Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

privilege, executor: add `SET ROLE` and `CURRENT_ROLE` support #9581

Merged
merged 15 commits into from Mar 21, 2019

Conversation

@imtbkcat
Copy link
Contributor

commented Mar 7, 2019

What problem does this PR solve?

support active role and SET ROLE, CURRENT_ROLE function.

What is changed and how it works?

Create an graph data structure to find relationship between role and user quickly, which is always update as other privilege tables. It will load mysql.role_edges table, and convert relationship to an graph.

When we need to active some roles for current session, we need to check whether these roles has been granted for current user. RoleGraph can finish this task quickly.

SET ROLE is just for set active role for current session, more detail: https://dev.mysql.com/doc/refman/8.0/en/set-role.html

Because set default role is not support yet. some gramma will be added soon.

Check List

Tests

  • Unit test

Code changes

  • Has exported variable/fields change

Side effects

  • Increased code complexity
@@ -16,6 +16,7 @@ package privileges
import (
"context"
"fmt"
"github.com/pingcap/parser/auth"

This comment has been minimized.

Copy link
@jackysp

jackysp Mar 7, 2019

Member

Move this line to the third party libs part.


// evalString evals a builtinCurrentUserSig.
// See https://dev.mysql.com/doc/refman/5.7/en/information-functions.html#function_current-user
func (b *builtinCurrentRoleSig) evalString(row chunk.Row) (string, bool, error) {

This comment has been minimized.

Copy link
@jackysp

jackysp Mar 7, 2019

Member

It is better to add some test cases for this built-in function.

This comment has been minimized.

Copy link
@imtbkcat

imtbkcat Mar 7, 2019

Author Contributor

ok

@imtbkcat imtbkcat force-pushed the imtbkcat:setrole branch from 714f26c to f80fd2b Mar 7, 2019

@codecov

This comment has been minimized.

Copy link

commented Mar 9, 2019

Codecov Report

Merging #9581 into master will decrease coverage by 0.0201%.
The diff coverage is 44.8979%.

@@               Coverage Diff                @@
##             master      #9581        +/-   ##
================================================
- Coverage   67.1706%   67.1505%   -0.0202%     
================================================
  Files           381        381                
  Lines         79956      80053        +97     
================================================
+ Hits          53707      53756        +49     
- Misses        21460      21504        +44     
- Partials       4789       4793         +4
Show resolved Hide resolved executor/simple.go Outdated
Show resolved Hide resolved privilege/privileges/cache.go Outdated
Show resolved Hide resolved privilege/privileges/cache.go Outdated
Show resolved Hide resolved privilege/privileges/cache.go Outdated
Show resolved Hide resolved privilege/privileges/cache.go Outdated

@imtbkcat imtbkcat force-pushed the imtbkcat:setrole branch from 35e2e06 to 9eb7c88 Mar 12, 2019

@imtbkcat

This comment has been minimized.

Copy link
Contributor Author

commented Mar 12, 2019

/run-all-tests

@imtbkcat

This comment has been minimized.

Copy link
Contributor Author

commented Mar 13, 2019

}
e.done = true
return errors.Trace(err)
}

func (e *SimpleExec) executeSetRole(s *ast.SetRoleStmt) error {
checkDup := make(map[string]*auth.RoleIdentity)

This comment has been minimized.

Copy link
@tiancaiamao

tiancaiamao Mar 18, 2019

Contributor

make(map[string]*auth.RoleIdentity, len(s.RoleList))

go.mod Outdated
@@ -23,7 +23,7 @@ require (
github.com/go-sql-driver/mysql v0.0.0-20170715192408-3955978caca4
github.com/gogo/protobuf v1.2.0 // indirect
github.com/golang/groupcache v0.0.0-20181024230925-c65c006176ff // indirect
github.com/golang/protobuf v1.2.0
github.com/golang/protobuf v1.3.0

This comment has been minimized.

Copy link
@tiancaiamao

tiancaiamao Mar 18, 2019

Contributor

Why protobuf is changed here?

@@ -104,12 +105,42 @@ type columnsPrivRecord struct {
patTypes []byte
}

// RoleGraphEdgesTable is used to cache relationship between and role.
type roleGraphEdgesTable struct {
roleList map[string]bool

This comment has been minimized.

Copy link
@tiancaiamao

tiancaiamao Mar 18, 2019

Contributor

It's better to use roleList map[string]struct{} here

roleList map[string]struct{}

roleList["xx"] = struct{}{}

if _, ok := roleList["xx"] {
    ...
}
@tiancaiamao

This comment has been minimized.

Copy link
Contributor

commented Mar 18, 2019

LGTM

@imtbkcat

This comment has been minimized.

Copy link
Contributor Author

commented Mar 18, 2019

PTAL @jackysp

@imtbkcat imtbkcat force-pushed the imtbkcat:setrole branch from 9eb7c88 to b6f8861 Mar 20, 2019

imtbkcat added some commits Mar 20, 2019

@imtbkcat

This comment has been minimized.

Copy link
Contributor Author

commented Mar 20, 2019

/run-all-tests

@jackysp
Copy link
Member

left a comment

LGTM

@imtbkcat imtbkcat merged commit 778c3f4 into pingcap:master Mar 21, 2019

8 checks passed

ci/circleci Your tests passed on CircleCI!
Details
codecov/patch 44.8979% of diff hit (target 0%)
Details
codecov/project 67.1505% (-0.0202%) compared to e829920
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
idc-jenkins-ci-tidb/build Jenkins job succeeded.
Details
idc-jenkins-ci-tidb/check_dev Jenkins job succeeded.
Details
idc-jenkins-ci-tidb/code_coverage Jenkins job succeeded.
Details
license/cla Contributor License Agreement is signed.
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.