Manual error status for EdgeDB server #4625
Comments
|
The mechanism looks reasonable to me, however I wonder if we can (or should) generalize this to allow specifying the error class and whether or not the state is advisory. One other potential use case I'm contemplating is Cloud upgrades, where the source instance will be placed into read-only mode. |
Yeah. This sounds like a good idea. But I'm not sure about specifics. Also I'm not sure how to make "non-advisory" state, until we have rule-based access controls (RBAC). Someone should have a permission to reset that state, and since all users are superusers every user can do that. |
Implement a configuration field that causes the server to return an error for all non-configuration commands. See #4625 for details and motivation. Closes #4625. The details here are a little different than proposed there. There is one config property, `force_database_error`, that accepts a json encoded string with the following format: `false` means no error, and an object means to raise an error: ``` { "type": <name of exception class>, "message": <exception message>, "hint": <exception hint>, "details": <exception details>, "context": { "line": <line number>, "col": <column number>, "start": <start position>, "end": <end position>, "filename": <file name for error> } } ``` All fields except for `type` are optional.
Implement a configuration field that causes the server to return an error for all non-configuration commands. See #4625 for details and motivation. Closes #4625. The details here are a little different than proposed there. There is one config property, `force_database_error`, that accepts a json encoded string with the following format: `false` means no error, and an object means to raise an error: ``` { "type": <name of exception class>, "message": <exception message>, "hint": <exception hint>, "details": <exception details>, "context": { "line": <line number>, "col": <column number>, "start": <start position>, "end": <end position>, "filename": <file name for error> } } ``` All fields except for `type` are optional.
Motivation
edgedb watchcommand is expected to be running in the background and update schema in the database. Sometimes schema updates cannot be applied because of syntax of schema files is wrong or because database changes are conflicting. In those cases we have to notify users somehow that schema changes could not be applied.It's hard to make notifications from the background process, so the simplest solution is to error out all clients. So all subsequent testing that user does fails with the same error until schema files are fixed.
Overview
We use configuration mechanism to propagate error to all the clients that use the same database.
Example on conflicting type:
Example syntax error:
Example when database upgrade needed:
Specification
New error type must be introduced.
DevModeError(better name?), probably a subclass ofBackendError(orConfigurationError?)Config parameters:
database_error-- this error is thrown in every client when any non-configuration query is performed (i.e. any CONFIGURE is allowed as well as selecting fromcfg::andsys::get_version*, maybe all stdlib is allowed?)database_error_info-- JSON with extra information (format to be determined). This can be used in UI-based tools to provide nicer error. Has to be fetched manually viaSELECT cfg::Config.database_warning-- sent as a warning to all the clients (when we start supporting warning mechanism)This mechanism is error by default, but generally advisory. To opt-out of error you can do:
This mechanism will be used by CLI for two things:
edgedb watch/edgedb migrateto fix the schema after resetting changesedgedb(REPL) will print the failure and cleandatabase_errorfor the session, so you can inspect things while error is there.The text was updated successfully, but these errors were encountered: