replication: don't drop admin super privileges
The admin user has universal privileges before bootstrap or recovery are done. That allows to, for example, bootstrap from a remote master, because to do that the admin should be able to insert into system spaces, such as _priv. But after the patch on online credentials update was implemented (#2763, 48d00b0e) the admin could loose its universal access if, for example, a role was granted to him before universal access was recovered. That happened by two reasons: - Any change in access rights, even in granted roles, led to rebuild of universal access; - Any change in access rights updated the universal access in all existing sessions, thanks to #2763. What happened: two tarantools were started. One of them master, granted 'replication' role to admin. Second node, slave, tried to bootstrap from the master. The slave created an admin session and started loading data. After it loaded 'grant replication role to admin' command, this nullified admin universal access everywhere, including this session. Next rows could not be applied. Closes #4606 (cherry picked from commit 95237ac8)
Showing
- src/box/session.cc 0 additions, 23 deletionssrc/box/session.cc
- src/box/user.cc 22 additions, 0 deletionssrc/box/user.cc
- test/replication/gh-4606-admin-creds.result 63 additions, 0 deletionstest/replication/gh-4606-admin-creds.result
- test/replication/gh-4606-admin-creds.test.lua 26 additions, 0 deletionstest/replication/gh-4606-admin-creds.test.lua
- test/replication/suite.cfg 1 addition, 0 deletionstest/replication/suite.cfg
Loading
Please register or sign in to comment