Add target consistency level override and superuser startup warning#163
Open
millerjp wants to merge 4 commits intodatastax:mainfrom
Open
Add target consistency level override and superuser startup warning#163millerjp wants to merge 4 commits intodatastax:mainfrom
millerjp wants to merge 4 commits intodatastax:mainfrom
Conversation
Introduce ZDM_TARGET_CONSISTENCY_LEVEL config option that overrides the consistency level for all requests forwarded to the target cluster. The origin cluster always receives the original client-requested consistency level, preserving the consistency contract on the source of truth. This is useful during migration when the target is being populated via dual writes. A weaker CL such as LOCAL_ONE on the target reduces the risk of write failures caused by target-side instability (node outages, streaming, compaction pressure). Target data can be repaired after migration, so temporary under-replication is acceptable. The feature is strictly opt-in: when the config is absent, empty, or unset, the proxy forwards requests with the original client CL (existing behaviour preserved). Invalid values are rejected at startup. A WARN log is emitted when the override is active. Verified end-to-end against Cassandra 5.0.6 via system_traces: inline Query, prepared Execute, and Batch writes all show the overridden CL on the target while origin retains the client-requested CL.
Query system_auth.roles on both origin and target control connections at startup to check if the configured user is a superuser. If so, log a WARN explaining that superuser authentication in Cassandra requires QUORUM consistency internally, which increases the risk of auth failures during node instability. The check is best-effort: if auth is not enabled, or the query fails for any reason (e.g. permission denied, Astra-specific behavior, table not present), it is silently skipped. This ensures no impact on platforms where system_auth.roles may not be accessible. Verified against Cassandra 5.0.6 with PasswordAuthenticator enabled: - superuser 'cassandra' triggers WARN on both ORIGIN and TARGET - non-superuser 'app_user' produces no warning (query fails silently because non-superusers cannot read system_auth.roles) - auth-disabled clusters produce no warning (check skipped)
millerjp
requested review from
absurdfarce,
alicel,
grighetto,
joao-r-reis,
lukasz-antoniak and
weideng1
as code owners
Verifies via system_traces.sessions on real Cassandra clusters that: - Inline INSERT at QUORUM: origin trace shows QUORUM (unchanged), target trace shows LOCAL_ONE (overridden) - Prepared INSERT at QUORUM: same verification - Batch INSERT at QUORUM: same verification Skipped on Cassandra < 3.0 (system_traces parameters map format differs in older versions).
This was referenced Apr 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two features to improve the migration experience:
1. Target consistency level override (
ZDM_TARGET_CONSISTENCY_LEVEL)Adds an optional config property that overrides the consistency level for all requests forwarded to the target cluster. The origin cluster always receives the original client-requested consistency level, preserving the consistency contract on the source of truth.
Use case: During migration, the target cluster is being populated via dual writes. Using a weaker CL such as
LOCAL_ONEon the target reduces the risk of write failures caused by target-side instability (node outages, streaming, compaction pressure). Once migration is complete and data is validated, a repair ensures all replicas are consistent. This avoids unnecessarily failing writes through the proxy when the target cluster experiences transient issues that would otherwise causeLOCAL_QUORUMto fail.system_traces2. Superuser startup warning
At startup, the proxy queries
system_auth.roleson both origin and target control connections to check if the configured user is a superuser. If so, a WARN is logged explaining that superuser authentication requires QUORUM consistency internally in Cassandra, increasing the risk of auth failures during node instability.Test plan
Resolves part of #165