Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

*: support certificate based authentication #13955

Merged
merged 5 commits into from
Dec 23, 2019
Merged

*: support certificate based authentication #13955

merged 5 commits into from
Dec 23, 2019

Conversation

lysu
Copy link
Contributor

@lysu lysu commented Dec 6, 2019
edited
Loading

What problem does this PR solve?

fixes #9708

to make TiDB support certificate-based authentication like mysql.

What is changed and how it works?

  • add new mysql.global_priv system table
  • maintain require clause info in those new table
  • retrieve cert info from tlsConn
  • check current user's ssl_type, ssl_issuer, ssl_subject - (WIP)

Check List

Tests

  • Unit test
  • Integration test(WIP)

Code changes

  • impl change

Side effects

  • N/A

Related changes

  • Need to cherry-pick to the release branch - 3.0

Release note

  • support certificate based authentication

This change is Reviewable

@lysu lysu changed the title *: support certificate based authentication [WIP]*: support certificate based authentication Dec 6, 2019
@lysu lysu mentioned this pull request Dec 6, 2019
Closed
@codecov
Copy link

codecov bot commented Dec 10, 2019
edited
Loading

Codecov Report

❗ No coverage uploaded for pull request base (master@f0282d3). Click here to learn what that means.
The diff coverage is 82.2289%.

@@             Coverage Diff             @@
##             master     #13955   +/-   ##
===========================================
  Coverage          ?   80.1802%           
===========================================
  Files             ?        482           
  Lines             ?     121142           
  Branches          ?          0           
===========================================
  Hits              ?      97132           
  Misses            ?      16250           
  Partials          ?       7760

@lysu lysu changed the title [WIP]*: support certificate based authentication *: support certificate based authentication Dec 12, 2019
@lysu
Copy link
Contributor Author

lysu commented Dec 12, 2019

/run-all-tests

@imtbkcat imtbkcat self-requested a review December 12, 2019 11:21
@lysu lysu removed the status/WIP label Dec 13, 2019
@lysu lysu mentioned this pull request Dec 16, 2019
Closed
jackysp
jackysp reviewed Dec 17, 2019
View reviewed changes
executor/grant.go Outdated Show resolved Hide resolved
jackysp
jackysp reviewed Dec 17, 2019
View reviewed changes
server/tidb_test.go Outdated Show resolved Hide resolved
@lysu
Copy link
Contributor Author

lysu commented Dec 19, 2019

friendly ping @imtbkcat @jackysp @tiancaiamao

imtbkcat
imtbkcat reviewed Dec 20, 2019
View reviewed changes
executor/grant.go Show resolved Hide resolved
executor/grant.go Outdated Show resolved Hide resolved
imtbkcat
imtbkcat reviewed Dec 23, 2019
View reviewed changes
Copy link

@imtbkcat imtbkcat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@imtbkcat imtbkcat added the status/LGT1 Indicates that a PR has LGTM 1. label Dec 23, 2019
@lysu
Copy link
Contributor Author

lysu commented Dec 23, 2019

@tiancaiamao @jackysp need another LGTM, PTAL 😄

jackysp
jackysp approved these changes Dec 23, 2019
View reviewed changes
Copy link
Member

@jackysp jackysp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jackysp
Copy link
Member

jackysp commented Dec 23, 2019

/merge

@sre-bot sre-bot added the status/can-merge Indicates a PR has been approved by a committer. label Dec 23, 2019
@sre-bot
Copy link
Contributor

sre-bot commented Dec 23, 2019

/run-all-tests

@sre-bot
Copy link
Contributor

sre-bot commented Dec 23, 2019

@lysu merge failed.

@lysu
Copy link
Contributor Author

lysu commented Dec 23, 2019

/run-integration-common-test

@lysu lysu merged commit cd07c45 into pingcap:master Dec 23, 2019
@sre-bot
Copy link
Contributor

sre-bot commented Dec 23, 2019

cherry pick to release-3.0 failed

@lysu lysu deleted the dev-ssl-auth branch December 23, 2019 03:52
@lysu lysu mentioned this pull request Dec 24, 2019
Merged
@wwar wwar mentioned this pull request Dec 24, 2019
Closed
sre-bot pushed a commit that referenced this pull request Dec 26, 2019
@lysu @sre-bot
*: support certificate based authentication (#13955) (#14202)
eb355be
@kolbe kolbe mentioned this pull request Feb 12, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@imtbkcat imtbkcat imtbkcat left review comments

@jackysp jackysp jackysp approved these changes

@tiancaiamao tiancaiamao Awaiting requested review from tiancaiamao

Assignees
No one assigned
Labels
status/can-merge Indicates a PR has been approved by a committer. status/LGT1 Indicates that a PR has LGTM 1. type/compatibility type/new-feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Certificate based authentication
5 participants
@lysu @jackysp @sre-bot @tiancaiamao @imtbkcat