Merge pull request redpanda-data#17800 from pgellert/rbac/fix-rbac-mi…

…gration-idempotence rbac_migrator: suppress error on role_exists
WillemKauf · Apr 12, 2024 · 3e01a27 · 3e01a27
2 parents 7906102 + 33d857f
commit 3e01a27
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 1 deletion.
diff --git a/src/v/migrations/feature_migrator.h b/src/v/migrations/feature_migrator.h
@@ -43,6 +43,9 @@ class feature_migrator {
      * If not overriding `start` and `do_migrate`, then implement
      * `do_mutate` to express the change that should be made to
      * the system during upgrade.
+     *
+     * `do_mutate` should be idempotent as it may be executed multiple times if
+     * there is a leader reelection while do_mutate is being executed.
      */
     virtual ss::future<> do_mutate() { return ss::now(); }
     ss::future<> do_migrate();

diff --git a/src/v/migrations/rbac_migrator.cc b/src/v/migrations/rbac_migrator.cc
@@ -42,7 +42,17 @@ ss::future<> rbac_migrator::do_mutate() {
     auto err = co_await _controller.get_security_frontend().local().create_role(
       role_name, std::move(role), model::timeout_clock::now() + 5s);
 
-    if (err) {
+    if (err == cluster::errc::role_exists) {
+        // If the leader running the feature migration loses leadership after
+        // the role is created but before the feature migration is successfully
+        // completed, the next leader will redo the feature migration. In that
+        // case, we will get the role_exists error here, which we can safely
+        // ignore.
+        vlog(
+          featureslog.info,
+          "Default role '{}' already exists...",
+          security::default_role_name);
+    } else if (err) {
         vlog(
           featureslog.error,
           "Error while creating default role '{}': {}",