New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
release-24.1: rpc,security,sql,cli: Add subject_required cluster setting #122368
Conversation
f3c686e
to
ba8667c
Compare
Thanks for opening a backport. Please check the backport criteria before merging:
If your backport adds new functionality, please ensure that the following additional criteria are satisfied:
Also, please add a brief release justification to the body of your PR to justify this |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @blathers-crl[bot] and @souravcrl)
-- commits
line 14 at r1:
does this need a release note to document the new public cluster setting?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @rafiss)
Previously, rafiss (Rafi Shamim) wrote…
does this need a release note to document the new public cluster setting?
Added a release note to PR description.
ba8667c
to
56a94ca
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @rafiss)
Previously, souravcrl wrote…
Added a release note to PR description.
updated the release note in the commit message also.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @blathers-crl[bot] and @souravcrl)
-- commits
line 9 at r3:
minor nit: the release note should have a category, like Release note (security update)
see: https://cockroachlabs.atlassian.net/wiki/spaces/CRDB/pages/186548364/Release+notes#Categories
also, instead of "We will be adding a cluster setting ..." the grammar should be in past or present tense. for example, "Added a cluster setting which mandates ..."
see: https://cockroachlabs.atlassian.net/wiki/spaces/CRDB/pages/186548364/Release+notes#Descriptions
feel free to merge once addressed
Previous in sequence: #120786 informs #110616, #118750 fixes CRDB-35884 Epic CRDB-34126 Release note (security update): We are adding a cluster setting `security.client_cert.subject_required.enabled` which mandates a requirement for role subject to be set either through subject role option or root-cert-distinguished-name and node-cert-distinguished-name. It controls both RPC access and login via authCert.
56a94ca
to
12d3238
Compare
👎 Rejected by label |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @rafiss)
Previously, rafiss (Rafi Shamim) wrote…
minor nit: the release note should have a category, like
Release note (security update)
see: https://cockroachlabs.atlassian.net/wiki/spaces/CRDB/pages/186548364/Release+notes#Categories
also, instead of "We will be adding a cluster setting ..." the grammar should be in past or present tense. for example, "Added a cluster setting which mandates ..."
see: https://cockroachlabs.atlassian.net/wiki/spaces/CRDB/pages/186548364/Release+notes#Descriptions
feel free to merge once addressed
Addressed the above. I have gone through the doc, will be mindful of these when making visible changes.
TRFR!
Backport 2/2 commits from #122105 on behalf of @souravcrl.
/cc @cockroachdb/release
Previous in sequence: #120786
informs #110616, #118750
fixes CRDB-35884
Epic CRDB-34126
Release note (security update): We are adding a cluster setting
security.client_cert.subject_required.enabled
which mandates a requirement forrole subject to be set either through subject role option or
root-cert-distinguished-name and node-cert-distinguished-name. It controls both
RPC access and login via authCert.
Release justification: the feature needs to be part of 24.1 release as part of epic, it completes a sequence of changes.