[Tarantool-patches] [PATCH 0/2] Admin universe access
Vladislav Shpilevoy
v.shpilevoy at tarantool.org
Sat Nov 2 00:42:23 MSK 2019
The patchset makes so the admin user never can loose its universe
access rights. Apparently, Tarantool can't even bootstrap nor
recovery without universe granted to the admin, because this user
owns the fibers doing recovery and bootstrap.
First patch fixes the problem, which was revealed by the online
credentials update patch. Appeared, that admin user is very
fragile, and any update of its rights, before universe was
recovered, led to recovery/bootstrap error.
The second patch makes it impossible to break the admin user
explicitly.
Branch: http://github.com/tarantool/tarantool/tree/gerold103/gh-4606-replication-universe-v4
Issue: https://github.com/tarantool/tarantool/issues/4606
Vladislav Shpilevoy (2):
replication: don't drop admin super privileges
access: forbid to drop admin's universe access
src/box/session.cc | 23 -------
src/box/user.cc | 28 +++++++++
test/box/access.result | 8 +++
test/box/access.test.lua | 6 ++
test/replication/gh-4606-admin-creds.result | 63 +++++++++++++++++++
test/replication/gh-4606-admin-creds.test.lua | 26 ++++++++
test/replication/suite.cfg | 1 +
7 files changed, 132 insertions(+), 23 deletions(-)
create mode 100644 test/replication/gh-4606-admin-creds.result
create mode 100644 test/replication/gh-4606-admin-creds.test.lua
--
2.21.0 (Apple Git-122.2)
More information about the Tarantool-patches
mailing list