Sidecar database schema actions for online DDL performed with vt_app user instead of vt_dba

Scenario:

Use OnlineDDL while enabling general_log on the backend primary MySQL instance.
Perform an online DDL action
Review the general log
Observe that the schema actions against the _vt sidecar database (i.e. ApplyDDL from go/vt/vttablet/onlineddl/schema.go) are performed using the vt_app user.

Evidence from general log:

2021-08-11T04:17:28.118959Z        45 Connect   vt_app@localhost on vt_keyspace1 using Socket
2021-08-11T04:17:28.119480Z        45 Query     create database if not exists _vt
2021-08-11T04:17:28.121178Z        45 Query     CREATE TABLE IF NOT EXISTS _vt.schema_migrations (
2021-08-11T04:17:28.151349Z        45 Query     ALTER TABLE _vt.schema_migrations add column retries int unsigned NOT NULL DEFAULT 0
2021-08-11T04:17:28.173424Z        45 Query     ALTER TABLE _vt.schema_migrations add column tablet varchar(128) NOT NULL DEFAULT ''
2021-08-11T04:17:28.190063Z        45 Query     ALTER TABLE _vt.schema_migrations modify artifacts TEXT NOT NULL
2021-08-11T04:17:28.228835Z        45 Query     ALTER TABLE _vt.schema_migrations add column tablet_failure tinyint unsigned NOT NULL DEFAULT 0
2021-08-11T04:17:28.245104Z        45 Query     ALTER TABLE _vt.schema_migrations add KEY tablet_failure_idx (tablet_failure, migration_status, retries)
2021-08-11T04:17:28.260481Z        45 Query     ALTER TABLE _vt.schema_migrations add column progress float NOT NULL DEFAULT 0
2021-08-11T04:17:28.276114Z        45 Query     ALTER TABLE _vt.schema_migrations add column migration_context varchar(1024) NOT NULL DEFAULT ''
2021-08-11T04:17:28.294744Z        45 Query     ALTER TABLE _vt.schema_migrations add column ddl_action varchar(16) NOT NULL DEFAULT ''
2021-08-11T04:17:28.316323Z        45 Query     ALTER TABLE _vt.schema_migrations add column message TEXT NOT NULL
2021-08-11T04:17:28.333663Z        45 Query     ALTER TABLE _vt.schema_migrations add KEY table_complete_idx (migration_status, keyspace(64), mysql_table(64), completed_timestamp)
2021-08-11T04:17:28.352595Z        45 Query     ALTER TABLE _vt.schema_migrations add column eta_seconds bigint NOT NULL DEFAULT -1
2021-08-11T04:17:28.371688Z        45 Query     ALTER TABLE _vt.schema_migrations add column rows_copied bigint unsigned NOT NULL DEFAULT 0
2021-08-11T04:17:28.394023Z        45 Query     ALTER TABLE _vt.schema_migrations add column table_rows bigint NOT NULL DEFAULT 0
2021-08-11T04:17:28.412150Z        45 Query     ALTER TABLE _vt.schema_migrations add column added_unique_keys int unsigned NOT NULL DEFAULT 0
2021-08-11T04:17:28.430756Z        45 Query     ALTER TABLE _vt.schema_migrations add column removed_unique_keys int unsigned NOT NULL DEFAULT 0
2021-08-11T04:17:28.451976Z        45 Query     ALTER TABLE _vt.schema_migrations add column log_file varchar(1024) NOT NULL DEFAULT ''

etc.

Issue:

The vt_app user may not (or should not?) be granted DDL privileges in some setups; that being reserved for the vt_dba user.

Analysis:

ApplyDDL from here: https://github.com/vitessio/vitess/blob/main/go/vt/vttablet/onlineddl/executor.go#L236 eventualy operates on a pool opened here: https://github.com/vitessio/vitess/blob/main/go/vt/vttablet/onlineddl/executor.go#L263
This pool Open function creates it's connections using the app user (vt_app) params passed in, as can be seen here: https://github.com/vitessio/vitess/blob/main/go/vt/vttablet/tabletserver/connpool/pool.go#L109

vitessio / vitess

Sidecar database schema actions for online DDL performed with vt_app user instead of vt_dba #8621