Disabling the tee filter at runtime is desirable for cases where the
branched service is not always needed. Migrations and pre-production
setups are one where changes to the branched service are expected and
splitting the queries would result in an error.
The function type rule now accepts an empty list of functions, allowing
all functions to be blocked by defining an empty function type rule and
setting action=allow.
A function type rule matches a query if the query uses a function defined
in the rule. This is the desired behavior for blacklist mode operation
with `action=block`.
When in whitelist mode, all queries must match a rule to be allowed
through. For function type rules, this fact is problematic as queries that
don't use functions are blocked. The desired behavior is to allow the use
of certain functions while preventing the use of others.
The allowed set of functions should always contain the "empty set" (no
functions are used) when the filter is in whitelist mode.
The tee filter was missing the match/exclude functionality that was in the
previous implementation. The filter was upgraded to use PCRE2 regular
expressions instead of POSIX regular expressions.
Documented that the match/exclude patterns should use PCRE2 syntax.
MXS-1067. The CCRFilter will now look at the hints in a write-type
query. The parameter-value combinations "ccr=match" and "ccr=ignore"
are recognized and will override any regex match and ignore settings.
For the hints to work, the HintFilter needs to be present in the filter
chain before the CCRFilter.
Also ran astyle and updated documentation.
The tee filter now uses the local client class to clone the queries. This
imposes some restrictions on how the filter can be used but also makes
MaxScale as a whole more robust.
The resultset of SELECTs that use functions whose result will
always vary or whose result depend upon the user executing the
query should not be cached. The list of functions is the same
as that specified for the query cache of MariaDB:
https://mariadb.com/kb/en/mariadb/query-cache/
If user or system variables are used in a SELECT statement, then
the result will not be cached. That ensures that the wrong result
will not be returned.
As before, the cache will be used if there is no ongoing transaction
(includes autocommit being on), or if there is an explicitly read-
only transaction.
In addition, the cache will be used and populated during any other
transaction as long as only pure read statements are executed. After
first non-read statement, the use of the cache is disabled.
- Add note about filters having become available in 2.1.
- Add insertstream to release notes and change log.
- Add complete example to cache documentation.
The firewall filter should allow COM_PING and other similar commands to
pass through as they are mainly used to check the status of the backend
server or to display statistics. The COM_PROCESS_KILL is the exception as
it affects the state of the backend server. This is better controlled with
permissions in the server than in the firewall filter.
Commands that require special grants aren't allowed to pass as they are
mainly for maintenance purposes and these should not be done through the
firewall.
