Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

privilege: fix RequestVerificationWithUser use of default roles (#24442) #24531

Merged
merged 3 commits into from
May 12, 2021
Merged

privilege: fix RequestVerificationWithUser use of default roles (#24442) #24531

merged 3 commits into from
May 12, 2021

Conversation

ti-srebot
Copy link
Contributor

@ti-srebot ti-srebot commented May 10, 2021
edited
Loading

cherry-pick #24442 to release-4.0
You can switch your code base to this Pull Request by using git-extras:

# In tidb repo:
git pr https://github.com/pingcap/tidb/pull/24531

After apply modifications, you can push your change to this PR via:

git push git@github.com:ti-srebot/tidb.git pr/24531:release-4.0-b8cad01bef30

What problem does this PR solve?

Issue Number: close #24414

Problem Summary:

Views support a feature to run in the security of the DEFINER. This is useful because it allows column level / row level security to effectively be supported, when TiDB supports neither.

However, the implementation was buggy because RequestVerificationWithUser in the privilege API did not consider default roles for that user correctly. In this fix it now does.

What is changed and how it works?

What's Changed:

Bug fix only.

Related changes

  • Need to cherry-pick to the release branch

Check List

Tests

  • Integration test

Side effects

  • None

Release note

  • SQL Views now consider the default roles associated with the SQL DEFINER correctrly.

@morgo @ti-srebot
cherry pick pingcap#24442 to release-4.0
0e0aaaa 
Signed-off-by: ti-srebot <ti-srebot@pingcap.com>
@ti-srebot
Copy link
Contributor Author

/run-all-tests

@ti-srebot ti-srebot mentioned this pull request May 10, 2021
Merged
@ti-srebot ti-srebot added sig/sql-infra SIG: SQL Infra size/M Denotes a PR that changes 30-99 lines, ignoring generated files. type/4.0-cherry-pick labels May 10, 2021
@ti-chi-bot ti-chi-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels May 10, 2021
@ti-srebot ti-srebot added this to the v4.0.13 milestone May 10, 2021
@ti-srebot
Copy link
Contributor Author

@morgo please accept the invitation then you can push to the cherry-pick pull requests.
https://github.com/ti-srebot/tidb/invitations

@ti-chi-bot ti-chi-bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. do-not-merge/cherry-pick-not-approved and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels May 10, 2021
@zhouqiang-cl zhouqiang-cl added the cherry-pick-approved Cherry pick PR approved by release team. label May 11, 2021
@bb7133
Copy link
Member

bb7133 commented May 12, 2021

/lgtm

@ti-chi-bot ti-chi-bot added the status/LGT1 Indicates that a PR has LGTM 1. label May 12, 2021
@ti-chi-bot
Copy link
Member

[REVIEW NOTIFICATION]

This pull request has been approved by:

  • bb7133
  • wjhuang2016

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by writing /lgtm in a comment.
Reviewer can cancel approval by writing /lgtm cancel in a comment.

@ti-chi-bot ti-chi-bot added status/LGT2 Indicates that a PR has LGTM 2. and removed status/LGT1 Indicates that a PR has LGTM 1. labels May 12, 2021
@bb7133
Copy link
Member

bb7133 commented May 12, 2021

/merge

@ti-chi-bot
Copy link
Member

This pull request has been accepted and is ready to merge.

Commit hash: 7514eed

@ti-chi-bot ti-chi-bot added the status/can-merge Indicates a PR has been approved by a committer. label May 12, 2021
@ti-chi-bot
Copy link
Member

@ti-srebot: Your PR was out of date, I have automatically updated it for you.

At the same time I will also trigger all tests for you:

/run-all-tests

If the CI test fails, you just re-trigger the test that failed and the bot will merge the PR for you after the CI passes.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

@zhouqiang-cl
Copy link
Contributor

/merge

@ti-chi-bot ti-chi-bot merged commit e25d1d0 into pingcap:release-4.0 May 12, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wjhuang2016 wjhuang2016 wjhuang2016 approved these changes

@bb7133 bb7133 Awaiting requested review from bb7133

Assignees

@morgo morgo

Labels
cherry-pick-approved Cherry pick PR approved by release team. sig/sql-infra SIG: SQL Infra size/M Denotes a PR that changes 30-99 lines, ignoring generated files. status/can-merge Indicates a PR has been approved by a committer. status/LGT2 Indicates that a PR has LGTM 2. type/4.0-cherry-pick
Projects
None yet
Milestone
v4.0.13
Development

Successfully merging this pull request may close these issues.
6 participants
@ti-srebot @bb7133 @ti-chi-bot @zhouqiang-cl @wjhuang2016 @morgo