-
Notifications
You must be signed in to change notification settings - Fork 5.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
session: fix bug user privileges change after upgrade from 4.0.11 to 5.0 #23403
Conversation
/LGTM |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could you add some tests?
Done |
session/bootstrap.go
Outdated
) | ||
|
||
// currentBootstrapVersion is modified to a function so we can hook its value for testing. | ||
// please make sure this is the largest version | ||
var currentBootstrapVersion = func() int64 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not define it as a non-const variable?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
@@ -1443,7 +1446,7 @@ func upgradeToVer64(s Session, ver int64) { | |||
} | |||
doReentrantDDL(s, "ALTER TABLE mysql.user ADD COLUMN `Repl_slave_priv` ENUM('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N' AFTER `Execute_priv`", infoschema.ErrColumnExists) | |||
doReentrantDDL(s, "ALTER TABLE mysql.user ADD COLUMN `Repl_client_priv` ENUM('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N' AFTER `Repl_slave_priv`", infoschema.ErrColumnExists) | |||
mustExecute(s, "UPDATE HIGH_PRIORITY mysql.user SET Repl_slave_priv='Y',Repl_client_priv='Y'") | |||
mustExecute(s, "UPDATE HIGH_PRIORITY mysql.user SET Repl_slave_priv='Y',Repl_client_priv='Y' where Super_priv='Y'") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do any operations rely on these privileges? I'm afraid it will break compatibility if you shrink the privilege.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the description has clarified the case:
it adds Repl_slave_priv to all existing users while it should just do that for the root user.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rest LGTM
session/bootstrap.go
Outdated
) | ||
|
||
// currentBootstrapVersion is modified to a function so we can hook its value for testing. | ||
// please make sure this is the largest version | ||
var currentBootstrapVersion = func() int64 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can not we use failpoint instead of making it a variable? It is always bad to have global variables.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PTAL @tiancaiamao
/LGTM |
[REVIEW NOTIFICATION] This pull request has been approved by:
To complete the pull request process, please ask the reviewers in the list to review by filling The full list of commands accepted by this bot can be found here. Reviewer can indicate their review by writing |
/merge |
/merge |
/merge |
1 similar comment
/merge |
/merge cancel |
/merge |
This pull request has been accepted and is ready to merge. Commit hash: bc1b873f2dea600b96d6e5338877b0a87c708be6
|
12713a3
to
ed96ff8
Compare
/merge |
This pull request has been accepted and is ready to merge. Commit hash: ed96ff8
|
Signed-off-by: ti-srebot <[email protected]>
cherry pick to release-5.0 in PR #23527 |
What problem does this PR solve?
Issue Number: close #23387
Problem Summary:
#21856 introduce the problem, it adds
Repl_slave_priv
to all existing users while it should just do that for the root user.What is changed and how it works?
What's Changed:
Just assign the newly introduced privileges to the root user, rather than all existing users.
How it Works:
Make the behavior more acceptable when upgrading.
Related changes
Check List
Tests
I try to do the unit test but failed.
I thought I can use the initial versioned data, and upgrade the version one by one.
But the upgrading process failed, which means when we upgrade a very old TiDB cluster to the newest one, it may not succeed.
log.txt
Side effects
This just fix the code, if a user upgrades his cluster and meets the bug, he have to fix the data manually.
Release note
REPLICATION CLIENT
andREPLICATION
privileges unexpectedly.