From 3ff3d7f90f3a9d160964d66a4d1d76d0bdd81325 Mon Sep 17 00:00:00 2001
From: Georgy Moshkin <gmoshkin@picodata.io>
Date: Tue, 30 Jan 2024 19:52:47 +0300
Subject: [PATCH] fix: use user 'pico_service' for inter-instance communication
---
src/cli/test.rs | 6 ------
src/lib.rs | 7 -------
src/rpc/mod.rs | 8 +++++++-
src/rpc/sharding.rs | 2 --
src/tarantool.rs | 2 ++
src/traft/network.rs | 7 ++++++-
src/vshard.rs | 3 ++-
test/conftest.py | 3 +++
test/int/test_audit.py | 8 ++++----
test/int/test_ddl.py | 7 ++++---
10 files changed, 28 insertions(+), 25 deletions(-)
diff --git a/src/cli/test.rs b/src/cli/test.rs
index 750c2e98d8..3c1ad2f6c3 100644
--- a/src/cli/test.rs
+++ b/src/cli/test.rs
@@ -143,12 +143,6 @@ fn test_one(test: &TestCase) {
tarantool::set_cfg(&cfg);
crate::schema::init_user_pico_service();
- tarantool::exec(
- r#"
- box.schema.user.grant('guest', 'super', nil, nil, {if_not_exists = true})
- "#,
- )
- .unwrap();
test.run();
std::process::exit(0i32);
diff --git a/src/lib.rs b/src/lib.rs
index 6e1e70eee9..64affbb7e0 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -228,13 +228,6 @@ fn start_webui() {
/// Those are used for inter-instance communication
/// (discovery, rpc, public proc api).
fn init_handlers() {
- tarantool::exec(
- r#"
- box.schema.user.grant('guest', 'super', nil, nil, {if_not_exists = true})
- "#,
- )
- .expect("box.schema.user.grant should never fail");
-
let lua = ::tarantool::lua_state();
for proc in ::tarantool::proc::all_procs().iter() {
lua.exec_with(
diff --git a/src/rpc/mod.rs b/src/rpc/mod.rs
index 52bade9f32..e48d61a514 100644
--- a/src/rpc/mod.rs
+++ b/src/rpc/mod.rs
@@ -2,8 +2,10 @@
use ::tarantool::network::AsClient as _;
use ::tarantool::network::Client;
+use ::tarantool::network::Config;
use ::tarantool::tuple::{DecodeOwned, Encode};
+use crate::schema::PICO_SERVICE_USER_NAME;
use crate::traft::error::Error;
use crate::traft::node;
use crate::traft::Result;
@@ -55,7 +57,11 @@ where
let port: u16 = port.parse().map_err(|err| {
::tarantool::error::Error::IO(io::Error::new(io::ErrorKind::InvalidInput, err))
})?;
- let client = Client::connect(address, port).await?;
+
+ let mut config = Config::default();
+ config.creds = Some((PICO_SERVICE_USER_NAME.into(), "".into()));
+ let client = Client::connect_with_config(address, port, config).await?;
+
let tuple = client.call(R::PROC_NAME, request).await?;
decode_iproto_return_value(tuple)
}
diff --git a/src/rpc/sharding.rs b/src/rpc/sharding.rs
index 4dca11f0fd..3192adff64 100644
--- a/src/rpc/sharding.rs
+++ b/src/rpc/sharding.rs
@@ -33,8 +33,6 @@ crate::define_rpc_request! {
}
}
- // TODO: fix user's permissions
- lua.exec("box.session.su('admin')")?;
// TODO: only done on instances with corresponding roles
lua.exec_with(
"vshard = require('vshard')
diff --git a/src/tarantool.rs b/src/tarantool.rs
index 05066f98f7..8232ae6fcd 100644
--- a/src/tarantool.rs
+++ b/src/tarantool.rs
@@ -4,6 +4,7 @@ use std::os::unix::ffi::OsStrExt;
use std::time::Duration;
use std::time::Instant;
+use crate::schema::PICO_SERVICE_USER_NAME;
use ::tarantool::fiber;
use ::tarantool::lua_state;
use ::tarantool::net_box;
@@ -207,6 +208,7 @@ where
let now = Instant::now();
let conn_opts = net_box::ConnOptions {
+ user: PICO_SERVICE_USER_NAME.into(),
connect_timeout: timeout,
..Default::default()
};
diff --git a/src/traft/network.rs b/src/traft/network.rs
index 12c3089c97..e140509cba 100644
--- a/src/traft/network.rs
+++ b/src/traft/network.rs
@@ -3,6 +3,7 @@ use crate::instance::InstanceId;
use crate::mailbox::Mailbox;
use crate::reachability::InstanceReachabilityManagerRef;
use crate::rpc;
+use crate::schema::PICO_SERVICE_USER_NAME;
use crate::storage::{Clusterwide, Instances, PeerAddresses};
use crate::tlog;
use crate::traft;
@@ -19,6 +20,7 @@ use ::tarantool::fiber::r#async::timeout::IntoTimeout as _;
use ::tarantool::fiber::r#async::watch;
use ::tarantool::network;
use ::tarantool::network::AsClient as _;
+use ::tarantool::network::Config;
use ::tarantool::network::Error as NetError;
use ::tarantool::network::ReconnClient;
use ::tarantool::tuple::{ToTupleBuffer, Tuple, TupleBuffer};
@@ -187,7 +189,10 @@ impl PoolWorker {
max_concurrent_fut: usize,
instance_reachability: InstanceReachabilityManagerRef,
) {
- let client = ReconnClient::new(address.clone(), port);
+ let mut config = Config::default();
+ config.creds = Some((PICO_SERVICE_USER_NAME.into(), "".into()));
+ let client = ReconnClient::with_config(address.clone(), port, config);
+
let mut client_ver: usize = 0;
let mut futures = VecDeque::new();
loop {
diff --git a/src/vshard.rs b/src/vshard.rs
index 0fcecc9d30..eb8d7801b0 100644
--- a/src/vshard.rs
+++ b/src/vshard.rs
@@ -3,6 +3,7 @@ use crate::instance::Instance;
use crate::replicaset::Replicaset;
use crate::replicaset::ReplicasetId;
use crate::replicaset::Weight;
+use crate::schema::PICO_SERVICE_USER_NAME;
use crate::traft::RaftId;
use ::tarantool::tlua;
use std::collections::HashMap;
@@ -88,7 +89,7 @@ impl VshardConfig {
replicaset.replicas.insert(
peer.instance_uuid.clone(),
ReplicaSpec {
- uri: format!("guest:@{address}"),
+ uri: format!("{PICO_SERVICE_USER_NAME}:@{address}"),
master: r.current_master_id == peer.instance_id,
name: peer.instance_id.to_string(),
},
diff --git a/test/conftest.py b/test/conftest.py
index 00bade4d4e..4143519af8 100644
--- a/test/conftest.py
+++ b/test/conftest.py
@@ -546,6 +546,9 @@ class Instance:
def connect(
self, timeout: int | float, user: str | None = None, password: str | None = None
):
+ if user is None:
+ user = "pico_service"
+
c = Connection(
self.host,
self.port,
diff --git a/test/int/test_audit.py b/test/int/test_audit.py
index 44ea1aa5b2..fbdf62f563 100644
--- a/test/int/test_audit.py
+++ b/test/int/test_audit.py
@@ -386,14 +386,14 @@ def test_create_drop_table(instance: Instance):
assert create_table.name == "foo"
assert create_table.message == "created table `foo`"
assert create_table.severity == Severity.Medium
- assert create_table.initiator == "guest"
+ assert create_table.initiator == "pico_service"
drop_table = take_until_type(events, EventDropTable)
assert drop_table is not None
assert drop_table.name == "foo"
assert drop_table.message == "dropped table `foo`"
assert drop_table.severity == Severity.Medium
- assert drop_table.initiator == "guest"
+ assert drop_table.initiator == "pico_service"
def test_user(instance: Instance):
@@ -425,7 +425,7 @@ def test_user(instance: Instance):
assert create_user.auth_type == "chap-sha1"
assert create_user.message == f"created user `{create_user.user}`"
assert create_user.severity == Severity.High
- assert create_user.initiator == "guest"
+ assert create_user.initiator == "pico_service"
change_password = take_until_type(events, EventChangePassword)
assert change_password is not None
@@ -443,7 +443,7 @@ def test_user(instance: Instance):
assert drop_user.user == "ymir"
assert drop_user.message == f"dropped user `{drop_user.user}`"
assert drop_user.severity == Severity.Medium
- assert drop_user.initiator == "guest"
+ assert drop_user.initiator == "pico_service"
def test_role(instance: Instance):
diff --git a/test/int/test_ddl.py b/test/int/test_ddl.py
index 9e37657bbb..9bece3d434 100644
--- a/test/int/test_ddl.py
+++ b/test/int/test_ddl.py
@@ -80,6 +80,7 @@ def test_ddl_lua_api(cluster: Cluster):
)
)
space_id = 1027
+ initiator_id = 32 # pico_service
pico_space_def = [
space_id,
"space 2",
@@ -88,7 +89,7 @@ def test_ddl_lua_api(cluster: Cluster):
2,
True,
"memtx",
- 0,
+ initiator_id,
]
assert i1.call("box.space._pico_table:get", space_id) == pico_space_def
assert i2.call("box.space._pico_table:get", space_id) == pico_space_def
@@ -111,7 +112,7 @@ def test_ddl_lua_api(cluster: Cluster):
3,
True,
"memtx",
- 0,
+ initiator_id,
]
assert i1.call("box.space._pico_table:get", space_id) == pico_space_def
assert i2.call("box.space._pico_table:get", space_id) == pico_space_def
@@ -131,7 +132,7 @@ def test_ddl_lua_api(cluster: Cluster):
4,
True,
"vinyl",
- 0,
+ initiator_id,
]
cluster.create_table(
dict(
--
GitLab