From 3f79659c96cf6e350512f1bb8f45ee5a1278a34f Mon Sep 17 00:00:00 2001 From: Andy Tolbert <6889771+tolbertam@users.noreply.github.com> Date: Thu, 22 Aug 2024 22:04:14 -0500 Subject: [PATCH] Add MutualTls authenticators to defaultApprovedAuthenticators Allow MutualTlsWithPasswordFallbackAuthenticator and MutualTlsAuthenticator as possible authenticators. MutualTlsWithPasswordFallbackAuthenticator should behave functionally the same as PasswordAuthenticator. MutualTlsAuthenticator's current implementation doesn't send AUTHENTICATE messages to the client, but felt it was worth including here in case it is ever enhanced to possibly also require credentials. patch by Andy Tolbert; reviewed by Martin Sucha for CASSANDRA-19858 --- conn.go | 2 ++ conn_test.go | 2 ++ 2 files changed, 4 insertions(+) diff --git a/conn.go b/conn.go index 3daca6250..743c5032c 100644 --- a/conn.go +++ b/conn.go @@ -46,6 +46,8 @@ import ( var ( defaultApprovedAuthenticators = []string{ "org.apache.cassandra.auth.PasswordAuthenticator", + "org.apache.cassandra.auth.MutualTlsAuthenticator", + "org.apache.cassandra.auth.MutualTlsWithPasswordFallbackAuthenticator", "com.instaclustr.cassandra.auth.SharedSecretAuthenticator", "com.datastax.bdp.cassandra.auth.DseAuthenticator", "io.aiven.cassandra.auth.AivenAuthenticator", diff --git a/conn_test.go b/conn_test.go index cab4c2f8f..ef61c1b1c 100644 --- a/conn_test.go +++ b/conn_test.go @@ -56,6 +56,8 @@ const ( func TestApprove(t *testing.T) { tests := map[bool]bool{ approve("org.apache.cassandra.auth.PasswordAuthenticator", []string{}): true, + approve("org.apache.cassandra.auth.MutualTlsWithPasswordFallbackAuthenticator", []string{}): true, + approve("org.apache.cassandra.auth.MutualTlsAuthenticator", []string{}): true, approve("com.instaclustr.cassandra.auth.SharedSecretAuthenticator", []string{}): true, approve("com.datastax.bdp.cassandra.auth.DseAuthenticator", []string{}): true, approve("io.aiven.cassandra.auth.AivenAuthenticator", []string{}): true,