hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Masking: Add large_payload parameter

Browse Source 
The masking filter will assume payloads less than 2^24 - 1. The
behaviour if payloads larger than than are encountered can be
configured.

The actual implementation follows in a subsequent change.
This commit is contained in:
Johan Wikman
2017-01-12 15:47:41 +02:00
parent 16a76fcd28
commit 969e423eb2
5 changed files with 110 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
Documentation/Filters/Masking.md
View File

@ -55,9 +55,12 @@ columns in where-clauses.
The masking filter can _only_ be used for masking columns of the following The masking filter can _only_ be used for masking columns of the following
types: `BINARY`, `VARBINARY`, `CHAR`, `VARCHAR`, 'BLOB', TINYBLOB`, types: `BINARY`, `VARBINARY`, `CHAR`, `VARCHAR`, 'BLOB', TINYBLOB`,
`MEDIUMBLOB`, `LONGBLOB`, `TEXT`, `TINYTEXT`, `MEDIUMTEXT`, `LONGTEXT`, `MEDIUMBLOB`, `LONGBLOB`, `TEXT`, `TINYTEXT`, `MEDIUMTEXT`, `LONGTEXT`,
`ENUM` and `SET`. `ENUM` and `SET`. If the type of the column is something else, then no
masking will be performed.
If the type of the column is something else, then no masking will be performed. The masking filter can only work on payloads less than 16MB. If the masking
filter encounters payloads larger than that, the value of the parameter
`large_payloads` specifies how such payloads should be treated.
## Configuration ## Configuration
@ -83,8 +86,9 @@ The masking filter has one mandatory parameter - `rules_file`.
#### `rules_file` #### `rules_file`
Specifies the path of the file where the masking rules are stored. Specifies the path of the file where the masking rules are stored.
A relative path is interpreted relative to the _data directory_ of A relative path is interpreted relative to the _module configuration directory_
MariaDB MaxScale. of MariaDB MaxScale. The default module configuration directory is
_/etc/maxscale.modules.d_.
``` ```
rules_file=/path/to/rules-file rules_file=/path/to/rules-file
@ -102,6 +106,23 @@ the default.
warn_type_mismatch=always warn_type_mismatch=always
``` ```
#### `large_payload`
This optional parameter specifies how the masking filter should treat
payloads larger than `16MB`.
The values that can be used are `ignore`, which means that values in
such payloads are not masked, and `abort`, which means that if such
payloads are encountered then the connection is closed. The default
is `abort`.
Note that the aborting behaviour is applied only to resultsets that
contain columns that should be masked. There are *no* limitations on
resultsets that do not contain such columns.
```
large_payload=ignore
```
# Rules # Rules
The masking rules are expressed as a JSON object. The masking rules are expressed as a JSON object.

23
server/modules/filter/masking/maskingfilter.cc
View File

@ -85,11 +85,12 @@ extern "C" MXS_MODULE* MXS_CREATE_MODULE()
NULL, /* Thread finish. */ NULL, /* Thread finish. */
{ {
{ Config::rules_file_name, MXS_MODULE_PARAM_STRING, NULL, MXS_MODULE_OPT_REQUIRED }, { Config::rules_file_name, MXS_MODULE_PARAM_STRING, NULL, MXS_MODULE_OPT_REQUIRED },
{ { Config::warn_type_mismatch_name,
Config::warn_type_mismatch_name, MXS_MODULE_PARAM_ENUM, Config::warn_type_mismatch_default,
MXS_MODULE_PARAM_ENUM, Config::warn_type_mismatch_default, MXS_MODULE_OPT_NONE, Config::warn_type_mismatch_values },
MXS_MODULE_OPT_NONE, Config::warn_type_mismatch_values { Config::large_payload_name,
}, MXS_MODULE_PARAM_ENUM, Config::large_payload_default,
MXS_MODULE_OPT_NONE, Config::large_payload_values },
{ MXS_END_MODULE_PARAMS } { MXS_END_MODULE_PARAMS }
} }
}; };
@ -117,10 +118,7 @@ MaskingFilter* MaskingFilter::create(const char* zName, char** pzOptions, CONFIG
{ {
MaskingFilter* pFilter = NULL; MaskingFilter* pFilter = NULL;
MaskingFilter::Config config(zName); Config config(zName, pParams);
config.set_warn_type_mismatch(Config::get_warn_type_mismatch(pParams));
process_params(pzOptions, pParams, config);
auto_ptr<MaskingRules> sRules = MaskingRules::load(config.rules_file().c_str()); auto_ptr<MaskingRules> sRules = MaskingRules::load(config.rules_file().c_str());
@ -171,10 +169,3 @@ void MaskingFilter::reload(DCB* pOut)
"detailed information.\n"); "detailed information.\n");
} }
} }
// static
void MaskingFilter::process_params(char **pzOptions, CONFIG_PARAMETER *pParams, Config& config)
{
string rules_file = config_get_string(pParams, "rules_file");
config.set_rules_file(rules_file);
}

2
server/modules/filter/masking/maskingfilter.hh
View File

@ -51,8 +51,6 @@ private:
MaskingFilter(const MaskingFilter&); MaskingFilter(const MaskingFilter&);
MaskingFilter& operator = (const MaskingFilter&); MaskingFilter& operator = (const MaskingFilter&);
static void process_params(char **pzOptions, CONFIG_PARAMETER *ppParams, Config& config);
private: private:
Config m_config; Config m_config;
SMaskingRules m_sRules; SMaskingRules m_sRules;

49
server/modules/filter/masking/maskingfilterconfig.cc
View File

@ -16,17 +16,45 @@
namespace namespace
{ {
const char config_name_large_payload[] = "large_payload";
const char config_name_rules_file[] = "rules_file"; const char config_name_rules_file[] = "rules_file";
const char config_name_warn_type_mismatch[] = "warn_type_mismatch"; const char config_name_warn_type_mismatch[] = "warn_type_mismatch";
const char config_value_abort[] = "abort";
const char config_value_ignore[] = "ignore";
const char config_value_never[] = "never"; const char config_value_never[] = "never";
const char config_value_always[] = "always"; const char config_value_always[] = "always";
} }
/*
* PARAM large_payload
*/
//static
const char* MaskingFilterConfig::large_payload_name = config_name_large_payload;
//static
const MXS_ENUM_VALUE MaskingFilterConfig::large_payload_values[] =
{
{ config_value_abort, MaskingFilterConfig::LARGE_ABORT },
{ config_value_ignore, MaskingFilterConfig::LARGE_IGNORE },
{ NULL }
};
//static
const char* MaskingFilterConfig::large_payload_default = config_value_abort;
/*
* PARAM rules_file
*/
//static //static
const char* MaskingFilterConfig::rules_file_name = config_name_rules_file; const char* MaskingFilterConfig::rules_file_name = config_name_rules_file;
/*
* PARAM warn_type_mismatch
*/
//static //static
const char* MaskingFilterConfig::warn_type_mismatch_name = config_name_warn_type_mismatch; const char* MaskingFilterConfig::warn_type_mismatch_name = config_name_warn_type_mismatch;
@ -42,11 +70,28 @@ const MXS_ENUM_VALUE MaskingFilterConfig::warn_type_mismatch_values[] =
//static //static
const char* MaskingFilterConfig::warn_type_mismatch_default = config_value_never; const char* MaskingFilterConfig::warn_type_mismatch_default = config_value_never;
/*
* MaskingFilterConfig
*/
//static
MaskingFilterConfig::large_payload_t
MaskingFilterConfig::get_large_payload(const CONFIG_PARAMETER* pParams)
{
int value = config_get_enum(pParams, large_payload_name, large_payload_values);
return static_cast<large_payload_t>(value);
}
//static
std::string MaskingFilterConfig::get_rules_file(const CONFIG_PARAMETER* pParams)
{
return config_get_string(pParams, rules_file_name);
}
//static //static
MaskingFilterConfig::warn_type_mismatch_t MaskingFilterConfig::warn_type_mismatch_t
MaskingFilterConfig::get_warn_type_mismatch(const CONFIG_PARAMETER* pParams) MaskingFilterConfig::get_warn_type_mismatch(const CONFIG_PARAMETER* pParams)
{ {
int warn = config_get_enum(pParams, warn_type_mismatch_name, warn_type_mismatch_values); int value = config_get_enum(pParams, warn_type_mismatch_name, warn_type_mismatch_values);
return static_cast<warn_type_mismatch_t>(warn); return static_cast<warn_type_mismatch_t>(value);
} }

35
server/modules/filter/masking/maskingfilterconfig.hh
View File

@ -26,31 +26,55 @@ public:
WARN_ALWAYS WARN_ALWAYS
}; };
enum large_payload_t
{
LARGE_IGNORE,
LARGE_ABORT
};
static const char* large_payload_name;
static const MXS_ENUM_VALUE large_payload_values[];
static const char* large_payload_default;
static const char* rules_file_name; static const char* rules_file_name;
static const char* warn_type_mismatch_name; static const char* warn_type_mismatch_name;
static const MXS_ENUM_VALUE warn_type_mismatch_values[]; static const MXS_ENUM_VALUE warn_type_mismatch_values[];
static const char* warn_type_mismatch_default; static const char* warn_type_mismatch_default;
MaskingFilterConfig(const char* zName) MaskingFilterConfig(const char* zName, const CONFIG_PARAMETER* pParams)
: m_name(zName) : m_name(zName)
, m_warn_type_mismatch(WARN_NEVER) , m_large_payload(get_large_payload(pParams))
, m_rules_file(get_rules_file(pParams))
, m_warn_type_mismatch(get_warn_type_mismatch(pParams))
{} {}
~MaskingFilterConfig() {} ~MaskingFilterConfig() {}
const std::string& name() const const std::string& name() const
{ {
return m_name; return m_name;
} }
const std::string& rules_file() const
large_payload_t large_payload() const
{
return m_large_payload;
}
const std::string& rules_file() const
{ {
return m_rules_file; return m_rules_file;
} }
warn_type_mismatch_t warn_type_mismatch() const warn_type_mismatch_t warn_type_mismatch() const
{ {
return m_warn_type_mismatch; return m_warn_type_mismatch;
} }
void set_large_payload(large_payload_t l)
{
m_large_payload = l;
}
void set_rules_file(const std::string& s) void set_rules_file(const std::string& s)
{ {
m_rules_file = s; m_rules_file = s;
@ -60,10 +84,13 @@ public:
m_warn_type_mismatch = w; m_warn_type_mismatch = w;
} }
static large_payload_t get_large_payload(const CONFIG_PARAMETER* pParams);
static std::string get_rules_file(const CONFIG_PARAMETER* pParams);
static warn_type_mismatch_t get_warn_type_mismatch(const CONFIG_PARAMETER* pParams); static warn_type_mismatch_t get_warn_type_mismatch(const CONFIG_PARAMETER* pParams);
private: private:
std::string m_name; std::string m_name;
large_payload_t m_large_payload;
std::string m_rules_file; std::string m_rules_file;
warn_type_mismatch_t m_warn_type_mismatch; warn_type_mismatch_t m_warn_type_mismatch;
}; };