Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

privilege: fix RequestVerificationWithUser use of default roles (#24442) #24532

Merged
merged 4 commits into from
Aug 12, 2021

Conversation

ti-srebot
Copy link
Contributor

@ti-srebot ti-srebot commented May 10, 2021

cherry-pick #24442 to release-5.0
You can switch your code base to this Pull Request by using git-extras:

# In tidb repo:
git pr https://github.com/pingcap/tidb/pull/24532

After apply modifications, you can push your change to this PR via:

git push [email protected]:ti-srebot/tidb.git pr/24532:release-5.0-b8cad01bef30

What problem does this PR solve?

Issue Number: close #24414

Problem Summary:

Views support a feature to run in the security of the DEFINER. This is useful because it allows column level / row level security to effectively be supported, when TiDB supports neither.

However, the implementation was buggy because RequestVerificationWithUser in the privilege API did not consider default roles for that user correctly. In this fix it now does.

What is changed and how it works?

What's Changed:

Bug fix only.

Related changes

  • Need to cherry-pick to the release branch

Check List

Tests

  • Integration test

Side effects

  • None

Release note

  • SQL Views now consider the default roles associated with the SQL DEFINER correctrly.

@ti-srebot
Copy link
Contributor Author

/run-all-tests

@ti-srebot ti-srebot added sig/sql-infra SIG: SQL Infra size/M Denotes a PR that changes 30-99 lines, ignoring generated files. type/5.0-cherry-pick labels May 10, 2021
@ti-chi-bot ti-chi-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels May 10, 2021
@ti-srebot ti-srebot added this to the v5.0.1 milestone May 10, 2021
@ti-srebot
Copy link
Contributor Author

@morgo please accept the invitation then you can push to the cherry-pick pull requests.
https://github.com/ti-srebot/tidb/invitations

@ti-chi-bot ti-chi-bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. do-not-merge/cherry-pick-not-approved and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels May 10, 2021
@bb7133
Copy link
Member

bb7133 commented May 12, 2021

/lgtm

@ti-chi-bot ti-chi-bot added the status/LGT1 Indicates that a PR has LGTM 1. label May 12, 2021
@ti-chi-bot
Copy link
Member

[REVIEW NOTIFICATION]

This pull request has been approved by:

  • bb7133
  • wjhuang2016

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by writing /lgtm in a comment.
Reviewer can cancel approval by writing /lgtm cancel in a comment.

@ti-chi-bot ti-chi-bot added status/LGT2 Indicates that a PR has LGTM 2. and removed status/LGT1 Indicates that a PR has LGTM 1. labels May 12, 2021
@bb7133
Copy link
Member

bb7133 commented May 12, 2021

/merge

@ti-chi-bot
Copy link
Member

This pull request has been accepted and is ready to merge.

Commit hash: 477f76c

@ti-chi-bot ti-chi-bot added the status/can-merge Indicates a PR has been approved by a committer. label May 12, 2021
@morgo
Copy link
Contributor

morgo commented May 12, 2021

/run-all-tests

@morgo
Copy link
Contributor

morgo commented May 12, 2021

/run-unit-test

@morgo
Copy link
Contributor

morgo commented May 12, 2021

/merge

@morgo
Copy link
Contributor

morgo commented Jun 23, 2021

@zhouqiang-cl This was cherry picked to 4.0 but not 5.0. This is a problem because the user who reported the issue was on 4.0 but they've now upgraded to 5.0. So the bug is not fixed for them :(

@zhouqiang-cl zhouqiang-cl added the cherry-pick-approved Cherry pick PR approved by release team. label Aug 12, 2021
@ti-chi-bot
Copy link
Member

@ti-srebot: Your PR was out of date, I have automatically updated it for you.

At the same time I will also trigger all tests for you:

/run-all-tests

If the CI test fails, you just re-trigger the test that failed and the bot will merge the PR for you after the CI passes.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cherry-pick-approved Cherry pick PR approved by release team. sig/sql-infra SIG: SQL Infra size/M Denotes a PR that changes 30-99 lines, ignoring generated files. status/can-merge Indicates a PR has been approved by a committer. status/LGT2 Indicates that a PR has LGTM 2. type/5.0-cherry-pick
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants