feat(cloudsqlmysql): add native read-only session locking#3618
feat(cloudsqlmysql): add native read-only session locking#3618anubhav756 wants to merge 3 commits into
Conversation
There was a problem hiding this comment.
Code Review
This pull request introduces read-only mode support for the Cloud SQL MySQL source. It adds a readonly configuration option, configures the database connection pool to enforce read-only sessions via cloudsql_session_read_only=locked when enabled, introduces a prebuilt execute_sql_readonly tool, and adds an integration test to verify the read-only enforcement. The feedback recommends renaming the environment variable CLOUDSQL_MYSQL_READONLY to CLOUD_SQL_MYSQL_READONLY in both the documentation and configuration files to maintain naming consistency with existing environment variables.
a975dc7 to
efeaaa2
Compare
9a2c11a to
67c5006
Compare
efeaaa2 to
c638838
Compare
67c5006 to
1440fd2
Compare
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request introduces a read-only mode for Cloud SQL MySQL sources, enforcing read-only session locking on the database connection via DSN parameters when enabled. It adds a new execute_sql_readonly tool, updates the configuration and source initialization, and includes an integration test to verify that write operations are rejected in read-only mode. Feedback suggests correcting the README documentation to accurately describe that the readonly option enforces session locking on the connection rather than routing queries to a read-only endpoint.
| export CLOUD_SQL_MYSQL_USER="<your-database-user>" # Optional | ||
| export CLOUD_SQL_MYSQL_PASSWORD="<your-database-password>" # Optional | ||
| export CLOUD_SQL_MYSQL_IP_TYPE="PUBLIC" # Optional: `PUBLIC`, `PRIVATE`, `PSC`. Defaults to `PUBLIC`. | ||
| export CLOUD_SQL_MYSQL_READONLY="true" # Optional: Restricts tools and executes queries on read-only endpoints. |
There was a problem hiding this comment.
The description # Optional: Restricts tools and executes queries on read-only endpoints. is technically inaccurate. The readonly configuration actually appends session_variables=cloudsql_session_read_only=locked to the connection DSN, which enforces read-only session locking on the database connection itself. It does not route queries to a different "read-only endpoint" (such as a read replica).
Let's update the description to be more accurate.
| export CLOUD_SQL_MYSQL_READONLY="true" # Optional: Restricts tools and executes queries on read-only endpoints. | |
| export CLOUD_SQL_MYSQL_READONLY="true" # Optional: Restricts tools and enforces read-only session locking on the database connection. |
02e3dd9 to
502e5f9
Compare
502e5f9 to
8f59ae2
Compare
Overview
This PR implements native read-only session locking for Cloud SQL MySQL.
Changes
session_variables=cloudsql_session_read_only=lockedto the connection DSN when the source is marked as read-only.