Removing the last admin account is now forbidden. This should prevent most
cases where users could lock themselves out of the administrative
interface.
This change does allow a non-root network user to be the last admin
account. In practice this does not prevent the root user from gaining
access to maxadmin. Access can be gained by removing the users file and
restarting MaxScale or by editing the users file by hand.
MaxAdmin can now create basic users for both network and UNIX domain
socket use. Currently the basic and admin types have the same permissions
in maxadmin but for the REST API, only admin accounts can modify MaxScale.
The users are now stored as an array of JSON objects. Legacy users are
automatically upgraded once they are loaded and a backup of the original
users file is created.
Removed the password parameter from the `remove user` maxadmin command as
well as all of the relevant functions. Requiring that an administrator
knows the password of the account to be deleted is not a sound requirement
now that, at least in theory, two types of accounts can be created.
Added a utility function for checking if an admin user has been
created. Removed unused promote and demote commands which can be replaced
with a call to remove and add.
The users can now be dumped and loaded as JSON objects. This allows easier
parsing and handling of users while still retaining the possibility to
manually edit the output. Added tests for dumping and loading the JSON
form users.
Also fixed a deadlock in Users::remove() where the same lock was acquired
twice and a faulty test case where failed authentication was expected to
work.
The type of the user being created is defined at creation time. This
allows the creation of basic users.
Although the users can be created internally, they cannot yet be created
via maxadmin or the REST API.
The Users class now performs locking when a method is called. This will
prevent concurrent access to the internal map of users.
Added missing const versions of SpinLockGuard.
Made the USERS an opaque object to reduce the amount of exposed
interfaces. Moved the storage of users into a C++ class and exposed that
class via the users interface functions.
Removed unused code and cleaned up the documentation in the header. Added
helper functions for printing the stored users.
It is now possible to specify the thread stack size to be used,
when a new thread is created. This will subsequently be used
for allowing the stack size to be specified for worker threads.
Moved 4 byte get/set into utils header. The byte packing functions in
maxscale/protocol/mysql.h should be migrated to the utils directory where
they can also be used by non-mysql code.
The temporary files are now generated with mkstemp. This will prevent
conflicts with multiple monitors operating on the same temporary journal
even though it is impossible in practice.
Added missing error messages to a couple of the functions.
All monitors now persist the state of the server in a monitor journal
file.
Moved the removal of stale journals into the core and removed them from
the monitor journal interface.
Only the protocol, port and address of the listener were used to check if
a listener exists. The check should also use the name of the listener to
be sure that each name is unique.
Expanded tests to check that the creation of duplicate listeners is
detected. Did minor improvements to related test code.
By moving the repurposing of the servers under the global server lock, the
repurposing of a server and allocation of a new server behave in the same
way.
Also fixed the wrong error message on server creation failure referring to
invalid server relationships.
If a destroyed monitor is created again, it will be reused. This should
prevent excessive memory growth when the same monitor is created and
destroyed again.
If a connection has not been fully established (i.e. authentication has
been completed) then it should not be considered as a connection pool
candidate.
The setting parsing is now similar to the other server settings.
The header is printed if log_info is on.
Changed the setting name to simply "proxy_protocol".
Updated documentation.
The backend server can send a response even if the client hasn't sent a
request. One case where this occurs is when the server is shutting
down. The internal logic of readwritesplit can't handle unexpected states
gracefully so the safest thing to do is to just ignore them and send the
responses to the client.
When a buffer is cloned and then the original buffer parsed and freed, the
freeing of the cloned buffer will not release the memory that was
allocated when the original buffer is parsed.
This is a side-effect of how the buffer objects are stored in the buffer
and not in the shared memory buffer. The creation of a buffer object after
cloning will cause the buffer object to be lost as the cloned buffer
didn't have a pointer to the buffer object that was created later.
By moving the buffer objects into the shared memory buffer, the memory
leak is fixed.
The listeners are now a proper sub-resource of the service resource. This
means that it acts like a normal resource and can be queried both as a
collection of resources and as an individual resource.
When a PATCH request to a resource is made with no relationships defined,
it should be interpreted to be the same as the old relationships. Removal
of relationships can still be done by defining an empty relationships
object.
All resoures now use the `state` member to describe their internal
state. This includes servers, services and monitors. This means that the
`status` keyword can be reserved for something else and it can be removed
until it is needed again.
Changed the module maturity field to `maturity` to better describe its
purpose.
The feedback system wasn't used and was starting to cause problems on
Debian 9 where the libcurl required different version of OpenSSL than what
MaxScale was linked against.
The EVP_CIPHER_CTX is now created inside a wrapper function to add support
for OpenSSL 1.1. Also fixed improper use of the EVP_CIPHER_CTX internals
in binlogrouter.
Several filters use a match-or-ignore logic with two regular
expressions when filtering queries. This commit adds a convenience
function for this task. Also adds a convenience function for reading
several regular expression parameters at once, compiling them and
saving the code while checking for errors.
Also, use the new functions in QLA and CCR filters.
Changed the query operation enum to contain implicit enum values instead
of providing. The operation was never used as a bitmask so it is pointless
to declare them as such.
Added the EXECUTE type to the enum and used it in qc_sqlite and
qc_mysqlembedded.
Providing helper functions for the commonly used parts of the server makes
code easier to read. It also removes any possibility for formatting
problems by moving the URI and name string handling inside the Backend
class.
Added helper functions that check various server states. This makes the
readwritesplit code easier to read as the function names convey the
intention better than the macro invokations.
