[cherry-pick-7.1] userprefix for 7.1 (pingcap#529)

* update tidb6.6: userprefix (pingcap#221)

* userprefix & tidb version

Signed-off-by: zeminzhou <[email protected]>

* add get user with prefix (pingcap#176)

Signed-off-by: David <[email protected]>

Signed-off-by: David <[email protected]>

* userprefix & tidb version

Signed-off-by: zeminzhou <[email protected]>

* userprefix & tidb version

Signed-off-by: zeminzhou <[email protected]>

* remove log

Signed-off-by: zeminzhou <[email protected]>

* remove tidb verion related codoes

Signed-off-by: zeminzhou <[email protected]>

* remove get keyspace from env

Signed-off-by: zeminzhou <[email protected]>

* revert keyspace.go

Signed-off-by: zeminzhou <[email protected]>

* keyspace2 -> keyspace

Signed-off-by: zeminzhou <[email protected]>

* revert util/sem/sem.go

Signed-off-by: zeminzhou <[email protected]>

* Update domain/user_prefix.go

Co-authored-by: David <[email protected]>

---------

Signed-off-by: zeminzhou <[email protected]>
Signed-off-by: David <[email protected]>
Co-authored-by: David <[email protected]>

* update tidb6.6: userprefix (pingcap#221)

* userprefix & tidb version

Signed-off-by: zeminzhou <[email protected]>

* add get user with prefix (pingcap#176)

Signed-off-by: David <[email protected]>

Signed-off-by: David <[email protected]>

* userprefix & tidb version

Signed-off-by: zeminzhou <[email protected]>

* userprefix & tidb version

Signed-off-by: zeminzhou <[email protected]>

* remove log

Signed-off-by: zeminzhou <[email protected]>

* remove tidb verion related codoes

Signed-off-by: zeminzhou <[email protected]>

* remove get keyspace from env

Signed-off-by: zeminzhou <[email protected]>

* revert keyspace.go

Signed-off-by: zeminzhou <[email protected]>

* keyspace2 -> keyspace

Signed-off-by: zeminzhou <[email protected]>

* revert util/sem/sem.go

Signed-off-by: zeminzhou <[email protected]>

* Update domain/user_prefix.go

Co-authored-by: David <[email protected]>

---------

Signed-off-by: zeminzhou <[email protected]>
Signed-off-by: David <[email protected]>
Co-authored-by: David <[email protected]>

* [DNM] change cloud_admin user to prefix.cloud_admin (pingcap#399)

* change cloud_admin user to prefix.cloud_admin, update to serverlessVersion15

* use UPDATE sql

* validate user prefix when rename user

* forbidden rename user cloud_admin

* UPDATE mysql.global_priv, mysql.global_grants

* remove domain.GetUserPrefix()

* fix .bazel

* fix RenameUserStmt, return nil

* fix conflict

* fix cloud_admin user (pingcap#448)

* make check

Signed-off-by: zeminzhou <[email protected]>

* make check

Signed-off-by: zeminzhou <[email protected]>

* make check

Signed-off-by: zeminzhou <[email protected]>

---------

Signed-off-by: zeminzhou <[email protected]>
Signed-off-by: David <[email protected]>
Co-authored-by: David <[email protected]>
Co-authored-by: better0332 <[email protected]>

domain/BUILD.bazel

@@ -16,7 +16,6 @@ go_library(
         "sysvar_cache.go",
         "test_helper.go",
         "topn_slow_query.go",
-        "user_prefix.go",
     ],
     importpath = "github.com/pingcap/tidb/domain",
     visibility = ["//visibility:public"],

errors.toml

@@ -866,6 +866,11 @@ error = '''
 Cannot add or update a child row: a foreign key constraint fails (%.192s)
 '''
 
+["ddl:1468"]
+error = '''
+User name must start with `%s.` (use `%s.%s` instead)
+'''
+
 ["ddl:1470"]
 error = '''
 String '%-.70s' is too long for %s (should be no longer than %d)

executor/BUILD.bazel

@@ -177,6 +177,7 @@ go_library(
         "//util/dbterror/exeerrors",
         "//util/deadlockhistory",
         "//util/disk",
+        "//util/errmsg",
         "//util/etcd",
         "//util/execdetails",
         "//util/format",

executor/grant.go

@@ -152,7 +152,7 @@ func (e *GrantExec) Next(ctx context.Context, req *chunk.Chunk) error {
 
 	// Check which user is not exist.
 	for _, user := range e.Users {
-		exists, err := userExists(ctx, e.ctx, user.User.Username, user.User.Hostname)
+		exists, err := userExistsWithRetryUserPrefix(ctx, e.ctx, &user.User.Username, user.User.Hostname)
 		if err != nil {
 			return err
 		}

executor/revoke.go

@@ -102,7 +102,7 @@ func (e *RevokeExec) Next(ctx context.Context, req *chunk.Chunk) error {
 		}
 
 		// Check if user exists.
-		exists, err := userExists(ctx, e.ctx, user.User.Username, user.User.Hostname)
+		exists, err := userExistsWithRetryUserPrefix(ctx, e.ctx, &user.User.Username, user.User.Hostname)
 		if err != nil {
 			return err
 		}

executor/simple.go

@@ -35,6 +35,7 @@ import (
 	executor_metrics "github.com/pingcap/tidb/executor/metrics"
 	"github.com/pingcap/tidb/expression"
 	"github.com/pingcap/tidb/infoschema"
+	"github.com/pingcap/tidb/keyspace"
 	"github.com/pingcap/tidb/kv"
 	"github.com/pingcap/tidb/parser/ast"
 	"github.com/pingcap/tidb/parser/auth"
@@ -52,6 +53,7 @@ import (
 	"github.com/pingcap/tidb/util/chunk"
 	"github.com/pingcap/tidb/util/collate"
 	"github.com/pingcap/tidb/util/dbterror/exeerrors"
+	"github.com/pingcap/tidb/util/errmsg"
 	"github.com/pingcap/tidb/util/hack"
 	"github.com/pingcap/tidb/util/logutil"
 	"github.com/pingcap/tidb/util/mathutil"
@@ -697,11 +699,11 @@ func (e *SimpleExec) setCurrentUser(users []*auth.UserIdentity) {
 func (e *SimpleExec) executeRevokeRole(ctx context.Context, s *ast.RevokeRoleStmt) error {
 	internalCtx := kv.WithInternalSourceType(context.Background(), kv.InternalTxnPrivilege)
 
-	//Fix revoke role from current_user results error.
+	// Fix revoke role from current_user results error.
 	e.setCurrentUser(s.Users)
 
 	for _, role := range s.Roles {
-		exists, err := userExists(ctx, e.ctx, role.Username, role.Hostname)
+		exists, err := userExistsWithRetryUserPrefix(ctx, e.ctx, &role.Username, role.Hostname)
 		if err != nil {
 			return errors.Trace(err)
 		}
@@ -1060,6 +1062,8 @@ func (e *SimpleExec) executeCreateUser(ctx context.Context, s *ast.CreateUserStm
 		return err
 	}
 
+	userPrefix := keyspace.GetKeyspaceNameBySettings()
+
 	plOptions := &passwordOrLockOptionsInfo{
 		lockAccount:                 "N",
 		passwordExpired:             "N",
@@ -1136,6 +1140,9 @@ func (e *SimpleExec) executeCreateUser(ctx context.Context, s *ast.CreateUserStm
 
 	users := make([]*auth.UserIdentity, 0, len(s.Specs))
 	for _, spec := range s.Specs {
+		if userPrefix != "" && !s.IsCreateRole && !strings.HasPrefix(spec.User.Username, userPrefix+".") {
+			return errmsg.WithUserPrefixErrTag(exeerrors.ErrUserNameNeedPrefix.GenWithStackByArgs(userPrefix, userPrefix, spec.User.Username))
+		}
 		if len(spec.User.Username) > auth.UserNameMaxLength {
 			return exeerrors.ErrWrongStringLength.GenWithStackByArgs(spec.User.Username, "user name", auth.UserNameMaxLength)
 		}
@@ -1350,7 +1357,7 @@ func getValidTime(sctx sessionctx.Context, passwordReuse *passwordReuseInfo) str
 // 1. Exceeded the maximum number of saves.
 // 2. The password has exceeded the prohibition time.
 func deleteHistoricalData(ctx context.Context, sqlExecutor sqlexec.SQLExecutor, userDetail *userInfo, maxDelRows int64, passwordReuse *passwordReuseInfo, sctx sessionctx.Context) error {
-	//never times out or no row need delete.
+	// never times out or no row need delete.
 	if (passwordReuse.passwordReuseInterval > math.MaxInt32) || maxDelRows == 0 {
 		return nil
 	}
@@ -1771,7 +1778,7 @@ func (e *SimpleExec) executeAlterUser(ctx context.Context, s *ast.AlterUserStmt)
 			}
 		}
 
-		exists, err := userExistsInternal(ctx, sqlExecutor, spec.User.Username, spec.User.Hostname)
+		exists, err := userExistsInternalWithRetryUserPrefix(ctx, sqlExecutor, &spec.User.Username, spec.User.Hostname)
 		if err != nil {
 			return err
 		}
@@ -2039,7 +2046,7 @@ func (e *SimpleExec) executeGrantRole(ctx context.Context, s *ast.GrantRoleStmt)
 	e.setCurrentUser(s.Users)
 
 	for _, role := range s.Roles {
-		exists, err := userExists(ctx, e.ctx, role.Username, role.Hostname)
+		exists, err := userExistsWithRetryUserPrefix(ctx, e.ctx, &role.Username, role.Hostname)
 		if err != nil {
 			return err
 		}
@@ -2048,7 +2055,7 @@ func (e *SimpleExec) executeGrantRole(ctx context.Context, s *ast.GrantRoleStmt)
 		}
 	}
 	for _, user := range s.Users {
-		exists, err := userExists(ctx, e.ctx, user.Username, user.Hostname)
+		exists, err := userExistsWithRetryUserPrefix(ctx, e.ctx, &user.Username, user.Hostname)
 		if err != nil {
 			return err
 		}
@@ -2100,11 +2107,16 @@ func (e *SimpleExec) executeRenameUser(s *ast.RenameUserStmt) error {
 	}
 	sqlExecutor := sysSession.(sqlexec.SQLExecutor)
 
+	userPrefix := keyspace.GetKeyspaceNameBySettings()
+
 	if _, err := sqlExecutor.ExecuteInternal(ctx, "BEGIN PESSIMISTIC"); err != nil {
 		return err
 	}
 	for _, userToUser := range s.UserToUsers {
 		oldUser, newUser := userToUser.OldUser, userToUser.NewUser
+		if userPrefix != "" && !strings.HasPrefix(newUser.Username, userPrefix+".") {
+			return errmsg.WithUserPrefixErrTag(exeerrors.ErrUserNameNeedPrefix.GenWithStackByArgs(userPrefix, userPrefix, newUser.Username))
+		}
 		if len(newUser.Username) > auth.UserNameMaxLength {
 			return exeerrors.ErrWrongStringLength.GenWithStackByArgs(newUser.Username, "user name", auth.UserNameMaxLength)
 		}
@@ -2410,6 +2422,51 @@ func userExists(ctx context.Context, sctx sessionctx.Context, name string, host
 	return len(rows) > 0, nil
 }
 
+func userExistsWithRetryUserPrefix(ctx context.Context, sctx sessionctx.Context, name *string, host string) (bool, error) {
+	exists, err := userExists(ctx, sctx, *name, host)
+	if err != nil {
+		return false, err
+	}
+	if exists {
+		return true, nil
+	}
+	// Check if user exists with user prefix.
+	prefix := keyspace.GetKeyspaceNameBySettings()
+	if prefix == "" {
+		return false, nil
+	}
+	name2 := prefix + "." + *name
+	exists, err = userExists(ctx, sctx, name2, host)
+	if err != nil || !exists {
+		return false, err
+	}
+	*name = name2
+	return true, nil
+}
+
+// TODO: Most of the code is duplicated with userExistsWithRetryUserPrefix
+func userExistsInternalWithRetryUserPrefix(ctx context.Context, sqlExecutor sqlexec.SQLExecutor, name *string, host string) (bool, error) {
+	exists, err := userExistsInternal(ctx, sqlExecutor, *name, host)
+	if err != nil {
+		return false, err
+	}
+	if exists {
+		return true, nil
+	}
+	// Check if user exists with user prefix.
+	prefix := keyspace.GetKeyspaceNameBySettings()
+	if prefix == "" {
+		return false, nil
+	}
+	name2 := prefix + "." + *name
+	exists, err = userExistsInternal(ctx, sqlExecutor, name2, host)
+	if err != nil || !exists {
+		return false, err
+	}
+	*name = name2
+	return true, nil
+}
+
 // use the same internal executor to read within the same transaction, otherwise same as userExists
 func userExistsInternal(ctx context.Context, sqlExecutor sqlexec.SQLExecutor, name string, host string) (bool, error) {
 	sql := new(strings.Builder)

meta/meta.go

@@ -1321,14 +1321,23 @@ func (i *HLastJobIterator) GetLastJobs(num int, jobs []*model.Job) ([]*model.Job
 // GetBootstrapVersion returns the version of the server which bootstrap the store.
 // If the store is not bootstraped, the version will be zero.
 func (m *Meta) GetBootstrapVersion() (int64, error) {
-	value, err := m.txn.GetInt64(mBootstrapKey)
-	return value, errors.Trace(err)
+	return m.GetInt64Key(mBootstrapKey)
 }
 
 // FinishBootstrap finishes bootstrap.
 func (m *Meta) FinishBootstrap(version int64) error {
-	err := m.txn.Set(mBootstrapKey, []byte(strconv.FormatInt(version, 10)))
-	return errors.Trace(err)
+	return m.SetInt64Key(mBootstrapKey, version)
+}
+
+// GetInt64Key retrieves the int64 value of a key.
+func (m *Meta) GetInt64Key(key []byte) (int64, error) {
+	value, err := m.txn.GetInt64(key)
+	return value, errors.Trace(err)
+}
+
+// SetInt64Key sets given key to the target int64 value.
+func (m *Meta) SetInt64Key(key []byte, value int64) error {
+	return errors.Trace(m.txn.Set(key, []byte(strconv.FormatInt(value, 10))))
 }
 
 // ElementKeyType is a key type of the element.

server/BUILD.bazel

@@ -38,6 +38,7 @@ go_library(
         "//expression",
         "//extension",
         "//infoschema",
+        "//keyspace",
         "//kv",
         "//meta",
         "//metrics",