Merge #113893 #117542 #117558 #117569 #117572

113893: cli: remove cockroach connect r=nvanbenschoten a=andrewbaptist `connect` was implemented as an experiment to allow bootstrapping nodes from other nodes CA's (#60632). The details are described here: https://github.com/aaron-crl/toy-secure-init-handshake/tree/n-way-join This implementation was never completed, and the visibility of this code can cause confusion. This PR removes all the code with the idea that we can bring it back later if necessary. Epic: none Release note (cli change): Removal of the `cockroach connect` functionality. 117542: sql: fix erroneous benchmark regressions r=mgartner a=mgartner Several benchmarks incorrectly included cluster shutdown as part of the benchmark timing. This caused major regressions in benchmarks when #117116 was merged because it made cluster shutdown slower. The benchmarks now stop the timer before initiating cluster shutdown to more accurately measure the code in question. Fixes #117494 Release note: None 117558: sql: add telemetry block regexps and fix flake r=mgartner a=mgartner #### sqltestutils: allow blocking regexps in telemetry feature list The `feature-allowlist` directive for telemetry tests has been renamed `feature-list` and it now supports blocking regexps. Any line in the `feature-list` that starts with "!" is a block regexp that prevents any features matching the regexp from being included in the output of the `feature-usage` and `feature-counters` directives. This is helpful because Go's regexps do not support negative look-aheads, so adding features that should not be matched is difficult and tedious. Release note: None #### sql: ignore "sql.schema.create_stats" in schema telemetry test This commit ignores the `sql.schema.create_stats` in the `schema` telemetry tests because it causes sporadic failures. Fixes #117309 Release note: None 117569: authors: add homa31 to authors r=homa31 a=homa31 Release note: None Epic: None 117572: *: Prep work for supporting CONFIGURE ZONE in declarative schema changer r=Xiang-Gu a=Xiang-Gu This PR consists several preparation work that will be needed for properly supporting CONFIGURE ZONE stmts in declarative schema changer. They're separated out for easier review and bc I expect those to be a lot less controversial than the main work. See each commit for details. Informs #117574 Epic: CRDB-31473 Co-authored-by: Andrew Baptist <baptist@cockroachlabs.com> Co-authored-by: Marcus Gartner <marcus@cockroachlabs.com> Co-authored-by: Howard Ma <howard.ma@cockroachlabs.com> Co-authored-by: Xiang Gu <xiang@cockroachlabs.com>
cockroachdb · Jan 11, 2024 · f428c19 · f428c19
6 parents d424c50 + ad4350a + 5e77ef4 + 819888b + 63427da + 6598a76
commit f428c19
Show file tree

Hide file tree

Showing 81 changed files with 274 additions and 3,918 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -123,7 +123,6 @@
 /pkg/cli/clisqlclient/       @cockroachdb/sql-foundations @cockroachdb/cli-prs
 /pkg/cli/clisqlexec/         @cockroachdb/sql-foundations @cockroachdb/cli-prs
 /pkg/cli/clisqlshell/        @cockroachdb/sql-foundations @cockroachdb/cli-prs
-/pkg/cli/connect*.go         @cockroachdb/prodsec        @cockroachdb/cli-prs
 /pkg/cli/context.go          @cockroachdb/cli-prs
 /pkg/cli/convert_url*        @cockroachdb/sql-foundations   @cockroachdb/cli-prs
 /pkg/cli/debug*.go           @cockroachdb/kv-prs         @cockroachdb/cli-prs
@@ -163,12 +162,10 @@
 # respective teams.
 #
 #!/pkg/server/                           @cockroachdb/unowned
-/pkg/server/addjoin*.go                  @cockroachdb/prodsec @cockroachdb/server-prs
 /pkg/server/admin*.go                    @cockroachdb/obs-inf-prs @cockroachdb/server-prs
 /pkg/server/api_v2*.go                   @cockroachdb/obs-inf-prs @cockroachdb/server-prs
 /pkg/server/api_v2_auth*.go              @cockroachdb/obs-inf-prs @cockroachdb/server-prs @cockroachdb/prodsec
 /pkg/server/authentication*.go           @cockroachdb/prodsec     @cockroachdb/server-prs
-/pkg/server/auto_tls_init*go             @cockroachdb/prodsec     @cockroachdb/server-prs
 /pkg/server/autoconfig/                  @cockroachdb/jobs-prs    @cockroachdb/multi-tenant
 /pkg/server/clock_monotonicity.go        @cockroachdb/kv-prs
 /pkg/server/combined_statement_stats*.go @cockroachdb/cluster-observability @cockroachdb/obs-inf-prs
@@ -186,7 +183,6 @@
 /pkg/server/import_ts*.go                @cockroachdb/obs-inf-prs @cockroachdb/server-prs  @cockroachdb/kv-prs
 /pkg/server/index_usage*.go              @cockroachdb/cluster-observability @cockroachdb/obs-inf-prs
 /pkg/server/init*.go                     @cockroachdb/kv-prs      @cockroachdb/server-prs
-/pkg/server/init_handshake*.go           @cockroachdb/prodsec     @cockroachdb/server-prs
 /pkg/server/intent_*.go                  @cockroachdb/kv-prs      @cockroachdb/server-prs
 /pkg/server/key_vis*                     @cockroachdb/cluster-observability @cockroachdb/obs-inf-prs
 /pkg/server/load_endpoint*               @cockroachdb/obs-inf-prs @cockroachdb/server-prs

diff --git a/AUTHORS b/AUTHORS
@@ -196,6 +196,7 @@ Harshit Chopra <harshit@squareup.com>
 Hayden A. James <hayden.james@gmail.com>
 Helen He <helenhe.mit@gmail.com> <@cockroachlabs.com>
 Herko Lategan <herko.lategan@gmail.com> <herko@cockroachlabs.com>
+Howard Ma <howard.ma@cockroachlabs.com>
 Ibrahim AshShohail <ibra.sho@gmail.com>
 Ian Evans <ian@cockroachlabs.com>
 Igor Kharin <igorkharin@gmail.com>

diff --git a/docs/generated/http/full.md b/docs/generated/http/full.md
@@ -5396,94 +5396,6 @@ Support status: [reserved](#support-status)
 
 
 
-## RequestCA
-
-`GET /_join/v1/ca`
-
-
-
-Support status: [reserved](#support-status)
-
-#### Request Parameters
-
-
-
-
-CARequest requests the CA cert anchoring this service.
-
-
-
-
-
-
-
-
-#### Response Parameters
-
-
-
-
-CAResponse contains a PEM encoded copy of the CA cert for this service.
-
-
-| Field | Type | Label | Description | Support status |
-| ----- | ---- | ----- | ----------- | -------------- |
-| ca_cert | [bytes](#cockroach.server.serverpb.CAResponse-bytes) |  |  | [reserved](#support-status) |
-
-
-
-
-
-
-
-## RequestCertBundle
-
-`GET /_join/v1/requestbundle`
-
-
-
-Support status: [reserved](#support-status)
-
-#### Request Parameters
-
-
-
-
-CertBundleRequest requests the bundle of initialization CAs for a new node.
-It provides authentication in the form of a joinToken containing a
-sharedSecret.
-
-
-| Field | Type | Label | Description | Support status |
-| ----- | ---- | ----- | ----------- | -------------- |
-| token_id | [string](#cockroach.server.serverpb.CertBundleRequest-string) |  |  | [reserved](#support-status) |
-| shared_secret | [bytes](#cockroach.server.serverpb.CertBundleRequest-bytes) |  |  | [reserved](#support-status) |
-
-
-
-
-
-
-
-#### Response Parameters
-
-
-
-
-CertBundleResponse contains a copy of all CAs needed to initialize TLS for
-a new node.
-
-
-| Field | Type | Label | Description | Support status |
-| ----- | ---- | ----- | ----------- | -------------- |
-| bundle | [bytes](#cockroach.server.serverpb.CertBundleResponse-bytes) |  |  | [reserved](#support-status) |
-
-
-
-
-
-
-
 ## Users
 
 `GET /_admin/v1/users`

diff --git a/pkg/acceptance/generated_cli_test.go b/pkg/acceptance/generated_cli_test.go
diff --git a/pkg/ccl/backupccl/restore_job.go b/pkg/ccl/backupccl/restore_job.go
@@ -2577,8 +2577,8 @@ func (r *restoreResumer) dropDescriptors(
 		// descriptors. To ensure that this happens quickly, we install a zone
 		// configuration for every table that we are going to drop with a small GC TTL.
 		canSetGCTTL := codec.ForSystemTenant() ||
-			(sql.SecondaryTenantZoneConfigsEnabled.Get(&r.execCfg.Settings.SV) &&
-				sql.SecondaryTenantsAllZoneConfigsEnabled.Get(&r.execCfg.Settings.SV))
+			(sqlclustersettings.SecondaryTenantZoneConfigsEnabled.Get(&r.execCfg.Settings.SV) &&
+				sqlclustersettings.SecondaryTenantsAllZoneConfigsEnabled.Get(&r.execCfg.Settings.SV))
 		if canSetGCTTL {
 			if err := setGCTTLForDroppingTable(
 				ctx, txn, descsCol, tableToDrop,

diff --git a/pkg/ccl/telemetryccl/testdata/telemetry/index b/pkg/ccl/telemetryccl/testdata/telemetry/index
@@ -1,6 +1,6 @@
 # This file contains telemetry tests for CCL-related index creation counters.
 
-feature-allowlist
+feature-list
 sql.schema.partitioned_inverted_index
 ----
 

diff --git a/pkg/ccl/telemetryccl/testdata/telemetry/multiregion b/pkg/ccl/telemetryccl/testdata/telemetry/multiregion
@@ -1,4 +1,4 @@
-feature-allowlist
+feature-list
 sql.multiregion.*
 ----
 
@@ -45,7 +45,7 @@ exec
 SET CLUSTER SETTING kv.rangefeed.closed_timestamp_refresh_interval = '10ms';
 ----
 
-feature-allowlist
+feature-list
 sql.plan.opt.locality-optimized-search
 ----
 
@@ -70,7 +70,7 @@ USE survive_region;
 CREATE TABLE t9 (a INT PRIMARY KEY) LOCALITY REGIONAL BY ROW
 ----
 
-feature-allowlist
+feature-list
 sql.multiregion.zone_configuration.override.*
 ----
 

diff --git a/pkg/ccl/telemetryccl/testdata/telemetry/multiregion_db b/pkg/ccl/telemetryccl/testdata/telemetry/multiregion_db
@@ -1,4 +1,4 @@
-feature-allowlist
+feature-list
 sql.multiregion.*
 ----
 

diff --git a/pkg/ccl/telemetryccl/testdata/telemetry/multiregion_row b/pkg/ccl/telemetryccl/testdata/telemetry/multiregion_row
@@ -1,4 +1,4 @@
-feature-allowlist
+feature-list
 sql.multiregion.*
 ----
 

diff --git a/pkg/ccl/telemetryccl/testdata/telemetry/multiregion_table b/pkg/ccl/telemetryccl/testdata/telemetry/multiregion_table
@@ -1,4 +1,4 @@
-feature-allowlist
+feature-list
 sql.multiregion.*
 ----
 

diff --git a/pkg/cli/BUILD.bazel b/pkg/cli/BUILD.bazel
@@ -10,8 +10,6 @@ go_library(
         "cert.go",
         "cli.go",
         "client_url.go",
-        "connect.go",
-        "connect_join.go",
         "context.go",
         "convert_url.go",
         "debug.go",
@@ -139,7 +137,6 @@ go_library(
         "//pkg/security",
         "//pkg/security/certnames",
         "//pkg/security/clientsecopts",
-        "//pkg/security/securityassets",
         "//pkg/security/securitytest",
         "//pkg/security/username",
         "//pkg/server",
@@ -315,7 +312,6 @@ go_test(
         "cert_test.go",
         "cli_debug_test.go",
         "cli_test.go",
-        "connect_join_test.go",
         "convert_url_test.go",
         "debug_check_store_test.go",
         "debug_job_trace_test.go",

diff --git a/pkg/cli/cli.go b/pkg/cli/cli.go
@@ -250,7 +250,6 @@ func init() {
 	cockroachCmd.AddCommand(
 		startCmd,
 		startSingleNodeCmd,
-		connectCmd,
 		initCmd,
 		certCmd,
 

diff --git a/pkg/cli/cliflags/flags.go b/pkg/cli/cliflags/flags.go
@@ -832,36 +832,6 @@ certificate can only be used if an identity map has been configured server-side.
 		Description: `Prompt for the new user's password.`,
 	}
 
-	InitToken = FlagInfo{
-		Name: "init-token",
-		Description: `Shared token for initialization of node TLS certificates.
-
-This flag is optional for the 'start' command. When omitted, the 'start'
-command expects the operator to prepare TLS certificates beforehand using
-the 'cert' command.
-
-This flag must be combined with --num-expected-initial-nodes.`,
-	}
-
-	NumExpectedInitialNodes = FlagInfo{
-		Name: "num-expected-initial-nodes",
-		Description: `Number of expected nodes during TLS certificate creation,
-including the node where the connect command is run.
-
-This flag must be combined with --init-token.`,
-	}
-
-	SingleNode = FlagInfo{
-		Name: "single-node",
-		Description: `Prepare the certificates for a subsequent 'start-single-node'
-command. The 'connect' command only runs cursory checks on the network
-configuration and does not wait for peers to auto-negotiate a common
-set of credentials.
-
-The --single-node flag is exclusive with the --init-num-peers and --init-token
-flags.`,
-	}
-
 	CertsDir = FlagInfo{
 		Name:        "certs-dir",
 		EnvVar:      "COCKROACH_CERTS_DIR",