server: honor scheduler concurrency for coordinator (#4832)

api/v2/changefeed.go

@@ -746,6 +746,14 @@ func (h *OpenAPIV2) ResumeChangefeed(c *gin.Context) {
 	}
 	middleware.SetChangefeedOperationTarget(c, cfInfo.ChangefeedID.Keyspace(), cfInfo.ChangefeedID.Name())
 
+	// Resume validation must use persisted metadata because stopped changefeeds
+	// can be edited outside the coordinator process during legacy migration.
+	cfInfo, err = co.GetPersistedChangefeedInfo(ctx, cfInfo.ChangefeedID)
+	if err != nil {
+		_ = c.Error(err)
+		return
+	}
+
 	// If there is no overrideCheckpointTs, then check whether the currentCheckpointTs is smaller than gc safepoint or not.
 	newCheckpointTs := status.CheckpointTs
 	overwriteCheckpointTs := false

api/v2/changefeed_test.go

@@ -0,0 +1,264 @@
+// Copyright 2026 PingCAP, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v2
+
+import (
+	"context"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"testing"
+
+	"github.com/gin-gonic/gin"
+	"github.com/pingcap/kvproto/pkg/keyspacepb"
+	"github.com/pingcap/ticdc/maintainer"
+	"github.com/pingcap/ticdc/pkg/api"
+	"github.com/pingcap/ticdc/pkg/common"
+	"github.com/pingcap/ticdc/pkg/config"
+	cerror "github.com/pingcap/ticdc/pkg/errors"
+	"github.com/pingcap/ticdc/pkg/etcd"
+	"github.com/pingcap/ticdc/pkg/liveness"
+	"github.com/pingcap/ticdc/pkg/node"
+	"github.com/pingcap/ticdc/pkg/server"
+	"github.com/pingcap/ticdc/pkg/util"
+	"github.com/stretchr/testify/require"
+	pd "github.com/tikv/pd/client"
+)
+
+// TestValidateResumeChangefeedState covers the API-side guard that runs before
+// resume GC safepoint/barrier setup. Running states must fail fast, while states
+// that are actually stopped can proceed to the remaining resume validation.
+func TestValidateResumeChangefeedState(t *testing.T) {
+	for _, state := range []config.FeedState{config.StateStopped, config.StateFailed, config.StateFinished} {
+		require.NoError(t, validateResumeChangefeedState(state))
+	}
+
+	for _, state := range []config.FeedState{config.StateNormal, config.StateWarning, config.StatePending} {
+		err := validateResumeChangefeedState(state)
+		require.True(t, cerror.ErrChangefeedUpdateRefused.Equal(err))
+		require.Contains(t, err.Error(), string(state))
+	}
+}
+
+// TestResumeChangefeedRejectsNormalBeforeGC covers the HTTP resume regression:
+// a normal changefeed must fail before the handler requests PD/etcd clients for
+// GC safepoint/barrier setup or calls the coordinator resume path.
+func TestResumeChangefeedRejectsNormalBeforeGC(t *testing.T) {
+	gin.SetMode(gin.TestMode)
+
+	co := &resumeNormalCoordinator{}
+	srv := &resumeNormalServer{coordinator: co}
+	h := &OpenAPIV2{server: srv}
+
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Request = httptest.NewRequest(http.MethodPost, "/api/v2/changefeeds/test/resume?keyspace=default", nil)
+	c.Params = gin.Params{{Key: api.APIOpVarChangefeedID, Value: "test"}}
+	c.Set("ctx-keyspace", &keyspacepb.KeyspaceMeta{
+		Id:    common.DefaultKeyspaceID,
+		State: keyspacepb.KeyspaceState_ENABLED,
+	})
+
+	h.ResumeChangefeed(c)
+
+	require.Len(t, c.Errors, 1)
+	require.True(t, cerror.ErrChangefeedUpdateRefused.Equal(c.Errors.Last().Err))
+	require.False(t, srv.pdClientRequested)
+	require.False(t, srv.etcdClientRequested)
+	require.False(t, co.resumeCalled)
+}
+
+type resumeNormalServer struct {
+	coordinator         server.Coordinator
+	pdClientRequested   bool
+	etcdClientRequested bool
+}
+
+func (s *resumeNormalServer) Run(ctx context.Context) error { return nil }
+
+func (s *resumeNormalServer) Close() {}
+
+func (s *resumeNormalServer) SelfInfo() (*node.Info, error) { return nil, nil }
+
+func (s *resumeNormalServer) Liveness() liveness.Liveness { return liveness.CaptureAlive }
+
+func (s *resumeNormalServer) GetCoordinator() (server.Coordinator, error) {
+	return s.coordinator, nil
+}
+
+func (s *resumeNormalServer) IsCoordinator() bool { return true }
+
+func (s *resumeNormalServer) GetCoordinatorInfo(ctx context.Context) (*node.Info, error) {
+	return nil, nil
+}
+
+func (s *resumeNormalServer) GetPdClient() pd.Client {
+	s.pdClientRequested = true
+	return nil
+}
+
+func (s *resumeNormalServer) GetEtcdClient() etcd.CDCEtcdClient {
+	s.etcdClientRequested = true
+	return nil
+}
+
+func (s *resumeNormalServer) GetMaintainerManager() *maintainer.Manager { return nil }
+
+type resumeNormalCoordinator struct {
+	resumeCalled bool
+}
+
+func (c *resumeNormalCoordinator) Stop() {}
+
+func (c *resumeNormalCoordinator) Run(ctx context.Context) error { return nil }
+
+func (c *resumeNormalCoordinator) ListChangefeeds(ctx context.Context, keyspace string) ([]*config.ChangeFeedInfo, []*config.ChangeFeedStatus, error) {
+	return nil, nil, nil
+}
+
+func (c *resumeNormalCoordinator) GetChangefeed(ctx context.Context, changefeedDisplayName common.ChangeFeedDisplayName) (*config.ChangeFeedInfo, *config.ChangeFeedStatus, error) {
+	changefeedID := common.NewChangeFeedIDWithName(changefeedDisplayName.Name, changefeedDisplayName.Keyspace)
+	return &config.ChangeFeedInfo{
+			ChangefeedID: changefeedID,
+			State:        config.StateNormal,
+		}, &config.ChangeFeedStatus{
+			CheckpointTs: 123,
+		}, nil
+}
+
+func (c *resumeNormalCoordinator) GetPersistedChangefeedInfo(ctx context.Context, id common.ChangeFeedID) (*config.ChangeFeedInfo, error) {
+	return &config.ChangeFeedInfo{
+		ChangefeedID: id,
+		State:        config.StateNormal,
+	}, nil
+}
+
+func (c *resumeNormalCoordinator) CreateChangefeed(ctx context.Context, info *config.ChangeFeedInfo) error {
+	return nil
+}
+
+func (c *resumeNormalCoordinator) RemoveChangefeed(ctx context.Context, id common.ChangeFeedID) (uint64, error) {
+	return 0, nil
+}
+
+func (c *resumeNormalCoordinator) PauseChangefeed(ctx context.Context, id common.ChangeFeedID) error {
+	return nil
+}
+
+func (c *resumeNormalCoordinator) ResumeChangefeed(ctx context.Context, id common.ChangeFeedID, newCheckpointTs uint64, overwriteCheckpointTs bool) error {
+	c.resumeCalled = true
+	return nil
+}
+
+func (c *resumeNormalCoordinator) UpdateChangefeed(ctx context.Context, change *config.ChangeFeedInfo) error {
+	return nil
+}
+
+func (c *resumeNormalCoordinator) RequestResolvedTsFromLogCoordinator(ctx context.Context, changefeedDisplayName common.ChangeFeedDisplayName) {
+}
+
+func (c *resumeNormalCoordinator) DrainNode(ctx context.Context, target node.ID) (int, error) {
+	return 0, nil
+}
+
+func (c *resumeNormalCoordinator) Initialized() bool { return true }
+
+// TestMaskSinkURIForError verifies that error messages mask sensitive sink URI
+// fields. It checks both a valid URI with secret query parameters and an invalid
+// URI parse error that previously exposed raw credentials.
+func TestMaskSinkURIForError(t *testing.T) {
+	sinkURI := "kafka://127.0.0.1:9092/topic?protocol=canal-json" +
+		"&sasl-user=ticdc&sasl-password=verysecure&secret-access-key=rawsecret"
+
+	maskedURI := maskSinkURIForError(sinkURI)
+	require.NotContains(t, maskedURI, "verysecure")
+	require.NotContains(t, maskedURI, "rawsecret")
+	require.Contains(t, maskedURI, "sasl-password=xxxxx")
+	require.Contains(t, maskedURI, "secret-access-key=xxxxx")
+	require.Contains(t, maskedURI, "sasl-user=ticdc")
+
+	invalidURI := "mysql://root:verysecure@127.0.0.1/%zz"
+	require.Equal(t, "<invalid uri>", maskSinkURIForError(invalidURI))
+
+	err := genSinkURIInvalidError(invalidURI, mustParseURLError(t, invalidURI))
+	require.NotContains(t, err.Error(), "verysecure")
+	require.Contains(t, err.Error(), "<invalid uri>")
+	require.Contains(t, err.Error(), `parse "<invalid uri>"`)
+	require.Contains(t, err.Error(), "invalid URL escape")
+}
+
+func mustParseURLError(t *testing.T, rawURL string) error {
+	t.Helper()
+
+	_, err := url.Parse(rawURL)
+	require.Error(t, err)
+	return err
+}
+
+// TestVerifyRouteConflict covers route conflict detection for eligible and
+// ineligible source tables. It exercises the safe cases first, then verifies
+// that conflicts report both the shared target table and conflicting sources.
+func TestVerifyRouteConflict(t *testing.T) {
+	t.Parallel()
+
+	changefeedID := common.NewChangeFeedIDWithName("test-changefeed", common.DefaultKeyspaceName)
+	replicaCfg := config.GetDefaultReplicaConfig()
+	replicaCfg.Sink.DispatchRules = []*config.DispatchRule{
+		{Matcher: []string{"db1.*"}, TargetSchema: "archive", TargetTable: "{table}"},
+		{Matcher: []string{"db2.*"}, TargetSchema: "archive", TargetTable: "{table}"},
+	}
+
+	eligibleTables := []common.TableName{{Schema: "db1", Table: "orders"}}
+	ineligibleTables := []common.TableName{{Schema: "db2", Table: "orders"}}
+
+	replicaCfg.ForceReplicate = util.AddressOf(false)
+	replicaCfg.IgnoreIneligibleTable = util.AddressOf(true)
+	require.NoError(t, verifyRouteConflict(changefeedID, eligibleTables, ineligibleTables, replicaCfg))
+
+	replicaCfg.IgnoreIneligibleTable = util.AddressOf(false)
+	require.NoError(t, verifyRouteConflict(changefeedID, eligibleTables, ineligibleTables, replicaCfg))
+
+	err := verifyRouteConflict(
+		changefeedID,
+		[]common.TableName{{Schema: "db1", Table: "orders"}, {Schema: "db2", Table: "orders"}},
+		ineligibleTables,
+		replicaCfg,
+	)
+	require.Error(t, err)
+	require.True(t, cerror.ErrTableRouteConflict.Equal(err))
+
+	replicaCfg.ForceReplicate = util.AddressOf(true)
+	err = verifyRouteConflict(changefeedID, eligibleTables, ineligibleTables, replicaCfg)
+	require.Error(t, err)
+	require.True(t, cerror.ErrTableRouteConflict.Equal(err))
+	require.Contains(t, err.Error(), "target `archive`.`orders`")
+	require.Contains(t, err.Error(), "source `db1`.`orders`")
+	require.Contains(t, err.Error(), "source `db2`.`orders`")
+
+	replicaCfg.ForceReplicate = util.AddressOf(false)
+	replicaCfg.Sink.DispatchRules = []*config.DispatchRule{
+		{Matcher: []string{"db2.*"}, TargetSchema: "db1", TargetTable: "{table}"},
+	}
+	err = verifyRouteConflict(
+		changefeedID,
+		[]common.TableName{{Schema: "db1", Table: "orders"}, {Schema: "db2", Table: "orders"}},
+		nil,
+		replicaCfg,
+	)
+	require.Error(t, err)
+	require.True(t, cerror.ErrTableRouteConflict.Equal(err))
+	require.Contains(t, err.Error(), "target `db1`.`orders`")
+	require.Contains(t, err.Error(), "source `db1`.`orders`")
+	require.Contains(t, err.Error(), "source `db2`.`orders`")
+}

coordinator/changefeed/changefeed_db_backend.go

@@ -24,6 +24,8 @@ import (
 type Backend interface {
 	// GetAllChangefeeds returns all changefeeds from the backend db, include stopped and failed changefeeds
 	GetAllChangefeeds(ctx context.Context) (map[common.ChangeFeedID]*ChangefeedMetaWrapper, error)
+	// GetChangefeedInfo returns the latest persisted changefeed info from the backend db.
+	GetChangefeedInfo(ctx context.Context, id common.ChangeFeedID) (*config.ChangeFeedInfo, error)
 	// CreateChangefeed saves changefeed info and status to db
 	CreateChangefeed(ctx context.Context, info *config.ChangeFeedInfo) error
 	// UpdateChangefeed updates changefeed info  to db
@@ -34,8 +36,8 @@ type Backend interface {
 	DeleteChangefeed(ctx context.Context, id common.ChangeFeedID) error
 	// SetChangefeedProgress persists the operation progress status to db for a changefeed
 	SetChangefeedProgress(ctx context.Context, id common.ChangeFeedID, progress config.Progress) error
-	// ResumeChangefeed persists the resumed status to db for a changefeed
-	ResumeChangefeed(ctx context.Context, id common.ChangeFeedID, newCheckpointTs uint64) error
+	// ResumeChangefeed persists the resumed status to db for a changefeed and returns the resumed info.
+	ResumeChangefeed(ctx context.Context, id common.ChangeFeedID, newCheckpointTs uint64) (*config.ChangeFeedInfo, error)
 	// UpdateChangefeedCheckpointTs persists the checkpointTs for changefeeds
 	UpdateChangefeedCheckpointTs(ctx context.Context, checkpointTs map[common.ChangeFeedID]uint64) error
 }

coordinator/changefeed/etcd_backend.go

@@ -124,6 +124,21 @@ func (b *EtcdBackend) GetAllChangefeeds(ctx context.Context) (map[common.ChangeF
 	return cfMap, nil
 }
 
+// GetChangefeedInfo returns the latest persisted changefeed info from etcd.
+func (b *EtcdBackend) GetChangefeedInfo(ctx context.Context, id common.ChangeFeedID) (*config.ChangeFeedInfo, error) {
+	info, err := b.etcdClient.GetChangeFeedInfo(ctx, id.DisplayName)
+	if err != nil {
+		return nil, errors.Trace(err)
+	}
+	// Old metadata may not embed ChangefeedID in the value. Keep the backend
+	// lookup key as the source of truth so callers can safely use the returned
+	// info for validation and in-memory replacement.
+	if info.ChangefeedID.Name() == "" {
+		info.ChangefeedID = id
+	}
+	return info, nil
+}
+
 func (b *EtcdBackend) CreateChangefeed(ctx context.Context,
 	info *config.ChangeFeedInfo,
 ) error {
@@ -248,17 +263,25 @@ func (b *EtcdBackend) DeleteChangefeed(ctx context.Context,
 	return nil
 }
 
+// ResumeChangefeed persists a resumed changefeed and returns the metadata used by the caller.
 func (b *EtcdBackend) ResumeChangefeed(ctx context.Context,
 	id common.ChangeFeedID, newCheckpointTs uint64,
-) error {
-	info, err := b.etcdClient.GetChangeFeedInfo(ctx, id.DisplayName)
+) (*config.ChangeFeedInfo, error) {
+	info, err := b.GetChangefeedInfo(ctx, id)
 	if err != nil {
-		return errors.Trace(err)
+		return nil, errors.Trace(err)
+	}
+	// Legacy stopped changefeeds can contain sparse metadata that was completed
+	// during coordinator bootstrap. Complete it again before persisting the
+	// resumed state so backend-loaded metadata does not drop compatibility defaults.
+	if info.Config == nil {
+		info.Config = config.GetDefaultReplicaConfig()
 	}
+	info.VerifyAndComplete()
 	info.State = config.StateNormal
 	newStr, err := info.Marshal()
 	if err != nil {
-		return errors.Trace(err)
+		return nil, errors.Trace(err)
 	}
 	infoKey := etcd.GetEtcdKeyChangeFeedInfo(b.etcdClient.GetClusterID(), id.DisplayName)
 	opsThen := []clientv3.Op{
@@ -267,27 +290,27 @@ func (b *EtcdBackend) ResumeChangefeed(ctx context.Context,
 	if newCheckpointTs > 0 {
 		status, _, err := b.etcdClient.GetChangeFeedStatus(ctx, id)
 		if err != nil {
-			return errors.Trace(err)
+			return nil, errors.Trace(err)
 		}
 		status.CheckpointTs = newCheckpointTs
 		status.Progress = config.ProgressNone
 		jobValue, err := status.Marshal()
 		if err != nil {
-			return errors.Trace(err)
+			return nil, errors.Trace(err)
 		}
 		jobKey := etcd.GetEtcdKeyJob(b.etcdClient.GetClusterID(), id.DisplayName)
 		opsThen = append(opsThen, clientv3.OpPut(jobKey, jobValue))
 	}
 
 	putResp, err := b.etcdClient.GetEtcdClient().Txn(ctx, nil, opsThen, []clientv3.Op{})
 	if err != nil {
-		return errors.Trace(err)
+		return nil, errors.Trace(err)
 	}
 	if !putResp.Succeeded {
 		err = cerror.ErrMetaOpFailed.GenWithStackByArgs(fmt.Sprintf("resume changefeed %s", info.ChangefeedID.Name()))
-		return errors.Trace(err)
+		return nil, errors.Trace(err)
 	}
-	return nil
+	return info, nil
 }
 
 func (b *EtcdBackend) SetChangefeedProgress(ctx context.Context, id common.ChangeFeedID, progress config.Progress) error {