sessionstates

package
v1.1.0-beta.0...-db2776a Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 17, 2024 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source
const (

	// LoadCertInterval is the interval of reloading the certificate. The certificate should be rotated periodically.
	LoadCertInterval = 10 * time.Minute
)

Token-based authentication is used in session migration. We don't use typical authentication because the proxy cannot store the user passwords for security issues.

The process of token-based authentication: 1. Before migrating the session, the proxy requires a token from server A. 2. Server A generates a token and signs it with a private key defined in the certificate. 3. The proxy authenticates with server B and sends the signed token as the password. 4. Server B checks the signature with the public key defined in the certificate and then verifies the token.

The highlight is that the certificates on all the servers should be the same all the time. However, the certificates should be rotated periodically. Just in case of using different certificates to sign and check, a server should keep the old certificate for a while. A server will try both the 2 certificates to check the signature.

Variables

View Source
var (
	// ErrCannotMigrateSession indicates the session cannot be migrated.
	ErrCannotMigrateSession = dbterror.ClassSession.NewStd(errno.ErrCannotMigrateSession)
)

Functions

func ReloadSigningCert

func ReloadSigningCert()

ReloadSigningCert is used to load the certificate periodically in a separate goroutine. It's impossible to know when the old certificate should expire without this goroutine: - If the certificate is rotated a minute ago, the old certificate should be still valid for a while. - If the certificate is rotated a month ago, the old certificate should expire for safety.

func SetCertPath

func SetCertPath(certPath string)

SetCertPath sets the path of key.pem and force load the certificate again.

func SetKeyPath

func SetKeyPath(keyPath string)

SetKeyPath sets the path of key.pem and force load the certificate again.

func ValidateSessionToken

func ValidateSessionToken(tokenBytes []byte, username string) (err error)

ValidateSessionToken validates the token sent from the proxy.

Types

type LastDDLInfo

type LastDDLInfo struct {
	Query  string `json:"query"`
	SeqNum uint64 `json:"seq_num"`
}

LastDDLInfo represents the information of last DDL. It's used to expose information for test purpose.

type PreparedStmtInfo

type PreparedStmtInfo struct {
	Name       string `json:"name,omitempty"`
	StmtText   string `json:"text"`
	StmtDB     string `json:"db,omitempty"`
	ParamTypes []byte `json:"types,omitempty"`
}

PreparedStmtInfo contains the information about prepared statements, both text and binary protocols.

type QueryInfo

type QueryInfo struct {
	TxnScope      string  `json:"txn_scope"`
	StartTS       uint64  `json:"start_ts"`
	ForUpdateTS   uint64  `json:"for_update_ts"`
	RUConsumption float64 `json:"ru_consumption"`
	ErrMsg        string  `json:"error,omitempty"`
}

QueryInfo represents the information of last executed query. It's used to expose information for test purpose.

type SessionStateType

type SessionStateType int

SessionStateType is the type of session states.

const (
	// StatePrepareStmt represents prepared statements.
	StatePrepareStmt SessionStateType = iota
	// StateBinding represents session SQL bindings.
	StateBinding
)

These enums represents the types of session state handlers.

type SessionStates

type SessionStates struct {
	UserVars             map[string]*types.Datum      `json:"user-var-values,omitempty"`
	UserVarTypes         map[string]*ptypes.FieldType `json:"user-var-types,omitempty"`
	SystemVars           map[string]string            `json:"sys-vars,omitempty"`
	PreparedStmts        map[uint32]*PreparedStmtInfo `json:"prepared-stmts,omitempty"`
	PreparedStmtID       uint32                       `json:"prepared-stmt-id,omitempty"`
	Status               uint32                       `json:"status,omitempty"`
	CurrentDB            string                       `json:"current-db,omitempty"`
	LastTxnInfo          string                       `json:"txn-info,omitempty"`
	LastQueryInfo        *QueryInfo                   `json:"query-info,omitempty"`
	LastDDLInfo          *LastDDLInfo                 `json:"ddl-info,omitempty"`
	LastFoundRows        uint64                       `json:"found-rows,omitempty"`
	FoundInPlanCache     bool                         `json:"in-plan-cache,omitempty"`
	FoundInBinding       bool                         `json:"in-binding,omitempty"`
	SequenceLatestValues map[int64]int64              `json:"seq-values,omitempty"`
	LastAffectedRows     int64                        `json:"affected-rows,omitempty"`
	LastInsertID         uint64                       `json:"last-insert-id,omitempty"`
	Warnings             []contextutil.SQLWarn        `json:"warnings,omitempty"`
	// Define it as string to avoid cycle import.
	Bindings            string                                            `json:"bindings,omitempty"`
	ResourceGroupName   string                                            `json:"rs-group,omitempty"`
	HypoIndexes         map[string]map[string]map[string]*model.IndexInfo `json:"hypo-indexes,omitempty"`
	HypoTiFlashReplicas map[string]map[string]struct{}                    `json:"hypo-tiflash-replicas,omitempty"`
}

SessionStates contains all the states in the session that should be migrated when the session is migrated to another server. It is shown by `show session_states` and recovered by `set session_states`.

type SessionToken

type SessionToken struct {
	Username   string    `json:"username"`
	SignTime   time.Time `json:"sign-time"`
	ExpireTime time.Time `json:"expire-time"`
	Signature  []byte    `json:"signature,omitempty"`
}

SessionToken represents the token used to authenticate with the new server.

func CreateSessionToken

func CreateSessionToken(username string) (*SessionToken, error)

CreateSessionToken creates a token for the proxy.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL