tidb icon indicating copy to clipboard operation
tidb copied to clipboard
verified publisher icon pingcap

lighting: lightning configuration tidb.tls = false should not affect cluster certificate (PD's connection)

Open ei-sugimoto opened this issue 1 year ago • 6 comments

What problem does this PR solve?

Issue Number: close #54172

Problem Summary: Based on the issue, my suggestion to fix the problem is to treat the d.Security and d.TLS settings separately in the DBStore.adjust function. Specifically, the d.Security setting should not be modified by the d.TLS value, so that even if the d.TLS setting is false, the cluster certificate (s.CAPath, s.CertPath, s.KeyPath, etc.) is Security to be set to d.Security. This ensures that the TLS setting for the TiDB connection does not affect the cluster certificate setting.

Translated with DeepL.com (free version)

What changed and how does it work?

Check List

Tests

  • [x] Unit test
  • [ ] Integration test
  • [ ] Manual test (add detailed scripts or steps below)
  • [ ] No need to test
    • [ ] I checked and no code files have been changed.

Side effects

  • [ ] Performance regression: Consumes more CPU
  • [ ] Performance regression: Consumes more Memory
  • [ ] Breaking backward compatibility

Documentation

  • [ ] Affects user behaviors
  • [ ] Contains syntax changes
  • [ ] Contains variable changes
  • [ ] Contains experimental features
  • [ ] Changes MySQL compatibility

Release note

Please refer to Release Notes Language Style Guide to write a quality release note.

None

ei-sugimoto avatar Jun 25 '24 15:06 ei-sugimoto

Hi @ei-sugimoto. Thanks for your PR.

I'm waiting for a pingcap member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

ti-chi-bot[bot] avatar Jun 25 '24 15:06 ti-chi-bot[bot]

Hi @ei-sugimoto. Thanks for your PR.

PRs from untrusted users cannot be marked as trusted with /ok-to-test in this repo meaning untrusted PR authors can never trigger tests themselves. Collaborators can still trigger tests on the PR using /test all.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

tiprow[bot] avatar Jun 25 '24 15:06 tiprow[bot]

/ok-to-test

hawkingrei avatar Jun 26 '24 01:06 hawkingrei

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 56.4985%. Comparing base (4381699) to head (fc75c29). Report is 16 commits behind head on master.

Additional details and impacted files 
@@                Coverage Diff                @@
##             master     #54211         +/-   ##
=================================================
- Coverage   72.8121%   56.4985%   -16.3136%     
=================================================
  Files          1526       1677        +151     
  Lines        435911     618816     +182905     
=================================================
+ Hits         317396     349622      +32226     
- Misses        98873     245073     +146200     
- Partials      19642      24121       +4479
Flag Coverage Δ
integration 38.7130% <91.6666%> (?)
unit 71.8172% <100.0000%> (+0.0176%) :arrow_up:

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
dumpling 52.9656% <ø> (ø)
parser ∅ <ø> (∅)
br 52.4604% <ø> (+6.3456%) :arrow_up:

codecov[bot] avatar Jun 26 '24 02:06 codecov[bot]

/cc @lance6716 @lyzx2001

lance6716 avatar Jun 27 '24 02:06 lance6716

/retest

lance6716 avatar Jul 01 '24 11:07 lance6716

/cc @D3Hunter @GMHDBJD

lance6716 avatar Jul 01 '24 11:07 lance6716

pls fix unit test

Sorry I missed the comment here https://github.com/pingcap/tidb/pull/54211#discussion_r1660650080 You can ignore the previous comment

lyzx2001 avatar Jul 02 '24 05:07 lyzx2001

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: lance6716, lyzx2001

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

ti-chi-bot[bot] avatar Jul 02 '24 05:07 ti-chi-bot[bot]

[LGTM Timeline notifier]

Timeline:

  • 2024-07-01 11:23:13.970840622 +0000 UTC m=+1237120.456329452: :ballot_box_with_check: agreed by lance6716.
  • 2024-07-02 05:54:54.202720284 +0000 UTC m=+1303820.688209116: :ballot_box_with_check: agreed by lyzx2001.

ti-chi-bot[bot] avatar Jul 02 '24 05:07 ti-chi-bot[bot]

/retest

lance6716 avatar Jul 02 '24 05:07 lance6716

/retest

lance6716 avatar Jul 02 '24 08:07 lance6716