Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security: Allow empty security config for disabling tls #9234

Merged
merged 9 commits into from
Jul 16, 2024
Merged

security: Allow empty security config for disabling tls #9234

merged 9 commits into from
Jul 16, 2024

Conversation

JaySon-Huang
Copy link
Contributor

@JaySon-Huang JaySon-Huang commented Jul 15, 2024
edited
Loading

What problem does this PR solve?

Issue Number: close #9235

Problem Summary:

TiFlash fails to start with following configs

        [security]
          ca_path = ""
          cert_path = ""
          key_path = ""

What is changed and how it works?

If any of the security.ca_path/security.cert_path/security.key_path is empty, treat it as missing.
And if all of the three config are not exist or empty strings, TLS is disabled in tiflash.

security: allow empty `security.ca_path`/`security.cert_path`/`security.key_path`

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)
  • No code

Side effects

  • Performance regression: Consumes more CPU
  • Performance regression: Consumes more Memory
  • Breaking backward compatibility

Documentation

  • Affects user behaviors
  • Contains syntax changes
  • Contains variable changes
  • Contains experimental features
  • Changes MySQL compatibility

Release note

Fix a bug that empty SSL config strings will enable TLS for tiflash

@ti-chi-bot ti-chi-bot bot added do-not-merge/needs-linked-issue release-note-none Denotes a PR that doesn't merit a release note. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed do-not-merge/needs-linked-issue release-note-none Denotes a PR that doesn't merit a release note. labels Jul 15, 2024
JaySon-Huang
JaySon-Huang commented Jul 15, 2024
View reviewed changes
dbms/src/Storages/DeltaMerge/DeltaTree.h Outdated Show resolved Hide resolved
dbms/src/Storages/DeltaMerge/DeltaTree.h Outdated Show resolved Hide resolved
@ti-chi-bot ti-chi-bot bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jul 16, 2024
zanmato1984
zanmato1984 approved these changes Jul 16, 2024
View reviewed changes
Copy link
Contributor

@zanmato1984 zanmato1984 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ti-chi-bot ti-chi-bot bot added needs-1-more-lgtm Indicates a PR needs 1 more LGTM. approved labels Jul 16, 2024
@JaySon-Huang
Copy link
Contributor Author

/retest

windtalker
windtalker approved these changes Jul 16, 2024
View reviewed changes
Copy link
Contributor

@windtalker windtalker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ti-chi-bot ti-chi-bot
Copy link
Contributor

ti-chi-bot bot commented Jul 16, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: windtalker, zanmato1984

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [windtalker,zanmato1984]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ti-chi-bot ti-chi-bot bot added lgtm and removed needs-1-more-lgtm Indicates a PR needs 1 more LGTM. labels Jul 16, 2024
@ti-chi-bot ti-chi-bot
Copy link
Contributor

ti-chi-bot bot commented Jul 16, 2024

[LGTM Timeline notifier]

Timeline:

  • 2024-07-16 04:17:28.826925411 +0000 UTC m=+327470.817866874: ☑️ agreed by zanmato1984.
  • 2024-07-16 09:17:54.711925767 +0000 UTC m=+345496.702867236: ☑️ agreed by windtalker.

@ti-chi-bot ti-chi-bot bot merged commit 951e010 into pingcap:master Jul 16, 2024
5 checks passed
@JaySon-Huang JaySon-Huang deleted the empty_security_cfg branch July 16, 2024 10:43
@ti-chi-bot ti-chi-bot added needs-cherry-pick-release-7.5 Should cherry pick this PR to release-7.5 branch. needs-cherry-pick-release-8.1 Should cherry pick this PR to release-8.1 branch. labels Jul 17, 2024
ti-chi-bot pushed a commit to ti-chi-bot/tiflash that referenced this pull request Jul 17, 2024
@JaySon-Huang @ti-chi-bot
This is an automated cherry-pick of pingcap#9234
4d8a158 
Signed-off-by: ti-chi-bot <[email protected]>
@ti-chi-bot
Copy link
Member

In response to a cherrypick label: new pull request created to branch release-7.5: #9238.

ti-chi-bot pushed a commit to ti-chi-bot/tiflash that referenced this pull request Jul 17, 2024
@JaySon-Huang @ti-chi-bot
This is an automated cherry-pick of pingcap#9234
192b3b6 
Signed-off-by: ti-chi-bot <[email protected]>
@ti-chi-bot ti-chi-bot mentioned this pull request Jul 17, 2024
Merged
12 tasks
@ti-chi-bot
Copy link
Member

In response to a cherrypick label: new pull request created to branch release-8.1: #9239.

@ti-chi-bot ti-chi-bot mentioned this pull request Jul 17, 2024
Merged
12 tasks
ti-chi-bot bot pushed a commit that referenced this pull request Jul 18, 2024
@ti-chi-bot @JaySon-Huang
security: Allow empty security config for disabling tls (#9234) (#9238)
2eb2cfe 
close #9235

security: allow empty `security.ca_path`/`security.cert_path`/`security.key_path`

Signed-off-by: ti-chi-bot <[email protected]>

Co-authored-by: JaySon <[email protected]>
Co-authored-by: JaySon-Huang <[email protected]>
ti-chi-bot bot pushed a commit that referenced this pull request Jul 19, 2024
@ti-chi-bot @JaySon-Huang
security: Allow empty security config for disabling tls (#9234) (#9239)
8f64468 
close #9235

security: allow empty `security.ca_path`/`security.cert_path`/`security.key_path`

Signed-off-by: ti-chi-bot <[email protected]>

Co-authored-by: JaySon <[email protected]>
Co-authored-by: JaySon-Huang <[email protected]>
@ti-chi-bot ti-chi-bot bot added the needs-cherry-pick-release-6.5 Should cherry pick this PR to release-6.5 branch. label Aug 26, 2024
ti-chi-bot pushed a commit to ti-chi-bot/tiflash that referenced this pull request Aug 26, 2024
@JaySon-Huang @ti-chi-bot
This is an automated cherry-pick of pingcap#9234
0d8a800 
Signed-off-by: ti-chi-bot <[email protected]>
@ti-chi-bot ti-chi-bot mentioned this pull request Aug 26, 2024
Merged
12 tasks
@ti-chi-bot
Copy link
Member

In response to a cherrypick label: new pull request created to branch release-6.5: #9347.

ti-chi-bot bot pushed a commit that referenced this pull request Aug 26, 2024
@ti-chi-bot @JaySon-Huang
security: Allow empty security config for disabling tls (#9234) (#9347)
7048a4f 
close #9235

security: allow empty `security.ca_path`/`security.cert_path`/`security.key_path`

Signed-off-by: ti-chi-bot <[email protected]>
Signed-off-by: JaySon-Huang <[email protected]>

Co-authored-by: JaySon <[email protected]>
Co-authored-by: JaySon-Huang <[email protected]>
@ti-chi-bot ti-chi-bot bot added the needs-cherry-pick-release-7.1 Should cherry pick this PR to release-7.1 branch. label Oct 28, 2024
ti-chi-bot pushed a commit to ti-chi-bot/tiflash that referenced this pull request Oct 28, 2024
@JaySon-Huang @ti-chi-bot
This is an automated cherry-pick of pingcap#9234
614918d 
Signed-off-by: ti-chi-bot <[email protected]>
@ti-chi-bot
Copy link
Member

In response to a cherrypick label: new pull request created to branch release-7.1: #9559.

@ti-chi-bot ti-chi-bot mentioned this pull request Oct 28, 2024
Merged
12 tasks
JaySon-Huang added a commit to ti-chi-bot/tiflash that referenced this pull request Oct 28, 2024
@ti-chi-bot @JaySon-Huang
security: Allow empty security config for disabling tls (pingcap#9234) (
cbbd91c 
pingcap#9238)

close pingcap#9235

security: allow empty `security.ca_path`/`security.cert_path`/`security.key_path`

Signed-off-by: ti-chi-bot <[email protected]>

Co-authored-by: JaySon <[email protected]>
Co-authored-by: JaySon-Huang <[email protected]>
ti-chi-bot bot pushed a commit that referenced this pull request Oct 31, 2024
@ti-chi-bot @JaySon-Huang
security: Allow empty security config for disabling tls (#9234) (#9559)
25a2eaf 
close #9235

security: allow empty `security.ca_path`/`security.cert_path`/`security.key_path`

Signed-off-by: ti-chi-bot <[email protected]>

Co-authored-by: JaySon <[email protected]>
Co-authored-by: JaySon-Huang <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@windtalker windtalker windtalker approved these changes

@zanmato1984 zanmato1984 zanmato1984 approved these changes

@ywqzzy ywqzzy Awaiting requested review from ywqzzy

Assignees
No one assigned
Labels
approved lgtm needs-cherry-pick-release-6.5 Should cherry pick this PR to release-6.5 branch. needs-cherry-pick-release-7.1 Should cherry pick this PR to release-7.1 branch. needs-cherry-pick-release-7.5 Should cherry pick this PR to release-7.5 branch. needs-cherry-pick-release-8.1 Should cherry pick this PR to release-8.1 branch. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

TiFlash fails to start with empty string ssl configs
4 participants
@JaySon-Huang @ti-chi-bot @zanmato1984 @windtalker