-
-
Notifications
You must be signed in to change notification settings - Fork 471
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement Protection Flags for Tables and Clusters #1423
Comments
In short, for now we need to be able to hide/prevent from altering/removing tables and clusters, namely:
Since this is under control of Buddy, it should be impossible to modify these things without it. |
As discussed in today's dev call, there might be an issue with simply marking a table as invisible. This is because not only will We have considered several options:
|
@tomatolog this task will be a blocker for completing the autosharding and the kafka tasks.
seems optimal. We can then do |
but when something goes wrong and buddy can not handle it - how to fix all back without manual intervention? |
I would also consider:
|
for the approach with the flag Then all requests code should be refactored to skip the system_table for regular requests. |
Emulating Buddy, namely - it's user agent.
Would we be able to replicate some of the system tables? |
As discussed, we can implement it as follows:
|
We need the ability to create a distributed table that is protected yet still accessible to the user because the user needs to interact with it: selecting, inserting, and deleting data, but we should prevent altering or dropping the table. The suggestion is to include a special flag (option) when creating the table. This mechanism will enable the daemon to identify if the table can be modified exclusively through Buddy (Buddy sends its header, and we recognize the request is coming from Buddy) and cannot be altered directly. |
the latest suggestion is to move table name rules into its own bison and flex parser and include that into all main parsers that will fix issue that current code breaks JSON at the select list. |
JOIN is now in the master. Unblocked. |
We must add new flag functionalities to the Manticoresearch daemon to safeguard our sharded tables and internal clusters from unauthorized alterations. This enhancement will ensure that these crucial components are only modified through Buddy, thus enhancing the integrity and security of our system.
The specific tasks are as follows:
We must also design a method for passing these flags when creating a new cluster/table.
UPDATE from Dmitrii Feb 8 2024
We need the ability to create a distributed table that is protected yet still accessible to the user because the user needs to interact with it: selecting, inserting, and deleting data, but we should prevent altering or dropping the table.
The suggestion is to include a special flag (option) when creating the table. This mechanism will enable the daemon to identify if the table can be modified exclusively through Buddy (Buddy sends its header, and we recognize the request is coming from Buddy) and cannot be altered directly.
The text was updated successfully, but these errors were encountered: