hcq/oceanbase
hcq/oceanbase
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

hide sensitive parameters for user tenants

Browse Source
This commit is contained in:
496148326@qq.com 2024-02-02 22:51:29 +00:00 committed by ob-robot
parent 6bfc404874
commit 82bca8b7e9
4 changed files with 52 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/observer/virtual_table/ob_all_virtual_sys_parameter_stat.cpp
View File

@ -117,7 +117,12 @@ int ObAllVirtualSysParameterStat::inner_sys_get_next_row(ObNewRow *&row)
break;
}
case VALUE: {
cells[i].set_varchar(sys_iter_->second->str());
if ((!is_sys_tenant(effective_tenant_id_) || session_->is_inner()) &&
(0 == ObString(SSL_EXTERNAL_KMS_INFO).case_compare(sys_iter_->first.str()))) {
cells[i].set_varchar("");
} else {
cells[i].set_varchar(sys_iter_->second->str());
}
cells[i].set_collation_type(
ObCharset::get_default_collation(ObCharset::get_default_charset()));
break;

8
src/observer/virtual_table/ob_all_virtual_tenant_parameter_stat.cpp
View File

@ -276,7 +276,13 @@ int ObAllVirtualTenantParameterStat::fill_row_(common::ObNewRow *&row,
// default value should not be used when `compatible` is not loaded yet.
cells[i].set_varchar("0.0.0.0");
} else {
cells[i].set_varchar(iter->second->str());
if (!is_sys_tenant(effective_tenant_id_) &&
(0 == ObString(SSL_EXTERNAL_KMS_INFO).case_compare(iter->first.str()) ||
0 == ObString(EXTERNAL_KMS_INFO).case_compare(iter->first.str()))) {
cells[i].set_varchar("");
} else {
cells[i].set_varchar(iter->second->str());
}
}
cells[i].set_collation_type(
ObCharset::get_default_collation(ObCharset::get_default_charset()));

36
src/observer/virtual_table/ob_iterate_private_virtual_table.cpp
View File

@ -223,6 +223,20 @@ int ObIteratePrivateVirtualTable::add_extra_condition(common::ObSqlString &sql)
if (OB_FAIL(sql.append_fmt(" AND tenant_id = %lu", cur_tenant_id_))) {
LOG_WARN("append sql failed", KR(ret), K_(cur_tenant_id));
}
/*
* add filter for sensitive data, do not let this to influence other condition or
* be influenced by other
*/
if (OB_SUCC(ret)) {
if (!is_sys_tenant(effective_tenant_id_)) {
if (OB_TENANT_PARAMETER_TID == base_table_id_) {
if (OB_FAIL(sql.append_fmt(" AND name not in ('external_kms_info')"))) {
LOG_WARN("append filter sql failed", KR(ret), K_(cur_tenant_id), K_(base_table_id));
}
}
}
}
return ret;
}
@ -332,5 +346,27 @@ uint64_t ObIteratePrivateVirtualTable::get_exec_tenant_id_(const uint64_t tenant
return exec_tenant_id;
}
static int varchar_to_empty_string(const ObObj &src, ObObj &dst, ObIAllocator &allocator)
{
int ret = OB_SUCCESS;
dst = src;
dst.set_varchar("");
return ret;
}
int ObIteratePrivateVirtualTable::set_convert_func(convert_func_t &func,
const schema::ObColumnSchemaV2 &col, const schema::ObColumnSchemaV2 &base_col)
{
int ret = OB_SUCCESS;
if (!is_sys_tenant(effective_tenant_id_)) {
if (OB_ALL_RECOVER_TABLE_JOB_TID == base_table_id_ ||
OB_ALL_RECOVER_TABLE_JOB_HISTORY_TID == base_table_id_) {
if (base_col.get_column_name_str() == ObString::make_string("external_kms_info")) {
func = varchar_to_empty_string;
}
}
}
return ret;
}
} // end namespace observer
} // end namespace oceanbase

4
src/observer/virtual_table/ob_iterate_private_virtual_table.h
View File

@ -42,7 +42,6 @@ public:
virtual int do_open() override;
virtual int inner_get_next_row(common::ObNewRow *&row) override;
virtual int inner_close() override;
private:
virtual int init_non_exist_map_item(
MapItem &item, const share::schema::ObColumnSchemaV2 &col) override;
@ -53,6 +52,9 @@ private:
bool check_tenant_in_range_(const uint64_t tenant_id, const common::ObNewRange &range);
int next_tenant_();
uint64_t get_exec_tenant_id_(const uint64_t tenant_id);
virtual int set_convert_func(convert_func_t &func,
const share::schema::ObColumnSchemaV2 &col,
const share::schema::ObColumnSchemaV2 &base_col) override;
private:
int64_t tenant_idx_;
uint64_t cur_tenant_id_;