Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

priviege, executor: add set role option #10268

Merged
merged 3 commits into from May 8, 2019

Conversation

Projects
None yet
5 participants
@imtbkcat
Copy link
Contributor

commented Apr 25, 2019

What problem does this PR solve?

Support SQL like:

SET ROLE ALL
SET ROLE DEFAULT
SET ROLE ALL EXCEPT role [, role ]
SET ROLE NONE

What is changed and how it works?

Reading roles information from privilege cache and change ActiveRole session variable.
adding GetAllRole interface for Manger, which could get roles from cache.

Check List

Tests

  • Unit test

Code changes

  • Has exported function/method change

Side effects

  • Increased code complexity
@zhouqiang-cl

This comment has been minimized.

Copy link
Member

commented Apr 25, 2019

/rebuild

@XuHuaiyu

This comment has been minimized.

Copy link
Contributor

commented Apr 26, 2019

IGNORE this comment~

/run-common-test tidb-test=pr/579
/run-integration-common-tests tidb-test=pr/579

@imtbkcat

This comment has been minimized.

Copy link
Contributor Author

commented Apr 26, 2019

/run-common-test tidb-test=pr/579
/run-integration-common-tests tidb-test=pr/579

@imtbkcat

This comment has been minimized.

Copy link
Contributor Author

commented Apr 26, 2019

/run-all-tests

1 similar comment
@zhouqiang-cl

This comment has been minimized.

Copy link
Member

commented Apr 26, 2019

/run-all-tests

@zhouqiang-cl

This comment has been minimized.

Copy link
Member

commented Apr 26, 2019

/rebuild

@codecov

This comment has been minimized.

Copy link

commented Apr 28, 2019

Codecov Report

Merging #10268 into master will increase coverage by 0.0237%.
The diff coverage is 78.5714%.

@@               Coverage Diff                @@
##             master     #10268        +/-   ##
================================================
+ Coverage   77.8178%   77.8416%   +0.0237%     
================================================
  Files           410        410                
  Lines         84365      84442        +77     
================================================
+ Hits          65651      65731        +80     
+ Misses        13813      13812         -1     
+ Partials       4901       4899         -2
@codecov

This comment has been minimized.

Copy link

commented Apr 28, 2019

Codecov Report

Merging #10268 into master will increase coverage by 0.4286%.
The diff coverage is 77.922%.

@@               Coverage Diff                @@
##             master     #10268        +/-   ##
================================================
+ Coverage   77.4045%   77.8332%   +0.4287%     
================================================
  Files           412        410         -2     
  Lines         85641      84392      -1249     
================================================
- Hits          66290      65685       -605     
+ Misses        14335      13809       -526     
+ Partials       5016       4898       -118
@imtbkcat

This comment has been minimized.

Copy link
Contributor Author

commented Apr 28, 2019

/run-all-tests

@jackysp
Copy link
Member

left a comment

LGTM

@imtbkcat

This comment has been minimized.

Copy link
Contributor Author

commented Apr 28, 2019

checker := privilege.GetPrivilegeManager(e.ctx)
user, host := e.ctx.GetSessionVars().User.AuthUsername, e.ctx.GetSessionVars().User.AuthHostname
roles, afterExcept := checker.GetAllRoles(user, host), make([]*auth.RoleIdentity, 0)
for _, r := range roles {

This comment has been minimized.

Copy link
@tiancaiamao

tiancaiamao Apr 30, 2019

Contributor

It remind me of functional programming...

func filter(arr []*auth.RoleIdentity, fn f(*auth.RoleIdentity) bool) []*auth.RoleIdentity {
     i, j := 0,0
     for i:=0; i<len(arr); i++ {
         if f(arr[i]) {
            arr[j] = arr[i]
            j++
         }
     }
     return arr[:j]
}

banned := func(*auth.RoleIdentity) bool {
          for _, ban := range s.RoleList {
              if ban.Hostname == r.Hostname && ban.Username == r.Username {
                 return true
			        }        
          }
          return false
}

filter(roles, not(banned))
}
checker := privilege.GetPrivilegeManager(e.ctx)
user, host := e.ctx.GetSessionVars().User.AuthUsername, e.ctx.GetSessionVars().User.AuthHostname
roles, afterExcept := checker.GetAllRoles(user, host), make([]*auth.RoleIdentity, 0)

This comment has been minimized.

Copy link
@tiancaiamao

tiancaiamao Apr 30, 2019

Contributor

make([]*auth.RoleIdentity, 0, len(s.RoleList))

// Deal with SQL like `SET ROLE NONE;`
checker := privilege.GetPrivilegeManager(e.ctx)
roles := make([]*auth.RoleIdentity, 0)
ok, roleName := checker.ActiveRoles(e.ctx, roles)

This comment has been minimized.

Copy link
@tiancaiamao

tiancaiamao Apr 30, 2019

Contributor

checker.ActiveRoles(e.ctx, nil) ?

func (p *MySQLPrivilege) getAllRoles(user, host string) []*auth.RoleIdentity {
ret := make([]*auth.RoleIdentity, 0)
key := user + "@" + host
edgeTable, ok := p.RoleGraph[key]

This comment has been minimized.

Copy link
@tiancaiamao

tiancaiamao Apr 30, 2019

Contributor
if !ok {
    return nil
}

ret := make([]*auth.RoleIdentity, 0, len(edgeTable.roleList))

When you're writing Go, remind:

  1. test the branch that could return early
  2. write cap for make() whenever possible

This comment has been minimized.

Copy link
@imtbkcat

imtbkcat May 5, 2019

Author Contributor

fixed @tiancaiamao

@imtbkcat imtbkcat force-pushed the imtbkcat:set_role_with_opt branch from 338ed28 to 75b526d May 5, 2019

@tiancaiamao

This comment has been minimized.

Copy link
Contributor

commented May 8, 2019

LGTM

@tiancaiamao tiancaiamao merged commit 0b8ce46 into pingcap:master May 8, 2019

5 of 6 checks passed

ci/circleci CircleCI is running your tests
Details
idc-jenkins-ci-tidb/build Jenkins job succeeded.
Details
idc-jenkins-ci-tidb/build_check_race Jenkins job succeeded.
Details
idc-jenkins-ci-tidb/check_dev Jenkins job succeeded.
Details
idc-jenkins-ci-tidb/check_dev_2 Jenkins job succeeded.
Details
license/cla Contributor License Agreement is signed.
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.