hcq/MaxScale
hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-2177 Move check_monitor_permissions() into class

Browse Source
This commit is contained in:
Esa Korhonen 2019-01-23 18:03:41 +02:00
parent ddaba28d78
commit 10dc0f53e0
14 changed files with 34 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
include/maxscale/monitor.hh
View File

@ -244,6 +244,16 @@ public:
uint64_t events; /**< Enabled monitor events. */
protected:
/**
* Check if the monitor user can execute a query. The query should be such that it only succeeds if
* the monitor user has all required permissions. Servers which are down are skipped.
*
* @param query Query to test with
* @return True on success, false if monitor credentials lack permissions
*/
bool test_permissions(const std::string& query);
/**
* Contains monitor base class settings. Since monitors are stopped before a setting change,
* the items cannot be modified while a monitor is running. No locking required.
@ -286,8 +296,6 @@ extern const char CN_MONITOR_INTERVAL[];
extern const char CN_SCRIPT[];
extern const char CN_SCRIPT_TIMEOUT[];
bool check_monitor_permissions(Monitor* monitor, const char* query);
/**
* Store the current server status to the previous and pending status
* fields of the monitored server.
@ -614,7 +622,7 @@ protected:
*
* @return True, if the monitor user has sufficient rights, false otherwise.
*/
virtual bool has_sufficient_permissions() const;
virtual bool has_sufficient_permissions();
/**
* @brief Flush pending server status to each server.

20
server/core/monitor.cc
View File

@ -702,15 +702,9 @@ std::unique_ptr<ResultSet> monitor_get_list()
return set;
}
/**
* @brief Check if the monitor user has all required permissions to operate properly.
*
* @param service Monitor to inspect
* @param query Query to execute
* @return True on success, false if monitor credentials lack permissions
*/
bool check_monitor_permissions(Monitor* monitor, const char* query)
bool Monitor::test_permissions(const string& query)
{
auto monitor = this;
if (monitor->monitored_servers == NULL // No servers to check
|| config_get_global_options()->skip_permission_checks)
{
@ -719,7 +713,6 @@ bool check_monitor_permissions(Monitor* monitor, const char* query)
char* user = monitor->user;
char* dpasswd = decrypt_password(monitor->password);
MXS_CONFIG* cnf = config_get_global_options();
bool rval = false;
for (MXS_MONITORED_SERVER* mondb = monitor->monitored_servers; mondb; mondb = mondb->next)
@ -745,7 +738,7 @@ bool check_monitor_permissions(Monitor* monitor, const char* query)
break;
}
}
else if (mxs_mysql_query(mondb->con, query) != 0)
else if (mxs_mysql_query(mondb->con, query.c_str()) != 0)
{
switch (mysql_errno(mondb->con))
{
@ -763,10 +756,7 @@ bool check_monitor_permissions(Monitor* monitor, const char* query)
}
MXS_ERROR("[%s] Failed to execute query '%s' with user '%s'. MySQL error message: %s",
monitor->name,
query,
user,
mysql_error(mondb->con));
monitor->name, query.c_str(), user, mysql_error(mondb->con));
}
else
{
@ -2669,7 +2659,7 @@ bool MonitorWorker::configure(const MXS_CONFIG_PARAMETER* pParams)
return true;
}
bool MonitorWorker::has_sufficient_permissions() const
bool MonitorWorker::has_sufficient_permissions()
{
return true;
}

8
server/modules/monitor/auroramon/auroramon.cc
View File

@ -40,12 +40,10 @@ AuroraMonitor* AuroraMonitor::create(const std::string& name, const std::string&
return new AuroraMonitor(name, module);
}
bool AuroraMonitor::has_sufficient_permissions() const
bool AuroraMonitor::has_sufficient_permissions()
{
return check_monitor_permissions(m_monitor,
"SELECT @@aurora_server_id, server_id FROM "
"information_schema.replica_host_status "
"WHERE session_id = 'MASTER_SESSION_ID'");
return test_permissions("SELECT @@aurora_server_id, server_id FROM "
"information_schema.replica_host_status WHERE session_id = 'MASTER_SESSION_ID'");
}
/**

2
server/modules/monitor/auroramon/auroramon.hh
View File

@ -29,7 +29,7 @@ public:
static AuroraMonitor* create(const std::string& name, const std::string& module);
protected:
bool has_sufficient_permissions() const;
bool has_sufficient_permissions();
void update_server_status(MXS_MONITORED_SERVER* monitored_server);
private:

4
server/modules/monitor/csmon/csmon.cc
View File

@ -86,9 +86,9 @@ CsMonitor* CsMonitor::create(const std::string& name, const std::string& module)
return new CsMonitor(name, module);
}
bool CsMonitor::has_sufficient_permissions() const
bool CsMonitor::has_sufficient_permissions()
{
return check_monitor_permissions(m_monitor, alive_query);
return test_permissions(alive_query);
}
void CsMonitor::update_server_status(MXS_MONITORED_SERVER* srv)

2
server/modules/monitor/csmon/csmon.hh
View File

@ -25,7 +25,7 @@ public:
static CsMonitor* create(const std::string& name, const std::string& module);
protected:
bool has_sufficient_permissions() const;
bool has_sufficient_permissions();
void update_server_status(MXS_MONITORED_SERVER* monitored_server);
private:

4
server/modules/monitor/galeramon/galeramon.cc
View File

@ -118,9 +118,9 @@ bool GaleraMonitor::configure(const MXS_CONFIG_PARAMETER* params)
return true;
}
bool GaleraMonitor::has_sufficient_permissions() const
bool GaleraMonitor::has_sufficient_permissions()
{
return check_monitor_permissions(m_monitor, "SHOW STATUS LIKE 'wsrep_local_state'");
return test_permissions("SHOW STATUS LIKE 'wsrep_local_state'");
}
void GaleraMonitor::update_server_status(MXS_MONITORED_SERVER* monitored_server)

2
server/modules/monitor/galeramon/galeramon.hh
View File

@ -47,7 +47,7 @@ public:
protected:
bool configure(const MXS_CONFIG_PARAMETER* param);
bool has_sufficient_permissions() const;
bool has_sufficient_permissions();
void update_server_status(MXS_MONITORED_SERVER* monitored_server);
void pre_tick();
void post_tick();

2
server/modules/monitor/grmon/grmon.cc
View File

@ -40,7 +40,7 @@ GRMon* GRMon::create(const std::string& name, const std::string& module)
return new GRMon(name, module);
}
bool GRMon::has_sufficient_permissions() const
bool GRMon::has_sufficient_permissions()
{
return true;
}

2
server/modules/monitor/grmon/grmon.hh
View File

@ -29,7 +29,7 @@ public:
static GRMon* create(const std::string& name, const std::string& module);
protected:
bool has_sufficient_permissions() const;
bool has_sufficient_permissions();
void update_server_status(MXS_MONITORED_SERVER* monitored_server);
private:

4
server/modules/monitor/mmmon/mmmon.cc
View File

@ -69,9 +69,9 @@ bool MMMonitor::configure(const MXS_CONFIG_PARAMETER* params)
return true;
}
bool MMMonitor::has_sufficient_permissions() const
bool MMMonitor::has_sufficient_permissions()
{
return check_monitor_permissions(m_monitor, "SHOW SLAVE STATUS");
return test_permissions("SHOW SLAVE STATUS");
}
void MMMonitor::update_server_status(MXS_MONITORED_SERVER* monitored_server)

2
server/modules/monitor/mmmon/mmmon.hh
View File

@ -32,7 +32,7 @@ public:
protected:
bool configure(const MXS_CONFIG_PARAMETER* params);
bool has_sufficient_permissions() const;
bool has_sufficient_permissions();
void update_server_status(MXS_MONITORED_SERVER* monitored_server);
void post_tick();

4
server/modules/monitor/ndbclustermon/ndbclustermon.cc
View File

@ -37,9 +37,9 @@ NDBCMonitor* NDBCMonitor::create(const std::string& name, const std::string& mod
return new NDBCMonitor(name, module);
}
bool NDBCMonitor::has_sufficient_permissions() const
bool NDBCMonitor::has_sufficient_permissions()
{
return check_monitor_permissions(m_monitor, "SHOW STATUS LIKE 'Ndb_number_of_ready_data_nodes'");
return test_permissions("SHOW STATUS LIKE 'Ndb_number_of_ready_data_nodes'");
}
void NDBCMonitor::update_server_status(MXS_MONITORED_SERVER* monitored_server)

2
server/modules/monitor/ndbclustermon/ndbclustermon.hh
View File

@ -29,7 +29,7 @@ public:
static NDBCMonitor* create(const std::string& name, const std::string& module);
protected:
bool has_sufficient_permissions() const;
bool has_sufficient_permissions();
void update_server_status(MXS_MONITORED_SERVER* monitored_server);
private: