-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cleanup usage of FLUSH PRIVILEGES #15700
Cleanup usage of FLUSH PRIVILEGES #15700
Conversation
We can remove usage of `FLUSH PRIVILEGES` in many places by making sure we only use the correct SQL functionality for managing users. If we don't modify the `mysql.user` table directly, we don't need to use `FLUSH PRIVILEGES`. Signed-off-by: Dirkjan Bussink <[email protected]>
Review ChecklistHello reviewers! 👋 Please follow this checklist when reviewing this Pull Request. General
Tests
Documentation
New flags
If a workflow is added or modified:
Backward compatibility
|
# Care should be taken to change these users and passwords | ||
# for production. | ||
############################################################################### | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we want to keep this warning? We no longer have static secrets in this file anymore, which is a really good thing so the current warning is no longer accurate.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can/should remove it.
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #15700 +/- ##
==========================================
- Coverage 68.40% 68.39% -0.02%
==========================================
Files 1556 1556
Lines 195121 195121
==========================================
- Hits 133479 133450 -29
- Misses 61642 61671 +29 ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! ❤️
# Care should be taken to change these users and passwords | ||
# for production. | ||
############################################################################### | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can/should remove it.
# Disable remote root access (only allow UNIX socket). | ||
DELETE FROM mysql.user WHERE User = 'root' AND Host != 'localhost'; | ||
# Remove anonymous users & disable remote root access (only allow UNIX socket). | ||
DROP USER IF EXISTS ''@'%', ''@'localhost', 'root'@'%'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Technically this statement is not equivalent to the original one, because it will not remove e.g. 'root'@'10.0.0.1'
, but fine.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@shlomi-noach yeah, I don’t think they normally would exist by default right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's right. I think it's good to merge.
# Disable remote root access (only allow UNIX socket). | ||
DELETE FROM mysql.user WHERE User = 'root' AND Host != 'localhost'; | ||
# Remove anonymous users & disable remote root access (only allow UNIX socket). | ||
DROP USER IF EXISTS ''@'%', ''@'localhost', 'root'@'%'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same. Not a concern as these are examples
.
We can remove usage of
FLUSH PRIVILEGES
in many places by making sure we only use the correct SQL functionality for managing users. If we don't modify themysql.user
table directly, we don't need to useFLUSH PRIVILEGES
.Checklist