You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This can get quite complex as there are many different authentication methods and ways of implementing this so I'm opening it up for discussion.
Why Vault
Vault provides a Cassandra plugin that can manage access to the Apache Cassandra cluster.
The current implementation of the Workbench requires you to enter the credentials for Cassandra only the first time you add a cluster. If you use dynamic short-lived credentials as provided by Cassandra it could well be the second time you attempt to connect to the cluster the creds have expired and they no longer work.
How
This is a complex part. If you use Vault and you usually do the following to obtain credentials:
(Optional depending on login method) Login to Vault to obtain a VAULT_TOKEN
Select a cassandra cluster and a role
Workbench will then use the VAULT_TOKEN to create a new Apache Cassandra account
Connect to Cassandra
(Optional) Revoke credentials
Implementation options
A halfway house implementation would replace the tab for "Authentication" with one with a dropdown box to select whether you want to use system auth (default) or Vault auth.
This partial implementation requires the user to have vault token available. Ie, the user will need to login to Vault using whatever method they have enabled, get a token and copy and paste it to the Workbench.
For a more complete implementation we'll need to add support for login but given that Vault supports a large number of authentication methods this can be difficult to do.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
This can get quite complex as there are many different authentication methods and ways of implementing this so I'm opening it up for discussion.
Why Vault
Vault provides a Cassandra plugin that can manage access to the Apache Cassandra cluster.
The current implementation of the Workbench requires you to enter the credentials for Cassandra only the first time you add a cluster. If you use dynamic short-lived credentials as provided by Cassandra it could well be the second time you attempt to connect to the cluster the creds have expired and they no longer work.
How
This is a complex part. If you use Vault and you usually do the following to obtain credentials:
Implementation options
A halfway house implementation would replace the tab for "Authentication" with one with a dropdown box to select whether you want to use system auth (default) or Vault auth.
This partial implementation requires the user to have vault token available. Ie, the user will need to login to Vault using whatever method they have enabled, get a token and copy and paste it to the Workbench.
For a more complete implementation we'll need to add support for login but given that Vault supports a large number of authentication methods this can be difficult to do.
Beta Was this translation helpful? Give feedback.
All reactions