Skip to content

Create dedicated cache FS #550

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jan 23, 2025
Merged

Create dedicated cache FS #550

merged 5 commits into from
Jan 23, 2025

Conversation

Y--
Copy link
Collaborator

@Y-- Y-- commented Jan 20, 2025
edited
Loading

Today, non super-users are going to face an error when querying S3 objects like:

ERROR:  (PGDuckDB/CreatePlan) Prepared query returned an error: 'Permission Error: File system LocalFileSystem has been disabled by configuration

The reason is that the current cache mechanism uses the DB's FileSystem which non-super users cannot access.

To fix it, we create a dedicated FS that the extension is allow to access (but not the user directly).

  • the custom FS which can only open files by name located under the cache_file_directory (no path)
  • all methods beside OpenFile are throwing a permission error.

@Y-- Y-- requested a review from JelteF January 20, 2025 17:03
@JelteF JelteF requested a review from mkaruza January 22, 2025 09:42
JelteF
JelteF reviewed Jan 22, 2025
View reviewed changes
Copy link
Collaborator

@JelteF JelteF left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tried it out. It indeed solves the problem. Also the general approach seems quite reasonable.

Y--
Y-- commented Jan 23, 2025
View reviewed changes
third_party/cached_httpfs/http_file_cache.cpp Outdated
}

{
lock_guard<mutex> lock(cached_fs_mutex);
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is probably a bit overkill since GetFS is only called under a lock already, but feels more future-proof

@Y-- Y-- requested review from mkaruza and JelteF January 23, 2025 10:13
JelteF
JelteF reviewed Jan 23, 2025
View reviewed changes
third_party/cached_httpfs/include/http_file_cache.hpp Outdated
return LocalFileSystem::OpenFile(oss.str(), flags, opener);
}

void AssertSameCacheDir(const string &other_dir) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When I read Assert I expect it's a thing that's only checked if assertions are enabled, so let's name this differently.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given it's only used in one place, maybe just inline it.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But then I have to make the cache_file_directory public just for this method? I preferred to not leak it :-)

Y-- and others added 2 commits January 23, 2025 14:55
@Y-- @JelteF
Update third_party/cached_httpfs/include/http_file_cache.hpp
c19019a 
Co-authored-by: Jelte Fennema-Nio <jelte@motherduck.com>
@Y--
Revert "Improve cache FS security"
5f63684 
This reverts commit 24891f4.
JelteF
JelteF reviewed Jan 23, 2025
View reviewed changes
third_party/cached_httpfs/include/http_file_cache.hpp Outdated
@@ -78,6 +80,13 @@ class CachedFileHandle {
shared_ptr<CachedFile> file;
};

class LocalCacheFileSystem: public LocalFileSystem {
// TODO: we could lock down the LocalFileSystem to only allow path that are in the cache directory
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's remove this comment

@Y-- Y-- enabled auto-merge (squash) January 23, 2025 14:12
@Y-- Y-- merged commit 6effc0a into main Jan 23, 2025
5 checks passed
@Y-- Y-- deleted the yl/cache-no-su branch January 23, 2025 14:15
@Y--
Copy link
Collaborator Author

Y-- commented Jan 23, 2025

For posterity - we've discussed 24891f4 (#550) with @JelteF and decided it wasn't worth it.

@Bodobolero Bodobolero mentioned this pull request Jan 26, 2025
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JelteF JelteF JelteF approved these changes

@mkaruza mkaruza Awaiting requested review from mkaruza

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Y-- @JelteF @mkaruza