Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

privilege, executor: add SET ROLE and CURRENT_ROLE support #9581

Merged
merged 15 commits into from
Mar 21, 2019
Merged

privilege, executor: add SET ROLE and CURRENT_ROLE support #9581

merged 15 commits into from
Mar 21, 2019

Conversation

imtbkcat
Copy link

@imtbkcat imtbkcat commented Mar 7, 2019

What problem does this PR solve?

support active role and SET ROLE, CURRENT_ROLE function.

What is changed and how it works?

Create an graph data structure to find relationship between role and user quickly, which is always update as other privilege tables. It will load mysql.role_edges table, and convert relationship to an graph.

When we need to active some roles for current session, we need to check whether these roles has been granted for current user. RoleGraph can finish this task quickly.

SET ROLE is just for set active role for current session, more detail: https://dev.mysql.com/doc/refman/8.0/en/set-role.html

Because set default role is not support yet. some gramma will be added soon.

Check List

Tests

  • Unit test

Code changes

  • Has exported variable/fields change

Side effects

  • Increased code complexity

@imtbkcat imtbkcat requested review from tiancaiamao, jackysp and lysu March 7, 2019 02:27
jackysp
jackysp reviewed Mar 7, 2019
View reviewed changes
privilege/privileges/cache.go Outdated
@@ -16,6 +16,7 @@ package privileges
import (
"context"
"fmt"
"github.com/pingcap/parser/auth"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Move this line to the third party libs part.

jackysp
jackysp reviewed Mar 7, 2019
View reviewed changes
expression/builtin_info.go

// evalString evals a builtinCurrentUserSig.
// See https://dev.mysql.com/doc/refman/5.7/en/information-functions.html#function_current-user
func (b *builtinCurrentRoleSig) evalString(row chunk.Row) (string, bool, error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is better to add some test cases for this built-in function.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok

@imtbkcat imtbkcat mentioned this pull request Mar 7, 2019
Merged
@codecov
Copy link

codecov bot commented Mar 9, 2019
edited
Loading

Codecov Report

Merging #9581 into master will decrease coverage by 0.0201%.
The diff coverage is 44.8979%.

@@               Coverage Diff                @@
##             master      #9581        +/-   ##
================================================
- Coverage   67.1706%   67.1505%   -0.0202%     
================================================
  Files           381        381                
  Lines         79956      80053        +97     
================================================
+ Hits          53707      53756        +49     
- Misses        21460      21504        +44     
- Partials       4789       4793         +4

tiancaiamao
tiancaiamao reviewed Mar 12, 2019
View reviewed changes
executor/simple.go Outdated Show resolved Hide resolved
privilege/privileges/cache.go Outdated Show resolved Hide resolved
privilege/privileges/cache.go Outdated Show resolved Hide resolved
privilege/privileges/cache.go Outdated Show resolved Hide resolved
privilege/privileges/cache.go Outdated Show resolved Hide resolved
@imtbkcat
Copy link
Author

/run-all-tests

@imtbkcat
Copy link
Author

PTAL @tiancaiamao

tiancaiamao
tiancaiamao reviewed Mar 18, 2019
View reviewed changes
executor/simple.go Outdated
}
e.done = true
return errors.Trace(err)
}

func (e *SimpleExec) executeSetRole(s *ast.SetRoleStmt) error {
checkDup := make(map[string]*auth.RoleIdentity)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

make(map[string]*auth.RoleIdentity, len(s.RoleList))

go.mod Outdated
@@ -23,7 +23,7 @@ require (
github.com/go-sql-driver/mysql v0.0.0-20170715192408-3955978caca4
github.com/gogo/protobuf v1.2.0 // indirect
github.com/golang/groupcache v0.0.0-20181024230925-c65c006176ff // indirect
github.com/golang/protobuf v1.2.0
github.com/golang/protobuf v1.3.0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why protobuf is changed here?

privilege/privileges/cache.go
@@ -104,12 +105,42 @@ type columnsPrivRecord struct {
patTypes []byte
}

// RoleGraphEdgesTable is used to cache relationship between and role.
type roleGraphEdgesTable struct {
roleList map[string]bool
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's better to use roleList map[string]struct{} here

roleList map[string]struct{}

roleList["xx"] = struct{}{}

if _, ok := roleList["xx"] {
    ...
}

@tiancaiamao
Copy link
Contributor

LGTM

@tiancaiamao tiancaiamao added the status/LGT1 Indicates that a PR has LGTM 1. label Mar 18, 2019
@imtbkcat
Copy link
Author

PTAL @jackysp

@imtbkcat
Copy link
Author

/run-all-tests

jackysp
jackysp approved these changes Mar 21, 2019
View reviewed changes
Copy link
Member

@jackysp jackysp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@imtbkcat imtbkcat merged commit 778c3f4 into pingcap:master Mar 21, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tiancaiamao tiancaiamao tiancaiamao left review comments

@jackysp jackysp jackysp approved these changes

@lysu lysu Awaiting requested review from lysu

Assignees
No one assigned
Labels
component/privilege sig/execution SIG execution status/LGT1 Indicates that a PR has LGTM 1.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@imtbkcat @tiancaiamao @jackysp