session/variable: forbid changing @@global.require_secure_transport to 'on' with SEM enabled (#47677) #51206
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is an automated cherry-pick of #47677
What problem does this PR solve?
Issue Number: close #47665
Problem Summary:
The configuration for TiDB Cloud dedicated cluster is:
We just provide the
ca.crt
file for the the users to connect the TiDB cluster. Whenrequire_secure_transport = OFF
, there is no problem.But if the user set the value of require_secure_transport to 'ON', the users can not connect to the cluster anymore!
This is because the new configuration require the mysql client to pass all
ca.crt
tls.crt
tls.key
correctly, while the user only have theca.crt
file.What is changed and how it works?
To prevent the user from losing access of the cluster, we can forbid changing
require_secure_transport
system variable to 'on' as a workaround, then the user can not modify it and trigger the issue.Check List
Tests
Modify the config.toml.example:
Side effects
Documentation
Release note
Please refer to Release Notes Language Style Guide to write a quality release note.