Tarantool development patches archive
 help / color / mirror / Atom feed
* [PATCH v2 0/4] Finish implementation of privileges.
@ 2018-08-22 13:39 Serge Petrenko
  2018-08-22 13:39 ` [PATCH v2 1/4] Introduce separate entity object types for entity privileges Serge Petrenko
                   ` (3 more replies)
  0 siblings, 4 replies; 13+ messages in thread
From: Serge Petrenko @ 2018-08-22 13:39 UTC (permalink / raw)
  To: vdavydov.dev; +Cc: kostja, tarantool-patches, Serge Petrenko

First patch introduces a separate schema_object_type for entity privileges
and adds '' (empty string) in object_id field to indicate grants on an entire
entity.
https://github.com/tarantool/tarantool/issues/3574

Second patch adds previously non-existent entities to access control: user
and role.
https://github.com/tarantool/tarantool/issues/3524

Third patch introduces single object access checks to access_checks_ddl.
Theese checks were previously ignored and in some cases granting privileges
on a single object had no effect.
https://github.com/tarantool/tarantool/issues/3530

Fourth patch adds an upgrade script for 1.10.2 to grant alter, create and
drop privileges to users with read and write privileges on objects.
https://github.com/tarantool/tarantool/issues/3539

Branch: https://github.com/tarantool/tarantool/tree/sergepetrenko/gh-3539-1.10-upgrade-script 
Changes in v2:
  - fix indentation
  - move introduction of SC_ENTITY_USER and
    SC_ENTITY_ROLE to 2nd patch from 1st
  - move new code handling entity grants
    in priv_def_check() from 2nd patch to 1st
  - remove extraneous test changes from patches 2 and 3

Serge Petrenko (4):
  Introduce separate entity object types for entity privileges.
  Add entities user, role to access control.
  Add single object privilege checks to access_check_ddl.
  Add a privilege upgrade script and update tests.

 src/box/alter.cc                            | 157 +++++++++++-----
 src/box/bootstrap.snap                      | Bin 1540 -> 1555 bytes
 src/box/lua/schema.lua                      |  88 +++++----
 src/box/lua/upgrade.lua                     |  46 +++++
 src/box/schema.cc                           |  11 +-
 src/box/schema.h                            |  31 ++--
 src/box/schema_def.c                        |  21 +++
 src/box/schema_def.h                        |  18 +-
 src/box/user.cc                             |  68 ++++---
 src/box/user.h                              |   5 +
 test/box-py/bootstrap.result                |  14 +-
 test/box-tap/auth.test.lua                  |   5 -
 test/box-tap/session.test.lua               |  15 +-
 test/box/access.result                      | 213 ++++++++++++++++++++--
 test/box/access.test.lua                    |  72 ++++++--
 test/box/access_bin.result                  |   4 +-
 test/box/access_bin.test.lua                |   4 +-
 test/box/access_escalation.result           |  18 +-
 test/box/access_escalation.test.lua         |  11 +-
 test/box/access_misc.result                 |  14 +-
 test/box/access_misc.test.lua               |   4 +-
 test/box/alter.result                       |   8 +-
 test/box/call.result                        |   4 +-
 test/box/call.test.lua                      |   4 +-
 test/box/errinj.result                      |  39 +++-
 test/box/errinj.test.lua                    |  25 ++-
 test/box/net.box.result                     | 265 ++++++++++++++++++++++++++--
 test/box/net.box.test.lua                   | 121 +++++++++++--
 test/box/net_msg_max.result                 |  13 +-
 test/box/net_msg_max.test.lua               |   9 +-
 test/box/on_replace.result                  |   2 +-
 test/box/on_replace.test.lua                |   2 +-
 test/box/protocol.result                    |   9 +-
 test/box/protocol.test.lua                  |   5 +-
 test/box/push.result                        |  52 +++++-
 test/box/push.test.lua                      |  27 ++-
 test/box/role.result                        |   9 +
 test/box/schema_reload.result               |  32 +++-
 test/box/schema_reload.test.lua             |  16 +-
 test/box/sequence.result                    |   3 +
 test/box/sql.result                         |   9 +-
 test/box/sql.test.lua                       |   5 +-
 test/box/stat_net.result                    |   7 +-
 test/box/stat_net.test.lua                  |   5 +-
 test/engine/params.result                   |   6 -
 test/engine/params.test.lua                 |   2 -
 test/engine/replica_join.result             |   6 -
 test/engine/replica_join.test.lua           |   2 -
 test/replication/autobootstrap.result       |  23 ++-
 test/replication/autobootstrap.test.lua     |  10 +-
 test/replication/catch.result               |   6 -
 test/replication/catch.test.lua             |   2 -
 test/replication/errinj.result              |   3 -
 test/replication/errinj.test.lua            |   1 -
 test/replication/gc.result                  |   6 -
 test/replication/gc.test.lua                |   2 -
 test/replication/join_vclock.result         |   6 -
 test/replication/join_vclock.test.lua       |   2 -
 test/replication/skip_conflict_row.result   |   6 -
 test/replication/skip_conflict_row.test.lua |   2 -
 test/vinyl/replica_quota.result             |   6 -
 test/vinyl/replica_quota.test.lua           |   2 -
 test/wal_off/func_max.result                |  25 +--
 test/wal_off/func_max.test.lua              |  19 +-
 test/xlog/errinj.result                     |   9 +-
 test/xlog/errinj.test.lua                   |   4 +-
 test/xlog/misc.result                       |   9 +-
 test/xlog/misc.test.lua                     |   5 +-
 test/xlog/upgrade.result                    |  18 +-
 69 files changed, 1294 insertions(+), 378 deletions(-)

-- 
2.15.2 (Apple Git-101.1)

^ permalink raw reply	[flat|nested] 13+ messages in thread

end of thread, other threads:[~2018-08-23  8:57 UTC | newest]

Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-08-22 13:39 [PATCH v2 0/4] Finish implementation of privileges Serge Petrenko
2018-08-22 13:39 ` [PATCH v2 1/4] Introduce separate entity object types for entity privileges Serge Petrenko
2018-08-22 15:42   ` Serge Petrenko
2018-08-22 16:22   ` Vladimir Davydov
2018-08-22 13:39 ` [PATCH v2 2/4] Add entities user, role to access control Serge Petrenko
2018-08-22 16:36   ` Vladimir Davydov
2018-08-22 13:39 ` [PATCH v2 3/4] Add single object privilege checks to access_check_ddl Serge Petrenko
2018-08-22 16:47   ` Vladimir Davydov
2018-08-23  7:51     ` Serge Petrenko
2018-08-23  8:57   ` Vladimir Davydov
2018-08-22 13:39 ` [PATCH v2 4/4] Add a privilege upgrade script and update tests Serge Petrenko
2018-08-22 16:48   ` Vladimir Davydov
2018-08-23  7:54     ` Serge Petrenko

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox