Disable automatic write protection on replicas #42450
Conversation
|
I am in favor of this. Is there any other reason for rails to know if the db is a replica? If not, I imagine you can remove a fair bit more code. |
Yes, we need to know a configuration is a replica so that we don't run rake tasks against it. I don't think offhand there is any other code to remove since we're not dropping replica support, just dropping the automatic prevent_writes from it.
|
HParker
force-pushed
the
disable-prevent-write-on-replica
branch
2 times, most recently
from
42cfc1f
to
eca7582
Compare
activerecord/CHANGELOG.md
Outdated
| * Disable automatic write protection on replicas | ||
|
|
||
| Write protection no longer automatically enable for replicas. | ||
| Now each application controls when to enable automatic write protection. |
There was a problem hiding this comment.
Do you think it's worth mentioning this on https://edgeguides.rubyonrails.org/active_record_multiple_databases.html too?
There was a problem hiding this comment.
I am reading now, if it was mentioned before we should probably remove it, but I don't know how/if we should mention rails not doing something you maybe didn't know it did at all before.
There was a problem hiding this comment.
I had a quick read through and couldn't find any mention of this behaviour. I think AR.while_preventing_writes could be mentioned but it's not really in the scope of this PR.
There was a problem hiding this comment.
I can't find a spot that seems like it needs updating, but it is totally possible I am missing it. Let me know if I missed anything @ghiculescu 🙂
There was a problem hiding this comment.
I would add onto the guides and explain that if you want replicas to act like replicas they need to be configured with readonly users
There was a problem hiding this comment.
^ that is alluded to, kind of
@HParker I'll make a separate PR, because I don't think I'm making much sense here.
There was a problem hiding this comment.
Under the setup section we have:
Second, the username for the writers and replicas should be different, and the replica user's permissions should be set to only read and not write.
When using a replica database, you need to add a replica: true entry to the replica in the database.yml. This is because Rails otherwise has no way of knowing which one is a replica and which one is the writer.
https://edgeguides.rubyonrails.org/active_record_multiple_databases.html#setting-up-your-application
Should I expand on that?
|
Just noticed this line: https://github.com/rails/rails/blob/eca7582718225ef40a7618293a13924561194aae/activerecord/lib/active_record/connection_handling.rb#L355. Should it also be removed? It gets called by |
|
Thanks @ghiculescu that line in connection_handling turned up a lot of places I missed ❤️ |
HParker
force-pushed
the
disable-prevent-write-on-replica
branch
2 times, most recently
from
bf9000d
to
8d7d4d9
Compare
activerecord/test/cases/connection_adapters/legacy_connection_handlers_multi_db_test.rb
Outdated
Show resolved
Hide resolved
HParker
force-pushed
the
disable-prevent-write-on-replica
branch
4 times, most recently
from
16034e2
to
5d47eb3
Compare
activerecord/CHANGELOG.md
Outdated
| @@ -1,3 +1,10 @@ | |||
| * Disable automatic write protection on replicas | |||
There was a problem hiding this comment.
| * Disable automatic write protection on replicas | |
| * Disable automatic write protection on replicas. |
activerecord/CHANGELOG.md
Outdated
| @@ -1,3 +1,10 @@ | |||
| * Disable automatic write protection on replicas | |||
|
|
|||
| Write protection no longer automatically enable for replicas. | |||
There was a problem hiding this comment.
| Write protection no longer automatically enable for replicas. | |
| Write protection is no longer automatically enabled for replicas. Write protection should be enabled by the database user settings. |
activerecord/CHANGELOG.md
Outdated
| * Disable automatic write protection on replicas | ||
|
|
||
| Write protection no longer automatically enable for replicas. | ||
| Now each application controls when to enable automatic write protection. |
There was a problem hiding this comment.
| Now each application controls when to enable automatic write protection. |
This allows users to use write protection if they want, but no longer treats it as a catch all. Write protection is not accurate enough to classify all cases correctly. Instead users should configure their replicas to not allow writes and rely on the database erroring if the query is not allowed. Co-authored-by: Alex Ghiculescu <alexghiculescu@gmail.com>
HParker
force-pushed
the
disable-prevent-write-on-replica
branch
from
5d47eb3
to
951deec
Compare
|
Thanks @eileencodes! updated |
| @@ -1,3 +1,9 @@ | |||
| * Disable automatic write protection on replicas. | |||
|
|
|||
| Write protection is no longer automatically enabled for replicas. Write protection should be enabled by the database user settings. | |||
There was a problem hiding this comment.
Can we expand with an example what "Write protection should be enabled by the database user settings." means?
There was a problem hiding this comment.
Good idea @rafaelfranca, I put together #42529
I am not sure how much detail to add since it is not only database specific, but also configuration specific. Depending on how your primary and replica are setup you might want a totally different configuration. Ideally you would setup a local database user to be very similar to how your production users are setup.
This allows users to use write protection if they want, but no longer treats it as a catch all. Write protection is not accurate enough to classify all cases correctly. Instead users should configure their replicas to not allow writes and rely on the database erroring if the query is not allowed.
Alternative solution for: #42432
Fixes: #42432