[lmdb] Ignore unreachable TSIG keys in getTSIGKeys #15004
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
miodvallat
force-pushed
the
old_lmdb_schema_leftovers
branch
from
bd96110 to
f2d98aa
Compare
Pull Request Test Coverage Report for Build 12631856897Warning: This coverage report may be inaccurate.This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.
Details
💛 - Coveralls |
rgacogne
reviewed
Jan 6, 2025
miodvallat
force-pushed
the
old_lmdb_schema_leftovers
branch
from
f2d98aa to
bf60067
Compare
Habbie
reviewed
Jan 6, 2025
| // results of this method. | ||
| // In order to prevent this, we first only gather the list of key names, and | ||
| // in a second step, query for them using a similar logic as getTSIGKey(). | ||
| // Unfortunately, there does not seem to be a way to know if the database had |
There was a problem hiding this comment.
while I hope we never have an incident like this again, this makes me wonder if we should have a way to know. Also, we could try to add a cleanup for this to the v6 migration once we get to it.
There was a problem hiding this comment.
.. in fact I think we could add a cleanup command to pdnsutil backend-cmd lmdb .. today if we wanted to
mind04
reviewed
Jan 6, 2025
Pre-v5 database schema would (incorrectly) allow for multiple TSIG keys to be created with the same name and algorithm. Once the database gets converted to v5 schema, those redundant keys can no longer be used, yet would appear in pdnsutil list-tsig-key output. Change the list logic to only report reachable keys. Fixes 14779
miodvallat
force-pushed
the
old_lmdb_schema_leftovers
branch
from
bf60067 to
deff288
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Short description
As reported in #14779, pre-v5 database schema would (incorrectly) allow for multiple TSIG keys to be created with the same name and algorithm. Once the database gets converted to v5 schema, those redundant keys can no longer be used, yet would appear in pdnsutil list-tsig-key output.
Checklist
I have: