In cases where servers are known to be down on startup, this feature does
more harm than good. Disabling it in these cases would be preferable but
due to how the parameter is used, it is not possible.
The SQL for the second recursive CTE table can be optimized by adding a
where condition on the recursive part that rules out users that are not
roles. The functionality remains the same as only roles can be granted to
users.
Added new ssl_version value for TLSv1.3. This allows the list of accepted
protocol versions to be limited to all supported protocols. Previously
TLSv1.3 was only available with ssl_version=MAX.
Also fixed the enum value serialization to use a lowercase v. This causes
them to have the same value as the one used in the enum.
Previously when ssl_version was used with a value that is not supported on
the system, an unknown parameter error was returned. This could be
confusing and logging a proper error message should make it clear.
If an existing cache-entry should be updated, but the new value
is larger that the maximum size of the cache, then the cache can
not be updated, but the old value must be removed.
Whether or not we succeed in removing the entry, an error result
must be returned. Earlier OK was returned, but no node was
allocated, which then caused a crash.
The `global` parameter causes the time window defined by the `time`
parameter to be applied at the instance level instead of the session
level. This means that a write from one connection will cause all other
connections to use the master for a certain period of time.
Using a configurable time window for consistency is not good as it is not
absolute and cannot adjust to how servers behave.
One example that demonstrates this is when a slave is normally lagging
behind by less than a second but some event causes the lag to spike up to
several seconds. In this case the configured time window would no longer
guarantee consistency.
Another reason to avoid a "static" time window is the fact taht it
prevents load balancing in the cases where slaves catch up to the master
within time window. This happens when time is configured to a higher value
to avoid inconsistencies at all costs.
Added a test case that verified the feature works.
Since the user authentication stores a SHA2-512 hash of the password on
disk, caching the hash results in memory speeds up the authentication
process significantly. Storing the password on disk in plain-text form
would also speed it up but this would be quite insecure.
The number of sessions wasn't always incremented but it was always
decremented. This happened primarily when authentication failed. By making
the management of the counters a part of the object lifecycle, this
problem goes away.
Requiring contiguous buffers removes the need to use mxs::Buffer which
also removes the need to check for buffer boundaries.
Converted all the functions used by get_canonical into `static inline` so
that the compiler knows it can inline them. A few of them weren't `static`
which made the calls to the functions unnecessarily expensive.
The backslash was added instead of assigned. Since the value stored at
that position is always a null byte, assignment and addition would result
in the same outcome.
Since most of the time users run MaxScale as the maxscale user, we can
change the ownership of the file when it is being created. This prevents
the need to manually set the permissions after the file is created.
If the user creating the file is root, the ownership change will work but
on the other hand if the user simply has write permission into MaxScale's
files, the ownership change will likely cause an error. This will still be
an improvement as the user will know the file ownership needs to be
changed.
The number of sessions wasn't always incremented but it was always
decremented. This happened primarily when authentication failed. By making
the management of the counters a part of the object lifecycle, this
problem goes away.
Requiring contiguous buffers removes the need to use mxs::Buffer which
also removes the need to check for buffer boundaries.
Converted all the functions used by get_canonical into `static inline` so
that the compiler knows it can inline them. A few of them weren't `static`
which made the calls to the functions unnecessarily expensive.
The backslash was added instead of assigned. Since the value stored at
that position is always a null byte, assignment and addition would result
in the same outcome.
