Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

variables: add constraints on tidb_super_read_only when tidb_restricted_read_only is turned on #31746

Merged
merged 9 commits into from
Jan 20, 2022
Merged

variables: add constraints on tidb_super_read_only when tidb_restricted_read_only is turned on #31746

merged 9 commits into from
Jan 20, 2022

Conversation

ichn-hu
Copy link
Contributor

@ichn-hu ichn-hu commented Jan 17, 2022
edited
Loading

What problem does this PR solve?

Issue Number: close #31745

Problem Summary:

What is changed and how it works?

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below) @SunRunAway
  • No code

Side effects

  • Performance regression: Consumes more CPU
  • Performance regression: Consumes more Memory
  • Breaking backward compatibility

Documentation

  • Affects user behaviors
  • Contains syntax changes
  • Contains variable changes
  • Contains experimental features
  • Changes MySQL compatibility

Release note

Fixed a bug that turning on tidb_restricted_read_only won't automatically turn on tidb_super_read_only

@ti-chi-bot
Copy link
Member

ti-chi-bot commented Jan 17, 2022
edited
Loading

[REVIEW NOTIFICATION]

This pull request has been approved by:

  • SunRunAway
  • morgo

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

@ti-chi-bot ti-chi-bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jan 17, 2022
@sre-bot
Copy link
Contributor

sre-bot commented Jan 17, 2022
edited
Loading

Code Coverage Details: https://codecov.io/github/pingcap/tidb/commit/a07ce45f6bfd656af950e023b1515949a1180fe6

morgo
morgo reviewed Jan 17, 2022
View reviewed changes
domain/sysvar_cache.go Outdated Show resolved Hide resolved
@ichn-hu ichn-hu force-pushed the add-super-read-only branch from aa0e2d0 to a17b8e9 Compare January 18, 2022 04:37
@ti-chi-bot ti-chi-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jan 18, 2022
@ichn-hu ichn-hu marked this pull request as ready for review January 18, 2022 05:33
@ichn-hu ichn-hu requested a review from a team as a code owner January 18, 2022 05:33
@ti-chi-bot ti-chi-bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jan 18, 2022
@ichn-hu ichn-hu requested a review from SunRunAway January 18, 2022 05:38
@ichn-hu
Copy link
Contributor Author

ichn-hu commented Jan 18, 2022

@morgo PTAL again, thanks

@ichn-hu ichn-hu force-pushed the add-super-read-only branch from fad6f97 to 68bf1f8 Compare January 18, 2022 06:59
SunRunAway
SunRunAway approved these changes Jan 19, 2022
View reviewed changes
Copy link
Contributor

@SunRunAway SunRunAway left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test Points:

  • Privilege
    • tidb_super_read_only
      • ✅ SUPER and system_variables_admin can toggle this
      • ✅ Non-SUPER or Non-system_variables_admin cannot toggle this
      • ✅ Any privilege (like USAGE) can see values of tidb_super_read_only
    • tidb_restricted_read_only
      • If SEM is on
        • ✅ restricted_variables_admin can see this variable.
        • ✅ restricted_variables_admin+system_variables_admin can toggle this variable.
        • ✅ Other privileges can not see this variable.
        • ✅ Other privileges can not toggle this variable.
      • If SEM is off
        • ✅ SUPER and system_variables_admin can see and toggle this.
        • ✅ Restricted_system_variable_admin cannot toggle this, can see this.
        • ✅ Other privileges can see, but can not toggle this variable.
  • Transmissibility
    • ✅ Set tidb_restricted_read_only to ON -> tidb_super_read_only to ON
    • ✅ Set tidb_restricted_read_only to OFF -> tidb_super_read_only is unchanged
    • ✅ If tidb_restricted_read_only is ON, tidb_super_read_only cannot be set to OFF
  • run DDL & DML & LOCK
    • If tidb_restricted_read_only is ON or tidb_super_read_only is ON
      • ✅RESTRICTED_REPLICA_WRITER_ADMIN can run DDL & DML & LOCK
      • ✅ restricted_variables_admin can not run DDL & DML & LOCK.
      • ✅ SUPER can not run DDL & DML & LOCK, can run DQL
      • ✅ Any others can not run DDL & DML & LOCK

@ti-chi-bot ti-chi-bot added the status/LGT1 Indicates that a PR has LGTM 1. label Jan 19, 2022
@SunRunAway
Copy link
Contributor

@morgo ptal

@ichn-hu ichn-hu added needs-cherry-pick-release-5.2 needs-cherry-pick-release-5.3 Type: Need cherry pick to release-5.3 needs-cherry-pick-release-5.4 Should cherry pick this PR to release-5.4 branch. labels Jan 20, 2022
@ti-chi-bot ti-chi-bot added status/LGT2 Indicates that a PR has LGTM 2. and removed status/LGT1 Indicates that a PR has LGTM 1. labels Jan 20, 2022
@ichn-hu
Copy link
Contributor Author

ichn-hu commented Jan 20, 2022

/merge

@ti-chi-bot
Copy link
Member

This pull request has been accepted and is ready to merge.

Commit hash: a07ce45

@ti-chi-bot ti-chi-bot added the status/can-merge Indicates a PR has been approved by a committer. label Jan 20, 2022
@ti-chi-bot ti-chi-bot merged commit 1a146fa into pingcap:master Jan 20, 2022
@ti-srebot ti-srebot mentioned this pull request Jan 20, 2022
Closed
12 tasks
ti-srebot pushed a commit to ti-srebot/tidb that referenced this pull request Jan 20, 2022
@ichn-hu @ti-srebot
cherry pick pingcap#31746 to release-5.2
d0f161c 
Signed-off-by: ti-srebot <[email protected]>
@ti-srebot
Copy link
Contributor

cherry pick to release-5.2 in PR #31840

@ti-srebot ti-srebot mentioned this pull request Jan 20, 2022
Merged
12 tasks
ti-srebot pushed a commit to ti-srebot/tidb that referenced this pull request Jan 20, 2022
@ichn-hu @ti-srebot
cherry pick pingcap#31746 to release-5.3
a9189ae 
Signed-off-by: ti-srebot <[email protected]>
@ti-srebot
Copy link
Contributor

cherry pick to release-5.3 in PR #31841

ti-srebot pushed a commit to ti-srebot/tidb that referenced this pull request Jan 20, 2022
@ichn-hu @ti-srebot
cherry pick pingcap#31746 to release-5.4
68a6519 
Signed-off-by: ti-srebot <[email protected]>
@ti-srebot ti-srebot mentioned this pull request Jan 20, 2022
Merged
12 tasks
@ti-srebot
Copy link
Contributor

cherry pick to release-5.4 in PR #31842

ti-chi-bot pushed a commit that referenced this pull request Feb 17, 2022
@ti-srebot
variables: add constraints on tidb_super_read_only when tidb_restrict…
b0d865c 
…ed_read_only is turned on (#31746) (#31842)

close #31745
ti-chi-bot pushed a commit that referenced this pull request Feb 22, 2022
@ti-srebot
variables: add constraints on tidb_super_read_only when tidb_restrict…
ac9c004 
…ed_read_only is turned on (#31746) (#31841)

close #31745
@morgo morgo mentioned this pull request Mar 10, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@morgo morgo morgo approved these changes

@SunRunAway SunRunAway SunRunAway approved these changes

Assignees
No one assigned
Labels
needs-cherry-pick-release-5.2 needs-cherry-pick-release-5.3 Type: Need cherry pick to release-5.3 needs-cherry-pick-release-5.4 Should cherry pick this PR to release-5.4 branch. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. status/can-merge Indicates a PR has been approved by a committer. status/LGT2 Indicates that a PR has LGTM 2.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

turning on tidb_restricted_read_only doesn't affects super_read_only
6 participants
@ichn-hu @ti-chi-bot @sre-bot @SunRunAway @ti-srebot @morgo