-
Notifications
You must be signed in to change notification settings - Fork 5.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
util/sem: add tidb_audit_redact_log to invisible sysvars #33712
Conversation
[REVIEW NOTIFICATION] This pull request has been approved by:
To complete the pull request process, please ask the reviewers in the list to review by filling The full list of commands accepted by this bot can be found here. Reviewer can indicate their review by submitting an approval review. |
Code Coverage Details: https://codecov.io/github/pingcap/tidb/commit/33812ea857feaaa6b67db5cbd31963abdfbabb4f |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
/merge |
This pull request has been accepted and is ready to merge. Commit hash: 4e8fc11
|
TiDB MergeCI notify✅ Well Done! New fixed [2] after this pr merged.
|
What problem does this PR solve?
Issue Number: close #33711
Problem Summary:
When SEM is enabled, it shouldn't be possible to change the audit log redaction setting. This prevents an administrator from covering their tracks. In TiDB cloud, we will only support without redaction (full statements).
What is changed and how it works?
See above.
Check List
Tests
Start a TiDB server without SEM and the audit plugin. Set redaction to OFF (default is on):
Enable SEM. Start TiDB Again:
Confirm that the log is written unredacted:
Side effects
Documentation
Release note