enable reading cassandra_ldap_admin_user property from a property file

smiklosovic · smiklosovic · commit 359fdc56365c · 2024-04-23T19:04:21.000+02:00
diff --git a/README.adoc b/README.adoc
@@ -93,6 +93,9 @@ The content of the configuration file is as follows:
 
 |default_role_membership
 |A role to add new LDAP users to by default. Defaults to empty (users will not be added to any role).
+
+|cassandra_ldap_admin_user
+|name of a user/role which will be considered a default superuser, instead of `cassandra`. Please consult "How it Works" section to know more about the usage.
 |===
 
 
@@ -165,14 +168,14 @@ authentication using a specified service account. This service account should be
 file using the `service_dn` and `service_password` properties. If `service_dn` is set, such a role will be created in database,
 when not already present, upon node's start.
 
-`service_dn` account, which will be automatically created, will be super user in Cassandra.
+`service_dn` account, which will be automatically created, will be superuser in Cassandra.
 
-All "normal" roles are not affected—they behave exactly as you are used to.
+All "normal" roles are not affected - they behave exactly as you are used to.
 
 If the LDAP server connection is lost or there is another communication error while talking to LDAP server,
 the operator still has a possibility of logging in via `cassandra` user as usual, and until the LDAP server is not back again;
 Users meant to be authenticated against the LDAP server will not be able to log in but all "normal" users will be able to
-login and the disruption of LDAP communication will not affect their ability to do so as they live in Cassandra natively.
+log in and the disruption of LDAP communication will not affect their ability to do so as they live in Cassandra natively.
 
 In case a user specifies just `test` as login name (or any other name, for that matter), it will try to
 authenticate against database first and if not successful against LDAP using filter `filter_template` which defaults to `(cn=%s)`
diff --git a/base/src/main/java/com/instaclustr/cassandra/ldap/conf/LdapAuthenticatorConfiguration.java b/base/src/main/java/com/instaclustr/cassandra/ldap/conf/LdapAuthenticatorConfiguration.java
@@ -58,7 +58,11 @@ public final class LdapAuthenticatorConfiguration
 
     public static final String DEFAULT_CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
 
-    public static final String CASSANDRA_LDAP_ADMIN_USER = "cassandra.ldap.admin.user";
+    // the one read from system properties by -Dcassandra.ldap.admin.user=xyz
+    public static final String CASSANDRA_LDAP_ADMIN_USER_SYSTEM_PROPERTY = "cassandra.ldap.admin.user";
+    // the one read from the configuration file,
+    // if the above system property is specified, it will overwrite the property in the file
+    public static final String CASSANDRA_LDAP_ADMIN_USER = "cassandra_ldap_admin_user";
 
     public static final String CONSISTENCY_FOR_ROLE = "consistency_for_role";
     public static final String DEFAULT_CONSISTENCY_FOR_ROLE = "LOCAL_ONE";
@@ -144,6 +148,12 @@ public Properties parseProperties() throws ConfigurationException
         properties.put(LdapAuthenticatorConfiguration.CONTEXT_FACTORY_PROP, properties.getProperty(CONTEXT_FACTORY_PROP, DEFAULT_CONTEXT_FACTORY));
         properties.put(LdapAuthenticatorConfiguration.LDAP_URI_PROP, properties.getProperty(LDAP_URI_PROP));
 
+        String adminUserFromProperty = System.getProperty(CASSANDRA_LDAP_ADMIN_USER_SYSTEM_PROPERTY);
+        if (adminUserFromProperty != null)
+            properties.put(LdapAuthenticatorConfiguration.CASSANDRA_LDAP_ADMIN_USER, adminUserFromProperty);
+
+        properties.putIfAbsent(LdapAuthenticatorConfiguration.CASSANDRA_LDAP_ADMIN_USER, "cassandra");
+
         return properties;
     }
 
diff --git a/base/src/main/java/org/apache/cassandra/auth/LDAPAuthenticator.java b/base/src/main/java/org/apache/cassandra/auth/LDAPAuthenticator.java
@@ -19,6 +19,7 @@
 
 import static com.instaclustr.cassandra.ldap.conf.LdapAuthenticatorConfiguration.CASSANDRA_AUTH_CACHE_ENABLED_PROP;
 import static com.instaclustr.cassandra.ldap.conf.LdapAuthenticatorConfiguration.CASSANDRA_LDAP_ADMIN_USER;
+import static com.instaclustr.cassandra.ldap.conf.LdapAuthenticatorConfiguration.CASSANDRA_LDAP_ADMIN_USER_SYSTEM_PROPERTY;
 import static com.instaclustr.cassandra.ldap.conf.LdapAuthenticatorConfiguration.DEFAULT_ROLE_MEMBERSHIP;
 import static com.instaclustr.cassandra.ldap.utils.ServiceUtils.getService;
 import static java.lang.Boolean.parseBoolean;
@@ -86,7 +87,7 @@ public void setup()
 
         cacheDelegate = getService(CacheDelegate.class, null);
 
-        final String adminRole = System.getProperty(CASSANDRA_LDAP_ADMIN_USER, "cassandra");
+        final String adminRole = properties.getProperty(CASSANDRA_LDAP_ADMIN_USER);
 
         while (true)
         {
diff --git a/base/src/main/java/org/apache/cassandra/auth/LDAPCassandraRoleManager.java b/base/src/main/java/org/apache/cassandra/auth/LDAPCassandraRoleManager.java
@@ -18,6 +18,7 @@
 package org.apache.cassandra.auth;
 
 import static com.instaclustr.cassandra.ldap.conf.LdapAuthenticatorConfiguration.CASSANDRA_LDAP_ADMIN_USER;
+import static com.instaclustr.cassandra.ldap.conf.LdapAuthenticatorConfiguration.CASSANDRA_LDAP_ADMIN_USER_SYSTEM_PROPERTY;
 import static com.instaclustr.cassandra.ldap.conf.LdapAuthenticatorConfiguration.CONSISTENCY_FOR_ROLE;
 import static com.instaclustr.cassandra.ldap.conf.LdapAuthenticatorConfiguration.DEFAULT_CONSISTENCY_FOR_ROLE;
 import static com.instaclustr.cassandra.ldap.conf.LdapAuthenticatorConfiguration.LDAP_DN;
@@ -76,7 +77,7 @@ public void setup()
 
         systemAuthRoles = ServiceUtils.getService(SystemAuthRoles.class, null);
 
-        final String dbaRole = System.getProperty(CASSANDRA_LDAP_ADMIN_USER, "cassandra");
+        final String dbaRole = properties.getProperty(CASSANDRA_LDAP_ADMIN_USER);
         logger.info("DB admin role is {}", dbaRole);
 
         final String ldapAdminRole = properties.getProperty(LDAP_DN);
diff --git a/base/src/main/java/org/apache/cassandra/auth/LegacyCassandraLDAPAuthenticator.java b/base/src/main/java/org/apache/cassandra/auth/LegacyCassandraLDAPAuthenticator.java
@@ -18,6 +18,7 @@
 package org.apache.cassandra.auth;
 
 import static com.instaclustr.cassandra.ldap.conf.LdapAuthenticatorConfiguration.CASSANDRA_LDAP_ADMIN_USER;
+import static com.instaclustr.cassandra.ldap.conf.LdapAuthenticatorConfiguration.CASSANDRA_LDAP_ADMIN_USER_SYSTEM_PROPERTY;
 import static com.instaclustr.cassandra.ldap.conf.LdapAuthenticatorConfiguration.DEFAULT_ROLE_MEMBERSHIP;
 import static com.instaclustr.cassandra.ldap.utils.ServiceUtils.getService;
 import static java.lang.String.format;
@@ -66,7 +67,7 @@ public void setup()
         final CassandraUserRetriever cassandraUserRetriever = new LegacyCassandraUserRetriever();
         cassandraUserRetriever.init(clientState);
 
-        final String adminRole = System.getProperty(CASSANDRA_LDAP_ADMIN_USER, "cassandra");
+        final String adminRole = properties.getProperty(CASSANDRA_LDAP_ADMIN_USER);
 
         while (true)
         {
