Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

util/sem: add tidb_audit_redact_log to invisible sysvars #33712

Merged
merged 4 commits into from
Apr 14, 2022
Merged

util/sem: add tidb_audit_redact_log to invisible sysvars #33712

merged 4 commits into from
Apr 14, 2022

Conversation

morgo
Copy link
Contributor

@morgo morgo commented Apr 6, 2022
edited

What problem does this PR solve?

Issue Number: close #33711

Problem Summary:

When SEM is enabled, it shouldn't be possible to change the audit log redaction setting. This prevents an administrator from covering their tracks. In TiDB cloud, we will only support without redaction (full statements).

What is changed and how it works?

See above.

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)

Start a TiDB server without SEM and the audit plugin. Set redaction to OFF (default is on):

tidb> show variables like 'tidb_audit%';
+-------------------------+----------+
| Variable_name           | Value    |
+-------------------------+----------+
| tidb_audit_log_max_size | 52428800 |
| tidb_audit_redact_log   | ON       |
+-------------------------+----------+
2 rows in set (0.00 sec)

tidb> set global tidb_audit_redact_log = off;
Query OK, 0 rows affected (0.00 sec)

Enable SEM. Start TiDB Again:

tidb> show variables like 'tidb_audit%';
+-------------------------+----------+
| Variable_name           | Value    |
+-------------------------+----------+
| tidb_audit_log_max_size | 52428800 |
+-------------------------+----------+
1 row in set (0.00 sec)

tidb> set global tidb_audit_redact_log = off;
ERROR 1227 (42000): Access denied; you need (at least one of) the RESTRICTED_VARIABLES_ADMIN privilege(s) for this operation

Confirm that the log is written unredacted:

[2022/04/05 18:53:34.909 -06:00] [INFO] [logger.go:76] [ID=16492064140] [TIMESTAMP=2022/04/05 18:53:34.909 -06:00] [EVENT_CLASS=GENERAL] [EVENT_SUBCLASS=] [STATUS_CODE=0] [COST_TIME=0] [HOST=127.0.0.1] [CLIENT_IP=127.0.0.1] [USER=root] [DATABASES="[]"] [TABLES="[]"] [SQL_TEXT=] [ROWS=0] [CONNECTION_ID=403] [CLIENT_PORT=42146] [PID=2699953] [COMMAND=Query] [SQL_STATEMENTS=]
[2022/04/05 18:53:34.910 -06:00] [INFO] [logger.go:76] [ID=16492064141] [TIMESTAMP=2022/04/05 18:53:34.910 -06:00] [EVENT_CLASS=GENERAL] [EVENT_SUBCLASS=] [STATUS_CODE=0] [COST_TIME=0] [HOST=127.0.0.1] [CLIENT_IP=127.0.0.1] [USER=root] [DATABASES="[]"] [TABLES="[]"] [SQL_TEXT="show variables like 'tidb_audit%'"] [ROWS=0] [CONNECTION_ID=403] [CLIENT_PORT=42146] [PID=2699953] [COMMAND=Query] [SQL_STATEMENTS=Show]
[2022/04/05 18:53:36.521 -06:00] [INFO] [logger.go:76] [ID=16492064160] [TIMESTAMP=2022/04/05 18:53:36.521 -06:00] [EVENT_CLASS=GENERAL] [EVENT_SUBCLASS=] [STATUS_CODE=0] [COST_TIME=0] [HOST=127.0.0.1] [CLIENT_IP=127.0.0.1] [USER=root] [DATABASES="[]"] [TABLES="[]"] [SQL_TEXT="show variables like 'tidb_audit%'"] [ROWS=0] [CONNECTION_ID=403] [CLIENT_PORT=42146] [PID=2699953] [COMMAND=Query] [SQL_STATEMENTS=Show]
  • No code

Side effects

  • Performance regression: Consumes more CPU
  • Performance regression: Consumes more Memory
  • Breaking backward compatibility

Documentation

  • Affects user behaviors
  • Contains syntax changes
  • Contains variable changes
  • Contains experimental features
  • Changes MySQL compatibility

Release note

When Security Enhanced Mode (SEM) is enabled, TiDB no longer permits changes to the tidb_audit_redact_log system variable.

@ti-chi-bot
Copy link
Member

ti-chi-bot commented Apr 6, 2022
edited

[REVIEW NOTIFICATION]

This pull request has been approved by:

  • bb7133
  • zimulala

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

@ti-chi-bot ti-chi-bot added release-note size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Apr 6, 2022
@sre-bot
Copy link
Contributor

sre-bot commented Apr 6, 2022
edited

Code Coverage Details: https://codecov.io/github/pingcap/tidb/commit/33812ea857feaaa6b67db5cbd31963abdfbabb4f

zimulala
zimulala approved these changes Apr 8, 2022
View reviewed changes
Copy link
Contributor

@zimulala zimulala left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ti-chi-bot ti-chi-bot added the status/LGT1 Indicates that a PR has LGTM 1. label Apr 8, 2022
bb7133
bb7133 approved these changes Apr 13, 2022
View reviewed changes
Copy link
Member

@bb7133 bb7133 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ti-chi-bot ti-chi-bot added status/LGT2 Indicates that a PR has LGTM 2. and removed status/LGT1 Indicates that a PR has LGTM 1. labels Apr 13, 2022
@bb7133
Copy link
Member

bb7133 commented Apr 13, 2022

/merge

@ti-chi-bot
Copy link
Member

This pull request has been accepted and is ready to merge.

Commit hash: 4e8fc11

@ti-chi-bot ti-chi-bot added the status/can-merge Indicates a PR has been approved by a committer. label Apr 13, 2022
@ti-chi-bot ti-chi-bot merged commit 7a9d5b7 into pingcap:master Apr 14, 2022
@sre-bot
Copy link
Contributor

sre-bot commented Apr 14, 2022

TiDB MergeCI notify

✅ Well Done! New fixed [2] after this pr merged.

CI Name Result Duration Compare with Parent commit
idc-jenkins-ci-tidb/code-coverage ✅ Lines coverage: 63.47% 13 min Fixed
idc-jenkins-ci-tidb/common-test ✅ all 12 tests passed 6 min 11 sec Fixed
idc-jenkins-ci-tidb/integration-br-test 🟢 all 29 tests passed 46 min Existing passed
idc-jenkins-ci/integration-cdc-test 🟢 all 34 tests passed 38 min Existing passed
idc-jenkins-ci-tidb/integration-common-test 🟢 all 11 tests passed 10 min Existing passed
idc-jenkins-ci-tidb/tics-test 🟢 all 1 tests passed 7 min 9 sec Existing passed
idc-jenkins-ci-tidb/integration-ddl-test 🟢 all 6 tests passed 6 min 59 sec Existing passed
idc-jenkins-ci-tidb/sqllogic-test-2 🟢 all 28 tests passed 6 min 9 sec Existing passed
idc-jenkins-ci-tidb/sqllogic-test-1 🟢 all 26 tests passed 5 min 50 sec Existing passed
idc-jenkins-ci-tidb/integration-copr-test 🟢 all 1 tests passed 5 min 40 sec Existing passed
idc-jenkins-ci-tidb/integration-compatibility-test 🟢 all 1 tests passed 4 min 44 sec Existing passed
idc-jenkins-ci-tidb/mybatis-test 🟢 all 1 tests passed 3 min 56 sec Existing passed
idc-jenkins-ci-tidb/plugin-test 🟢 build success, plugin test success 4min Existing passed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bb7133 bb7133 bb7133 approved these changes

@zimulala zimulala zimulala approved these changes

Assignees
No one assigned
Labels
release-note size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. status/can-merge Indicates a PR has been approved by a committer. status/LGT2 Indicates that a PR has LGTM 2.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SEM should prohibit changing the audit log retraction setting
6 participants
@morgo @ti-chi-bot @sre-bot @bb7133 @zimulala @hawkingrei