Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

*: support password expiration policy #39035

Merged
merged 67 commits into from
Dec 2, 2022
Merged

*: support password expiration policy #39035

merged 67 commits into from
Dec 2, 2022

Conversation

CbcWestwolf
Copy link
Member

@CbcWestwolf CbcWestwolf commented Nov 9, 2022
edited
Loading

What problem does this PR solve?

Issue Number: close #38936 #9709

Problem Summary:

We need to improve the compatibility with MySQL in password expiration policy.

What is changed and how it works?

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)
  • No code

Side effects

  • Performance regression: Consumes more CPU
  • Performance regression: Consumes more Memory
  • Breaking backward compatibility

Documentation

  • Affects user behaviors
  • Contains syntax changes
  • Contains variable changes
  • Contains experimental features
  • Changes MySQL compatibility

Release note

Please refer to Release Notes Language Style Guide to write a quality release note.

support password expiration policy

@ti-chi-bot
Copy link
Member

ti-chi-bot commented Nov 9, 2022
edited
Loading

[REVIEW NOTIFICATION]

This pull request has been approved by:

  • bb7133
  • xhebox

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

@ti-chi-bot ti-chi-bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. release-note-none Denotes a PR that doesn't merit a release note. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Nov 9, 2022
@ti-chi-bot ti-chi-bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 10, 2022
@ti-chi-bot ti-chi-bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 10, 2022
@ti-chi-bot ti-chi-bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 12, 2022
@ti-chi-bot ti-chi-bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 14, 2022
@CbcWestwolf
Copy link
Member Author

/run-check_dev_2
/run-unit-test

bb7133
bb7133 reviewed Dec 2, 2022
View reviewed changes
executor/simple.go Outdated
// the last declaration takes effect.
for i := len(s.PasswordOrLockOptions) - 1; i >= 0; i-- {
// only the last declaration takes effect.
Loop1:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't get the point here, why adding a Loop1 label?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will remove in next commit

config/config.go
@@ -556,6 +556,8 @@ type Security struct {
AuthTokenJWKS string `toml:"auth-token-jwks" json:"auth-token-jwks"`
// The refresh time interval of JWKS
AuthTokenRefreshInterval string `toml:"auth-token-refresh-interval" json:"auth-token-refresh-interval"`
// Disconnect directly when the password is expired
DisconnectOnExpiredPassword bool `toml:"disconnect-on-expired-password" json:"disconnect-on-expired-password"`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any reason we introduce this configuration? I see that sysvar @@disconnect_on_expired_password is added.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The sysvar @@disconnect_on_expired_password is read-only, the disconnect-on-expired-password configuration and command line option are used to set the sysvar

@CbcWestwolf
Copy link
Member Author

/run-mysql-test

bb7133
bb7133 approved these changes Dec 2, 2022
View reviewed changes
Copy link
Member

@bb7133 bb7133 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ti-chi-bot ti-chi-bot added status/LGT2 Indicates that a PR has LGTM 2. and removed status/LGT1 Indicates that a PR has LGTM 1. labels Dec 2, 2022
@bb7133
Copy link
Member

bb7133 commented Dec 2, 2022

/merge

@ti-chi-bot
Copy link
Member

This pull request has been accepted and is ready to merge.

Commit hash: f036ca9

@ti-chi-bot ti-chi-bot added the status/can-merge Indicates a PR has been approved by a committer. label Dec 2, 2022
@ti-chi-bot ti-chi-bot merged commit 824ef60 into pingcap:master Dec 2, 2022
@sre-bot
Copy link
Contributor

sre-bot commented Dec 2, 2022

TiDB MergeCI notify

✅ Well Done! New fixed [1] after this pr merged.

CI Name Result Duration Compare with Parent commit
idc-jenkins-ci/integration-cdc-test 🔴 failed 1, success 39, total 40 25 min Existing failure
idc-jenkins-ci-tidb/common-test 🔴 failed 1, success 10, total 11 9 min 34 sec Existing failure
idc-jenkins-ci-tidb/integration-common-test ✅ all 17 tests passed 12 min Fixed
idc-jenkins-ci-tidb/sqllogic-test-2 🟢 all 28 tests passed 5 min 59 sec Existing passed
idc-jenkins-ci-tidb/tics-test 🟢 all 1 tests passed 5 min 38 sec Existing passed
idc-jenkins-ci-tidb/integration-ddl-test 🟢 all 6 tests passed 4 min 30 sec Existing passed
idc-jenkins-ci-tidb/sqllogic-test-1 🟢 all 26 tests passed 4 min 19 sec Existing passed
idc-jenkins-ci-tidb/mybatis-test 🟢 all 1 tests passed 3 min 50 sec Existing passed
idc-jenkins-ci-tidb/integration-compatibility-test 🟢 all 1 tests passed 2 min 49 sec Existing passed
idc-jenkins-ci-tidb/plugin-test 🟢 build success, plugin test success 4min Existing passed

@CbcWestwolf CbcWestwolf deleted the password_expiration branch December 2, 2022 09:37
@tangenta tangenta added the needs-cherry-pick-release-6.5 Should cherry pick this PR to release-6.5 branch. label Dec 12, 2022
@ti-chi-bot ti-chi-bot mentioned this pull request Dec 12, 2022
Merged
12 tasks
@ti-chi-bot
Copy link
Member

In response to a cherrypick label: new pull request created to branch release-6.5: #39844.

ti-chi-bot pushed a commit to ti-chi-bot/tidb that referenced this pull request Dec 12, 2022
@CbcWestwolf @ti-chi-bot
*: support password expiration policy (pingcap#39035)
eb13203 
ref pingcap#9709, close pingcap#38936
ti-chi-bot added a commit that referenced this pull request Dec 13, 2022
@ti-chi-bot
*: support password expiration policy (#39035) (#39844)
daab170 
ref #9709, close #38936
@djshow832 djshow832 mentioned this pull request Nov 30, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xhebox xhebox xhebox approved these changes

@bb7133 bb7133 bb7133 approved these changes

Assignees
No one assigned
Labels
needs-cherry-pick-release-6.5 Should cherry pick this PR to release-6.5 branch. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. status/can-merge Indicates a PR has been approved by a committer. status/LGT2 Indicates that a PR has LGTM 2.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support Password Expiration Policy
7 participants
@CbcWestwolf @ti-chi-bot @wuhuizuo @bb7133 @sre-bot @xhebox @tangenta