Query blacklisting: filter by CallerId

[mswietochowski]

So far, in the rules.Rule allows only for filtering by user (which is the user directly accessing vttablet), and not by VTGateCallerID.username nor CallerID.principal. I suggest (and am happy to implement) a change, that adds support for filtering by these two.

I understand, that VTGateCallerID.username can be less trustworthy and CallerID.principal is not to be trusted at all, but there are scenarios where it would be useful.

If you all agree, then one question remains - what do to with current username matching? For a setup, where all calls come from VTGate it's pretty useless, but I see that someone could already be using this in production, so it's probably better to leave that alone.

What do you think?

[ronghuaihai]

hello: I have something questions about query blacklist of vitess ,I also can't find how to use query blacklist in vitess in the official document source: vitess.io/docs ,how to use query blocklist block or kill special unsafe query by user or sql content ?