Hi Ekaterina, I use 4.0.1. But as I said I added a jar in classpath (/usr/share/cassandra/lib/ folder on every node) and I see that the jar is loaded in the classpath from the Cassandra command line. And I have "enable_user_defined_functions: true" and "enable_user_defined_functions_threads: false" in cassandra.yaml. So I don't see what is missing or not done properly.
Best regards, Sébastien. Le mer. 6 avr. 2022 à 16:03, Ekaterina Dimitrova <e.dimitr...@gmail.com> a écrit : > Hi Sebastian, > Do you use the latest 4.0.3 version? Those options were added in 4.0.2 I > believe, so if you try them with an earlier version - below message is what > you would get as they didn’t exist. > > Best regards, > Ekaterina > > On Wed, 6 Apr 2022 at 9:53, Sébastien Rebecchi <srebec...@kameleoon.com> > wrote: > >> Hi Benjamin, Hi everybody, >> >> I found in the documentation that we should add "allow_insecure_udfs: >> true" and optionally "allow_extra_insecure_udfs: true" so that >> "enable_user_defined_functions_threads: false" is really taken into account >> (I understood like that). That would explain why my UDF still does not run >> even with "enable_user_defined_functions_threads: false". Found in >> https://github.com/apache/cassandra/blob/cassandra-4.0/NEWS.txt >> >> So I tried to add "allow_insecure_udfs: true" and >> "allow_extra_insecure_udfs: true" in cassandra.yaml, but then Cassandra >> failed to restart and I got that error in logs "Exception >> (org.apache.cassandra.exceptions.ConfigurationException) encountered during >> startup: Invalid yaml. Please remove properties [allow_insecure_udfs, >> allow_extra_insecure_udfs] from your cassandra.yaml". >> >> Should I understand that we can activate that 2 extra confs only by >> changing source code? That would be really disappointing :( And if no, then >> how to activate all UDF possibilities from cassandra.yaml please? >> >> Thanks in advance, >> >> Sébastien. >> >> >> Le mar. 5 avr. 2022 à 10:36, Benjamin Lerer <ble...@apache.org> a écrit : >> >>> Unfortunately, I do not have much time for doing some digging. Sorry for >>> that :-( >>> You should look at JavaBasedUDFunction and UDFExecutorServic. >>> >>> Le lun. 4 avr. 2022 à 17:25, Sébastien Rebecchi <srebec...@kameleoon.com> >>> a écrit : >>> >>>> Hi! >>>> Do you have any more ideas for me? >>>> Cordially, >>>> Sébastien. >>>> >>>> Le lun. 28 mars 2022 à 16:39, Sébastien Rebecchi < >>>> srebec...@kameleoon.com> a écrit : >>>> >>>>> Unfortunately, it is not working even with >>>>> "enable_user_defined_functions_threads: false" in cassandra.yaml :/ >>>>> Is there any way to check the running configuration? >>>>> >>>>> Le lun. 28 mars 2022 à 15:35, Benjamin Lerer <ble...@apache.org> a >>>>> écrit : >>>>> >>>>>> I do not think that allowing to customize UDF classes whitelist has >>>>>> been discussed before. Feel free to open a JIRA ticket :-) >>>>>> I have some plans to revisit how we securise UDFs as the current >>>>>> threading approach has some impact in terms of latency. That can be a >>>>>> good >>>>>> opportunity to look into providing more flexibility. >>>>>> >>>>>> Le lun. 28 mars 2022 à 15:00, Sébastien Rebecchi < >>>>>> srebec...@kameleoon.com> a écrit : >>>>>> >>>>>>> Thanks you very much! I will try that. >>>>>>> As you know, would it be a long-terms solution? Or is there any plan >>>>>>> to add the possibility to customize UDF classes whitelist? >>>>>>> >>>>>>> Le lun. 28 mars 2022 à 14:31, Benjamin Lerer <ble...@apache.org> a >>>>>>> écrit : >>>>>>> >>>>>>>> Is there a way to customize that default behaviour? >>>>>>>> >>>>>>>> >>>>>>>> Looking at JavaBasedUDFunction quickly it seems that the >>>>>>>> ClassLoader is only used when you use the UDFExecutorService to >>>>>>>> execute your UDFs. You can try to disable it using >>>>>>>> "enable_user_defined_functions_threads: false" and see if it works. >>>>>>>> Now that also means that you have to ensure that only trusted >>>>>>>> persons can create UDF or UDA as it removes all safety mechanisms. >>>>>>>> >>>>>>>> >>>>>>>> Le lun. 28 mars 2022 à 13:23, Sébastien Rebecchi < >>>>>>>> srebec...@kameleoon.com> a écrit : >>>>>>>> >>>>>>>>> Hi Benjamin, >>>>>>>>> >>>>>>>>> Thanks for the answer. >>>>>>>>> Is there a way to customize that default behaviour? If no, could >>>>>>>>> you indicate where to find this class loader in the github of >>>>>>>>> Cassandra >>>>>>>>> please? >>>>>>>>> >>>>>>>>> Le lun. 28 mars 2022 à 12:40, Benjamin Lerer <ble...@apache.org> >>>>>>>>> a écrit : >>>>>>>>> >>>>>>>>>> Hi Sébastien, >>>>>>>>>> >>>>>>>>>> Cassandra uses a special classloader for UDFs that limit which >>>>>>>>>> classes can be used. >>>>>>>>>> You cannot rely on non-JDK classes for UDFs and some of the JDK >>>>>>>>>> packages like the IO package for example cannot be used. >>>>>>>>>> The goal is simply to ensure that UDFs cannot compromise the >>>>>>>>>> server security. >>>>>>>>>> >>>>>>>>>> Le lun. 28 mars 2022 à 11:31, Sébastien Rebecchi < >>>>>>>>>> srebec...@kameleoon.com> a écrit : >>>>>>>>>> >>>>>>>>>>> Hello, >>>>>>>>>>> >>>>>>>>>>> I am trying to create a UDF based on custom methods. >>>>>>>>>>> So I set enable_user_defined_functions to true and added a jar >>>>>>>>>>> in "/usr/share/cassandra/lib/" folder on every node, restarted the >>>>>>>>>>> nodes >>>>>>>>>>> and I can see from the command line that the jar is indeed used (in >>>>>>>>>>> the >>>>>>>>>>> classpath with -cp). >>>>>>>>>>> >>>>>>>>>>> But when i create the UDF I got that error: >>>>>>>>>>> >>>>>>>>>>> CREATE OR REPLACE FUNCTION blobToJson (input blob) RETURNS NULL >>>>>>>>>>> ON NULL INPUT RETURNS text LANGUAGE java AS 'return >>>>>>>>>>> com.kameleoon.visit.Visit.writeToJson(com.kameleoon.visit.Visit.readFromByteBuffer(input));'; >>>>>>>>>>> InvalidRequest: Error from server: code=2200 [Invalid query] >>>>>>>>>>> message="Java source compilation failed: >>>>>>>>>>> Line 1: com.kameleoon.visit.Visit cannot be resolved to a type >>>>>>>>>>> Line 1: com.kameleoon.visit.Visit cannot be resolved to a type >>>>>>>>>>> >>>>>>>>>>> Of course the class com.kameleoon.visit.Visit does exist in the >>>>>>>>>>> jar and the jar has read rights to every user (chmod 444). So I can >>>>>>>>>>> not >>>>>>>>>>> find the reason. >>>>>>>>>>> >>>>>>>>>>> versions are: [cqlsh 6.0.0 | Cassandra 4.0.1 | CQL spec 3.4.5 | >>>>>>>>>>> Native protocol v5] >>>>>>>>>>> >>>>>>>>>>> Any help would be appreciated! >>>>>>>>>>> >>>>>>>>>>> Thanks! >>>>>>>>>>> >>>>>>>>>>> Sébastien. >>>>>>>>>>> >>>>>>>>>>
