Allow FT._debug to use when client is admin#914
Allow FT._debug to use when client is admin#914bandalgomsu wants to merge 3 commits intovalkey-io:mainfrom
Conversation
bandalgomsu
force-pushed
the
gh-779
branch
3 times, most recently
from
e3289c8 to
9de16d5
Compare
| @@ -347,7 +348,7 @@ absl::Status HelpCmd(ValkeyModuleCtx *ctx, vmsdk::ArgsIterator &itr) { | |||
| absl::Status FTDebugCmd(ValkeyModuleCtx *ctx, ValkeyModuleString **argv, | |||
There was a problem hiding this comment.
Can we add a comment here explaining when this command is allowed to be used?
src/acl.cc
Outdated
| auto reply = vmsdk::UniquePtrValkeyCallReply( | ||
| ValkeyModule_Call(ctx, "ACL", "cs3", "GETUSER", username.get())); | ||
| VMSDK_ASSIGN_OR_RETURN(auto acl_views, GetAclViewFromCallReply(reply.get())); | ||
| for (const auto &acl_view : acl_views) { |
There was a problem hiding this comment.
Can we instead make use of this API?
ValkeyModule_GetModuleUserACLString
https://valkey.io/topics/modules-api-ref/#ValkeyModule_GetModuleUserACLString
We should not need to execute ACL commands since we have these Module APIs
There was a problem hiding this comment.
Also, all of this can be skipped if we follow: #914 (comment)
src/commands/ft_debug.cc
Outdated
| int argc) { | ||
| std::string msg; | ||
| if (!vmsdk::config::IsDebugModeEnabled()) { | ||
| if (!vmsdk::config::IsDebugModeEnabled() && !AclAdminCheck(ctx).ok()) { |
There was a problem hiding this comment.
I can agree that this is a way to allow a non-breaking change. ie, we continue to allow the command to be used by all clients in DebugModeEnabled whether they are admin or not.
But I don't understand why the FT.DEBUG command was not flagged as "ADMIN" to begin with. @murphyjacob4 , do you have context on this?
The DEBUG command in the valkey core is flagged as admin-only. See: https://valkey.io/commands/debug/
Non-admin clients cannot use it.
If we flagged the FT.DEBUG command as "admin" in the command flags we use to register it, we would not need to add these custom checks.
If we don't want this to be a breaking change, we can continue with what you have in this PR
There was a problem hiding this comment.
Update: Checked with Jacob, the admin command flag was likely just missed when FT.DEBUG was created.
@bandalgomsu , so let's just add the admin and dangerous command flags to the FT.DEBUG command registration. Then, we can skip the custom code for ACL checks because the valkey core will handle it
There was a problem hiding this comment.
It looks more consistent and simple. thus I agree with that 👍
could you please confirm if my understanding is correct?
- set the ACL categories of
FT._DEBUGtoADMIN,DANGEROUS, andSLOW(ShouldSearchbe included as well ??) - delete the debug mode check logic.
There was a problem hiding this comment.
- set the ACL categories of FT._DEBUG to ADMIN, DANGEROUS, and SLOW
Yes
(Should Search be included as well ??)
Just FT._DEBUG
delete the debug mode check logic.
Yes
There was a problem hiding this comment.
Oh sorry for confusion
'Search' mean that is acl category
https://github.com/valkey-io/valkey-search/blob/main/src/commands/ft._debug.json
It should be included in FT._DEBUG's acl categories ?
There was a problem hiding this comment.
Oh Yes, the SEARCH category too
Signed-off-by: Su Ko <rhtn1128@gmail.com>
| assert bysize[-12] == {'Count': 10, 'Bytes': 120, 'AvgSize': b'12', 'Allocated': 280, 'AvgAllocated': b'28', 'Utilization': 42} | ||
| assert bysize[14] == {'Count': 10, 'Bytes': 140, 'AvgSize': b'14', 'Allocated': 320, 'AvgAllocated': b'32', 'Utilization': 43} | ||
|
|
||
| def test_cannot_run_ft_debug_when_debug_mode_enabled(self): |
There was a problem hiding this comment.
We can rename the test now.
Also, do we have a good way to test admin vs non admin client usage from the integration tests (non admin clients should not be able to access this command)
There was a problem hiding this comment.
How about switching the inheritance from ValkeySearchTestCaseDebugMode to ValkeySearchTestCaseBase and adding a test similar to test_acl_category_permissions ? ?
integration/test_debug.py
Outdated
| with pytest.raises(ResponseError): | ||
| restricted_client.execute_command("FT._DEBUG", "HELP") | ||
|
|
||
| self.client.execute_command("ACL", "DELUSER", "debug_user") No newline at end of file |
| @@ -55,7 +56,7 @@ const absl::flat_hash_set<absl::string_view> kInfoCmdPermissions{ | |||
| const absl::flat_hash_set<absl::string_view> kListCmdPermissions{ | |||
| kSearchCategory, kReadCategory, kSlowCategory, kAdminCategory}; | |||
| const absl::flat_hash_set<absl::string_view> kDebugCmdPermissions{ | |||
There was a problem hiding this comment.
Valkey commands have both ACl flags and Command flags.
You updated the ACL flags.... This looks good.
The command flags are here: https://github.com/valkey-io/valkey-search/blob/main/src/module_loader.cc#L88. We need to update this next
Refer to the core Valkey DEBUG cmd flags here: https://github.com/valkey-io/valkey/blob/unstable/src/commands/debug.json#L12
There was a problem hiding this comment.
PROTECTED command flag is only using a core command (only DEBUG, MODULE).
and It is not supported as a module command flag in ValkeyModule_CreateCommand, so we cannot set it for FT._DEBUG and did not add it.
https://github.com/valkey-io/valkey/blob/unstable/src/server.c#L4292
https://github.com/valkey-io/valkey/blob/unstable/src/module.c#L1243C1-L1243C42
Signed-off-by: Su Ko <rhtn1128@gmail.com>
Signed-off-by: Su Ko <rhtn1128@gmail.com>
2 participants
Implement an admin check function and, through it, allow the use of FT._debug if the user is an admin.
issue : #779