Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

http_api (ticdc): check --cert-allowed-cn before add server common name #3628

Merged
merged 9 commits into from
Dec 14, 2021
Merged

http_api (ticdc): check --cert-allowed-cn before add server common name #3628

merged 9 commits into from
Dec 14, 2021

Conversation

asddongmen
Copy link
Contributor

@asddongmen asddongmen commented Nov 26, 2021
edited
Loading

What problem does this PR solve?

#3627

What is changed and how it works?

check cert-allowed-cn before add server common nam

Check List

Tests

  • Manual test (add detailed scripts or steps below)
  • Unit test

Code changes

  • Has exported function/method change

Side effects

Related changes

  • Need to cherry-pick to the release branch

Release note 

Fix cli don't work when cli cert's common name was not added in config that use for start cdc server.

@ti-chi-bot
Copy link
Member

ti-chi-bot commented Nov 26, 2021
edited
Loading

[REVIEW NOTIFICATION]

This pull request has been approved by:

  • ben1009
  • overvenus

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

@ti-chi-bot ti-chi-bot added the release-note Denotes a PR that will be considered when it comes time to generate release notes. label Nov 26, 2021
@ti-chi-bot ti-chi-bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Nov 26, 2021
@codecov-commenter
Copy link

codecov-commenter commented Nov 26, 2021
edited
Loading

Codecov Report

Merging #3628 (ee14808) into master (eed6f9b) will decrease coverage by 0.4432%.
The diff coverage is 59.9544%.

Flag Coverage Δ
cdc 57.9171% <69.3672%> (-0.5201%) ⬇️
dm 55.9910% <46.3848%> (-0.3843%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@@               Coverage Diff                @@
##             master      #3628        +/-   ##
================================================
- Coverage   57.3452%   56.9020%   -0.4432%     
================================================
  Files           460        479        +19     
  Lines         54927      56643      +1716     
================================================
+ Hits          31498      32231       +733     
- Misses        20180      21135       +955     
- Partials       3249       3277        +28

@asddongmen asddongmen added component/status-server Status server component. needs-cherry-pick-release-5.3 Should cherry pick this PR to release-5.3 branch. status/ptal Could you please take a look? labels Nov 26, 2021
@asddongmen asddongmen added this to the v5.3.1 milestone Nov 26, 2021
@asddongmen
Copy link
Contributor Author

/run-integration-tests

liuzix
liuzix reviewed Nov 26, 2021
View reviewed changes
pkg/security/credential.go Outdated Show resolved Hide resolved
overvenus
overvenus reviewed Dec 8, 2021
View reviewed changes
Copy link
Member

@overvenus overvenus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add tests for bug-fix PR

@ti-chi-bot ti-chi-bot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Dec 14, 2021
@asddongmen
Copy link
Contributor Author

@overvenus @hi-rustin @liuzix PTAL thanks~!

overvenus
overvenus reviewed Dec 14, 2021
View reviewed changes
cdc/http_status_test.go Outdated Show resolved Hide resolved
@ti-chi-bot ti-chi-bot added the status/LGT1 Indicates that a PR has LGTM 1. label Dec 14, 2021
ben1009
ben1009 reviewed Dec 14, 2021
View reviewed changes
pkg/security/util.go Outdated Show resolved Hide resolved
@ti-chi-bot ti-chi-bot added status/LGT2 Indicates that a PR has LGTM 2. and removed status/LGT1 Indicates that a PR has LGTM 1. labels Dec 14, 2021
@overvenus
Copy link
Member

/merge

@ti-chi-bot
Copy link
Member

This pull request has been accepted and is ready to merge.

Commit hash: 62f203c

@ti-chi-bot ti-chi-bot added the status/can-merge Indicates a PR has been approved by a committer. label Dec 14, 2021
@asddongmen
Copy link
Contributor Author

/run-kafka-integration-tests

@ti-chi-bot ti-chi-bot merged commit d7c6627 into pingcap:master Dec 14, 2021
ti-chi-bot pushed a commit to ti-chi-bot/tiflow that referenced this pull request Dec 14, 2021
@asddongmen @ti-chi-bot
This is an automated cherry-pick of pingcap#3628
51d798f 
Signed-off-by: ti-chi-bot <ti-community-prow-bot@tidb.io>
@ti-chi-bot ti-chi-bot mentioned this pull request Dec 14, 2021
Merged
@ti-chi-bot
Copy link
Member

In response to a cherrypick label: new pull request created: #3882.

ti-chi-bot added a commit that referenced this pull request Dec 20, 2021
@ti-chi-bot
http_api (ticdc): check --cert-allowed-cn before add server common na…
626029b 
…me (#3628) (#3882)
@asddongmen asddongmen deleted the http_server_common_name branch December 22, 2021 08:08
zhaoxinyu pushed a commit to zhaoxinyu/ticdc that referenced this pull request Dec 29, 2021
@asddongmen @zhaoxinyu
http_api (ticdc): check --cert-allowed-cn before add server common na…
fce607b 
…me (pingcap#3628)
3AceShowHand pushed a commit to ti-chi-bot/tiflow that referenced this pull request Jan 13, 2022
@ti-chi-bot @3AceShowHand
http_api (ticdc): check --cert-allowed-cn before add server common na…
e85d1e1 
…me (pingcap#3628) (pingcap#3882)
overvenus pushed a commit that referenced this pull request Jan 18, 2022
@ti-chi-bot @zhaoxinyu
@amyangfei @lance6716 @sdojjy @3AceShowHand
metrics(cdc): fix mq sink write row count metrics. (#4192) (#4323)
ae04769 
* fix the txn_batch_size metric inaccuracy bug when the sink target is MQ

* address comments

* add comments for exported functions

* fix the compiling problem

* workerpool: limit the rate to output deadlock warning (#3775) (#3795)

* tests(ticdc): set up the sync diff output directory correctly (#3725) (#3741)

* relay(dm): use binlog name comparison (#3710) (#3712)

* dm/load: fix concurrent call Loader.Status (#3459) (#3468)

* cdc/sorter: make unified sorter cgroup aware (#3436) (#3439)

* tz (ticdc): fix timezone error (#3887) (#3906)

* pkg,cdc: do not use log package (#3902) (#3940)

* *: rename repo from pingcap/ticdc to pingcap/tiflow (#3959)

* http_*: add log for http api and refine the err handle logic (#2997) (#3307)

* etcd_worker: batch etcd patch (#3277) (#3389)

* http_api (ticdc): check --cert-allowed-cn before add server common name (#3628) (#3882)

* kvclient(ticdc): fix kvclient takes too long time to recover (#3612) (#3663)

* owner: fix owner tick block http request (#3490) (#3530)

* dm/syncer: use downstream PK/UK to generate DML (#3168) (#3256)

* dep(dm): update go-mysql (#3914) (#3934)

* dm/syncer: multiple rows use downstream schema (#3308) (#3953)

* errorutil,sink,syncer: add errorutil to handle ignorable error (#3264) (#3995)

* dm/worker: don't exit when failed to read checkpoint in relay (#3345) (#4005)

* syncer(dm): use an early location to reset binlog and open safemode (#3860)

* ticdc/owner: Fix ddl special comment syntax error (#3845) (#3978)

* dm/scheduler: fix inconsistent of relay status (#3474) (#4009)

* owner,scheduler(cdc): fix nil pointer panic in owner scheduler (#2980) (#4007) (#4016)

* config(ticdc): Fix old value configuration check for maxwell protocol (#3747) (#3783)

* sink(ticdc): cherry pick sink bug fix to release 5.3 (#4083)

* master(dm): clean and treat invalid load task (#4004) (#4145)

* loader: fix wrong progress in query-status for loader (#4093) (#4143)

close #3252

* ticdc/processor: Fix backoff base delay misconfiguration (#3992) (#4028)

* dm: load table structure from dump files (#3295) (#4163)

* compactor: fix duplicate entry in safemode (#3432) (#3434) (#4088)

* kv(ticdc): reduce eventfeed rate limited log (#4072) (#4111)

close #4006

* metrics(ticdc): add resolved ts and add changefeed to dataflow (#4038) (#4104)

* This is an automated cherry-pick of #4192

Signed-off-by: ti-chi-bot <ti-community-prow-bot@tidb.io>

* retry(dm): align with tidb latest error message (#4172) (#4254)

close #4159, close #4246

* owner(ticdc): Add bootstrap and try to fix the meta information in it (#3838) (#3865)

* redolog: add a precleanup process when s3 enable (#3525) (#3878)

* ddl(dm): make skipped ddl pass `SplitDDL()` (#4176) (#4227)

close #4173

* cdc/sink: remove Initialize method from the sink interface (#3682) (#3765)

Co-authored-by: Ling Jin <7138436+3AceShowHand@users.noreply.github.com>

* http_api (ticdc): fix http api 'get processor' panic. (#4117) (#4123)

close #3840

* sink (ticdc): fix a deadlock due to checkpointTs fall back in sinkNode (#4084) (#4099)

close #4055

* cdc/sink: adjust kafka initialization logic (#3192) (#4162)

* try fix conflicts.

* This is an automated cherry-pick of #4192

Signed-off-by: ti-chi-bot <ti-community-prow-bot@tidb.io>

* fix conflicts.

* fix conflicts.

Co-authored-by: zhaoxinyu <zhaoxinyu512@gmail.com>
Co-authored-by: amyangfei <yangfei@pingcap.com>
Co-authored-by: lance6716 <lance6716@gmail.com>
Co-authored-by: sdojjy <sdojjy@qq.com>
Co-authored-by: Ling Jin <7138436+3AceShowHand@users.noreply.github.com>
Co-authored-by: 3AceShowHand <jinl1037@hotmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@liuzix liuzix liuzix left review comments

@ben1009 ben1009 ben1009 approved these changes

@overvenus overvenus overvenus approved these changes

@amyangfei amyangfei Awaiting requested review from amyangfei

@Rustin170506 Rustin170506 Awaiting requested review from Rustin170506

Assignees
No one assigned
Labels
component/status-server Status server component. needs-cherry-pick-release-5.3 Should cherry pick this PR to release-5.3 branch. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. status/can-merge Indicates a PR has been approved by a committer. status/LGT2 Indicates that a PR has LGTM 2. status/ptal Could you please take a look?
Projects
None yet
Milestone
v5.3.1
Development

Successfully merging this pull request may close these issues.
6 participants
@asddongmen @ti-chi-bot @codecov-commenter @overvenus @ben1009 @liuzix