Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

*: support require-secure-transport startup option (#15341) #15415

Merged
merged 6 commits into from
Mar 18, 2020

Conversation

sre-bot
Copy link
Contributor

@sre-bot sre-bot commented Mar 17, 2020

cherry-pick #15341 to release-3.0


What problem does this PR solve?

fixes #15306

What is changed and how it works?

  • add --require-secure-transport startup option
  • reject non-TLS client connect to TiDB if require-secure-transport be enabled
  • startup failure if require-secure-transport be enabled but no avaliable cert/key/ca
  • reload failure if require-secure-transport be enabled event if with no rollback on error

Check List

Tests

  • Unit test
  • Integration test
  • Manual test
enable `require-secure-transport` and try non-TLS client

Code changes

  • imple change

Side effects

  • n/a

Related changes

  • Need to cherry-pick to the release branch
  • Need to update the documentation
  • Need to update the tidb-ansible repository

Release note

  • support --require-secure-transport startup option.

This change is Reviewable

Signed-off-by: sre-bot <sre-bot@pingcap.com>
@sre-bot
Copy link
Contributor Author

sre-bot commented Mar 17, 2020

/run-all-tests

@lysu
Copy link
Contributor

lysu commented Mar 17, 2020

/rebuild

@lysu
Copy link
Contributor

lysu commented Mar 17, 2020

need merge pingcap/parser#779 first

@lysu lysu force-pushed the release-3.0-aec614317956 branch from 1c9aa7f to ba7c9bc Compare March 17, 2020 06:43
@lysu lysu added the priority/release-blocker This issue blocks a release. Please solve it ASAP. label Mar 17, 2020
@lysu lysu requested a review from imtbkcat March 17, 2020 07:32
@lysu
Copy link
Contributor

lysu commented Mar 17, 2020

@imtbkcat @jackysp PTAL

Copy link
Member

@jackysp jackysp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copy link
Contributor

@lysu lysu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jackysp
Copy link
Member

jackysp commented Mar 17, 2020

/merge

1 similar comment
@jackysp
Copy link
Member

jackysp commented Mar 17, 2020

/merge

@sre-bot sre-bot added the status/can-merge Indicates a PR has been approved by a committer. label Mar 17, 2020
@sre-bot
Copy link
Contributor Author

sre-bot commented Mar 17, 2020

/run-all-tests

@sre-bot
Copy link
Contributor Author

sre-bot commented Mar 17, 2020

@sre-bot merge failed.

@lysu
Copy link
Contributor

lysu commented Mar 17, 2020

/run-all-tests

@jackysp
Copy link
Member

jackysp commented Mar 18, 2020

/merge

@sre-bot
Copy link
Contributor Author

sre-bot commented Mar 18, 2020

/run-all-tests

@sre-bot
Copy link
Contributor Author

sre-bot commented Mar 18, 2020

cherry pick to release-3.1 in PR #15442

lysu pushed a commit to sre-bot/tidb that referenced this pull request Mar 18, 2020
Signed-off-by: sre-bot <sre-bot@pingcap.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
component/config component/server priority/release-blocker This issue blocks a release. Please solve it ASAP. security Everything related with security sig/execution SIG execution status/can-merge Indicates a PR has been approved by a committer. type/3.0-cherry-pick
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants