8000 box: add runtime lua_call privileges by mandesero · Pull Request #10358 · tarantool/tarantool · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

box: add runtime lua_call privileges #10358

8000
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 19, 2024
Merged

box: add runtime lua_call privileges #10358

merged 2 commits into from
Sep 19, 2024

Conversation

mandesero
Copy link
Contributor
@mandesero mandesero commented Aug 2, 2024
edited
Loading

This patch adds internal API methods for granting and revoking Lua function access.

New internal API methods:

  • box.internal.lua_call_runtime_priv_grant(<user-name>, <function-name>) grants access to the specified function for the specified user.
  • box.internal.lua_call_runtime_priv_grant(<user-name>, '') grants universal access (excluding built-in functions) for the specified user.
  • box.internal.lua_call_runtime_priv_reset() revokes all previously granted function execution permissions for all users.

Closes #10306
Part of #10310

@mandesero mandesero force-pushed the mandesero/gh-10306-lua-access-without-db branch from 3ce1fa8 to 1c362cf Compare August 2, 2024 15:59
@mandesero mandesero force-pushed the mandesero/gh-10306-lua-access-without-db branch 3 times, most recently from 3b69301 to a256b41 Compare August 5, 2024 12:25
@mandesero mandesero force-pushed the mandesero/gh-10306-lua-access-without-db branch 2 times, most recently from c044a6e to 835bf72 Compare August 5, 2024 13:45
@coveralls
Copy link
coveralls commented Aug 5, 2024
edited
Loading

Coverage Status

coverage: 87.323% (+0.02%) from 87.304%
when pulling 5e0e970 on mandesero:mandesero/gh-10306-lua-access-without-db
into daf4914
on tarantool:master.

@mandesero mandesero force-pushed the mandesero/gh-10306-lua-access-without-db branch from 835bf72 to a08877e Compare August 5, 2024 14:05
@mandesero mandesero marked this pull request as ready for review August 5, 2024 14:53
@mandesero mandesero requested a review from a team as a code owner August 5, 2024 14:53
@mandesero mandesero force-pushed the mandesero/gh-10306-lua-access-without-db branch 6 times, most recently from edd3c19 to 7b0a233 Compare August 8, 2024 06:44
mandesero added a commit to mandesero/tarantool that referenced this pull request Aug 9, 2024
@mandesero
box: grant runtime access to lua_call from config
1f3ffb5 
no commit message yet

[WIP]: This task depends on
- tarantool#10304 (PR tarantool#10324)
- tarantool#10306 (PR tarantool#10358)
and uses commits from these PRs.

Closes tarantool#10310

NO_DOC=yet
NO_CHANGELOG=yet
mandesero added a commit to mandesero/tarantool that referenced this pull request Aug 9, 2024
@mandesero
box: grant runtime access to lua_call from config
750f6b9 
no commit message yet

[WIP]: This task depends on
- tarantool#10304 (PR tarantool#10324)
- tarantool#10306 (PR tarantool#10358)
and uses commits from these PRs.

Closes tarantool#10310

NO_DOC=yet
NO_CHANGELOG=yet
@mandesero mandesero force-pushed the mandesero/gh-10306-lua-access-without-db branch from 7b0a233 to fa28e6e Compare August 13, 2024 12:16
@mandesero mandesero mentioned this pull request Aug 20, 2024
Merged
Totktonada
Totktonada reviewed Aug 23, 2024
View reviewed changes
Totktonada
Totktonada reviewed Aug 23, 2024
View reviewed changes
Totktonada
Totktonada reviewed Aug 23, 2024
View reviewed changes
Totktonada
Totktonada reviewed Aug 23, 2024
View reviewed changes
Totktonada
Totktonada reviewed Sep 2, 2024
View reviewed changes
Totktonada
Totktonada reviewed Sep 2, 2024
View reviewed changes
Totktonada
Totktonada reviewed Sep 2, 2024
View reviewed changes
Totktonada
Totktonada reviewed Sep 2, 2024
View reviewed changes
@mandesero mandesero force-pushed the mandesero/gh-10306-lua-access-without-db branch from c05184f to f2e983a Compare September 2, 2024 14:52
Totktonada
Totktonada approved these changes Sep 2, 2024
View reviewed changes
Copy link
Member
@Totktonada Totktonada left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the patch and the updates!

I'm comfortable with the implementation. LGTM.

I've some ideas how to make this code more concise, but I think I shouldn't make this activity a part of the review process.

@Totktonada Totktonada requested review from locker and removed request for Buristan September 2, 2024 15:56
@Totktonada Totktonada assigned locker and unassigned Buristan Sep 2, 2024
@Totktonada
Copy link
Member

@locker Please, look over this patch if you have a spare time. I would appreciate your glance and suggestions.

locker
locker reviewed Sep 4, 2024
View reviewed changes
@locker locker assigned mandesero and unassigned locker Sep 4, 2024
@mandesero mandesero force-pushed the mandesero/gh-10306-lua-access-without-db branch 3 times, most recently from 247410a to 82516d2 Compare September 4, 2024 14:00
@Totktonada Totktonada removed their assignment Sep 8, 2024
@mandesero mandesero force-pushed the mandesero/gh-10306-lua-access-without-db branch from 82516d2 to 269ae36 Compare September 9, 2024 08:39
@locker locker assigned locker and unassigned mandesero Sep 19, 2024
locker
locker approved these changes Sep 19, 2024
View reviewed changes
@locker locker assigned mandesero and unassigned locker Sep 19, 2024
@mandesero
box: add definition of mh_strnstrnptr_t
c76a165 
This patch introduces a hash map that maps pairs of strings with their
lengths to a pointer.

Needed for tarantool#10306

NO_TEST=internal
NO_DOC=internal
NO_CHANGELOG=internal
@mandesero
box: internal api to grant/revoke lua call access
5e0e970 
This patch adds internal API methods for granting and revoking Lua
function access.

New internal API methods:
- `box.internal.lua_call_runtime_priv_grant(<user-name>, <function-name>)`
  grants access to the specified function for the specified user.
- `box.interal.lua_call_runtime_priv_grant(<user-name>, '')` grants
  universal access (excluding built-in functions) for the specified user.
- `box.internal.lua_call_runtime_priv_reset()` revokes all previously
  granted function execution permissions for all users.

Closes tarantool#10306

NO_DOC=internal
NO_CHANGELOG=internal
@mandesero mandesero force-pushed the mandesero/gh-10306-lua-access-without-db branch from 269ae36 to 5e0e970 Compare September 19, 2024 12:06
@mandesero mandesero added the full-ci Enables all tests for a pull request label Sep 19, 2024
@Totktonada Totktonada merged commit b94a3be into tarantool:master Sep 19, 2024
93 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Totktonada Totktonada Totktonada approved these changes

@locker locker locker approved these changes

@xuniq xuniq xuniq approved these changes

Assignees
No one assigned
Labels
full-ci Enables all tests for a pull request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

internal: grant access to a global Lua function without writing to a database
6 participants
@mandesero @coveralls @Totktonada @locker @xuniq @Buristan
0