-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: acl forward compatible #2459
Conversation
* fix: codis-dashboard uses 100% cpu(OpenAtomFoundation#2332) (OpenAtomFoundation#2393) Co-authored-by: liuchengyu <[email protected]> * fix: The role displayed on the first Server in the Group area of the codis-fe is incorrect (OpenAtomFoundation#2350) (OpenAtomFoundation#2387) Co-authored-by: liuchengyu <[email protected]> --------- Co-authored-by: Chengyu Liu <[email protected]> Co-authored-by: liuchengyu <[email protected]>
* fix: codis-dashboard uses 100% cpu(OpenAtomFoundation#2332) (OpenAtomFoundation#2393) Co-authored-by: liuchengyu <[email protected]> * fix: The role displayed on the first Server in the Group area of the codis-fe is incorrect (OpenAtomFoundation#2350) (OpenAtomFoundation#2387) Co-authored-by: liuchengyu <[email protected]> * fix: automatic fix master-slave replication relationship after master or slave service restarted (OpenAtomFoundation#2373, OpenAtomFoundation#2038, OpenAtomFoundation#1950, OpenAtomFoundation#1967, OpenAtomFoundation#2351)) (OpenAtomFoundation#2386) Co-authored-by: liuchengyu <[email protected]> * feat:add 3.5.3 changelog (OpenAtomFoundation#2395) * add 3.5.3 changelog --------- Co-authored-by: chejinge <[email protected]> --------- Co-authored-by: Chengyu Liu <[email protected]> Co-authored-by: liuchengyu <[email protected]> Co-authored-by: chejinge <[email protected]>
ACL 兼容以前的方案 基本和这个pr的内容一致, 在 pika启动的时候, 除了 要初始化原来 default用户外, 还要判断一下, 配置中的 blacklist 是否为空, 如果不为空, 那么需要再初始化一个 命令受限的用户, 比如 下面需要讨论待定:
这地方修改一下:
|
1、limit 用户我们现在默认叫“admin”,即pika会内置 “default”和“admin” 这俩用户(命名可以再讨论下) |
|
修改完后: |
这个 limit 用户可以是为了兼容以前的 userpass 和 blacklist 默认产生的一个用户,如果想用使用 acl ,那么user的用户名不可以是 limit 。这样可不可以? |
这个不能用 ACL命令操作 limit 用户, save的时候跳过 limit, 这样会需要很多额外的判断, 而且会和redis不兼容 我觉的最简单的方式就是 在启动的时候, 用 blacklist 的规则初始化一个 limit用户, 后续就和 |
src/pika_conf.cc
Outdated
// SetConfStr("userpass", userpass_); | ||
// SetConfStr("userblacklist", userblacklist); | ||
SetConfStr("userpass", userpass_); | ||
// SetConfStr("userblacklist", userblacklist_); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
检查一下 config rewrite 、config set get 相关的兼容性。
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
检查一下 config rewrite 、config set get 相关的兼容性。
1、config get 已支持 userblacklist
2、config rewrite:已支持 userblacklist
3、config set:不支持 userblacklist,通过 acl 的命令去操作即可
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
DefaultLimitUser
应该和 default
用户一样,也是不能被删除的, ACL DELUSER
命令那里 应该判断一下,
* fix: ACL user authentication errors * blacklist instead of acl user * add rename command (OpenAtomFoundation#2462) * support config get userblacklist ---------
* fix: ACL user authentication errors * blacklist instead of acl user * add rename command (OpenAtomFoundation#2462) * support config get userblacklist ---------
* fix: ACL user authentication errors * blacklist instead of acl user * add rename command (#2462) * support config get userblacklist ---------
* fix: ACL user authentication errors * blacklist instead of acl user * add rename command (OpenAtomFoundation#2462) * support config get userblacklist ---------
* fix: ACL user authentication errors * blacklist instead of acl user * add rename command (OpenAtomFoundation#2462) * support config get userblacklist ---------
* fix: ACL user authentication errors * blacklist instead of acl user * add rename command (OpenAtomFoundation#2462) * support config get userblacklist ---------
向前兼容 userpass 和 userblacklist ,具体实现方法请看评论。