The uses_function type rule matches when any of the columns given as
values uses a function. With this, columns can be denied from being used
with a function.
It is now possible to specify the thread stack size to be used,
when a new thread is created. This will subsequently be used
for allowing the stack size to be specified for worker threads.
Disabling the tee filter at runtime is desirable for cases where the
branched service is not always needed. Migrations and pre-production
setups are one where changes to the branched service are expected and
splitting the queries would result in an error.
The function type rule now accepts an empty list of functions, allowing
all functions to be blocked by defining an empty function type rule and
setting action=allow.
The qlafilter exposes the unified log file as a module command that
outputs an array of JSON strings, one for each line in the file. The
command takes two optional parameters, the start and end lines for the log
file.
Further improvements could be done to allow reading of session specific
log files.
Some sort of an authorization scheme for the REST API should be
implemented to limit the possibility of exposing unwanted parts of the
REST API.
The query classifier should only be used to parse text protocol
statements. The insertstream filter exploited the fact that any statements
that the filter did not expect would be classified as an unknown
commands. This led to repetitive error messages with binary protocol
statements.
The keyword in the Json is now "match" and MatchRule class substitutes
CaptureRule
"replace": {
"column": "d_code",
"match": "(?<=aaa).*(?=-12)|(?<=-12).*"
},…
If a rule is defined with only an optional part, it should be of the
permission type. This type is used to signal that the rule matches if the
optional constraints are fulfilled.
Due to refactoring, the default type was changed from RT_PERMISSION to
RT_UNDEFINED.
A function type rule matches a query if the query uses a function defined
in the rule. This is the desired behavior for blacklist mode operation
with `action=block`.
When in whitelist mode, all queries must match a rule to be allowed
through. For function type rules, this fact is problematic as queries that
don't use functions are blocked. The desired behavior is to allow the use
of certain functions while preventing the use of others.
The allowed set of functions should always contain the "empty set" (no
functions are used) when the filter is in whitelist mode.
The firewall uses a bitmask for representing what operations a
particular rule should be applied to. Consquently it cannot use
the query classifier qc_query_op_t enumerator values as such,
as they are consecutive numbers.
The default sql mode must now be provided explicitly when the query
classifier is setup. This is in preparation for "sql_mode" becoming
a global configuration parameter of MaxScale.
Several filters use a match-or-ignore logic with two regular
expressions when filtering queries. This commit adds a convenience
function for this task. Also adds a convenience function for reading
several regular expression parameters at once, compiling them and
saving the code while checking for errors.
Also, use the new functions in QLA and CCR filters.
The default database can now be manipulated with a set of functions
exposed by the maxscale/protocol/mysql.h header. This removes the need to
handle the structures themselves in the modules and is a step towards
moving the dcb->data contents inside the session.
The tee filter was missing the match/exclude functionality that was in the
previous implementation. The filter was upgraded to use PCRE2 regular
expressions instead of POSIX regular expressions.
Documented that the match/exclude patterns should use PCRE2 syntax.
The HintParser wrongly ignored linebreaks, causing parsing faults
e.g. parsing too far or accepting invalid comments. Now, the parser
detects a line break and terminates comments unless they started with
'/*'. Also, fixed a memory leak when parsing parameter-value-combinations.
The modutil_get_SQL()-function allocates storage, while
modutil_extract_SQL() does not. The strings given by the latter
are not 0-terminated so require a length limit when matched using
regexec().
This commit changes the used function in those cases where the
sql-string is not modified nor is the pointer saved for later use.
MXS-1067. The CCRFilter will now look at the hints in a write-type
query. The parameter-value combinations "ccr=match" and "ccr=ignore"
are recognized and will override any regex match and ignore settings.
For the hints to work, the HintFilter needs to be present in the filter
chain before the CCRFilter.
Also ran astyle and updated documentation.
The module commands can now produce JSON formatted output which is passed
to the caller. The output should conform to the JSON API as closely as
possible.
Currently, the REST API wraps all JSON produced by module commands inside
a meta-object of the following type:
{
"meta": <output of module command>
}
This allows the output to be JSON API conformant without modifying the
modules and allows incremental updates to code.
The tests should no longer expect client session creation to fail if the
branch session creation is not successful.
The main session is kept alive so that a failure in the branch session
does not cause a failure of the main session. The main session can be
considered more important as it is what the client will use. If the branch
session fails, the failure will be logged so no information is lost.
Also added a missing configuration file and removed some extra-verbose
output in a test script.
