sqlproxyccl: add support for expiring a denylist entry based on timestamp #64957
Conversation
|
This change is |
meridional
force-pushed
the
sqlproxy_denylist_yaml_file_format
branch
4 times, most recently
from
8dc17c0 to
168f172
Compare
meridional
changed the title
meridional
force-pushed
the
sqlproxy_denylist_yaml_file_format
branch
5 times, most recently
from
2ddac0b to
0f65a61
Compare
There was a problem hiding this comment.
Reviewable status:
complete! 1 of 0 LGTMs obtained (waiting on @darinpp and @meridional)
pkg/ccl/sqlproxyccl/denylist/file.go, line 67 at r1 (raw file):
*syncutil.RWMutex } pollingInterval time.Duration
Maybe add a TODO somewhere to switch to a filewatcher rather than use polling.
pkg/ccl/sqlproxyccl/denylist/file.go, line 68 at r1 (raw file):
} pollingInterval time.Duration timeSource timeutil.TimeSource
The timeutil package comes from CRDB. I think we should avoid a dependency on that package (we try to minimize dependencies on CRDB, as they can be a real pain to maintain over time), and just use timeutils.Now() in the managed-service repo. As long as you call timeutils.Now instead of time.Now in your code, you can then hook that function in your tests, like this:
now := time.Date(2021, 1, 29, 12, 0, 0, 0, time.UTC)
defer testutils.HookGlobal(&timeutils.Now, func() time.Time { return now })()
Then you'd get rid of timeSource. This is the pattern we use all over managed-service.
pkg/ccl/sqlproxyccl/denylist/local_file_test.go, line 29 at r1 (raw file):
Seq: 3, Denylist: []*DenyEntry{ {DenyEntity{"1.1.1.1", IPAddrType}, timeutil.Now().Add(time.Hour), "reason"},
Maybe a few more test cases would be interesting, such as a ClusterType case. I'd usually structure a test like this similar to how TestCockroachStatefulSet works, so that it's easy to add a bunch of test cases.
pkg/ccl/sqlproxyccl/denylist/service.go, line 28 at r1 (raw file):
} // Type is the type of the denied entity
NIT: Use period at end of comments here and elsewhere.
pkg/ccl/sqlproxyccl/denylist/service.go, line 35 at r1 (raw file):
IPAddrType Type = iota + 1 ClusterType UnknonwType
SP: UnknownType
pkg/ccl/sqlproxyccl/denylist/service.go, line 49 at r1 (raw file):
// UnmarshalYAML implements yaml.Unmarshaler interface for type func (typ *Type) UnmarshalYAML(unmarshal func(interface{}) error) error {
It'd be best for this new code to have at least one simple unit test.
pkg/ccl/sqlproxyccl/denylist/service.go, line 72 at r1 (raw file):
} // String() implements Stringer interface for type
NIT: Remove parentheses at end of String().
There was a problem hiding this comment.
Reviewable status:
pkg/ccl/sqlproxyccl/denylist/file.go, line 68 at r1 (raw file):
Previously, andy-kimball (Andy Kimball) wrote…
The
timeutilpackage comes from CRDB. I think we should avoid a dependency on that package (we try to minimize dependencies on CRDB, as they can be a real pain to maintain over time), and just usetimeutils.Now()in the managed-service repo. As long as you calltimeutils.Nowinstead oftime.Nowin your code, you can then hook that function in your tests, like this:now := time.Date(2021, 1, 29, 12, 0, 0, 0, time.UTC) defer testutils.HookGlobal(&timeutils.Now, func() time.Time { return now })()Then you'd get rid of
timeSource. This is the pattern we use all over managed-service.
This is the CRDB repo. :)
Though your comment makes me worried.. My plan is once we vendor this patch back, our control plane can just construct the deny list File and use Serialize to get the config map content, and push that; and use Deserialize to check the sequence number, etc.. I assumed that the usage of this library in the managed-service is ok.
meridional
force-pushed
the
sqlproxy_denylist_yaml_file_format
branch
from
0f65a61 to
416dc15
Compare
There was a problem hiding this comment.
Dismissed @andy-kimball from 2 discussions.
Reviewable status:
pkg/ccl/sqlproxyccl/denylist/file.go, line 67 at r1 (raw file):
Previously, andy-kimball (Andy Kimball) wrote…
Maybe add a TODO somewhere to switch to a filewatcher rather than use polling.
Added a TODO in the function where the polling happens.
pkg/ccl/sqlproxyccl/denylist/local_file_test.go, line 29 at r1 (raw file):
Previously, andy-kimball (Andy Kimball) wrote…
Maybe a few more test cases would be interesting, such as a ClusterType case. I'd usually structure a test like this similar to how
TestCockroachStatefulSetworks, so that it's easy to add a bunch of test cases.
Done.
pkg/ccl/sqlproxyccl/denylist/service.go, line 35 at r1 (raw file):
Previously, andy-kimball (Andy Kimball) wrote…
SP: UnknownType
Done.
pkg/ccl/sqlproxyccl/denylist/service.go, line 72 at r1 (raw file):
Previously, andy-kimball (Andy Kimball) wrote…
NIT: Remove parentheses at end of
String().
Done.
There was a problem hiding this comment.
Reviewable status:
pkg/ccl/sqlproxyccl/denylist/file.go, line 68 at r1 (raw file):
Previously, meridional (Ye Ji) wrote…
This is the CRDB repo. :)
Though your comment makes me worried.. My plan is once we vendor this patch back, our control plane can just construct the deny list
Fileand useSerializeto get the config map content, and push that; and useDeserializeto check the sequence number, etc.. I assumed that the usage of this library in the managed-service is ok.
Ha, yeah, my mistake. I think this is fine, then. The principle is to make reasonable efforts to make sure all our dependencies are worth it. Since this is in the CRDB repo, it's very reasonable to use this package.
Previously, there's no easy way to specify an expiration time for each entry. This PR adds a new denylist config format that allows encoding of expiration time in the config file. Additionally, the config file used to be "free-form", and the parsing is offloaded to viper. This PR fixes the spec of the config file in yaml. Release note: None
meridional
force-pushed
the
sqlproxy_denylist_yaml_file_format
branch
from
416dc15 to
935045a
Compare
Thanks for the review! bors r+ |
|
Build succeeded: |
The new format was added in cockroachdb#64957, which supports expiration of denylist entries based on timestamps. Release note: None
65525: sql: Add support for drop table inside the new schema changer r=ajwerner a=fqazi sql: Initial support for DROP TABLE in new schema changer Previously, the logic for DROP table was completely imperative, which would make it hard to implement features like transactional schema changes in the future. To address this, this patch adds initial support for DROP TABLE with support for clearing out type back references and foreign key. Basic structures for tracking and adding secondary indexes are also introduced. 65766: builtins: improve performance of has_table_privilege and has_column_privilege r=richardjcai a=otan See individual commits for details Resolves #65551 66066: bazel: sketch out cross toolchains for all platforms except darwin r=rail a=rickystewart In #65966, we published these toolchains to a storage bucket in GCP. This demonstrates how we can consume these same toolchains in Bazel for cross-compilation. These can be activated with: build --crosstool_top=@toolchain_cross_x86_64-unknown-linux-gnu//:suite ... or substitute `x86_64-unknown-linux-gnu` for another target name. I've verified the Linux toolchain works. The others break during compilation for various reasons that I haven't looked at closely, but I wanted to get this landed so we can iterate on those/maybe parallelize across a couple different people. The Darwin toolchain isn't generated by `crosstool-ng`, so it's structured a little differently than the others. I'll add that in a follow-up PR. See #56072 Release note: None 66137: ccl/sqlproxyccl: use new denylist format in proxy handler r=meridional a=meridional The new format was added in #64957, which supports expiration of denylist entries based on timestamps. Release note: None Co-authored-by: Faizan Qazi <[email protected]> Co-authored-by: Oliver Tan <[email protected]> Co-authored-by: Ricky Stewart <[email protected]> Co-authored-by: Ye Ji <[email protected]>
Previously, there's no easy way to specify an expiration
time for each entry. This PR adds a new denylist config format
that allows encoding of expiration time in the config file.
Additionally, the old config file format is essentially "free-form",
and the parsing is offloaded to viper. This PR "standardizes"
the config file format in yaml.
Also, the old
Denytakes an "untyped" string as input,this PR added a "type" field to the input to better distinguish
between IP and cluster, and other potentially future expansions.
The main API of the new code is written as such that it won't
report an error the caller when it cannot parse the config file;
instead it logs it and moves on in the hope that human operators can
know that something is broken and fix it. This is done this way
mostly to avoid unnecessary runtime failures due to old config
file formats.
Original code is mostly left untouched for testing backward
and forward tolerance of the config files.
Release note: None