Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

executor: fix user without process privilege can access cluster_statements_summary_evicted table #26208

Merged
merged 10 commits into from
Jul 19, 2021
Merged

executor: fix user without process privilege can access cluster_statements_summary_evicted table #26208

merged 10 commits into from
Jul 19, 2021

Conversation

AilinKid
Copy link
Contributor

@AilinKid AilinKid commented Jul 13, 2021
edited
Loading

Signed-off-by: ailinkid 314806019@qq.com

What problem does this PR solve?

Issue Number: close #26125

What is changed and how it works?

*: What's Changed: fix user without process privilege can access cluster_statements_summary_evicted table

Check List

Tests

  • Unit test

Documentation

  • Affects user behaviors
  • Contains syntax changes
  • Contains variable changes
  • Contains experimental features
  • Changes MySQL compatibility

Release note

  • fix user without process privilege can access cluster_statements_summary_evicted table

@AilinKid
fix user without process privilege can access cluster evicted
0e1e17a 
Signed-off-by: ailinkid <314806019@qq.com>
@ti-chi-bot ti-chi-bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Jul 13, 2021
@AilinKid AilinKid changed the title fix user without process privilege can access cluster_statements_summary_evicted table executor: fix user without process privilege can access cluster_statements_summary_evicted table Jul 13, 2021
@sre-bot
Copy link
Contributor

sre-bot commented Jul 13, 2021

Please follow PR Title Format:

  • pkg [, pkg2, pkg3]: what's changed

Or if the count of mainly changed packages are more than 3, use

  • *: what's changed

@AilinKid AilinKid mentioned this pull request Jul 13, 2021
Closed
10 tasks
@github-actions github-actions bot added sig/execution SIG execution sig/sql-infra SIG: SQL Infra labels Jul 13, 2021
@djshow832 djshow832 requested a review from ClSlaid July 13, 2021 11:39
mjonss
mjonss reviewed Jul 13, 2021
View reviewed changes
Copy link
Contributor

@mjonss mjonss left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only minor comment about PROCESS vs Process. I also tried to add a similar test to privilege/privileges/privileges_test.go:TestClusterConfigInfoschema but then it hangs/succeeds when it is suppose to fail, any idea why?
Maybe also add a test for a user with only Process privilege.

Otherwise LGTM.

executor/infoschema_reader.go Show resolved Hide resolved
infoschema/tables_test.go Show resolved Hide resolved
djshow832
djshow832 reviewed Jul 19, 2021
View reviewed changes
executor/infoschema_reader.go Outdated
@@ -1919,6 +1919,9 @@ func (e *memtableRetriever) dataForTableTiFlashReplica(ctx sessionctx.Context, s
}

func (e *memtableRetriever) setDataForStatementsSummaryEvicted(ctx sessionctx.Context) error {
if e.table.Name.O == infoschema.ClusterTableStatementsSummaryEvicted && !hasPriv(ctx, mysql.ProcessPriv) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The same for statements_summary_evicted. Please update them together.

zimulala
zimulala approved these changes Jul 19, 2021
View reviewed changes
Copy link
Contributor

@zimulala zimulala left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ti-chi-bot ti-chi-bot added the status/LGT1 Indicates that a PR has LGTM 1. label Jul 19, 2021
@AilinKid
address comment
f75d449 
Signed-off-by: ailinkid <314806019@qq.com>
@AilinKid
address comment
1edd165 
Signed-off-by: ailinkid <314806019@qq.com>
@ti-chi-bot
Copy link
Member

[REVIEW NOTIFICATION]

This pull request has been approved by:

  • djshow832
  • zimulala

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

@ti-chi-bot ti-chi-bot added status/LGT2 Indicates that a PR has LGTM 2. and removed status/LGT1 Indicates that a PR has LGTM 1. labels Jul 19, 2021
@AilinKid
Copy link
Contributor Author

/merge

@ti-chi-bot
Copy link
Member

This pull request has been accepted and is ready to merge.

Commit hash: 9d52bea

@ti-chi-bot ti-chi-bot added the status/can-merge Indicates a PR has been approved by a committer. label Jul 19, 2021
@ti-chi-bot ti-chi-bot merged commit 32bf0c4 into pingcap:master Jul 19, 2021
ti-srebot pushed a commit to ti-srebot/tidb that referenced this pull request Jul 19, 2021
@AilinKid @ti-srebot
cherry pick pingcap#26208 to release-5.1
f369890 
Signed-off-by: ti-srebot <ti-srebot@pingcap.com>
@ti-srebot ti-srebot mentioned this pull request Jul 19, 2021
Closed
6 tasks
@ti-srebot
Copy link
Contributor

cherry pick to release-5.1 in PR #26351

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mjonss mjonss mjonss left review comments

@zimulala zimulala zimulala approved these changes

@djshow832 djshow832 djshow832 approved these changes

@ClSlaid ClSlaid Awaiting requested review from ClSlaid

Assignees
No one assigned
Labels
needs-cherry-pick-release-5.1 sig/execution SIG execution sig/sql-infra SIG: SQL Infra size/S Denotes a PR that changes 10-29 lines, ignoring generated files. status/can-merge Indicates a PR has been approved by a committer. status/LGT2 Indicates that a PR has LGTM 2.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Users without process privilege should be unable to query CLUSTER_STATEMENTS_SUMMARY_EVICTED
7 participants
@AilinKid @sre-bot @ti-chi-bot @ti-srebot @zimulala @mjonss @djshow832