Scripts should be replicated only by effects. #8370
Description
@redis/core-team we have discussed this in issue #5292 please read the history, and now I find another new bug, so as not to disturb antirez, I open this new one.
This new bug is about ACL, if a user execute lua script with limited ACLs in master, and then replicate the script verbatim to replica, it will result in data inconsistency, because master client can execute all commands, for example:
- master
127.0.0.1:6379> debug LUA-ALWAYS-REPLICATE-COMMANDS 0
127.0.0.1:6379> acl setuser test on nopass ~* -@all +set +eval +keys
OK
127.0.0.1:6379> auth test abc
OK
127.0.0.1:6379> eval "redis.call('set','foo','bar') redis.call('lpush','list','element')" 0
(error) ERR Error running script (call to f_d067a2e509dfa98f9a3cbfe499c8ad2a5226acce): @user_script:1: @user_script: 1: The user executing the script can't run this command or subcommand
127.0.0.1:6379> keys *
1) "foo"
- replica
127.0.0.1:6666> keys *
1) "foo"
2) "list"
I don't wanna fix this, as antirez said this is a design error, the question is should we remove the previous mechanism to replicate the script verbatim or just keep the configuration lua-replicate-commands and debug LUA-ALWAYS-REPLICATE-COMMANDS?