Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

executor, privilege: require CONFIG privilege for is.cluster_hardware #26209

Closed
wants to merge 1 commit into from
Closed

executor, privilege: require CONFIG privilege for is.cluster_hardware #26209

wants to merge 1 commit into from

Conversation

mjonss
Copy link
Contributor

@mjonss mjonss commented Jul 13, 2021

What problem does this PR solve?

Issue Number: close #26121

Problem Summary:
The cluster_hardware table should require the CONFIG privilege. This is consistent with the behavior change in #25379 which requires CONFIG for SHOW CONFIG.

It makes sense to cherry pick to 5.1, but not 5.0; because the behavior in 5.0 was not established yet, and SHOW CONFIG still requires no privileges.

What is changed and how it works?

What's Changed:

Reading from the table information_schema.cluster_hardware now requires the CONFIG privilege.

Check List

Tests

  • Unit test

Side effects

  • Breaking backward compatibility (for security)

Release note

  • Reading from the table information_schema.cluster_hardware now requires the CONFIG privilege.

@ti-chi-bot
Copy link
Member

[REVIEW NOTIFICATION]

This pull request has not been approved.

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

@ti-chi-bot ti-chi-bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jul 13, 2021
@github-actions github-actions bot added the sig/execution SIG execution label Jul 13, 2021
@mjonss mjonss marked this pull request as draft July 13, 2021 21:38
@ti-chi-bot ti-chi-bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 13, 2021
@mjonss
Copy link
Contributor Author

mjonss commented Jul 13, 2021

Superseded by #26220

@ti-chi-bot ti-chi-bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 16, 2021
@ti-chi-bot
Copy link
Member

@mjonss: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@mjonss mjonss closed this Jul 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. sig/execution SIG execution size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Users without process privilege should be unable to query cluster_hardware
2 participants
@mjonss @ti-chi-bot