[feat] Right Click - Create DBA User

[millerjp]

Do this after #681

Although there is no "DBA" user in Cassandra, there are standard practices that we can use help users to create what would notionally by a DBA user. The behaviour here is the same as #679 just with a different CQL syntax and information message.

Right click on
Permissions
Permissions > Users
Permissions > Users > Standard Users

Display this notice in the dialog to explain this is just a standard setup.

⚠️ Important Notice
This DBA user is created using standard Cassandra DBA permissions that may not be as you require.
This user will have read/write access to all tables, user and role managment permissions, access to all functions, MBeans and nodetool commands.

-- standard password
CREATE ROLE dba_user WITH LOGIN = true AND SUPERUSER = false
AND PASSWORD = 'strong_password'

--hashed password
CREATE ROLE dba_user WITH LOGIN = true AND SUPERUSER = false 
AND HASHED PASSWORD = '$2a$10$JSJEMFm6GeaW9XxT5JIheuEtPvat6i7uKbnTcxX3c1wshIIsGyUtG';

GRANT ALL PERMISSIONS ON ALL KEYSPACES TO dba_user;
GRANT ALL PERMISSIONS ON ALL MBEANS TO dba_user;
GRANT ALL PERMISSIONS ON ALL FUNCTIONS TO dba_user;
GRANT ALL ON ALL ROLES TO dba_user;

Additional Security Options for users

Data Center Access Control

In Cassandra 4.0+ you can restrict users access to only be via certain data centers. We need to support this optional restriction in the UX with an info message saying

DC-level access control requires cluster configuration. Verify network_authorizer is properly configured in cassandra.yaml before proceeding otherwise this may have no effect.

-- All DCs
CREATE ROLE dba_user WITH LOGIN = true AND SUPERUSER = false
AND PASSWORD = 'strong_password' AND ACCESS TO ALL DATACENTERS; 

-- Specific DCs
CREATE ROLE dba_user WITH LOGIN = true AND SUPERUSER = false
AND PASSWORD = 'strong_password' AND ACCESS TO DATACENTERS {'DC1', 'DC3'};

We should allow users to select all the DCs or just specific DCs in the cluster and populate the generated CQL with the DC names.

CIDR Access Control in Cassandra 5.0+ only

In Cassandra 5.0+ you can restrict users access to only be via CIDR ranges. See: https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-33%3A+CIDR+filtering+authorizer

We need to support this optional restriction in the UX with an info message saying

CIDR access control requires cluster configuration to be enabled and cidr groups to be created before assigning to users. 

-- All CIDR Groups
CREATE ROLE dba_user WITH LOGIN = true AND SUPERUSER = false
AND PASSWORD = 'strong_password' AND ACCESS FROM ALL CIDRS

-- Specific CIDR Groups
CREATE ROLE dba_user WITH LOGIN = true AND SUPERUSER = false
AND PASSWORD = 'strong_password' AND ACCESS FROM CIDRS { 'region1', 'region2' };

We should allow users to select all the CIDRS or just specific groups that exist in the cluster and populate the generated CQL with the DC names.

In terms of getting the existing CIDR groups, I am not sure - we just have to let them enter the text rather than select the groups.