Bringing together the Apache Cassandra experts from the community and DataStax.
Want to learn? Have a question? Want to share your expertise? You are in the right place!
Not sure where to begin? Getting Started
I'm not familiar with this API but I think the credentials are used just for new connections initiated after the credentials are set. I suspect it doesn't apply to existing connections which continue to use the old credentials.
I'm going to reach out to the Driver devs here at DataStax and will either get them to respond directly or I will update my answer. Cheers!
First, I am surprised that calling
authProvider.setPassword(pwd) is not working. It should. If you are confident that this is not working, please file a Jira bug here: https://datastax-oss.atlassian.net/browse/JAVA.
Secondly, even if driver 4.x does have the ability to reload the config at runtime, in fact not all the config options are hot-reloadable, and the authentication credentials unfortunately are among those (see here). As a consequence, there is no built-in way to hot-reload the credentials in driver 4.x. Of course you can write your own auth provider, it's trivial – but I filed JAVA-2953 to add the missing feature.
And lastly, I think the most difficult problem to solve, as Erik pointed out, is that credentials are used when new connections are opened, and the driver uses the same credentials for every node. How are you rotating your credentials in Cassandra? I suspect that you would need to first update the driver with the new credentials, then proceed with a rolling restart of the Cassandra nodes, and as nodes restart, connections will be closed then re-opened with new credentials. But if in this process a connection is opened to a node that still has the old credentials, the connection will fail. To avoid that, you would have to write an AuthProvider that is capable of returning different credentials per endpoint.
6 People are following this question.