Skip to content

privileges: support require SAN#17539

Merged
sre-bot merged 5 commits into
pingcap:masterfrom
lysu:dev-require-san
Jun 5, 2020
Merged

privileges: support require SAN#17539
sre-bot merged 5 commits into
pingcap:masterfrom
lysu:dev-require-san

Conversation

@lysu
Copy link
Copy Markdown
Contributor

@lysu lysu commented May 29, 2020
edited
Loading

What problem does this PR solve?

Issue Number: close #14759

Problem Summary:

see more in issue link

What is changed and how it works?

What's Changed:

  • add require SAN clause to maintain addition priv info
  • check SAN in user's cert when priv is "require SAN"

Related changes

Check List

Tests

  • Unit test
  • Integration test(WIP)

Side effects

  • n/a

Release note

  • Support authentication based on TLS certificate SAN field

This change is Reviewable

@lysu lysu added status/WIP security Everything related with security labels May 29, 2020
@lysu lysu requested a review from a team as a code owner May 29, 2020 13:44
@ghost ghost requested review from wshwsh12 and removed request for a team May 29, 2020 13:44
@github-actions github-actions Bot added the sig/execution SIG execution label May 29, 2020
@lysu
Copy link
Copy Markdown
Contributor Author

lysu commented May 29, 2020

need merge pingcap/parser#877 first, and WIP on more test

@lysu lysu modified the milestones: v3.1.2, v4.0.1 Jun 1, 2020
@lysu
Copy link
Copy Markdown
Contributor Author

lysu commented Jun 1, 2020

/run-all-tests

1 similar comment
@lysu
Copy link
Copy Markdown
Contributor Author

lysu commented Jun 1, 2020

/run-all-tests

@lysu lysu mentioned this pull request Jun 1, 2020
Merged
5 tasks
@codecov
Copy link
Copy Markdown

codecov Bot commented Jun 1, 2020
edited
Loading

Codecov Report

Merging #17539 into master will not change coverage.
The diff coverage is n/a.

@@             Coverage Diff             @@
##             master     #17539   +/-   ##
===========================================
  Coverage   79.6119%   79.6119%           
===========================================
  Files           525        525           
  Lines        143623     143623           
===========================================
  Hits         114341     114341           
  Misses        20105      20105           
  Partials       9177       9177

@sre-bot sre-bot mentioned this pull request Jun 2, 2020
Merged
5 tasks
@lysu lysu requested review from imtbkcat and jackysp June 2, 2020 08:48
jackysp
jackysp reviewed Jun 3, 2020
View reviewed changes
Copy link
Copy Markdown
Contributor

@jackysp jackysp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

imtbkcat
imtbkcat approved these changes Jun 4, 2020
View reviewed changes
Copy link
Copy Markdown

@imtbkcat imtbkcat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@lysu
Copy link
Copy Markdown
Contributor Author

lysu commented Jun 5, 2020

/merge

@sre-bot
Copy link
Copy Markdown
Contributor

sre-bot commented Jun 5, 2020

Sorry @lysu, you don't have permission to trigger auto merge event on this branch. You are not a committer for this part

@lysu lysu removed the sig/execution SIG execution label Jun 5, 2020
@lysu
Copy link
Copy Markdown
Contributor Author

lysu commented Jun 5, 2020

/merge

@sre-bot sre-bot added the status/can-merge Indicates a PR has been approved by a committer. label Jun 5, 2020
@sre-bot
Copy link
Copy Markdown
Contributor

sre-bot commented Jun 5, 2020

Your auto merge job has been accepted, waiting for:

  • 17635

@sre-bot
Copy link
Copy Markdown
Contributor

sre-bot commented Jun 5, 2020

/run-all-tests

@github-actions github-actions Bot added the sig/execution SIG execution label Jun 5, 2020
@sre-bot sre-bot merged commit 9e16c59 into pingcap:master Jun 5, 2020
sre-bot pushed a commit to sre-bot/tidb that referenced this pull request Jun 5, 2020
@lysu @sre-bot
cherry pick pingcap#17539 to release-4.0
ccbb71a 
Signed-off-by: sre-bot <sre-bot@pingcap.com>
@sre-bot sre-bot mentioned this pull request Jun 5, 2020
Merged
@sre-bot
Copy link
Copy Markdown
Contributor

sre-bot commented Jun 5, 2020

cherry pick to release-4.0 in PR #17698

@lysu lysu modified the milestones: v4.0.1, v4.0.2 Jun 5, 2020
sre-bot added a commit that referenced this pull request Jun 5, 2020
@sre-bot @lysu
privileges: support require SAN (#17539) (#17698)
bc522e3 
* cherry pick #17539 to release-4.0

Signed-off-by: sre-bot <sre-bot@pingcap.com>

* resolve conflict

Co-authored-by: lysu <sulifx@gmail.com>
@lysu lysu deleted the dev-require-san branch July 8, 2020 06:50
@DanielZhangQD DanielZhangQD mentioned this pull request Jul 28, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jackysp jackysp jackysp left review comments

@wshwsh12 wshwsh12 Awaiting requested review from wshwsh12

+1 more reviewer

@imtbkcat imtbkcat imtbkcat approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

security Everything related with security sig/execution SIG execution status/can-merge Indicates a PR has been approved by a committer.

Projects

None yet

Milestone

v4.0.2

Development

Successfully merging this pull request may close these issues.

Support authentication based on TLS certificate SAN field(s)

4 participants

@lysu @sre-bot @jackysp @imtbkcat