session, variable: add privilege check to set session_states

[djshow832]

What problem does this PR solve?

Issue Number: close #59600

Problem Summary:
set session_states sets the current resource group but doesn't check the dynamic privilege.

What changed and how does it work?

If the resource group changes and tidb_resource_control_strict_mode is ON, check the privilege.

Check List

Tests

• Unit test
• Integration test
• Manual test (add detailed scripts or steps below)
• No need to test

  • I checked and no code files have been changed.

Side effects

• Performance regression: Consumes more CPU
• Performance regression: Consumes more Memory
• Breaking backward compatibility

Documentation

• Affects user behaviors
• Contains syntax changes
• Contains variable changes
• Contains experimental features
• Changes MySQL compatibility

Release note

Please refer to Release Notes Language Style Guide to write a quality release note.

- Fix missing dynamic privilege check to `SET SESSION_STATES`.

[tiprow]

Hi @djshow832. Thanks for your PR.

PRs from untrusted users cannot be marked as trusted with /ok-to-test in this repo meaning untrusted PR authors can never trigger tests themselves. Collaborators can still trigger tests on the PR using /test all.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 73.5822%. Comparing base (513bfeb) to head (9a8c5e5).
Report is 8 commits behind head on master.

Additional details and impacted files

@@               Coverage Diff                @@
##             master     #59601        +/-   ##
================================================
+ Coverage   73.0188%   73.5822%   +0.5633%     
================================================
  Files          1694       1694                
  Lines        468298     470964      +2666     
================================================
+ Hits         341946     346546      +4600     
+ Misses       105335     103398      -1937     
- Partials      21017      21020         +3     

Flag	Coverage Δ
integration	42.9154% <93.7500%> (?)
unit	72.4139% <75.0000%> (+0.2014%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
dumpling	52.6910% <ø> (ø)
parser	∅ <ø> (∅)
br	45.2342% <ø> (+0.0342%)	⬆️

[YangKeao]

LGTM

[djshow832]

/retest

[tiprow]

@djshow832: Cannot trigger testing until a trusted user reviews the PR and leaves an /ok-to-test message.

In response to this:

/retest

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[djshow832]

/ok-to-test

[ti-chi-bot]

[LGTM Timeline notifier]

Timeline:

• 2025-02-18 08:20:10.952297972 +0000 UTC m=+949453.348520034: ☑️ agreed by YangKeao.
• 2025-02-18 11:47:19.139357129 +0000 UTC m=+961881.535579184: ☑️ agreed by xhebox.

[ti-chi-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: xhebox, YangKeao, yudongusa

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [YangKeao,xhebox]
• pkg/sessionctx/variable/OWNERS [yudongusa]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment