Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix to (re)enable lower-privilege connection strings #234

Closed
wants to merge 4 commits into from
Closed

Fix to (re)enable lower-privilege connection strings #234

wants to merge 4 commits into from

Conversation

cgillum
Copy link
Member

@cgillum cgillum commented Sep 13, 2024

Resolves #233

The fix is to skip the database existence check if the current connection string does not have permission to log into the master database.

@cgillum cgillum marked this pull request as ready for review October 9, 2024 23:46
davidmrdavid
davidmrdavid reviewed Oct 10, 2024
View reviewed changes
Copy link
Member

@davidmrdavid davidmrdavid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change seems safe, but I want to make sure I understand the implications. Left some questions to gather context, but otherwise almost ready to approve.

src/DurableTask.SqlServer/SqlDbManager.cs
Comment on lines -180 to +195
// Note that we may not be able to connect to the DB, let alone obtain the lock,
// Note that we may not be able to connect to the target DB, let alone obtain the lock,
// if the database does not exist yet. So we obtain a connection to the 'master' database for now.
// If the current connection doesn't have permission to access the master database, this will fail.
// The exact error we see is hard to predict, so we catch SqlException and log a generic message.
using SqlConnection connection = this.settings.CreateConnection("master");
await connection.OpenAsync();
try
{
await connection.OpenAsync();
}
catch (SqlException)
{
this.traceHelper.GenericInfoEvent(
"Failed to connect to the master database. Skipping database exists check.",
instanceId: null);
return;
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Skipping the check somewhat reduces the effectiveness of the check. I wonder if there's a bigger refactor here that would allow us to ensure the DB exists without trying to connect to the master DB, which we know may not be allowed by some companies.

If you get my point and think this may exist, but is costly, I'd appreciate if you could add a TODO: comment for future maintenance. But this seems good for now.

You said this probably used to work before - curious if you know what the code used to look like for this. I want to understand if this is essentially reverting back to the old code.

@cgillum
Copy link
Member Author

cgillum commented Oct 10, 2024

After some discussion, it was decided that this fix isn't needed after all.

@cgillum cgillum closed this Oct 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davidmrdavid davidmrdavid davidmrdavid left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

EnsureDatabaseExistsAsync breaks in environments where "master" access disallowed
2 participants
@cgillum @davidmrdavid