------+-------------+-------------+-------+--------------------------+-----------------+---------------------------------------------+--------------+-------------+--------------------------------------+-------------------------+--------------------------------------
 local |   127.0.0.1 |        dc-1 |   6.8.33.47 | rack1 | {'-9223372036854775808'} |      4.0.0.6833 | org.apache.cassandra.dht.Murmur3Partitioner |    cql-proxy |       3.4.5 | 4f2b29e6-59b5-4e2d-8fd6-01e32e67f0d7 |   ProtocolVersion OSS 4 | f528764d-624d-3129-b32c-21fbca0cb8d6

(1 rows)
absurdfarce commented 7 months ago

cql-proxy creates mock rows for system.local so the rows shown in my test above didn't come directly from the underlying cluster. But some of the data displayed there is derived from the node cql-proxy is connected to. The key point is that we were able to connect to the cluster at all and get past the auth sequence, something these results seem to demonstrate.