Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mysql_replication: add connection_name param for MariaDB multi source replication support #63229

Merged
merged 2 commits into from
Oct 9, 2019
Merged

mysql_replication: add connection_name param for MariaDB multi source replication support #63229

merged 2 commits into from
Oct 9, 2019

Conversation

Andersson007
Copy link
Contributor

SUMMARY

mysql_replication: add connection_name param for MariaDB multi source replication support

fixes #46243

ISSUE TYPE
  • Feature Pull Request
COMPONENT NAME

lib/ansible/modules/database/mysql/mysql_replication.py

This was referenced Oct 8, 2019
Closed
Closed
@ansibot
Copy link
Contributor

ansibot commented Oct 8, 2019

cc @Alexander198961 @Xyon @banyek @bmalynovytch @bmildren @kurtdavis @michaelcoburn @Oneiroi @tolland
click here for bot help

@ansibot ansibot added affects_2.10 This issue/PR affects Ansible v2.10 community_review In order to be merged, this PR must follow the community review workflow. database Database category feature This issue/PR relates to a feature request. has_issue module This issue/PR relates to a module. mysql needs_triage Needs a first human triage before being processed. support:community This issue/PR relates to code supported by the Ansible community. labels Oct 8, 2019
resmo
resmo approved these changes Oct 8, 2019
View reviewed changes
Copy link
Contributor

@resmo resmo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

felixfontein
felixfontein reviewed Oct 8, 2019
View reviewed changes
Copy link
Contributor

@felixfontein felixfontein left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two more words: changelog fragment :)

lib/ansible/modules/database/mysql/mysql_replication.py
cursor.execute("SHOW SLAVE STATUS")
def get_slave_status(cursor, connection_name=''):
if connection_name:
cursor.execute("SHOW SLAVE '%s' STATUS" % connection_name)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this need any proper escaping?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@felixfontein i didn't get an idea, could you please describe this? (it's covered by ci:)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If connection_name is '; DROP TABLE ORDERS; -- this will have unintended side-effects. (https://www.xkcd.com/327/)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@felixfontein shouldn't we trust the argument ?
I mean, these features aren't ment to used with arguments coming from untrusted sources I guess, or should be escaped / protected earlier in the code.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And, as far as I remember, cursor.execute won't execute a multi statement query, so the injection should fail.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if a user wants to drop his production databases, i believe, it is unavoidable

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Most security holes come from such assumptions, which get forgotten over time :) If you want to merge it this way, fine for me. Just don't complain nobody told you ;)

@ansibot ansibot added shipit This PR is ready to be merged by Core and removed community_review In order to be merged, this PR must follow the community review workflow. needs_triage Needs a first human triage before being processed. labels Oct 8, 2019
@ansibot ansibot added community_review In order to be merged, this PR must follow the community review workflow. and removed shipit This PR is ready to be merged by Core labels Oct 9, 2019
@Andersson007
Copy link
Contributor Author

it is a blocker for me and others, i can't implement #29311 before this PR is merged

@Andersson007
Copy link
Contributor Author

@bmalynovytch would be cool to get your suggestion about this in general

@resmo
Copy link
Contributor

resmo commented Oct 9, 2019

shipit

@ansibot ansibot added shipit This PR is ready to be merged by Core and removed community_review In order to be merged, this PR must follow the community review workflow. labels Oct 9, 2019
@felixfontein felixfontein merged commit 9f9afcb into ansible:devel Oct 9, 2019
@Andersson007
Copy link
Contributor Author

@resmo , @felixfontein , @bmalynovytch thank you for reviewing !

@Andersson007 Andersson007 mentioned this pull request Oct 9, 2019
Closed
@bmalynovytch
Copy link
Contributor

bmalynovytch commented Oct 9, 2019
edited

@bmalynovytch would be cool to get your suggestion about this in general

In general, maybe should we add some injection CI tests.

(dunno if it is what you were talking about 🙂 )

@Andersson007
Copy link
Contributor Author

@bmalynovytch , bright idea, we should certainly try ! :)

@ansible ansible locked and limited conversation to collaborators Nov 13, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@felixfontein felixfontein felixfontein left review comments

@bmalynovytch bmalynovytch bmalynovytch left review comments

@resmo resmo resmo approved these changes

Assignees
No one assigned
Labels
affects_2.10 This issue/PR affects Ansible v2.10 database Database category feature This issue/PR relates to a feature request. has_issue module This issue/PR relates to a module. mysql shipit This PR is ready to be merged by Core support:community This issue/PR relates to code supported by the Ansible community.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@Andersson007 @ansibot @resmo @bmalynovytch @felixfontein