-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
hide shard-sync and purge documents from _local_docs
#4432
hide shard-sync and purge documents from _local_docs
#4432
Conversation
13ba443
to
94f78bb
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your contribution @ckruse! That looks much simpler and more elegant than expected.
One worry I had was that there is a tiny chance some users might actually have _local/purge-something...
docs. But it seems we can filter those out by inspecting the doc bodies, I suggested a way to do it, what do you think about it?
It would be nice to also cover these changes by a test. Testing is tricky because we don't really have multi-node tests. One approach we could take is to just start with a single node test and insert a few local docs that look like those system docs and see how they are filtered out.
We could copy-paste and modify an existing chttpd test like: https://github.com/apache/couchdb/blob/main/src/chttpd/test/eunit/chttpd_revs_diff_tests.erl
Then insert a few docs like :
{
"_id": "_local/shard-sync-sUYbrDRqi_Mfo8dD6-OGow-At83GdaY-DBmWWzFL89R1g",
"_rev": "0-1",
"seq": 1,
"target_uuid": "4f3eb3181db904d62176fb81626f84d0"
}
{
"_id": "_local/purge-mrview-0e22fbf4544d9ee72b82a82161d4bbc6",
"_rev": "0-1",
"ddoc_id": "_design/ddoc1",
"purge_seq": 0,
"signature": [1,2,3],
"type": "mrview",
"updated_on": 1676995502
}
And some regular and non-system local docs and see how include_system=
behaves.
In my tests there is no All other fields don't seem to be particularly suitable to me:
Regarding tests: will add them tomorrow according to your suggestions. 👍 Thank you very much! |
Looks great, I hadn't considered internal replication purge checkpoints. Also you named the function better than I did. Your version is more descriptive. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understand the intention but I worry about how incomplete it is. Those local docs can still be fetched, updated, deleted, if you know the ids. Just scrubbing them from the /dbname/_local_docs
response is a partial fix.
The PR is careful to do its best to confirm that the docs are of the type we want to skip, by looking into the doc properties. This reminded me that actually nothing stops a user with sufficient privilege from writing a doc of these two forms (not that it would be wise to do so).
It's regrettable we used local docs for truly internal things that users shouldn't see, the fix might require us to address that properly (another btree for 'sysdocs', say) or to accept the messy status quo.
Needs more thought, but it's a good start and thank you for not just raising the issue but having a good stab at fixing it.
Currently I am still working on the tests (I don‘t yet understand why my documents don‘t get created), so I am afraid that creating another btree is beyond my abilities. Sorry. But if you are still interested (I am not sure based on this conversation) I will finish the tests and fix the change requests to make the PR mergable. |
Not really, it's a random chance if reading and writting those would work. They are below the cluster level so doc id hashing isn't guaranteed to land it on a right shard
That's plausible a user who can write to the db can randomly destroy or those checkpoint and mess up mem3 replicator or view purges. I think we're just trying to hide the noise from users not necessarily prevent them from manipulating these documents. |
@ckruse Please continue. I agree with Nick that it's worthwhile to suppress these items (by default) from casual viewing in the The suggestion about a new btree was for the wider team, I agree it would be quite a lot to expect someone new to our codebase to deliver. Should we do that, and change the internal uses to write there instead of into the local_btree, we could then come back and revert this work easily enough (as the items to be suppressed would no longer exist). This change improves the current situation, I have no objections. |
@rnewson good point, these checkpoints and internal docs would ideally live in a separate btree @ckruse don't hesitate to reach out for help with tests, they can be a bit daunting to figure out. Feel free to drop by our Slack (https://couchdb.apache.org/#slack) |
It hides the shard-sync and purge documents from the response unless a `?include_system=true` is given. Fixes apache#3930
14188cd
to
cf8c0b7
Compare
Ok, I guess this PR is ready for review…? |
@ckruse almost there! Thanks for writting the test. Let's move it to a separate test module and then I think it will be good to go. Make a new module |
cf8c0b7
to
bece90d
Compare
Ok, makes sense. Done :-) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1
Thank you for your contribution @ckruse
🥳 thanks for merging! And thanks for your support! |
It hides the shard-sync and purge documents from the response unless a
?include_system=true
is given.Overview
Currently the system docs are included in
_local_docs
. This has shown to confuse users, and they try to delete them, which might fail and/or lead to problems.Testing recommendations
Related Issues or Pull Requests
$db/_local_docs
response #3930Checklist
I think most of this is not applicable. Regarding tests, I'm not sure if there should be added tests for this. It would mean a sleep in a test, wouldn't it?
rel/overlay/etc/default.ini
src/docs
folder