Any attempt to perform a write operation on a database connection that was obtained for the DB_REPLICA index should fail hard. Two different cases need to be covered:
1) Connections to actual database replicas must not allow write operations (T183265)
2) When selecting the connection to the master database when asked for DB_REPLICA, that connection needs to be wrapped to disallow write operations. This is particularly relevant for catching bugs early, in unit tests and development environments which typically have a single database setup.
Background:
[[https://github.com/wikimedia/mediawiki/blob/e61a1caaddb58cc26bf5f912940afbb2a6f65355/includes/Storage/SqlBlobStore.php#L231|This code]] introduced by a recent MCR change obtains a DB handle using `DB_REPLICA`, then writes to it:
```lang=php
$dbw = $this->getDBConnection( DB_REPLICA );
$old_id = $dbw->nextSequenceValue( 'text_old_id_seq' );
$dbw->insert(
'text',
[
'old_id' => $old_id,
'old_text' => $data,
'old_flags' => $flags,
],
__METHOD__
);
$textId = $dbw->insertId();
```
Shockingly, nothing in MediaWiki prevented a write on a replica connection. Because the replica DB server in beta labs was not set to read-only (see {T183245}), this caused an actual write to happen to the replica server, which of course broke replication because the auto increment counters on the text table drifted out of sync.
A DB connection handle obtained with `DB_REPLICA` should not allow writes. Any attempt to call `->insert()`, `->delete()`, `->replace()`, etc. should throw an exception, even if the underlying connection is to the master (development environments typically only have one DB server, but we need to catch these errors early; thanks to @daniel for realizing this).
Chat log:
{P6485}