Details
-
New Feature
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
None
-
2016-22
Description
Dynamic configuration of the firewall filter
The user should be able to modify the rules of the dbfwfilter. This is a likely scenario as security is not a static concept.
Example use case
The developer changes a name of a temporary table column and this is blocked by the firewall filter. The DBA then modifies the rules file and reloads it. MaxScale then uses the new rule file to block queries that do not match the temporary table column.
Required code changes
Each module needs to expose either an update or an extension entry point. Exposing an update entry point would allow for a more structured way of updating modules. Exposing a custom command entry point would allow modules to implement only the operations that they can and should do.
One option is to expose both an update and a custom command (an extension entry point in some sense) in the API.
It is also possible, that custom commands could be implemented as callbacks that are registered to the core by the modules. These callbacks could then be called via some common gateway. It would allow the modules to expose new commands and the diagnostic interface would be defined by the modules that are in use.
Benefits of custom module commands
Having an entry point in the API that allows modules to implement actions which aren't in the module API. For example, the qlafilter could rotate log files with a rotate logs entry point, the cache filter could drop caches and the schemarouter could reload all database maps.
Benefits of an update command
Being able to call a standard entry point would make it easier to implement runtime changes to modules. It would also guide the developer of a module to expect changes to the system. New modules could be designed with a more defined update policy which would make for a more dynamic user experience.
Benefits of custom callback registration
Registering a callback keeps the API definition small and compact. This lowers the threshold of developing new modules and makes the API easier to understand.
Implementation
The chosen design was the custom callback registration as it allows the greatest amount of flexibility. Modules can register different sorts of functions without breaking the module API.