Restrict yb_read_time to session-only configuration#30962
Restrict yb_read_time to session-only configuration#30962hari90 wants to merge 9 commits intoyugabyte:masterfrom
Conversation
…N_FILE yb_read_time should only be settable per-session or within a transaction, not persisted across sessions via ysql_pg_conf_csv or ALTER SYSTEM. - Change context from PGC_SUSET to PGC_USERSET so any user can set it - Add GUC_DISALLOW_IN_FILE flag to prevent setting via config files Fixes yugabyte#30930 https://claude.ai/code/session_01RtyT4u9XyfxAyv91cqAKNL
Add a new GUC flag GUC_YB_DISALLOW_IN_DB_ROLE_SETTING that prevents a parameter from being persisted via ALTER DATABASE SET or ALTER ROLE SET. Apply it to yb_read_time so it can only be set within a session. The check is enforced in AlterSetting() which is the common path for both ALTER DATABASE SET and ALTER ROLE SET commands. https://claude.ai/code/session_01RtyT4u9XyfxAyv91cqAKNL
Instead of a new GUC_YB_DISALLOW_IN_DB_ROLE_SETTING flag and AlterSetting check, use the existing check_yb_read_time hook to reject non-default values when the source indicates persistence (PGC_S_DATABASE, PGC_S_USER, PGC_S_DATABASE_USER, PGC_S_GLOBAL, PGC_S_TEST). PGC_S_TEST is included because ALTER DATABASE/ROLE SET uses it for validation via validate_option_array_item, so this makes the ALTER command itself fail with a clear error. https://claude.ai/code/session_01RtyT4u9XyfxAyv91cqAKNL
✅ Deploy Preview for infallible-bardeen-164bc9 ready!Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify project configuration. |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request modifies the yb_read_time configuration parameter to allow non-superuser access while restricting it to session-level usage. It adds the GUC_DISALLOW_IN_FILE flag and implements validation logic to prevent the parameter from being persisted via ALTER DATABASE or ALTER ROLE commands. A suggestion was made to simplify the source validation logic in check_yb_read_time by using a helper function or a more concise condition.
| (source == PGC_S_DATABASE || | ||
| source == PGC_S_USER || | ||
| source == PGC_S_DATABASE_USER || | ||
| source == PGC_S_GLOBAL || | ||
| source == PGC_S_TEST)) |
There was a problem hiding this comment.
The check for GucSource can be simplified by checking if the source is one of the persistent sources. Consider using a helper function or a more concise condition if this logic is reused elsewhere, though this is acceptable for now.
Tests verify: - SET/SET LOCAL work in a session (PGC_USERSET) - Non-superuser can SET yb_read_time - ALTER DATABASE SET yb_read_time fails with non-zero value - ALTER ROLE SET yb_read_time fails with non-zero value - ALTER DATABASE SET yb_read_time TO '0' and RESET still succeed https://claude.ai/code/session_01RtyT4u9XyfxAyv91cqAKNL
|
|
| ASSERT_NOK(status); | ||
| ASSERT_STR_CONTAINS(status.ToString(), "yb_read_time can only be set within a session"); |
There was a problem hiding this comment.
Assert_nok_str_contains
| // ALTER ROLE SET yb_read_time should fail. | ||
| status = conn.Execute("ALTER ROLE ALL SET yb_read_time TO '1000'"); | ||
| ASSERT_NOK(status); | ||
| ASSERT_STR_CONTAINS(status.ToString(), "yb_read_time can only be set within a session"); |
Replace separate ASSERT_NOK + ASSERT_STR_CONTAINS calls with the more concise ASSERT_NOK_STR_CONTAINS macro as suggested in review. https://claude.ai/code/session_01RtyT4u9XyfxAyv91cqAKNL
The persistent sources (PGC_S_GLOBAL through PGC_S_DATABASE_USER) are contiguous in the GucSource enum, so use a range check instead of listing each value individually. https://claude.ai/code/session_01RtyT4u9XyfxAyv91cqAKNL
Range comparison on enum values is fragile if the enum is reordered. Use explicit comparisons instead. https://claude.ai/code/session_01RtyT4u9XyfxAyv91cqAKNL
|
Trigger Jenkins |
|
Phorge diff synced: D51783 Jenkins build has been triggered. Results will be posted here once it completes. JenkinsBot |
|
❌ Jenkins build for commit Exceptions:
🚫 Failed Landing Requirements'Multi-Build Test Failures' failed
🔨 DB Build/Test Job Summary
JenkinsBot |
The test was setting yb_read_time to a timestamp captured before CREATE ROLE test_user, causing cache refresh to fail resolving the role OID at the historical read time. https://claude.ai/code/session_01RtyT4u9XyfxAyv91cqAKNL
Replace repeated inline SQL for fetching the current timestamp in microseconds with a shared helper function. https://claude.ai/code/session_01RtyT4u9XyfxAyv91cqAKNL
|
Trigger Jenkins |
|
Phorge diff synced: D51783 Jenkins build has been triggered. Results will be posted here once it completes.
|
|
✅ Jenkins build for commit Passed: 12 🔨 DB Build/Test Job Summary
JenkinsBot |
|
I am already tracking this work in https://phorge.dev.yugabyte.com/D51724 and LRT team is already reviewing the diff. |
4 participants
Summary
This change restricts the
yb_read_timeparameter to only be set within a session or transaction, preventing it from being persisted viaALTER DATABASE SETorALTER ROLE SETcommands.Key Changes
yb_read_timeGUC category fromPGC_SUSETtoPGC_USERSETto allow non-superusers to set it within sessionsGUC_DISALLOW_IN_FILEflag to prevent the parameter from being set in configuration filescheck_yb_read_time()to reject non-default values coming from database, role, global, or test sourcesImplementation Details
The validation check ensures that
yb_read_timecannot be set to a non-zero value through:PGC_S_DATABASE- ALTER DATABASE SETPGC_S_USER- ALTER ROLE SETPGC_S_DATABASE_USER- ALTER DATABASE/ROLE SET for specific userPGC_S_GLOBAL- Global configurationPGC_S_TEST- Test/validation sourcesThis prevents accidental persistence of read-time settings that should only apply to individual sessions or transactions.
https://claude.ai/code/session_01RtyT4u9XyfxAyv91cqAKNL
Phorge: D51783