From 5eca2b4aaf9ba087d6fd4c29337d6ac0c1d9ef0e Mon Sep 17 00:00:00 2001 From: Aapo Talvensaari Date: Mon, 19 Aug 2024 11:08:10 +0300 Subject: [PATCH] fix(db): pass "read" on read-only database operations ### Summary @jeremyjpj0916 mentions in discussion thread: https://github.com/Kong/kong/discussions/13513 That Kong may work unexpectedly or require write node for general operation. I did quick search and found couple of missing places where we don't give "read" as a parameter for readonly operations. This may not fix all the issues that we have for how resilient Kong nodes are for write node being offline, but at least it is obvious to fix these at first. Signed-off-by: Aapo Talvensaari (cherry picked from commit c29db18d02f501ef9ce6fb8473cce6eda1a34440) --- changelog/unreleased/kong/fix-db-read-only.yml | 3 +++ kong/db/strategies/postgres/plugins.lua | 2 +- kong/db/strategies/postgres/services.lua | 2 +- kong/db/strategies/postgres/tags.lua | 2 +- kong/plugins/response-ratelimiting/policies/cluster.lua | 2 +- 5 files changed, 7 insertions(+), 4 deletions(-) create mode 100644 changelog/unreleased/kong/fix-db-read-only.yml diff --git a/changelog/unreleased/kong/fix-db-read-only.yml b/changelog/unreleased/kong/fix-db-read-only.yml new file mode 100644 index 00000000000..cce0ed880dc --- /dev/null +++ b/changelog/unreleased/kong/fix-db-read-only.yml @@ -0,0 +1,3 @@ +message: "Fixed an issue where 'read' was not always passed to Postgres read-only database operations." +type: bugfix +scope: Core diff --git a/kong/db/strategies/postgres/plugins.lua b/kong/db/strategies/postgres/plugins.lua index 6a08a4a825f..6a8049eeb55 100644 --- a/kong/db/strategies/postgres/plugins.lua +++ b/kong/db/strategies/postgres/plugins.lua @@ -33,7 +33,7 @@ function Plugins:select_by_ca_certificate(ca_id, limit, plugin_names) name_condition, limit_condition) - return connector:query(qs) + return connector:query(qs, "read") end return Plugins diff --git a/kong/db/strategies/postgres/services.lua b/kong/db/strategies/postgres/services.lua index 02393a4249e..896792b28cb 100644 --- a/kong/db/strategies/postgres/services.lua +++ b/kong/db/strategies/postgres/services.lua @@ -14,7 +14,7 @@ function Services:select_by_ca_certificate(ca_id, limit) kong.db.connector:escape_literal(ca_id), limit_condition) - return kong.db.connector:query(qs) + return kong.db.connector:query(qs, "read") end return Services diff --git a/kong/db/strategies/postgres/tags.lua b/kong/db/strategies/postgres/tags.lua index f9b8bb88445..337d34a26bb 100644 --- a/kong/db/strategies/postgres/tags.lua +++ b/kong/db/strategies/postgres/tags.lua @@ -94,7 +94,7 @@ local function page(self, size, token, options, tag) sql = fmt(sql, unpack(args)) - local res, err = self.connector:query(sql) + local res, err = self.connector:query(sql, "read") if not res then return nil, self.errors:database_error(err) diff --git a/kong/plugins/response-ratelimiting/policies/cluster.lua b/kong/plugins/response-ratelimiting/policies/cluster.lua index c355cbe3edc..a550549dbd2 100644 --- a/kong/plugins/response-ratelimiting/policies/cluster.lua +++ b/kong/plugins/response-ratelimiting/policies/cluster.lua @@ -68,7 +68,7 @@ return { connector:escape_literal(service_id), connector:escape_literal(route_id)) - local res, err = connector:query(q) + local res, err = connector:query(q, "read") if not res then return nil, err end