Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

privilege: limit the privileges in memory schemas (#35260) #35331

Closed
wants to merge 1 commit into from
Closed

privilege: limit the privileges in memory schemas (#35260) #35331

wants to merge 1 commit into from

Conversation

ti-srebot
Copy link
Contributor

@ti-srebot ti-srebot commented Jun 13, 2022
edited
Loading

cherry-pick #35260 to release-5.1
You can switch your code base to this Pull Request by using git-extras:

# In tidb repo:
git pr https://github.com/pingcap/tidb/pull/35331

After apply modifications, you can push your change to this PR via:

git push git@github.com:ti-srebot/tidb.git pr/35331:release-5.1-395ccbe22d5e

What problem does this PR solve?

Issue Number: close #35205

Problem Summary:

In the previous implementation, metrics_schema.t isn't one of the metrics tables, so the privilege checker is skipped. However, because the memory databases are not persist in storage, DDL hangs because of "database not exists" error.

What is changed and how it works?

This PR disallows users run CREATE/ALTER/DROP/INSERT/UPDATE/DELETE statements on any tables in memory databases.

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)
  • No code

Side effects

  • Performance regression: Consumes more CPU
  • Performance regression: Consumes more Memory
  • Breaking backward compatibility

After this PR, the following operations on memory tables are not supported anymore:

  • information_schema: REFERENCES, EXECUTE, SHOW VIEW, LOCK TABLES.
  • performance_schema: CREATE, LOCK TABLES.
  • metrics_schema: CREATE, CREATE VIEW. REFERENCES, EXECUTE, SHOW VIEW, LOCK TABLES.

Documentation

  • Affects user behaviors
  • Contains syntax changes
  • Contains variable changes
  • Contains experimental features
  • Changes MySQL compatibility

Release note

Please refer to Release Notes Language Style Guide to write a quality release note.

Fix an issue that client stuck when create table in metrics_schema.

@ti-srebot
cherry pick pingcap#35260 to release-5.1
c55be54 
Signed-off-by: ti-srebot <ti-srebot@pingcap.com>
@ti-chi-bot
Copy link
Member

[REVIEW NOTIFICATION]

This pull request has not been approved.

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

@ti-chi-bot
Copy link
Member

@ti-srebot: This cherry pick PR is for a release branch and has not yet been approved by release team.
Adding the do-not-merge/cherry-pick-not-approved label.

To merge this cherry pick, it must first be approved by the collaborators.

AFTER it has been approved by collaborators, please ping the release team in a comment to request a cherry pick review.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@ti-srebot
Copy link
Contributor Author

/run-all-tests

@ti-chi-bot ti-chi-bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Jun 13, 2022
@ti-srebot ti-srebot mentioned this pull request Jun 13, 2022
Merged
12 tasks
@ti-srebot ti-srebot added compatibility-breaker Violation of forwards/backwards compatibility in a design-time piece. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. type/5.1-cherry-pick labels Jun 13, 2022
@ti-srebot ti-srebot added this to the v5.1.4 milestone Jun 13, 2022
@ti-srebot
Copy link
Contributor Author

@tangenta you're already a collaborator in bot's repo.

@tangenta tangenta closed this Jun 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Defined2014 Defined2014 Awaiting requested review from Defined2014

@djshow832 djshow832 Awaiting requested review from djshow832

@tiancaiamao tiancaiamao Awaiting requested review from tiancaiamao

Assignees

@tangenta tangenta

Labels
compatibility-breaker Violation of forwards/backwards compatibility in a design-time piece. do-not-merge/cherry-pick-not-approved release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. type/5.1-cherry-pick
Projects
None yet
Milestone
v5.1.4
Development

Successfully merging this pull request may close these issues.
3 participants
@ti-srebot @ti-chi-bot @tangenta