Skip to content

Commit

Permalink
Merge branch 'master' into options-taskid
Browse files Browse the repository at this point in the history
  • Loading branch information
disksing committed May 2, 2021
2 parents ef433cc + 27cacd8 commit b7e3110
Show file tree
Hide file tree
Showing 39 changed files with 465 additions and 86 deletions.
2 changes: 1 addition & 1 deletion ddl/column_type_change_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -233,7 +233,7 @@ func (s *testColumnTypeChangeSuite) TestRollbackColumnTypeChangeBetweenInteger(c
SQL := "alter table t modify column c2 int not null"
_, err := tk.Exec(SQL)
c.Assert(err, NotNil)
c.Assert(err.Error(), Equals, "[ddl:1]MockRollingBackInCallBack-none")
c.Assert(err.Error(), Equals, "[ddl:1]MockRollingBackInCallBack-queueing")
assertRollBackedColUnchanged(c, tk)

// Mock roll back at model.StateDeleteOnly.
Expand Down
31 changes: 31 additions & 0 deletions ddl/db_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ var _ = Suite(&testDBSuite5{&testDBSuite{}})
var _ = Suite(&testDBSuite6{&testDBSuite{}})
var _ = Suite(&testDBSuite7{&testDBSuite{}})
var _ = SerialSuites(&testSerialDBSuite{&testDBSuite{}})
var _ = Suite(&testDBSuite8{&testDBSuite{}})

const defaultBatchSize = 1024
const defaultReorgBatchSize = 256
Expand Down Expand Up @@ -145,6 +146,7 @@ type testDBSuite5 struct{ *testDBSuite }
type testDBSuite6 struct{ *testDBSuite }
type testDBSuite7 struct{ *testDBSuite }
type testSerialDBSuite struct{ *testDBSuite }
type testDBSuite8 struct{ *testDBSuite }

func testAddIndexWithPK(tk *testkit.TestKit) {
tk.MustExec("drop table if exists test_add_index_with_pk")
Expand Down Expand Up @@ -6700,3 +6702,32 @@ func (s *testSerialDBSuite) TestJsonUnmarshalErrWhenPanicInCancellingPath(c *C)
_, err := tk.Exec("alter table test_add_index_after_add_col add unique index cc(c);")
c.Assert(err.Error(), Equals, "[kv:1062]Duplicate entry '0' for key 'cc'")
}

// For Close issue #24288
// see https://github.com/pingcap/tidb/issues/24288
func (s *testDBSuite8) TestDdlMaxLimitOfIdentifier(c *C) {
tk := testkit.NewTestKit(c, s.store)

// create/drop database test
longDbName := strings.Repeat("库", mysql.MaxDatabaseNameLength-1)
tk.MustExec(fmt.Sprintf("create database %s", longDbName))
defer func() {
tk.MustExec(fmt.Sprintf("drop database %s", longDbName))
}()
tk.MustExec(fmt.Sprintf("use %s", longDbName))

// create/drop table,index test
longTblName := strings.Repeat("表", mysql.MaxTableNameLength-1)
longColName := strings.Repeat("三", mysql.MaxColumnNameLength-1)
longIdxName := strings.Repeat("索", mysql.MaxIndexIdentifierLen-1)
tk.MustExec(fmt.Sprintf("create table %s(f1 int primary key,f2 int, %s varchar(50))", longTblName, longColName))
tk.MustExec(fmt.Sprintf("create index %s on %s(%s)", longIdxName, longTblName, longColName))
defer func() {
tk.MustExec(fmt.Sprintf("drop index %s on %s", longIdxName, longTblName))
tk.MustExec(fmt.Sprintf("drop table %s", longTblName))
}()

// alter table
tk.MustExec(fmt.Sprintf("alter table %s change f2 %s int", longTblName, strings.Repeat("二", mysql.MaxColumnNameLength-1)))

}
21 changes: 15 additions & 6 deletions ddl/ddl_api.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import (
"strings"
"sync/atomic"
"time"
"unicode/utf8"

"github.com/cznic/mathutil"
"github.com/go-yaml/yaml"
Expand Down Expand Up @@ -225,21 +226,21 @@ func (d *ddl) DropSchema(ctx sessionctx.Context, schema model.CIStr) (err error)
}

func checkTooLongSchema(schema model.CIStr) error {
if len(schema.L) > mysql.MaxDatabaseNameLength {
if utf8.RuneCountInString(schema.L) > mysql.MaxDatabaseNameLength {
return ErrTooLongIdent.GenWithStackByArgs(schema)
}
return nil
}

func checkTooLongTable(table model.CIStr) error {
if len(table.L) > mysql.MaxTableNameLength {
if utf8.RuneCountInString(table.L) > mysql.MaxTableNameLength {
return ErrTooLongIdent.GenWithStackByArgs(table)
}
return nil
}

func checkTooLongIndex(index model.CIStr) error {
if len(index.L) > mysql.MaxIndexIdentifierLen {
if utf8.RuneCountInString(index.L) > mysql.MaxIndexIdentifierLen {
return ErrTooLongIdent.GenWithStackByArgs(index)
}
return nil
Expand Down Expand Up @@ -1107,7 +1108,7 @@ func checkGeneratedColumn(colDefs []*ast.ColumnDef) error {
func checkTooLongColumn(cols []*model.ColumnInfo) error {
for _, col := range cols {
colName := col.Name.O
if len(colName) > mysql.MaxColumnNameLength {
if utf8.RuneCountInString(colName) > mysql.MaxColumnNameLength {
return ErrTooLongIdent.GenWithStackByArgs(colName)
}
}
Expand Down Expand Up @@ -1751,6 +1752,14 @@ func buildTableInfoWithStmt(ctx sessionctx.Context, s *ast.CreateTableStmt, dbCh
if err != nil {
return nil, errors.Trace(err)
}
switch s.TemporaryKeyword {
case ast.TemporaryGlobal:
tbInfo.TempTableType = model.TempTableGlobal
case ast.TemporaryLocal:
tbInfo.TempTableType = model.TempTableLocal
case ast.TemporaryNone:
tbInfo.TempTableType = model.TempTableNone
}

if err = setTableAutoRandomBits(ctx, tbInfo, colDefs); err != nil {
return nil, errors.Trace(err)
Expand Down Expand Up @@ -2714,7 +2723,7 @@ func checkAndCreateNewColumn(ctx sessionctx.Context, ti ast.Ident, schema *model
if err = checkColumnAttributes(colName, specNewColumn.Tp); err != nil {
return nil, errors.Trace(err)
}
if len(colName) > mysql.MaxColumnNameLength {
if utf8.RuneCountInString(colName) > mysql.MaxColumnNameLength {
return nil, ErrTooLongIdent.GenWithStackByArgs(colName)
}

Expand Down Expand Up @@ -4980,7 +4989,7 @@ func buildHiddenColumnInfo(ctx sessionctx.Context, indexPartSpecifications []*as
}
idxPart.Length = types.UnspecifiedLength
// The index part is an expression, prepare a hidden column for it.
if len(idxPart.Column.Name.L) > mysql.MaxColumnNameLength {
if utf8.RuneCountInString(idxPart.Column.Name.L) > mysql.MaxColumnNameLength {
// TODO: Refine the error message.
return nil, ErrTooLongIdent.GenWithStackByArgs("hidden column")
}
Expand Down
4 changes: 2 additions & 2 deletions docs/design/2021-03-09-dynamic-privileges.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# Proposal:

- Author(s): [morgo](https://github.com/morgo)
- Last updated: April 12, 2021
- Last updated: April 25, 2021
- Discussion at: N/A

## Table of Contents
Expand Down Expand Up @@ -239,7 +239,7 @@ No change
| Privilege Name | Description | Notes |
| --------------- | --------------- | --------------- |
| `RESTRICTED_SYSTEM_VARIABLES_ADMIN` | Allows changing a restricted `GLOBAL` system variable. | Currently in SEM all high risk variables are unloaded. TBD, it might be required in future that they are only visible/settable to those with this privilege and not SUPER. |
| `RESTRICTED_STATUS_VARIABLES_ADMIN` | Allows observing restricted status variables. | i.e. `SHOW GLOBAL STATUS` by default hides some statistics when `SEM` is enabled. |
| `RESTRICTED_STATUS_ADMIN` | Allows observing restricted status variables. | i.e. `SHOW GLOBAL STATUS` by default hides some statistics when `SEM` is enabled. |
| `RESTRICTED_CONNECTION_ADMIN` | A special privilege to say that their connections, etc. can’t be killed by SUPER users AND they can kill connections by all other users. Affects `KILL`, `KILL TIDB` commands. | It is intended for the CloudAdmin user in DBaaS. |
| `RESTRICTED_USER_ADMIN` | A special privilege to say that their access can’t be changed by `SUPER` users. Statements `DROP USER`, `SET PASSWORD`, `ALTER USER`, `REVOKE` are all limited. | It is intended for the CloudAdmin user in DbaaS. |
| `RESTRICTED_TABLES_ADMIN` | A special privilege which means that the SEM hidden table semantic doesn’t apply. | It is intended for the CloudAdmin user in DbaaS. |
Expand Down
18 changes: 9 additions & 9 deletions docs/design/2021-03-09-security-enhanced-mode.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# Proposal:

- Author(s): [morgo](https://github.com/morgo)
- Last updated: April 12, 2021
- Last updated: April 25, 2021
- Discussion at: N/A

## Table of Contents
Expand Down Expand Up @@ -49,7 +49,7 @@ A boolean option called `EnableEnhancedSecurity` (default `FALSE`) will be added

### System Variables

The following system variables will be hidden:
The following system variables will be hidden unless the user has the `RESTRICTED_SYSTEM_VARIABLES_ADMIN` privilege:

* variable.TiDBDDLSlowOprThreshold,
* variable.TiDBAllowRemoveAutoInc,
Expand Down Expand Up @@ -78,13 +78,13 @@ The following system variables will be reset to defaults:

### Status Variables

The following status variables will be hidden:
The following status variables will be hidden unless the user has the `RESTRICTED_STATUS_ADMIN` privilege:

* tidb_gc_leader_desc

### Information Schema Tables

The following tables will be hidden:
The following tables will be hidden unless the user has the `RESTRICTED_TABLES_ADMIN` privilege:

* cluster_config
* cluster_hardware
Expand All @@ -99,7 +99,7 @@ The following tables will be hidden:
* metrics_tables
* tidb_hot_regions

The following tables will be modified to hide columns:
The following tables will be modified to hide columns unless the user has the `RESTRICTED_TABLES_ADMIN` privilege:

* tikv_store_status
* The address, capacity, available, start_ts and uptime columns will return NULL.
Expand All @@ -110,7 +110,7 @@ The following tables will be modified to hide columns:

### Performance Schema Tables

The following tables will be hidden:
The following tables will be hidden unless the user has the `RESTRICTED_TABLES_ADMIN` privilege:

* pd_profile_allocs
* pd_profile_block
Expand All @@ -128,7 +128,7 @@ The following tables will be hidden:

### System (mysql) Tables

The following tables will be hidden:
The following tables will be hidden unless the user has the `RESTRICTED_TABLES_ADMIN` privilege:

* expr_pushdown_blacklist
* gc_delete_range
Expand All @@ -137,11 +137,11 @@ The following tables will be hidden:
* tidb
* global_variables

The remaining system tables will be limited to read-only operations.
The remaining system tables will be limited to read-only operations and can not create new tables.

### Metrics Schema

All tables will be hidden, including the schema itself.
All tables will be hidden, including the schema itself unless the user has the `RESTRICTED_TABLES_ADMIN` privilege.

### Commands

Expand Down
36 changes: 32 additions & 4 deletions executor/infoschema_reader.go
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ import (
"github.com/pingcap/tidb/util/chunk"
"github.com/pingcap/tidb/util/collate"
"github.com/pingcap/tidb/util/pdapi"
"github.com/pingcap/tidb/util/sem"
"github.com/pingcap/tidb/util/set"
"github.com/pingcap/tidb/util/sqlexec"
"github.com/pingcap/tidb/util/stmtsummary"
Expand Down Expand Up @@ -132,7 +133,7 @@ func (e *memtableRetriever) retrieve(ctx context.Context, sctx sessionctx.Contex
case infoschema.TableSessionVar:
err = e.setDataFromSessionVar(sctx)
case infoschema.TableTiDBServersInfo:
err = e.setDataForServersInfo()
err = e.setDataForServersInfo(sctx)
case infoschema.TableTiFlashReplica:
e.dataForTableTiFlashReplica(sctx, dbs)
case infoschema.TableTiKVStoreStatus:
Expand Down Expand Up @@ -978,6 +979,18 @@ func (e *memtableRetriever) dataForTiKVStoreStatus(ctx sessionctx.Context) (err
lastHeartbeatTs := types.NewTime(types.FromGoTime(storeStat.Status.LastHeartbeatTs), mysql.TypeDatetime, types.DefaultFsp)
row[17].SetMysqlTime(lastHeartbeatTs)
row[18].SetString(storeStat.Status.Uptime, mysql.DefaultCollationName)
if sem.IsEnabled() {
// Patch out IP addresses etc if the user does not have the RESTRICTED_TABLES_ADMIN privilege
checker := privilege.GetPrivilegeManager(ctx)
if checker == nil || !checker.RequestDynamicVerification(ctx.GetSessionVars().ActiveRoles, "RESTRICTED_TABLES_ADMIN", false) {
row[1].SetString(strconv.FormatInt(storeStat.Store.ID, 10), mysql.DefaultCollationName)
row[1].SetNull()
row[6].SetNull()
row[7].SetNull()
row[16].SetNull()
row[18].SetNull()
}
}
e.rows = append(e.rows, row)
}
return nil
Expand Down Expand Up @@ -1120,6 +1133,15 @@ func (e *memtableRetriever) dataForTiDBClusterInfo(ctx sessionctx.Context) error
upTimeStr,
server.ServerID,
)
if sem.IsEnabled() {
checker := privilege.GetPrivilegeManager(ctx)
if checker == nil || !checker.RequestDynamicVerification(ctx.GetSessionVars().ActiveRoles, "RESTRICTED_TABLES_ADMIN", false) {
row[1].SetString(strconv.FormatUint(server.ServerID, 10), mysql.DefaultCollationName)
row[2].SetNull()
row[5].SetNull()
row[6].SetNull()
}
}
rows = append(rows, row)
}
e.rows = rows
Expand All @@ -1143,7 +1165,7 @@ func (e *memtableRetriever) setDataFromKeyColumnUsage(ctx sessionctx.Context, sc

func (e *memtableRetriever) setDataForClusterProcessList(ctx sessionctx.Context) error {
e.setDataForProcessList(ctx)
rows, err := infoschema.AppendHostInfoToRows(e.rows)
rows, err := infoschema.AppendHostInfoToRows(ctx, e.rows)
if err != nil {
return err
}
Expand Down Expand Up @@ -1729,7 +1751,7 @@ func (e *memtableRetriever) setDataForPseudoProfiling(sctx sessionctx.Context) {
}
}

func (e *memtableRetriever) setDataForServersInfo() error {
func (e *memtableRetriever) setDataForServersInfo(ctx sessionctx.Context) error {
serversInfo, err := infosync.GetAllServerInfo(context.Background())
if err != nil {
return err
Expand All @@ -1747,6 +1769,12 @@ func (e *memtableRetriever) setDataForServersInfo() error {
info.BinlogStatus, // BINLOG_STATUS
stringutil.BuildStringFromLabels(info.Labels), // LABELS
)
if sem.IsEnabled() {
checker := privilege.GetPrivilegeManager(ctx)
if checker == nil || !checker.RequestDynamicVerification(ctx.GetSessionVars().ActiveRoles, "RESTRICTED_TABLES_ADMIN", false) {
row[1].SetNull() // clear IP
}
}
rows = append(rows, row)
}
e.rows = rows
Expand Down Expand Up @@ -1844,7 +1872,7 @@ func (e *memtableRetriever) setDataForStatementsSummary(ctx sessionctx.Context,
switch tableName {
case infoschema.ClusterTableStatementsSummary,
infoschema.ClusterTableStatementsSummaryHistory:
rows, err := infoschema.AppendHostInfoToRows(e.rows)
rows, err := infoschema.AppendHostInfoToRows(ctx, e.rows)
if err != nil {
return err
}
Expand Down
2 changes: 1 addition & 1 deletion executor/point_get.go
Original file line number Diff line number Diff line change
Expand Up @@ -391,7 +391,7 @@ func (e *PointGetExecutor) get(ctx context.Context, key kv.Key) ([]byte, error)
}

func (e *PointGetExecutor) verifyTxnScope() error {
txnScope := e.txn.GetUnionStore().GetOption(tikvstore.TxnScope).(string)
txnScope := e.txn.GetOption(tikvstore.TxnScope).(string)
if txnScope == "" || txnScope == oracle.GlobalTxnScope {
return nil
}
Expand Down
2 changes: 1 addition & 1 deletion executor/seqtest/seq_executor_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -967,7 +967,7 @@ func (s *seqTestSuite) TestBatchInsertDelete(c *C) {
atomic.StoreUint64(&kv.TxnTotalSizeLimit, originLimit)
}()
// Set the limitation to a small value, make it easier to reach the limitation.
atomic.StoreUint64(&kv.TxnTotalSizeLimit, 5000)
atomic.StoreUint64(&kv.TxnTotalSizeLimit, 5500)

tk := testkit.NewTestKit(c, s.store)
tk.MustExec("use test")
Expand Down
8 changes: 8 additions & 0 deletions executor/show.go
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@ import (
"github.com/pingcap/tidb/util/format"
"github.com/pingcap/tidb/util/hack"
"github.com/pingcap/tidb/util/hint"
"github.com/pingcap/tidb/util/sem"
"github.com/pingcap/tidb/util/set"
"github.com/pingcap/tidb/util/sqlexec"
"github.com/pingcap/tidb/util/stringutil"
Expand Down Expand Up @@ -707,10 +708,17 @@ func (e *ShowExec) fetchShowStatus() error {
if err != nil {
return errors.Trace(err)
}
checker := privilege.GetPrivilegeManager(e.ctx)
for status, v := range statusVars {
if e.GlobalScope && v.Scope == variable.ScopeSession {
continue
}
// Skip invisible status vars if permission fails.
if sem.IsEnabled() && sem.IsInvisibleStatusVar(status) {
if checker == nil || !checker.RequestDynamicVerification(sessionVars.ActiveRoles, "RESTRICTED_STATUS_ADMIN", false) {
continue
}
}
switch v.Value.(type) {
case []interface{}, nil:
v.Value = fmt.Sprintf("%v", v.Value)
Expand Down
6 changes: 3 additions & 3 deletions executor/slow_query.go
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ func (e *slowQueryRetriever) retrieve(ctx context.Context, sctx sessionctx.Conte
}
e.initializeAsyncParsing(ctx, sctx)
}
rows, retrieved, err := e.dataForSlowLog(ctx)
rows, retrieved, err := e.dataForSlowLog(ctx, sctx)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -193,7 +193,7 @@ func (e *slowQueryRetriever) parseDataForSlowLog(ctx context.Context, sctx sessi
e.parseSlowLog(ctx, sctx, reader, ParseSlowLogBatchSize)
}

func (e *slowQueryRetriever) dataForSlowLog(ctx context.Context) ([][]types.Datum, bool, error) {
func (e *slowQueryRetriever) dataForSlowLog(ctx context.Context, sctx sessionctx.Context) ([][]types.Datum, bool, error) {
var (
task slowLogTask
ok bool
Expand All @@ -216,7 +216,7 @@ func (e *slowQueryRetriever) dataForSlowLog(ctx context.Context) ([][]types.Datu
continue
}
if e.table.Name.L == strings.ToLower(infoschema.ClusterTableSlowLog) {
rows, err := infoschema.AppendHostInfoToRows(rows)
rows, err := infoschema.AppendHostInfoToRows(sctx, rows)
return rows, false, err
}
return rows, false, nil
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ require (
github.com/pingcap/goleveldb v0.0.0-20191226122134-f82aafb29989
github.com/pingcap/kvproto v0.0.0-20210402093459-65aa336ccbbf
github.com/pingcap/log v0.0.0-20210317133921-96f4fcab92a4
github.com/pingcap/parser v0.0.0-20210421190254-588138d35e55
github.com/pingcap/parser v0.0.0-20210427084954-8e8ed7927bde
github.com/pingcap/sysutil v0.0.0-20210315073920-cc0985d983a3
github.com/pingcap/tidb-tools v4.0.9-0.20201127090955-2707c97b3853+incompatible
github.com/pingcap/tipb v0.0.0-20210422074242-57dd881b81b1
Expand Down
Loading

0 comments on commit b7e3110

Please sign in to comment.