Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-4085

Compound Cache Rules should be AND and not OR condition

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Not a Bug
    • 2.4.19
    • 2.4.20
    • cache
    • None
    • centos 7

    Description

      According to documentation here:

      https://mariadb.com/kb/en/mariadb-maxscale-24-cache/#security_1

      In the Security section, it shows an example and says:

      "That can be prevented, by explicitly declaring in the rules that the caching should be applied to alice only."

      However, in implementation, Each json stanza is applied as an OR condition.

      For Example:

       
      {
        "store": [
          {
            "attribute": "database",
            "op": "=",
            "value": "marketing"
          },
          {
            "attribute": "table",
            "op": "=",
            "value": "flyer_data"
          }
        ],
        "use": [
          {
            "attribute": "user",
            "op": "=",
            "value": "'jqgrid'@'%'"
           }
        ]
      }
      

      Matches ANY condition and not ALL as expected.

      Attachments

        Activity

          johan.wikman Johan Wikman added a comment -

          Actually, I think it works as documented. The documentation says

          If an array of rule objects is specified, then, when looking for a rule that
          matches, the `store` field of each object are evaluated in sequential order
          until a match is found.
          

          So, in the store array above, the first stanza will match whenever the database is marketing, irrespective of what the table is. That is , a SELECT targeting marketing.flyer_data will match, but so will marketing.some_other_table.
          The second stanza will match whenever the table is flyer_data, irrespective of what the database is. That is, a SELECT targeting marketing.flyer_data will match, but so will some_other_db.flyer_data.
          If you specifically want the table flyer_data in the database marketing to match, then the stanza must look like

            "store": [
              {
                "attribute": "table",
                "op": "=",
                "value": "marketing.flyer_data"
              }
            ]
          

          Then, if there is a use array, a matching stanza from the store array is applied only if the current user matches any of the users specified in the use array.

          johan.wikman Johan Wikman added a comment - Actually, I think it works as documented. The documentation says If an array of rule objects is specified, then, when looking for a rule that matches, the `store` field of each object are evaluated in sequential order until a match is found. So, in the store array above, the first stanza will match whenever the database is marketing , irrespective of what the table is. That is , a SELECT targeting marketing.flyer_data will match, but so will marketing.some_other_table . The second stanza will match whenever the table is flyer_data , irrespective of what the database is. That is, a SELECT targeting marketing.flyer_data will match, but so will some_other_db.flyer_data . If you specifically want the table flyer_data in the database marketing to match, then the stanza must look like "store": [ { "attribute": "table", "op": "=", "value": "marketing.flyer_data" } ] Then, if there is a use array, a matching stanza from the store array is applied only if the current user matches any of the users specified in the use array.
          amaytham aws maythem added a comment - - edited

          i have the same problem the json is set to not cache specific table and database but it's still caching both rule

          For Example:
          cache_rules.json:

          {
              "store": [
                  {
                      "attribute": "table",
                      "op": "!=",
                      "value": "use1.t1"
                  },
                  {
                      "attribute": "database",
                      "op": "!=",
                      "value": "test"
                  }
              ]
          }
          

          maxscale.cnf:

          [Read-Write-Service]
          type=service
          router=readwritesplit
          servers=server1, server2
          master_accept_reads=false
          slave_selection_criteria=LEAST_GLOBAL_CONNECTIONS
          max_slave_connections=1
          filters=MaxscaleCache
          max_slave_replication_lag=0ms
           
          [Replication-Monitor]
          type=monitor
          module=mariadbmon
          servers=server1, server2
          monitor_interval=2ms
          auto_failover=true
          auto_rejoin=true
          enforce_read_only_slaves=true
          verify_master_failure=true
           
          [MaxscaleCache]
          type=filter
          module=cache
          storage=storage_redis
          hard_ttl=120s
          debug=31
          cached_data=shared
          invalidate=current
          max_size=2000Mi
          rules=cache_rules.json
          selects=verify_cacheable
          storage_options="server=ip:port"
          timeout=120s
          

          amaytham aws maythem added a comment - - edited i have the same problem the json is set to not cache specific table and database but it's still caching both rule For Example: cache_rules.json: { "store" : [ { "attribute" : "table" , "op" : "!=" , "value" : "use1.t1" }, { "attribute" : "database" , "op" : "!=" , "value" : "test" } ] } maxscale.cnf: [Read-Write-Service] type=service router=readwritesplit servers=server1, server2 master_accept_reads= false slave_selection_criteria=LEAST_GLOBAL_CONNECTIONS max_slave_connections= 1 filters=MaxscaleCache max_slave_replication_lag=0ms   [Replication-Monitor] type=monitor module=mariadbmon servers=server1, server2 monitor_interval=2ms auto_failover= true auto_rejoin= true enforce_read_only_slaves= true verify_master_failure= true   [MaxscaleCache] type=filter module=cache storage=storage_redis hard_ttl=120s debug= 31 cached_data=shared invalidate=current max_size=2000Mi rules=cache_rules.json selects=verify_cacheable storage_options= "server=ip:port" timeout=120s
          johan.wikman Johan Wikman added a comment -

          amaytham Could you provide a few concrete examples that illustrates when the cache caches data when you think it according to the rules should not?

          johan.wikman Johan Wikman added a comment - amaytham Could you provide a few concrete examples that illustrates when the cache caches data when you think it according to the rules should not?
          amaytham aws maythem added a comment - - edited

          Hello Johan
          I solve it by separating the rule cache
          if I need to cache I make a file with one table each to the JSON file
          thanks

          amaytham aws maythem added a comment - - edited Hello Johan I solve it by separating the rule cache if I need to cache I make a file with one table each to the JSON file thanks
          markus makela markus makela added a comment -

          johan.wikman should this be changed into a feature request since it's working as expected and documented?

          markus makela markus makela added a comment - johan.wikman should this be changed into a feature request since it's working as expected and documented?
          johan.wikman Johan Wikman added a comment -

          Closing as Not a Bug.

          ksizemore, amaytham, please create a feature request if you think AND conditions should explicitly be supported.

          johan.wikman Johan Wikman added a comment - Closing as Not a Bug . ksizemore , amaytham , please create a feature request if you think AND conditions should explicitly be supported.

          People

            johan.wikman Johan Wikman
            ksizemore Kathryn Sizemore
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.