* [no-release-notes] Pushdown refactor, deprecate sql.FilteredTable,
ColumnDiffTable correctness
Pushdown splitting into two phases uncovered bugs. sql.FilteredTable
is now deprecated. ColumnDiffTable correctness tests were never run
through the indexing path before, which are broken. This disables the
indexing path and runs the proper test suites.
* [ga-format-pr] Run go/utils/repofmt/format_repo.sh and go/Godeps/update.sh
* bump
* tidy
* missing interface method
* mod tidy
* formatter
---------
Co-authored-by: max-hoffman <max-hoffman@users.noreply.github.com>
Setting this system variable to a non-zero value on a primary replica in a
sql-server cluster will cause dolt to block a SQL client performing a commit
until that client's commit is fully replicated to the replicas.
If there is a timeout, currently a warning is logged in the logs.
* import perf harness prog
* more test isolation
* rework common dep
* fix server driver
* delete old files, fix readme
* more readme fixes
* batching edits
* edits
* skip import tests by def
* GA starter
* rename
* fix arg name
* change input name again
* remove espaced character from input desc
* fix env definition
* fix env definition
* fix workflow_dispatch name
* CI test files
* remove os spec
* runs on
* different set variable
* defaults
* defaults
* remove local GMS
* edits
* run bench from go/ directory
* dropped def equals
* go run, not go build
* fix output command name
* configure dolt
* fix query file path
* fix query file path
* switch query and inputs
* fix format <<EOF
* reformat yaml
* debug output
* more debug output
* fix echo -> cat
* fix to json flag
* fix yaml spacing
* yaml spacing
* yaml spacing
* revert html spacing
* json format
* env var expansion
* echo not cat
* another json string printing error
* no echo
* log template
* no template string
* wrong parameter, template should be templateName
* remove console.log
* pass file, not string, to ses
* rely on preexisting template? email action interface
* fix yaml
* fix html print
* fix html header
* change ci script
* fix sql-server connection pass
* mysql no password, setup default db
* put password back
* missed port for default database
* expanded CI tests
* shorter test file
* extend ci tests
* change default query
* try to push to dolthub
* modify push to dolthub
* duplicate test names
* typo
* dolt-action version
* invalid param for dolt_action
* specify feature branch
* specify main branch dolt-action
* -b flag first
* dont need -q flag for batch EOF
* combine results and dolthub push
* missing curly brace
* no auth
* new creds
* new cred fun
* use the cred key
* try again
* log table
* move push out of batch
* more logging
* new vs old branch
* fix branch rule
* more test
* all tests
* smaller tests
* smaller tests
* double env: key
* fix yaml error
* more yaml errors
* more yaml errors
* [ga-format-pr] Run go/utils/repofmt/format_repo.sh and go/Godeps/update.sh
* linting fixes, remove other import nightly
* linting
* go vet
* licenses
* fix compile errorrs
* warn don't panic on init()
* [ga-format-pr] Run go/utils/repofmt/format_repo.sh and go/Godeps/update.sh
* no external package
* [ga-format-pr] Run go/utils/repofmt/format_repo.sh and go/Godeps/update.sh
* unused dep
* [ga-format-pr] Run go/utils/repofmt/format_repo.sh and go/Godeps/update.sh
* Revert perf scripts
* refactor to repo dispatch
Co-authored-by: max-hoffman <max-hoffman@users.noreply.github.com>
A remotesapi server running on a cluster replica publishes a JWKS.
Every outbound GRPC call the cluster replica makes includes a JWT signed with a
private key.
remotesapi servers running on cluster replicas require and validate incoming
JWTs for cluster traffic. The set of valid signing keys is taken from the
JWKSes which are published at /.well-known/jwks.json on the standby replica
hosts.
It is possible to configure tls_ca on cluster remotesapi to configure the set
of trusted roots for outbound TLS connections. Because the JWKSes are served
over the same connection, and becuase signed JWTs are not replay resistent, TLS
is recommended for all deployment topologies.
For now, this is server-side TLS, not mTLS.
If a tls_ca is configured, the certificates in that file are PEM encoded. They
are the only trusted roots for server certificate verification on both gRPC and
HTTP connections. If tls_ca is set, no server name verification is done for
now.
