-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
backupccl: fix EXECUTE privileges #114203
Conversation
|
3ce0b7c
to
feb22e3
Compare
Your pull request contains more than 1000 changes. It is strongly encouraged to split big PRs into smaller chunks. 🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is dev-inf. |
// Version23_2 corresponds to descriptors created in 23.2 and onwards. These | ||
// descriptors that are function descriptions should have EXECUTE privileges | ||
// for the public role. | ||
Version23_2 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this require a new cluster version? I'm seeing TestSystemDatabaseSchemaBootstrapVersionBumped
fail with:
Check whether you need to bump systemschema.SystemDatabaseSchemaBootstrapVersion
and then update prevSystemHash to "7d089e4c69d8d6b164b3d1a04e0f3ad5f487f9138c9585bd00b37f397691a090".
The current value of SystemDatabaseSchemaBootstrapVersion is 1000023.1-32.
feb22e3
to
7400246
Compare
@@ -164,7 +164,7 @@ func TestSystemDatabaseSchemaBootstrapVersionBumped(t *testing.T) { | |||
|
|||
// If you need to update this value (i.e. failed this test), check whether | |||
// you need to bump systemschema.SystemDatabaseSchemaBootstrapVersion too. | |||
const prevSystemHash = "cd85ebe773d840ecaf39fd4ccbba6345f54d7414a95b5bf5be2fa4102c26c650" | |||
const prevSystemHash = "7d089e4c69d8d6b164b3d1a04e0f3ad5f487f9138c9585bd00b37f397691a090" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it ok to bump this without updating ystemschema.SystemDatabaseSchemaBootstrapVersion
in this case? The system schema should have no UDFs, AFAIK, so I thought just bumping this would be fine.
7400246
to
cc67995
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status:
complete! 0 of 0 LGTMs obtained (waiting on @mgartner and @yuzefovich)
pkg/sql/catalog/catpb/privilege.go
line 47 at r1 (raw file):
Previously, mgartner (Marcus Gartner) wrote…
Does this require a new cluster version? I'm seeing
TestSystemDatabaseSchemaBootstrapVersionBumped
fail with:Check whether you need to bump systemschema.SystemDatabaseSchemaBootstrapVersion and then update prevSystemHash to "7d089e4c69d8d6b164b3d1a04e0f3ad5f487f9138c9585bd00b37f397691a090". The current value of SystemDatabaseSchemaBootstrapVersion is 1000023.1-32.
i wouldn't expect this to need a new cluster version. the reason this is happening is bc now the hard-coded system database descriptors that are used if you bootstrap from 23.2 no longer match the descriptors that are created if you upgrade from 23.1 to 23.2.
the full comment is
// TestSystemDatabaseSchemaBootstrapVersionBumped serves as a reminder to bump
// systemschema.SystemDatabaseSchemaBootstrapVersion whenever a new upgrade
// creates or modifies the schema of system tables. We unfortunately cannot
// programmatically determine if an upgrade should bump the version so by
// adding a test failure when the initial values change, the programmer and
// code reviewers are reminded to manually check whether the version should
// be bumped.
i think what we want here is just to change prevSystemHash
i also think we might want to use
var SystemDatabaseSchemaBootstrapVersion \= clusterversion.ByKey(clusterversion.V23\_2)
in pkg/sql/catalog/systemschema/system.go. but i'm asking about that here
pkg/sql/catalog/funcdesc/func_desc_builder.go
line 121 at r3 (raw file):
// Grant EXECUTE privilege on the function for the public role if the // descriptor was created before v23.2. This mimics the // grantExecuteToPublicOnAllFunctions descriptor upgrade.
an interesting consequence of adding this logic here is that the grantExecuteToPublicOnAllFunctions
upgrade is no longer necessary. the reason is that there already is an upgrade called FirstUpgradeFromRelease
that will run all the post-deserialization changes on all descriptors.
i guess there's no harm in keeping grantExecuteToPublicOnAllFunctions
though.
pkg/sql/catalog/funcdesc/func_desc_builder.go
line 129 at r3 (raw file):
false, /* withGrantOption */ ) desc.GetPrivileges().SetVersion(catpb.Version23_2)
i believe you need a line like
fdb.changes.Add(catalog.GrantedExecuteToPublicRole)
(and create the GrantedExecuteToPublicRole
enum)
cc67995
to
05ff156
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status:
complete! 0 of 0 LGTMs obtained (waiting on @rafiss and @yuzefovich)
pkg/sql/catalog/funcdesc/func_desc_builder.go
line 121 at r3 (raw file):
Previously, rafiss (Rafi Shamim) wrote…
an interesting consequence of adding this logic here is that the
grantExecuteToPublicOnAllFunctions
upgrade is no longer necessary. the reason is that there already is an upgrade calledFirstUpgradeFromRelease
that will run all the post-deserialization changes on all descriptors.i guess there's no harm in keeping
grantExecuteToPublicOnAllFunctions
though.
I've removed it — the best code is no code.
pkg/sql/catalog/funcdesc/func_desc_builder.go
line 129 at r3 (raw file):
Previously, rafiss (Rafi Shamim) wrote…
i believe you need a line like
fdb.changes.Add(catalog.GrantedExecuteToPublicRole)
(and create the
GrantedExecuteToPublicRole
enum)
I didn't need it before when this was in RunRestoreChanges
(or maybe I did?), but I've added it now that I've moved this logic to RunPostDeserializationChanges
.
d8f1c2f
to
86a08ba
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status:
complete! 0 of 0 LGTMs obtained (waiting on @mgartner and @yuzefovich)
pkg/sql/catalog/bootstrap/bootstrap_test.go
line 167 at r2 (raw file):
Previously, mgartner (Marcus Gartner) wrote…
Is it ok to bump this without updating
ystemschema.SystemDatabaseSchemaBootstrapVersion
in this case? The system schema should have no UDFs, AFAIK, so I thought just bumping this would be fine.
yeah i think just bumping the hash should be fine
ee90df1
to
da9bc9f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm! thanks for taking this on
Reviewable status:
complete! 0 of 0 LGTMs obtained (waiting on @dt and @mgartner)
pkg/ccl/backupccl/testdata/backup-restore/user-defined-functions
line 412 at r2 (raw file):
SHOW GRANTS ON FUNCTION add ---- db1 public 100109 add(int8, int8) admin ALL true
unrelated for now, but i am surprised by our decision to include the function ID in the results, given that SHOW commands are intended for usage by humans, not computers.
This commit fixes some bugs with restoring UDFs from a backup: 1. Restoring UDFs from a backup created on a v23.1 cluster will have `EXECUTE` privilege added for the public role, matching the new default privileges for functions in v23.2. This ensures that the backed-up functions can be executed without privilege errors. 2. Restoring a full cluster from a v23.2 backup with UDFs will retain the original privileges of the UDF. For example, if EXECUTE privileges on the public role have been revoked, they will remain revoked after the restore. 3. Restoring UDFs from a partial v23.2 backup, i.e., not a full cluster backup, will now have default privileges, including `EXECUTE` privilege for the public role. Fixes cockroachdb#112866 There is no release note because no release includes this issue. Release note: None
The `grantExecuteToPublicOnAllFunctions` upgrade is no longer necessary because post-serialization changes now grant `EXECUTE` on functions to the public role. The upgrade has been removed. Release note: None
da9bc9f
to
1d3b393
Compare
bors r+ |
Previously, rafiss (Rafi Shamim) wrote…
@chengxiong-ruan any reason we included this? I'll remove it if not. |
Previously, mgartner (Marcus Gartner) wrote…
I don't have a strong reason, just thought it might be good for debugging. But, since we also have function signature, function id is really not needed for sure. |
Build succeeded: |
Encountered an error creating backports. Some common things that can go wrong:
You might need to create your backport manually using the backport tool. error creating merge commit from 074b3e9 to blathers/backport-release-23.2-114203: POST https://api.github.com/repos/cockroachdb/cockroach/merges: 409 Merge conflict [] you may need to manually resolve merge conflicts with the backport tool. Backport to branch 23.2.x failed. See errors above. 🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is dev-inf. |
I still need to backport this. |
backupccl: fix EXECUTE privileges
This commit fixes some bugs with restoring UDFs from a backup:
EXECUTE
privilege added for the public role, matching the newdefault privileges for functions in v23.2. This ensures that the
backed-up functions can be executed without privilege errors.
the original privileges of the UDF. For example, if EXECUTE
privileges on the public role have been revoked, they will remain
revoked after the restore.
backup, will now have default privileges, including
EXECUTE
privilege for the public role.
Fixes #112866
There is no release note because no release includes this issue.
Release note: None
upgrade: remove grantExecuteToPublicOnAllFunctions upgrade
The
grantExecuteToPublicOnAllFunctions
upgrade is no longer necessarybecause post-serialization changes now grant
EXECUTE
on functions tothe public role. The upgrade has been removed.
Release note: None