MXS-2513 Deprecate firewall and masking filters

2019-05-28 14:31:34 +03:00
parent 3b60bf00e1
commit de3c5721e9
6 changed files with 40 additions and 41 deletions
--- a/Documentation/Changelog.md
+++ b/Documentation/Changelog.md
@ -10,6 +10,7 @@
 * MaxCtrl commands `list sessions`, `show sessions` and `show session <id>`
  support reverse DNS lookup of client addresses. The conversion is activated
  by adding the `--rdns`-option to the command.
 * The database firewall filter and the masking filter have been deprecated.
 For more details, please refer to:
--- a/Documentation/Filters/Database-Firewall-Filter.md
+++ b/Documentation/Filters/Database-Firewall-Filter.md
@ -3,54 +3,24 @@
 Table of Contents
 =================
-* [Overview](#overview)
+[TOC]
 * [Configuration](#configuration)
   * [Filter Parameters](#filter-parameters)
      * [rules](#rules)
      * [action](#action)
      * [log_match](#log_match)
      * [log_no_match](#log_no_match)
 * [Rule syntax](#rule-syntax)
   * [Mandatory rule parameters](#mandatory-rule-parameters)
      * [wildcard](#wildcard)
         * [Example](#example)
      * [columns](#columns)
         * [Example](#example-1)
      * [function](#function)
         * [Example](#example-2)
      * [not_function](#not_function)
      * [Example](#example-3)
      * [uses_function](#uses_function)
         * [Example](#example-4)
      * [function and columns](#function-and-columns)
         * [Example](#example-5)
      * [not_function and columns](#not_function-and-columns)
         * [Example](#example-6)
      * [regex](#regex)
         * [Example](#example-7)
      * [limit_queries](#limit_queries)
         * [Example](#example-8)
      * [no_where_clause](#no_where_clause)
         * [Example](#example-9)
   * [Optional rule parameters](#optional-rule-parameters)
      * [at_times](#at_times)
      * [on_queries](#on_queries)
   * [Applying rules to users](#applying-rules-to-users)
 * [Module commands](#module-commands)
   * [dbfwfilter::rules/reload [FILE]](#dbfwfilterrulesreload-file)
   * [dbfwfilter::rules](#dbfwfilterrules)
 * [Use Cases](#use-cases)
   * [Use Case 1 - Prevent rapid execution of specific queries](#use-case-1---prevent-rapid-execution-of-specific-queries)
   * [Use Case 2 - Only allow deletes with a where clause](#use-case-2---only-allow-deletes-with-a-where-clause)
 ## Overview
 The database firewall filter has been deprecated in MaxScale 2.4 and
 it will be removed in a future version of MaxScale. We advise against
 using it.
 The Database Firewall filter is used to block queries that match a set of
 rules. It can be used to prevent harmful queries from reaching the backend
 database instances or to limit access to the database based on a more flexible
 set of rules compared to the traditional GRANT-based privilege system. Currently
 the filter does not support multi-statements.
 Note that the firewall filter should be viewed as a best-effort solution
 intended for protecting against accidental misuse rather than malicious
 attacks.
 ## Configuration
 The Database Firewall filter only requires minimal configuration in the
--- a/Documentation/Filters/Masking.md
+++ b/Documentation/Filters/Masking.md
@ -9,6 +9,10 @@ Table of Contents
 ## Overview
 The masking filter has been deprecated in MaxScale 2.4 and
 it will be removed in a future version of MaxScale. We advise against
 using it.
 With the _masking_ filter it is possible to obfuscate the returned
 value of a particular column.
@ -41,6 +45,10 @@ the _ssn_ would be masked, as in
 ...
 ```
 Note that the masking filter should be viewed as a best-effort solution
 intended for protecting against accidental misuse rather than malicious
 attacks.
 ## Security
 From MaxScale 2.3 onwards, the masking filter will reject statements
--- a/Documentation/Release-Notes/MaxScale-2.4.0-Release-Notes.md
+++ b/Documentation/Release-Notes/MaxScale-2.4.0-Release-Notes.md
@ -81,6 +81,22 @@ The `ndbclustermon` module has been removed.
 The `mmmon` module has been removed as the `mariadbmon` monitor largely does
 what it used to do.
 ## Deprecated Features
 ### `dbfwfilter`
 The database firewall filter has been deprecated and it will be removed in a
 future version of MaxScale.
 We advise against using it.
 ### `masking`
 The masking filter has been deprecated and it will be removed in a
 future version of MaxScale.
 We advise against using it.
 ## New Features
 ### Servers can be drained
--- a/server/modules/filter/dbfwfilter/dbfwfilter.cc
+++ b/server/modules/filter/dbfwfilter/dbfwfilter.cc
@ -1272,6 +1272,9 @@ Dbfw::~Dbfw()
 Dbfw* Dbfw::create(const char* zName, MXS_CONFIG_PARAMETER* pParams)
 {
    MXS_WARNING("The database firewall filter has been DEPRECATED in MaxScale 2.4 "
                "and it will be removed in a future release of MaxScale.");
    Dbfw* rval = NULL;
    RuleList rules;
    UserMap users;
--- a/server/modules/filter/masking/maskingfilter.cc
+++ b/server/modules/filter/masking/maskingfilter.cc
@ -77,8 +77,6 @@ extern "C" MXS_MODULE* MXS_CREATE_MODULE()
                               reload_argv,
                               "Reload masking filter rules");
    MXS_NOTICE("Masking module %s initialized.", VERSION_STRING);
    typedef MaskingFilter::Config Config;
    static MXS_MODULE info =
@ -176,6 +174,9 @@ MaskingFilter::~MaskingFilter()
 // static
 MaskingFilter* MaskingFilter::create(const char* zName, MXS_CONFIG_PARAMETER* pParams)
 {
    MXS_WARNING("The masking filter has been DEPRECATED in MaxScale 2.4 and "
                "it will be removed in a future release of MaxScale.");
    MaskingFilter* pFilter = NULL;
    Config config(zName, pParams);