-
Notifications
You must be signed in to change notification settings - Fork 5.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
*: avoid notify privilege update for all users #57042
base: master
Are you sure you want to change the base?
Conversation
Hi @tiancaiamao. Thanks for your PR. PRs from untrusted users cannot be marked as trusted with I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #57042 +/- ##
================================================
+ Coverage 72.8329% 74.8968% +2.0639%
================================================
Files 1676 1721 +45
Lines 463539 482927 +19388
================================================
+ Hits 337609 361697 +24088
+ Misses 105125 98841 -6284
- Partials 20805 22389 +1584
Flags with carried forward coverage won't be shown. Click here to find out more.
|
/retest |
@tiancaiamao: Cannot trigger testing until a trusted user reviews the PR and leaves an In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
/test check-dev2 |
@tiancaiamao: Cannot trigger testing until a trusted user reviews the PR and leaves an In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
/test pull-br-integration-test |
@tiancaiamao: Cannot trigger testing until a trusted user reviews the PR and leaves an In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
/retest |
@tiancaiamao: Cannot trigger testing until a trusted user reviews the PR and leaves an In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
/retest |
@tiancaiamao: Cannot trigger testing until a trusted user reviews the PR and leaves an In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
/test unit-test |
@tiancaiamao: Cannot trigger testing until a trusted user reviews the PR and leaves an In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
rest lgtm
if len(val) > 0 { | ||
err := json.Unmarshal(val, &msg) | ||
if err == nil { | ||
break | ||
} | ||
logutil.BgLogger().Warn("decodePrivilegeEvent unmarshal fail", zap.Error(err)) | ||
} | ||
} | ||
} | ||
// In case something is wrong, for example, old version tidb mixed with newer, the unmarshal would fail. | ||
// Then we fallback to the old way: reload all the users. | ||
if len(msg.UserList) == 0 { | ||
msg.All = true | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if len(val) > 0 { | |
err := json.Unmarshal(val, &msg) | |
if err == nil { | |
break | |
} | |
logutil.BgLogger().Warn("decodePrivilegeEvent unmarshal fail", zap.Error(err)) | |
} | |
} | |
} | |
// In case something is wrong, for example, old version tidb mixed with newer, the unmarshal would fail. | |
// Then we fallback to the old way: reload all the users. | |
if len(msg.UserList) == 0 { | |
msg.All = true | |
} | |
if len(val) > 0 { | |
err := json.Unmarshal(val, &msg) | |
if err == nil { | |
break | |
} | |
logutil.BgLogger().Warn("decodePrivilegeEvent unmarshal fail", zap.Error(err)) | |
} else { | |
// In case old version triggers the event, the event value is empty, | |
// Then we fall back to the old way: reload all the users. | |
if len(msg.UserList) == 0 { | |
msg.All = true | |
} | |
} | |
} | |
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This differs from the old logic. @D3Hunter
What happen if something is wrong? if val does have data, but the data is not what we expected?
Neither the UserList contains data nor the ALL flag is set.
Our expected case is reload all on error to tolerance the cases, but the suggested change here is ignore on error.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What happen if something is wrong? if val does have data, but the data is not what we expected?
if no third-part involved, older version tidb write a empty value
, new version write a valid json
, so when will the data be invalid? If it's caused by bug, then let's fix it, else I think the event consumer should do as what the producer told it to do. and maybe you can add a intest.Assert
to check that either All=true
or the len(userList) > 0
, the producer side should make sure no such invalid data are sent to ETCD
and as you have mentioned, the event is not that critical, i think it's acceptable
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What happen if something is wrong? if val does have data, but the data is not what we expected?
if no third-part involved, older version tidb write a
empty value
, new version write avalid json
, so when will the data be invalid? If it's caused by bug, then let's fix it, else I think the event consumer should do as what the producer told it to do. and maybe you can add aintest.Assert
to check that eitherAll=true
or thelen(userList) > 0
, the producer side should make sure no such invalid data are sent to ETCDand as you have mentioned, the event is not that critical, i think it's acceptable
I agree that we should ignore the message and skip to update privilege cache when failed to decode the json. We only need the handle to case when val == ""
to be compatible with old versions (please add some clear comments to explain why we have this logic). And because we have a loop to guarantee the cache should be updated in a certain time, it is not a big deal.
We can also generate some warnings logs when meet a invalid json.
Co-authored-by: D3Hunter <jujj603@gmail.com>
/test unit-test |
@tiancaiamao: Cannot trigger testing until a trusted user reviews the PR and leaves an In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM except the disussion: https://github.com/pingcap/tidb/pull/57042/files#r1853232658
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: lcwangchao The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
[LGTM Timeline notifier]Timeline:
|
What problem does this PR solve?
Issue Number: ref #55563
Problem Summary:
In the previous commit, I have maintained the active user lists, this commit intend to fix the notify part.
When privilege change, just notify the changed users and update data for them, instead of all the users.
What changed and how does it work?
The code changes including:
Check List
Tests
Unit test
Integration test
Manual test (add detailed scripts or steps below)
No need to test
Side effects
Documentation
Release note
Please refer to Release Notes Language Style Guide to write a quality release note.