luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Allow usage of non-superusers for cassandra connection (#5493)

This commit is contained in:
Didi Kohen 2018-10-15 18:06:03 +03:00 committed by Jeff Mitchell
parent 0db138ae21
commit d2021e9336
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
plugins/database/cassandra/connection_producer.go
View File

@ -16,6 +16,7 @@ import (
"github.com/hashicorp/vault/helper/parseutil"
"github.com/hashicorp/vault/helper/tlsutil"
"github.com/hashicorp/vault/plugins/helper/database/connutil"
"github.com/hashicorp/vault/plugins/helper/database/dbutil"
)
// cassandraConnectionProducer implements ConnectionProducer and provides an
@ -239,7 +240,15 @@ func (c *cassandraConnectionProducer) createSession() (*gocql.Session, error) {
// Verify the info
err = session.Query(`LIST ALL`).Exec()
if err != nil {
if err != nil && len(c.Username) != 0 && strings.Contains(err.Error(), "not authorized") {
rowNum := session.Query(dbutil.QueryHelper(`LIST CREATE ON ALL ROLES OF '{{username}}';`, map[string]string{
"username": c.Username,
})).Iter().NumRows()
if rowNum < 1 {
return nil, errwrap.Wrapf("error validating connection info: No role create permissions found, previous error: {{err}}", err)
}
} else if err != nil {
return nil, errwrap.Wrapf("error validating connection info: {{err}}", err)
}