The default users are now inserted into the admin users files if no
existing files are found. This removes the hard-coded checks for admin
user names and simplifies the admin user logic.
The default interface for the admin interface is the IPv6 address '::'
which corresponds to the IPv4 address '0.0.0.0'. If the system doesn't
support IPv6, then an attempt to bind on IPv4 should be made.
The uses_function type rule matches when any of the columns given as
values uses a function. With this, columns can be denied from being used
with a function.
When a persistent connection is reused, a COM_CHANGE_USER command is
executed to reset the session state. If the reused connection was closed
before the response to the COM_CHANGE_USER was received and taken into use
by another connection, another COM_CHANGE_USER would be sent to, again,
reset the session state. Due to the fact that the first response is still
on its way, it will appear as if two responses are generated for a single
COM_CHANGE_USER.
The way to fix this is to avoid putting connections that haven't been
successfully reset into the connection pool.
If MaxScale Binlog Server is detected by MySQL monitor, then Server
status is ‘Relay Master, Running’ without ‘Slave’: this way Binlog
Server cannot be used by any statement routing.
Additionally SELECT for replication lag is skipped as well.
MXS-1344: Binlog server reports the real master id in SHOW SLAVE STATUS
| SHOW ALL SLAVES STATUS, no matter the value of ‘master_id’ identity
parameter.
Binlog server report its own server id or the identity value of
‘master_id’ in MySQL monitor query SELECT @@global.server_id,
@@read_only;
Note: SELECT @@global.server_id (no other fields) still reports the
real master server id or the value set in ‘master_id’
In qc_sqlite the fields that a particular function refers to are now
collected and reported. Qc_mysqlembedded needs to be updated accordingly
and also the compare utility. For subsequent commits.
The internal connections of the binlogrouter should be closed in the same
thread that created them. This should be the "main" thread, i.e. thread 0,
that starts the original binlogrouter service.
When a session is being closed in a controlled manner, i.e. a COM_QUIT is
received from the client, it is possible to deduce from this fact that the
backend connections are very likely to be idle. This can be used as an
additional qualification that must be met by all connections before they
can be candidates for connection pooling.
This assumption will not hold with batched and asynchronous queries. In
this case it is possible that the COM_QUIT is received from the client
before even the first result from the backend is read. For this to work,
the protocol module would need to track the number and state of expected
responses.
The `add user` and `enable account` commands create fully privileged
administrative users like they did in 2.1. This makes the addition of
read-only users backwards compatible.
Updated and expanded the documentation on administrative interface
users. Added entries into the release notes as well as the upgrading
document about relevant changes between 2.1 and 2.2.
Routine blr_handle_missing_files() is called by
blr_handle_fake_rotate().
Field ‘filestem’ is updated in order to avoid wrong file name creation.
Additionally router is not creating any missing filenames if
router->binlog_name is empty (no previous binlog files)
Removing the last admin account is now forbidden. This should prevent most
cases where users could lock themselves out of the administrative
interface.
This change does allow a non-root network user to be the last admin
account. In practice this does not prevent the root user from gaining
access to maxadmin. Access can be gained by removing the users file and
restarting MaxScale or by editing the users file by hand.
The type of the created user can now be specified with the --type option.
Expanded tests that cover the user creation. Also added a test case that
checks that basic users are only allowed to read through the REST API.
MaxAdmin can now create basic users for both network and UNIX domain
socket use. Currently the basic and admin types have the same permissions
in maxadmin but for the REST API, only admin accounts can modify MaxScale.
