Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

release-23.1: sql: add CREATEROLE, CREATELOGIN, CREATEDB, and CONTROLJOB system privileges #110359

Merged
merged 8 commits into from Sep 11, 2023
Merged

release-23.1: sql: add CREATEROLE, CREATELOGIN, CREATEDB, and CONTROLJOB system privileges #110359

merged 8 commits into from Sep 11, 2023

Conversation

andyyang890
Copy link
Collaborator

@andyyang890 andyyang890 commented Sep 11, 2023
edited

Backport:

Please see individual PRs for details.

/cc @cockroachdb/release

Release justification: Low risk, high benefit changes to existing functionality

@andyyang890
sql: refactor global privilege and legacy role option checking
f0e96e7 
This patch abstracts the logic for checking whether a user has a
global (system) privilege or the corresponding legacy role option
into a new function (`HasGlobalPrivilegeOrRoleOption`).

It also adds a wrapper function that returns an insufficient
privileges error when the user has neither the privilege nor
the legacy role option (`CheckGlobalPrivilegeOrRoleOption`).

Release note: None
@andyyang890
privilege: automate generation of AllPrivileges list
faad24c 
This patch automates the process of generating the `AllPrivileges` list
so that any newly added privileges will automatically be included.

Release note: None
@andyyang890
sql: add new CREATEROLE system privilege
879bc15 
This patch adds a new `CREATEROLE` system privilege, which is analogous
to the existing `CREATEROLE` role option, but can also be inherited
by role membership.

Release note (sql change): There is now a `CREATEROLE` system privilege,
which is analogous to the existing `CREATEROLE` role option, but can
also be inherited by role membership.
@andyyang890
privilege: automate generation of ByName map
a5d8545 
This patch automates the process of generating the `ByName` map so that
any newly added privileges will automatically be included.

Release note: None
@andyyang890
sql: add CREATELOGIN system privilege
9e60a58 
Release note (sql change): There is now a `CREATELOGIN` system privilege,
which is analogous to the existing `CREATELOGIN` role option, but can
also be inherited by role membership.
@andyyang890
sql: add CREATEDB system privilege
07bb33d 
Release note (sql change): There is now a `CREATEDB` system privilege,
which is analogous to the existing `CREATEDB` role option, but can
also be inherited by role membership.
@andyyang890
jobsauth: short circuit privilege check for ViewAccess
e16c339 
This patch updates the job authorization code to only check the VIEWJOB
privilege if the user does not have CONTROLJOB for ViewAccess.

It also updates the comment to reflect granting access when a user has
VIEWJOB and corrects a format specifier.

Release note: None
@andyyang890
sql: add CONTROLJOB system privilege
3d14270 
Release note (sql change): There is now a `CONTROLJOB` system privilege,
which is analogous to the existing `CONTROLJOB` role option, but can
also be inherited by role membership.
@andyyang890 andyyang890 requested review from a team as code owners September 11, 2023 18:04
@andyyang890 andyyang890 requested review from adityamaru and removed request for a team September 11, 2023 18:04
@blathers-crl
Copy link

blathers-crl bot commented Sep 11, 2023

Thanks for opening a backport.

Please check the backport criteria before merging:

  • Patches should only be created for serious issues or test-only changes.
  • Patches should not break backwards-compatibility.
  • Patches should change as little code as possible.
  • Patches should not change on-disk formats or node communication protocols.
  • Patches should not add new functionality.
  • Patches must not add, edit, or otherwise modify cluster versions; or add version gates.
If some of the basic criteria cannot be satisfied, ensure that the exceptional criteria are satisfied within.
  • There is a high priority need for the functionality that cannot wait until the next release and is difficult to address in another way.
  • The new functionality is additive-only and only runs for clusters which have specifically “opted in” to it (e.g. by a cluster setting).
  • New code is protected by a conditional check that is trivial to verify and ensures that it only runs for opt-in clusters.
  • The PM and TL on the team that owns the changed code have signed off that the change obeys the above rules.

Add a brief release justification to the body of your PR to justify this backport.

Some other things to consider:

  • What did we do to ensure that a user that doesn’t know & care about this backport, has no idea that it happened?
  • Will this work in a cluster of mixed patch versions? Did we test that?
  • If a user upgrades a patch version, uses this feature, and then downgrades, what happens?

@blathers-crl blathers-crl bot added the backport Label PR's that are backports to older release branches label Sep 11, 2023
@cockroach-teamcity
Copy link
Member

This change is Reviewable

andyyang890
andyyang890 commented Sep 11, 2023
View reviewed changes
Copy link
Collaborator Author

@andyyang890 andyyang890 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've left a comment on every file that had a merge conflict during the manual backport. It seems to be a pretty clean and straightforward backport overall.

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @adityamaru and @rafiss)

pkg/sql/crdb_internal.go line 2079 at r8 (raw file):

		for _, k := range settings.Keys(p.ExecCfg().Codec.ForSystemTenant()) {
			// If the user can only view sql.defaults settings, hide all other settings.
			if canViewSqlOnly && !strings.HasPrefix(k, "sql.defaults") {

Note: This file had a merge conflict. As far as I can tell, the only difference is that the type of k is string on release-23.1, while it is settings.InternalKey on master.

pkg/sql/grant_role.go line 71 at r8 (raw file):

	var err error
	if createRoleAllowsGrantRoleMembership.Get(&p.ExecCfg().Settings.SV) {
		allowedToGrantWithoutAdminOption, err = p.HasGlobalPrivilegeOrRoleOption(ctx, privilege.CREATEROLE)

Note: This file had a merge conflict since the createRoleAllowsGrantRoleMembership cluster setting doesn't exist on master anymore.

pkg/sql/revoke_role.go line 50 at r8 (raw file):

	var err error
	if createRoleAllowsGrantRoleMembership.Get(&p.ExecCfg().Settings.SV) {
		allowedToRevokeWithoutAdminOption, err = p.HasGlobalPrivilegeOrRoleOption(ctx, privilege.CREATEROLE)

Note: This file had a merge conflict since the createRoleAllowsGrantRoleMembership cluster setting doesn't exist on master anymore.

pkg/sql/set_cluster_setting.go line 66 at r8 (raw file):

}

func checkPrivilegesForSetting(ctx context.Context, p *planner, name string, action string) error {

Note: This file had a merge conflict. As far as I can tell, the only difference is that name has type string on release-23.1, while it has type settings.SettingName on master.

rafiss
rafiss approved these changes Sep 11, 2023
View reviewed changes
Copy link
Collaborator

@rafiss rafiss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for the detailed notes! made it very easy to review

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @adityamaru)

@andyyang890 andyyang890 merged commit b185c29 into cockroachdb:release-23.1 Sep 11, 2023
6 checks passed
@andyyang890 andyyang890 deleted the backport23.1-109652-109776-109258-110088-110220 branch September 11, 2023 23:14
This was referenced Sep 12, 2023
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rafiss rafiss rafiss approved these changes

@adityamaru adityamaru Awaiting requested review from adityamaru adityamaru is a code owner automatically assigned from cockroachdb/disaster-recovery

Assignees
No one assigned
Labels
backport Label PR's that are backports to older release branches
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@andyyang890 @cockroach-teamcity @rafiss