Skip to content

Fix ACL category for SELECT, WAIT, ROLE, LASTSAVE, READONLY, READWRITE, ASKING#9208

Merged
oranagra merged 9 commits intoredis:unstablefrom
oranagra:select_acl_cat
Jul 20, 2021
Merged

Fix ACL category for SELECT, WAIT, ROLE, LASTSAVE, READONLY, READWRITE, ASKING#9208
oranagra merged 9 commits intoredis:unstablefrom
oranagra:select_acl_cat

Conversation

@oranagra
Copy link
Member

@oranagra oranagra commented Jul 6, 2021
edited
Loading

  • SELECT and WAIT don't read or write from the keyspace (unlike DEL, EXISTS, EXPIRE, DBSIZE, KEYS, etc).
    they're more similar to AUTH and HELLO (and maybe PING and COMMAND).
    they only affect the current connection, not the server state, so they should be @connection, not @keyspace

  • ROLE, like LASTSAVE is @admin (and @dangerous like INFO)

  • ASKING, READONLY, READWRITE are @connection too (not @keyspace)

  • Additionally, i'm now documenting the exact meaning of each ACL category so it's clearer which commands belong where.

@oranagra oranagra added release-notes indication that this issue needs to be mentioned in the release notes state:major-decision Requires core team consensus labels Jul 6, 2021
@oranagra
Copy link
Member Author

oranagra commented Jul 6, 2021

@redis/core-team please approve or share your thoughts.
brought up by #9205

@madolson
Copy link
Contributor

madolson commented Jul 6, 2021
edited
Loading

I would also add readonly, readwrite, and asking to @connection (and remove them from @keyspace), since they modify the client as opposed to having anything to do with the keyspace.

@oranagra
Copy link
Member Author

oranagra commented Jul 6, 2021

i keep wondering if maybe we don't understand correctly what's was the intended meaning of @keyspace and @connection.
the fact is (as i mentioned in #6860) that the meaning of the various ACL categories is not documented anywhere (not even in the code)

madolson
madolson previously approved these changes Jul 6, 2021
View reviewed changes
Copy link
Contributor

@madolson madolson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should document them given this. I also agree, I don't really understand what @keyspace is supposed to be, like why is dbsize in it?

@oranagra oranagra added the approval-needed Waiting for core team approval to be merged label Jul 7, 2021
@huangzhw
Copy link
Contributor

huangzhw commented Jul 7, 2021

I also have questions. Why LASTSAVE ROLE are dangerous.

@oranagra
Copy link
Member Author

oranagra commented Jul 7, 2021

don't know.. i don't even know why we have these commands... LASTSAVE and ROLE are part of INFO, i guess backwards compatibility from a time redis was half baked.
on the other hand, since they're not really needed for anything, and since they're read-only, i don't care much about their ACL category.
anyone has any reason not to modify them? (should have the came category as INFO)

@zuiderkwast
Copy link
Contributor

zuiderkwast commented Jul 8, 2021

INFO is also @dangerous. (Besides, INFO is @slow while LASTSAVE and ROLE are @fast, some of them are also @read and LASTSAVE is also @admin.) Maybe we can try to catch the essence of each category and describe them on https://redis.io/topics/acl#playings-with-command-categories instead of the ACL CAT example which just lists their names?

@oranagra
Copy link
Member Author

oranagra commented Jul 8, 2021

certainly.. we wanna document them.. just not sure we understand what each of them meant to be..

@zuiderkwast
Copy link
Contributor

zuiderkwast commented Jul 8, 2021

Maybe a generated overview of all categories and commands can help: redis/redis-doc#1598

@oranagra oranagra mentioned this pull request Jul 8, 2021
Closed
yossigo
yossigo previously approved these changes Jul 18, 2021
View reviewed changes
@oranagra oranagra dismissed stale reviews from yossigo and madolson via 8757468 July 18, 2021 18:21
@oranagra oranagra changed the title ACL category for SELECT and WAIT should be connection, not keyspace Fix ACL category for SELECT, TOUCH, WAIT, ROLE, LASTSAVE, READONLY, READWRITE, ASKING Jul 18, 2021
@oranagra
Copy link
Member Author

oranagra commented Jul 18, 2021
edited
Loading

@redis/core-team i made a few more changes in the command flags and ACL categories (top comment is updated)
I also documented the exact purpose of each category, this documentation should maybe be copied / moved to redis.conf, and also maybe copied to redis.io/topics/acl
Note this is a breaking change, should only be released in 7.0.
please have another look and approve.

zuiderkwast
zuiderkwast reviewed Jul 18, 2021
View reviewed changes
huangzhw
huangzhw reviewed Jul 19, 2021
View reviewed changes
oranagra added 2 commits July 19, 2021 09:06
@oranagra
CR comments and typos
e3d8a8a
@oranagra
moved ACL category docs to redis.conf
5f15b24 
enhanched description of fast, and blocking cagegories.
other changes are just newline, parenthesis and indentation.
sundb
sundb reviewed Jul 19, 2021
View reviewed changes
@oranagra @sundb
Update redis.conf
b6fe77d 
Co-authored-by: sundb <[email protected]>
sundb
sundb reviewed Jul 19, 2021
View reviewed changes
@oranagra @sundb
Update redis.conf
bf1678e 
Co-authored-by: sundb <[email protected]>
madolson
madolson previously approved these changes Jul 19, 2021
View reviewed changes
Copy link
Contributor

@madolson madolson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor comments, but generally still LGTM.

itamarhaber
itamarhaber previously approved these changes Jul 19, 2021
View reviewed changes
@oranagra oranagra dismissed stale reviews from itamarhaber and madolson via 374bee1 July 20, 2021 05:07
@oranagra oranagra added the state:to-be-merged The PR should be merged soon, even if not yet ready, this is used so that it won't be forgotten label Jul 20, 2021
madolson
madolson previously approved these changes Jul 20, 2021
View reviewed changes
Copy link
Contributor

@madolson madolson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

go go go

@soloestoy
Copy link
Contributor

soloestoy commented Jul 20, 2021

Why we flag TOUCH as write command? it's just like GET command would alter the last access time of keys.

@oranagra
Copy link
Member Author

oranagra commented Jul 20, 2021

@soloestoy you're right. not sure what i was thinking.. reverting.

@oranagra oranagra changed the title Fix ACL category for SELECT, TOUCH, WAIT, ROLE, LASTSAVE, READONLY, READWRITE, ASKING Fix ACL category for SELECT, WAIT, ROLE, LASTSAVE, READONLY, READWRITE, ASKING Jul 20, 2021
@oranagra oranagra added state:needs-doc-pr requires a PR to redis-doc repository breaking-change This change can potentially break existing application labels Jul 20, 2021
@oranagra oranagra merged commit 32e61ee into redis:unstable Jul 20, 2021
JackieXie168 pushed a commit to JackieXie168/redis that referenced this pull request Sep 8, 2021
@oranagra
Fix ACL category for SELECT, WAIT, ROLE, LASTSAVE, READONLY, READWRIT…
fcd023e 
…E, ASKING (redis#9208)

- SELECT and WAIT don't read or write from the keyspace (unlike DEL, EXISTS, EXPIRE, DBSIZE, KEYS, etc).
they're more similar to AUTH and HELLO (and maybe PING and COMMAND).
they only affect the current connection, not the server state, so they should be `@connection`, not `@keyspace`

- ROLE, like LASTSAVE is `@admin` (and `@dangerous` like INFO) 

- ASKING, READONLY, READWRITE are `@connection` too (not `@keyspace`)

- Additionally, i'm now documenting the exact meaning of each ACL category so it's clearer which commands belong where.
@oranagra oranagra mentioned this pull request Jan 23, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sundb sundb sundb left review comments

@yossigo yossigo yossigo approved these changes

@itamarhaber itamarhaber itamarhaber left review comments

+4 more reviewers

@zuiderkwast zuiderkwast zuiderkwast left review comments

@huangzhw huangzhw huangzhw left review comments

@soloestoy soloestoy soloestoy approved these changes

@madolson madolson madolson left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

approval-needed Waiting for core team approval to be merged breaking-change This change can potentially break existing application release-notes indication that this issue needs to be mentioned in the release notes state:major-decision Requires core team consensus state:needs-doc-pr requires a PR to redis-doc repository state:to-be-merged The PR should be merged soon, even if not yet ready, this is used so that it won't be forgotten

Projects

Redis 7.0
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@oranagra @madolson @huangzhw @zuiderkwast @soloestoy @sundb @yossigo @itamarhaber