-
Notifications
You must be signed in to change notification settings - Fork 376
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
config: fix missing and stuck alerts #9598
config: fix missing and stuck alerts #9598
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the patch! Looks great, just one minor comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the patchset, see my 8 comments below.
I've marked this PR as draft to work on it a bit more. I'll answer to the discussions, but some changes are only in my local copy at the moment. I'll sync everything a bit later and will notify the participants by a message here. |
c701892
to
6ae9a0a
Compare
6ae9a0a
to
f806f86
Compare
f806f86
to
ac095cf
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the patchset! Everything looks great, besides a few grammar-nazi nits above. LGTM
It encapsulates all the alerts manipulation in one place, splits it from the main config logic and simplifies reading of the relevant code. Several tests are updated to use the public API instead of the internal one. Part of tarantool#9574 Part of tarantool#9586 NO_DOC=refactoring, no user-visible changes NO_CHANGELOG=see NO_DOC NO_TEST=see NO_DOC
Before this patch `config:info().alerts` reports only last alert of a certain type, while others are skipped. It is a regression from commit fa97cc0 ("config: introduce droppable alerts"). The idea of the fix is to eliminate a key from all the alerts that are not to be dropped later except on configuration reloading. Fixes tarantool#9586 NO_DOC=bugfix
36727e4
to
dc61d17
Compare
The declarative configuration has the `credentials` section that describes users and their privileges. It is OK to have privileges for a space/function/sequence that does not exist. Such a privilege will lead to an alert that states that the privilege will be granted, when the object is created. The problem that is fixed by this commit is that such an alert was not dropped, when the object is created and the relevant privileges are granted. There are several ways to solve the problem. Let's look on them. 1. When a privilege is granted, drop an alert if any. 2. After the config-database privilege synchronization, revisit alerts to drop all obsolete ones. 3. Drop all the alerts regarding missed privileges before the config-database privilege synchronization and issue actual alerts afterwards. The first way is the simplest, but it doesn't cover one specific scenario: an object rename. Let's assume that the object T has privileges declared in the configuration and the object doesn't exist. There is an alert regarding it. Now, object S is renamed to T. Let's assume that S had some or all the privileges needed for T according to the configuration. In the given scenario, we don't need to grant some or all of the privileges and, so, the first solution doesn't work. We don't reach the code that grants the privileges and, so, dropping alerts at this point has no effect. The second and the third solutions are similar and mainly differs in how complicated the code is. The third one is implemented here with idea of simplifying the code. The internal `aboard` module has the following changes. 1. The `aboard` module now ignores underscored fields of an alert on its serialization to allow a caller to store a machine-readable information in them. 2. The new method `:drop_if()` is added to perform a conditional alert drop. Several unit test cases are updated, because now we always need initialized `config._aboard` for testing of the credentials applier. Fixes tarantool#9574 NO_DOC=bugfix
dc61d17
to
6da09c1
Compare
Pushed to Backported to |
There are cases, when an alert is not reported, when it should (#9586). There are cases, when an alert is present, but its reason is already gone (#9574). These problems are fixed in this patchset. See details in the commit messages.
Fixes #9574
Fixes #9586