Skip to content

MDEV-35511: Backport fix for Audit log not reporting user in Galera cluster #4412

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
sjaakola wants to merge 1 commit into from
Closed

MDEV-35511: Backport fix for Audit log not reporting user in Galera cluster #4412

sjaakola wants to merge 1 commit into from

Conversation

@sjaakola
Copy link
Contributor

@sjaakola sjaakola commented Oct 31, 2025

  • *The Jira issue number for this PR is: MDEV-35511

Description

This PR assigns a user name "" for wsrep applier threads. With this change, audit log plugin will recognize applier threads and print events for their activities in the audit log.

Release Notes

audit log will have events for galera cluster replication applier operations with generic name

How can this PR be tested?

PR has a new mtr test: galera.MDEV-35511

TODO: modify the automated test suite to verify that the PR causes MariaDB to behave as intended.
Consult the documentation on "Writing good test cases".

If the changes are not amenable to automated testing, please explain why not and carefully describe how to test manually.

Basing the PR against the correct MariaDB version

  • This is a new feature or a refactoring, and the PR is based against the main branch.
  • [x ] This is a bug fix, and the PR is based against the earliest maintained branch in which the bug can be reproduced.

PR quality check

  • [ x] I checked the CODING_STANDARDS.md file and my PR conforms to this where appropriate.
  • [ x] For any trivial modifications to the PR, I am ok with the reviewer making the changes themselves.

@CLAassistant
Copy link

CLAassistant commented Oct 31, 2025
edited
Loading

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@svoj svoj added the Codership Codership Galera label Nov 2, 2025
janlindstrom
janlindstrom approved these changes Nov 5, 2025
View reviewed changes
Copy link
Contributor

@janlindstrom janlindstrom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

sql/sql_show.cc Outdated
/* USER */
val= tmp_sctx->user && tmp_sctx->user != slave_user ? tmp_sctx->user :
val= tmp_sctx->user && (tmp_sctx->user != slave_user &&
tmp_sctx->user != cluster_user) ? tmp_sctx->user :
Copy link
Contributor

@janlindstrom janlindstrom Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nick-pit: Formatting is incorrect.

@mariadb-RuchaDeodhar @sjaakola
MDEV-35511: Backport fix for Audit log not reporting user in Galera c…
41a2ccc 
…luster

Setting a nae for the the THD::security_ctx:user field for wsrep applier threads.
With this, the audit log events related to wsrep applying will be written in the
audit log.

Using user name <cluster user> for wsrep appliers. This is for having identical
look with async replication, which uses: <replication_user> user name.
Another option for <cluster user> could be e.g. <wsrep user>. Hoever, using galera
for user name is not a good pick, as the cluster may have (and soon will have)
other GCS backends.

Using same approach as async replication to replace the security_ctx user name
with "system user" for processlist output.

Commit has also mtr test galera.MDEV-35511, to vevrify wsrep applier audit logging.
The test does not install/uninstall audit log plugin, bu loads the audit log plugin
before the test. This is because uninstalling the audit log plugin gives a warning
saying that plugin is busy and uninstall will be delayed until server shutdown.
This anomaly must be because of the applier thread being active audit logger.
Same problem with plugin unsinstall happens also with async relication workers.
If plugn remains installed, the post test sanity check will complain of mismatching
state of pre and post test states.
vuvova
vuvova reviewed Nov 13, 2025
View reviewed changes
sql/mysqld.cc
const char *my_localhost= "localhost",
*delayed_user= "delayed", *slave_user= "<replication_slave>";
*delayed_user= "delayed", *slave_user= "<replication_slave>",
*cluster_user= "<cluster applier>";
Copy link
Member

@vuvova vuvova Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

isn't it supposed to be "wsrep applier" ?

@sjaakola
Copy link
Contributor Author

sjaakola commented Nov 13, 2025

moved to another PR for 10.11

@sjaakola sjaakola closed this Nov 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vuvova vuvova vuvova left review comments

@janlindstrom janlindstrom janlindstrom approved these changes

Assignees

No one assigned

Labels

Codership Codership Galera

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@sjaakola @CLAassistant @vuvova @janlindstrom @svoj @mariadb-RuchaDeodhar