config: introduce sharding user role
This patch introduces the sharding user role. This role must be set to the vshard storage user, if user is in 'credentials.user'. Part of #8862 @TarantoolBot document Title: config: credential `sharding` role The credential `sharding` role is a new credential role. This is the default credential role, but it is different from other default credential roles because it is created by the config module. Other default credential roles are already described in the bootstrap.snap file. This role has different privileges depending on the replicaset sharding role. For replicasets with the sharding `storage` role, the credential `sharding` role will have rights to execute necessary `vshard.storage.*` functions and the credential `replicaset` role. If the replicaset does not have the sharding `storage` role, the credential `sharding` role does not have any privileges. A sharding storage user must have the credential `sharding` role among their credential roles, if the user is in `credentials.users`. If the user is not in `credentials.users` we do not check its privileges.
Showing
- changelogs/unreleased/gh-8862-cred-sharding-role.md 3 additions, 0 deletionschangelogs/unreleased/gh-8862-cred-sharding-role.md
- src/box/lua/config/applier/credentials.lua 66 additions, 0 deletionssrc/box/lua/config/applier/credentials.lua
- src/box/lua/config/configdata.lua 33 additions, 0 deletionssrc/box/lua/config/configdata.lua
- test/config-luatest/vars_test.lua 7 additions, 0 deletionstest/config-luatest/vars_test.lua
- test/config-luatest/vshard_test.lua 155 additions, 3 deletionstest/config-luatest/vshard_test.lua
Loading
Please register or sign in to comment