libsql: attach databases from other namespaces as readonly #784
Conversation
|
(transplant of libsql/sqld#770, |
psarna
force-pushed
the
attachpoc
branch
3 times, most recently
from
71c5a77 to
f712661
Compare
There was a problem hiding this comment.
Looks good to me, but let's ping @MarinPostma and @LucioFranco.
|
the shell thing is unfortunate. Is there a path to fix this ? |
, and then, in the next line, , it will not finish the transaction, and instead give you a |
|
Enabled attaching databases with aliases, e.g. |
|
also, I need to fortify this interface against attaching system files as dbs, even in readonly mode, pretty sure it's possible right now if somebody tries to |
|
ok, didn't manage to break it after all, dots and slashes need to be quoted, and that quote lands in the file path as well, so it's not that easy to jailbreak |
|
snap, now I realized there's a mirror issue... if the db name contains characters like |
|
k done |
psarna
force-pushed
the
attachpoc
branch
5 times, most recently
from
b15de01 to
e6e1de5
Compare
|
Rebased on top of the new per-namespace jwt_key code |
| // STEP 4: try attaching a database | ||
| { | ||
| let foo = Database::open_remote_with_connector( | ||
| "http://foo.primary:8080", | ||
| "", | ||
| TurmoilConnector, | ||
| )?; | ||
| let foo_conn = foo.connect()?; | ||
|
|
||
| foo_conn.execute("attach foo as foo", ()).await.unwrap_err(); | ||
| } | ||
|
|
||
| // STEP 5: update config to allow attaching databases | ||
| client | ||
| .post( | ||
| "http://primary:9090/v1/namespaces/foo/config", | ||
| json!({ | ||
| "block_reads": false, | ||
| "block_writes": false, | ||
| "allow_attach": true, | ||
| }), | ||
| ) | ||
| .await?; | ||
|
|
||
| { | ||
| let foo = Database::open_remote_with_connector( | ||
| "http://foo.primary:8080", | ||
| "", | ||
| TurmoilConnector, | ||
| )?; | ||
| let foo_conn = foo.connect()?; | ||
|
|
||
| foo_conn | ||
| .execute_batch("attach foo as foo; select * from foo.sqlite_master") | ||
| .await | ||
| .unwrap(); | ||
| } | ||
|
|
There was a problem hiding this comment.
let's move that to it's own test
|
The fix for the shell would be to ideally use websockets, so that you can have a long live connection. With HTTP you, you'll have a 10sec idle connection timeout that needs to be worked around. Either way, you have to ensure that all statements go to the same stream |
With this proof-of-concept patch, other namespaces hosted on the same sqld machine can now be attached in readonly mode, so that users can read from other databases when connected to a particular one.
Default is false, which means connections are blocked from attaching databases. If allowed, colocated databases can be attached in readonly mode. Example: → attach another as another; select * from another.sqlite_master; TYPE NAME TBL NAME ROOTPAGE SQL table t3 t3 2 CREATE TABLE t3(id)
We're going to need it, because the internal database names in sqld are uuids, and we don't expect users to know or use them.
In libsql-server, raw db names are uuids that need to be quoted, so that needs to be supported in the ATTACH layer. As a bonus, "names" that are actually file system paths are refused to prevent abuse.
With this proof-of-concept patch, other namespaces hosted on the same sqld machine can now be attached in readonly mode, so that users can read from other databases when connected to a particular one.
Turned off by default, can be turned on with admin API by setting
allow_attach = true:The expected usage is to
ATTACH namespace-name AS namespace-name, without any paths or flags, e.g.Note that
turso db shellsends separate statements in separate streams, so ATTACH will only be in effect if you put it in the same line.Fixes TURSO-90.