hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-2177 Move check_monitor_permissions() into class

Browse Source
This commit is contained in:
Esa Korhonen
2019-01-23 18:03:41 +02:00
parent ddaba28d78
commit 10dc0f53e0
14 changed files with 34 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
include/maxscale/monitor.hh
View File

@ -244,6 +244,16 @@ public:
uint64_t events; /**< Enabled monitor events. */ uint64_t events; /**< Enabled monitor events. */
protected: protected:
/**
* Check if the monitor user can execute a query. The query should be such that it only succeeds if
* the monitor user has all required permissions. Servers which are down are skipped.
*
* @param query Query to test with
* @return True on success, false if monitor credentials lack permissions
*/
bool test_permissions(const std::string& query);
/** /**
* Contains monitor base class settings. Since monitors are stopped before a setting change, * Contains monitor base class settings. Since monitors are stopped before a setting change,
* the items cannot be modified while a monitor is running. No locking required. * the items cannot be modified while a monitor is running. No locking required.
@ -286,8 +296,6 @@ extern const char CN_MONITOR_INTERVAL[];
extern const char CN_SCRIPT[]; extern const char CN_SCRIPT[];
extern const char CN_SCRIPT_TIMEOUT[]; extern const char CN_SCRIPT_TIMEOUT[];
bool check_monitor_permissions(Monitor* monitor, const char* query);
/** /**
* Store the current server status to the previous and pending status * Store the current server status to the previous and pending status
* fields of the monitored server. * fields of the monitored server.
@ -614,7 +622,7 @@ protected:
* *
* @return True, if the monitor user has sufficient rights, false otherwise. * @return True, if the monitor user has sufficient rights, false otherwise.
*/ */
virtual bool has_sufficient_permissions() const; virtual bool has_sufficient_permissions();
/** /**
* @brief Flush pending server status to each server. * @brief Flush pending server status to each server.

20
server/core/monitor.cc
View File

@ -702,15 +702,9 @@ std::unique_ptr<ResultSet> monitor_get_list()
return set; return set;
} }
/** bool Monitor::test_permissions(const string& query)
* @brief Check if the monitor user has all required permissions to operate properly.
*
* @param service Monitor to inspect
* @param query Query to execute
* @return True on success, false if monitor credentials lack permissions
*/
bool check_monitor_permissions(Monitor* monitor, const char* query)
{ {
auto monitor = this;
if (monitor->monitored_servers == NULL // No servers to check if (monitor->monitored_servers == NULL // No servers to check
|| config_get_global_options()->skip_permission_checks) || config_get_global_options()->skip_permission_checks)
{ {
@ -719,7 +713,6 @@ bool check_monitor_permissions(Monitor* monitor, const char* query)
char* user = monitor->user; char* user = monitor->user;
char* dpasswd = decrypt_password(monitor->password); char* dpasswd = decrypt_password(monitor->password);
MXS_CONFIG* cnf = config_get_global_options();
bool rval = false; bool rval = false;
for (MXS_MONITORED_SERVER* mondb = monitor->monitored_servers; mondb; mondb = mondb->next) for (MXS_MONITORED_SERVER* mondb = monitor->monitored_servers; mondb; mondb = mondb->next)
@ -745,7 +738,7 @@ bool check_monitor_permissions(Monitor* monitor, const char* query)
break; break;
} }
} }
else if (mxs_mysql_query(mondb->con, query) != 0) else if (mxs_mysql_query(mondb->con, query.c_str()) != 0)
{ {
switch (mysql_errno(mondb->con)) switch (mysql_errno(mondb->con))
{ {
@ -763,10 +756,7 @@ bool check_monitor_permissions(Monitor* monitor, const char* query)
} }
MXS_ERROR("[%s] Failed to execute query '%s' with user '%s'. MySQL error message: %s", MXS_ERROR("[%s] Failed to execute query '%s' with user '%s'. MySQL error message: %s",
monitor->name, monitor->name, query.c_str(), user, mysql_error(mondb->con));
query,
user,
mysql_error(mondb->con));
} }
else else
{ {
@ -2669,7 +2659,7 @@ bool MonitorWorker::configure(const MXS_CONFIG_PARAMETER* pParams)
return true; return true;
} }
bool MonitorWorker::has_sufficient_permissions() const bool MonitorWorker::has_sufficient_permissions()
{ {
return true; return true;
} }

8
server/modules/monitor/auroramon/auroramon.cc
View File

@ -40,12 +40,10 @@ AuroraMonitor* AuroraMonitor::create(const std::string& name, const std::string&
return new AuroraMonitor(name, module); return new AuroraMonitor(name, module);
} }
bool AuroraMonitor::has_sufficient_permissions() const bool AuroraMonitor::has_sufficient_permissions()
{ {
return check_monitor_permissions(m_monitor, return test_permissions("SELECT @@aurora_server_id, server_id FROM "
"SELECT @@aurora_server_id, server_id FROM " "information_schema.replica_host_status WHERE session_id = 'MASTER_SESSION_ID'");
"information_schema.replica_host_status "
"WHERE session_id = 'MASTER_SESSION_ID'");
} }
/** /**

2
server/modules/monitor/auroramon/auroramon.hh
View File

@ -29,7 +29,7 @@ public:
static AuroraMonitor* create(const std::string& name, const std::string& module); static AuroraMonitor* create(const std::string& name, const std::string& module);
protected: protected:
bool has_sufficient_permissions() const; bool has_sufficient_permissions();
void update_server_status(MXS_MONITORED_SERVER* monitored_server); void update_server_status(MXS_MONITORED_SERVER* monitored_server);
private: private:

4
server/modules/monitor/csmon/csmon.cc
View File

@ -86,9 +86,9 @@ CsMonitor* CsMonitor::create(const std::string& name, const std::string& module)
return new CsMonitor(name, module); return new CsMonitor(name, module);
} }
bool CsMonitor::has_sufficient_permissions() const bool CsMonitor::has_sufficient_permissions()
{ {
return check_monitor_permissions(m_monitor, alive_query); return test_permissions(alive_query);
} }
void CsMonitor::update_server_status(MXS_MONITORED_SERVER* srv) void CsMonitor::update_server_status(MXS_MONITORED_SERVER* srv)

2
server/modules/monitor/csmon/csmon.hh
View File

@ -25,7 +25,7 @@ public:
static CsMonitor* create(const std::string& name, const std::string& module); static CsMonitor* create(const std::string& name, const std::string& module);
protected: protected:
bool has_sufficient_permissions() const; bool has_sufficient_permissions();
void update_server_status(MXS_MONITORED_SERVER* monitored_server); void update_server_status(MXS_MONITORED_SERVER* monitored_server);
private: private:

4
server/modules/monitor/galeramon/galeramon.cc
View File

@ -118,9 +118,9 @@ bool GaleraMonitor::configure(const MXS_CONFIG_PARAMETER* params)
return true; return true;
} }
bool GaleraMonitor::has_sufficient_permissions() const bool GaleraMonitor::has_sufficient_permissions()
{ {
return check_monitor_permissions(m_monitor, "SHOW STATUS LIKE 'wsrep_local_state'"); return test_permissions("SHOW STATUS LIKE 'wsrep_local_state'");
} }
void GaleraMonitor::update_server_status(MXS_MONITORED_SERVER* monitored_server) void GaleraMonitor::update_server_status(MXS_MONITORED_SERVER* monitored_server)

2
server/modules/monitor/galeramon/galeramon.hh
View File

@ -47,7 +47,7 @@ public:
protected: protected:
bool configure(const MXS_CONFIG_PARAMETER* param); bool configure(const MXS_CONFIG_PARAMETER* param);
bool has_sufficient_permissions() const; bool has_sufficient_permissions();
void update_server_status(MXS_MONITORED_SERVER* monitored_server); void update_server_status(MXS_MONITORED_SERVER* monitored_server);
void pre_tick(); void pre_tick();
void post_tick(); void post_tick();

2
server/modules/monitor/grmon/grmon.cc
View File

@ -40,7 +40,7 @@ GRMon* GRMon::create(const std::string& name, const std::string& module)
return new GRMon(name, module); return new GRMon(name, module);
} }
bool GRMon::has_sufficient_permissions() const bool GRMon::has_sufficient_permissions()
{ {
return true; return true;
} }

2
server/modules/monitor/grmon/grmon.hh
View File

@ -29,7 +29,7 @@ public:
static GRMon* create(const std::string& name, const std::string& module); static GRMon* create(const std::string& name, const std::string& module);
protected: protected:
bool has_sufficient_permissions() const; bool has_sufficient_permissions();
void update_server_status(MXS_MONITORED_SERVER* monitored_server); void update_server_status(MXS_MONITORED_SERVER* monitored_server);
private: private:

4
server/modules/monitor/mmmon/mmmon.cc
View File

@ -69,9 +69,9 @@ bool MMMonitor::configure(const MXS_CONFIG_PARAMETER* params)
return true; return true;
} }
bool MMMonitor::has_sufficient_permissions() const bool MMMonitor::has_sufficient_permissions()
{ {
return check_monitor_permissions(m_monitor, "SHOW SLAVE STATUS"); return test_permissions("SHOW SLAVE STATUS");
} }
void MMMonitor::update_server_status(MXS_MONITORED_SERVER* monitored_server) void MMMonitor::update_server_status(MXS_MONITORED_SERVER* monitored_server)

2
server/modules/monitor/mmmon/mmmon.hh
View File

@ -32,7 +32,7 @@ public:
protected: protected:
bool configure(const MXS_CONFIG_PARAMETER* params); bool configure(const MXS_CONFIG_PARAMETER* params);
bool has_sufficient_permissions() const; bool has_sufficient_permissions();
void update_server_status(MXS_MONITORED_SERVER* monitored_server); void update_server_status(MXS_MONITORED_SERVER* monitored_server);
void post_tick(); void post_tick();

4
server/modules/monitor/ndbclustermon/ndbclustermon.cc
View File

@ -37,9 +37,9 @@ NDBCMonitor* NDBCMonitor::create(const std::string& name, const std::string& mod
return new NDBCMonitor(name, module); return new NDBCMonitor(name, module);
} }
bool NDBCMonitor::has_sufficient_permissions() const bool NDBCMonitor::has_sufficient_permissions()
{ {
return check_monitor_permissions(m_monitor, "SHOW STATUS LIKE 'Ndb_number_of_ready_data_nodes'"); return test_permissions("SHOW STATUS LIKE 'Ndb_number_of_ready_data_nodes'");
} }
void NDBCMonitor::update_server_status(MXS_MONITORED_SERVER* monitored_server) void NDBCMonitor::update_server_status(MXS_MONITORED_SERVER* monitored_server)

2
server/modules/monitor/ndbclustermon/ndbclustermon.hh
View File

@ -29,7 +29,7 @@ public:
static NDBCMonitor* create(const std::string& name, const std::string& module); static NDBCMonitor* create(const std::string& name, const std::string& module);
protected: protected:
bool has_sufficient_permissions() const; bool has_sufficient_permissions();
void update_server_status(MXS_MONITORED_SERVER* monitored_server); void update_server_status(MXS_MONITORED_SERVER* monitored_server);
private: private: