[PATCH v2 0/4] Finish implementation of privileges.
Serge Petrenko
sergepetrenko at tarantool.org
Wed Aug 22 16:39:01 MSK 2018
First patch introduces a separate schema_object_type for entity privileges
and adds '' (empty string) in object_id field to indicate grants on an entire
entity.
https://github.com/tarantool/tarantool/issues/3574
Second patch adds previously non-existent entities to access control: user
and role.
https://github.com/tarantool/tarantool/issues/3524
Third patch introduces single object access checks to access_checks_ddl.
Theese checks were previously ignored and in some cases granting privileges
on a single object had no effect.
https://github.com/tarantool/tarantool/issues/3530
Fourth patch adds an upgrade script for 1.10.2 to grant alter, create and
drop privileges to users with read and write privileges on objects.
https://github.com/tarantool/tarantool/issues/3539
Branch: https://github.com/tarantool/tarantool/tree/sergepetrenko/gh-3539-1.10-upgrade-script
Changes in v2:
- fix indentation
- move introduction of SC_ENTITY_USER and
SC_ENTITY_ROLE to 2nd patch from 1st
- move new code handling entity grants
in priv_def_check() from 2nd patch to 1st
- remove extraneous test changes from patches 2 and 3
Serge Petrenko (4):
Introduce separate entity object types for entity privileges.
Add entities user, role to access control.
Add single object privilege checks to access_check_ddl.
Add a privilege upgrade script and update tests.
src/box/alter.cc | 157 +++++++++++-----
src/box/bootstrap.snap | Bin 1540 -> 1555 bytes
src/box/lua/schema.lua | 88 +++++----
src/box/lua/upgrade.lua | 46 +++++
src/box/schema.cc | 11 +-
src/box/schema.h | 31 ++--
src/box/schema_def.c | 21 +++
src/box/schema_def.h | 18 +-
src/box/user.cc | 68 ++++---
src/box/user.h | 5 +
test/box-py/bootstrap.result | 14 +-
test/box-tap/auth.test.lua | 5 -
test/box-tap/session.test.lua | 15 +-
test/box/access.result | 213 ++++++++++++++++++++--
test/box/access.test.lua | 72 ++++++--
test/box/access_bin.result | 4 +-
test/box/access_bin.test.lua | 4 +-
test/box/access_escalation.result | 18 +-
test/box/access_escalation.test.lua | 11 +-
test/box/access_misc.result | 14 +-
test/box/access_misc.test.lua | 4 +-
test/box/alter.result | 8 +-
test/box/call.result | 4 +-
test/box/call.test.lua | 4 +-
test/box/errinj.result | 39 +++-
test/box/errinj.test.lua | 25 ++-
test/box/net.box.result | 265 ++++++++++++++++++++++++++--
test/box/net.box.test.lua | 121 +++++++++++--
test/box/net_msg_max.result | 13 +-
test/box/net_msg_max.test.lua | 9 +-
test/box/on_replace.result | 2 +-
test/box/on_replace.test.lua | 2 +-
test/box/protocol.result | 9 +-
test/box/protocol.test.lua | 5 +-
test/box/push.result | 52 +++++-
test/box/push.test.lua | 27 ++-
test/box/role.result | 9 +
test/box/schema_reload.result | 32 +++-
test/box/schema_reload.test.lua | 16 +-
test/box/sequence.result | 3 +
test/box/sql.result | 9 +-
test/box/sql.test.lua | 5 +-
test/box/stat_net.result | 7 +-
test/box/stat_net.test.lua | 5 +-
test/engine/params.result | 6 -
test/engine/params.test.lua | 2 -
test/engine/replica_join.result | 6 -
test/engine/replica_join.test.lua | 2 -
test/replication/autobootstrap.result | 23 ++-
test/replication/autobootstrap.test.lua | 10 +-
test/replication/catch.result | 6 -
test/replication/catch.test.lua | 2 -
test/replication/errinj.result | 3 -
test/replication/errinj.test.lua | 1 -
test/replication/gc.result | 6 -
test/replication/gc.test.lua | 2 -
test/replication/join_vclock.result | 6 -
test/replication/join_vclock.test.lua | 2 -
test/replication/skip_conflict_row.result | 6 -
test/replication/skip_conflict_row.test.lua | 2 -
test/vinyl/replica_quota.result | 6 -
test/vinyl/replica_quota.test.lua | 2 -
test/wal_off/func_max.result | 25 +--
test/wal_off/func_max.test.lua | 19 +-
test/xlog/errinj.result | 9 +-
test/xlog/errinj.test.lua | 4 +-
test/xlog/misc.result | 9 +-
test/xlog/misc.test.lua | 5 +-
test/xlog/upgrade.result | 18 +-
69 files changed, 1294 insertions(+), 378 deletions(-)
--
2.15.2 (Apple Git-101.1)
More information about the Tarantool-patches
mailing list