forked from cockroachdb/cockroach
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
multitenant: allow secondary tenants to split/scatter by default
AdminSplit and AdminScatter requests are subject to capability checks. Previously, these capabilities were codified in the "enabled" form. As such, by default, secondary tenants did not have the ability to perform these operations. This is in violation of what secondary tenants could do prior to 23.1, at a time before capabilities existed. Moreover, RESTORE/IMPORT rely on performing these operations for performance. This made disallowing these operations by default a performance regression. This patch flips the phrasing of how these capabilities are stored on the proto to use the "disable" verbiage. As such, secondary tenants are able to perform splits and scatters by default. However, no change is made to the public interface -- users above the `tenantcapabilitiespb` package continue to interact with these capabilities as they were before, oblivious to how these things are stored on disk. There's a few testing changes here: - As part of this change, we also clean up a testing knob that was used by various backup, CDC, and logictests to override capability checks in the authorizer. This isn't required with the new default behaviour. - We also add some missing E2E tests for the `CanAdminUnsplit` capability which were missing when it was introduced. - The construction of `TestMultiTenantAdminFunction` was making it cumborsome to work with now that we have changed the default behavior of splits and scatters. Instead of trying to wrestle with that test, I decided to convert some of the SPLIT/SCATTER tests to the datadriven E2E tests we have for capabilities. At some point, we should get rid of this entire thing, but I'm going to limit scope here for now. Fixes cockroachdb#96736 Release note: None
- Loading branch information
1 parent
c31c1ac
commit 413578b
Showing
37 changed files
with
357 additions
and
261 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 change: 0 additions & 1 deletion
1
pkg/ccl/logictestccl/testdata/logic_test/partitioning_hash_sharded_index_mr
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 change: 0 additions & 1 deletion
1
pkg/ccl/logictestccl/testdata/logic_test/partitioning_hash_sharded_index_query_plan
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,3 @@ | ||
# cluster-opt: can-admin-split | ||
# LogicTest: 5node !metamorphic-batch-sizes | ||
|
||
statement ok | ||
|
1 change: 0 additions & 1 deletion
1
pkg/ccl/logictestccl/testdata/logic_test/regional_by_row_hash_sharded_index
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
79 changes: 79 additions & 0 deletions
79
pkg/ccl/multitenantccl/tenantcapabilitiesccl/testdata/can_admin_scatter
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
query-sql-system | ||
SELECT * FROM [SHOW TENANT [10] WITH CAPABILITIES] WHERE capability_id = 'can_admin_scatter' | ||
---- | ||
10 tenant-10 ready none can_admin_scatter true | ||
|
||
exec-sql-tenant | ||
CREATE TABLE t(a INT) | ||
---- | ||
ok | ||
|
||
exec-sql-tenant | ||
CREATE INDEX idx on t(a) | ||
---- | ||
ok | ||
|
||
# By default, we should be able to scatter. | ||
exec-privileged-op-tenant | ||
ALTER TABLE t SCATTER | ||
---- | ||
ok | ||
|
||
# ditto for the index. | ||
exec-privileged-op-tenant | ||
ALTER INDEX t@idx SCATTER | ||
---- | ||
ok | ||
|
||
|
||
update-capabilities | ||
ALTER TENANT [10] GRANT CAPABILITY can_admin_scatter=false | ||
---- | ||
ok | ||
|
||
exec-privileged-op-tenant | ||
ALTER TABLE t SCATTER | ||
---- | ||
pq: ba: AdminScatter [/Tenant/10/Table/104/1,/Tenant/10/Table/104/2) RPC error: rpc error: code = Unauthenticated desc = client tenant does not have capability "can_admin_scatter" (*kvpb.AdminScatterRequest) | ||
|
||
# Check the index as well. | ||
exec-privileged-op-tenant | ||
ALTER INDEX t@idx SCATTER | ||
---- | ||
pq: ba: AdminScatter [/Tenant/10/Table/104/2,/Tenant/10/Table/104/3) RPC error: rpc error: code = Unauthenticated desc = client tenant does not have capability "can_admin_scatter" (*kvpb.AdminScatterRequest) | ||
|
||
# Grant the capability without providing an explicit value. | ||
update-capabilities | ||
ALTER TENANT [10] GRANT CAPABILITY can_admin_scatter | ||
---- | ||
ok | ||
|
||
# Scatters should work now. | ||
exec-privileged-op-tenant | ||
ALTER TABLE t SCATTER | ||
---- | ||
ok | ||
|
||
# Revoke the capability using REVOKE syntax. | ||
update-capabilities | ||
ALTER TENANT [10] REVOKE CAPABILITY can_admin_scatter | ||
---- | ||
ok | ||
|
||
# Scatters should no longer work. | ||
exec-privileged-op-tenant | ||
ALTER TABLE t SCATTER | ||
---- | ||
pq: ba: AdminScatter [/Tenant/10/Table/104/1,/Tenant/10/Table/104/2) RPC error: rpc error: code = Unauthenticated desc = client tenant does not have capability "can_admin_scatter" (*kvpb.AdminScatterRequest) | ||
|
||
# Lastly, use the explicitly set to true syntax. | ||
update-capabilities | ||
ALTER TENANT [10] GRANT CAPABILITY can_admin_scatter=true | ||
---- | ||
ok | ||
|
||
# Scatters should now work. | ||
exec-privileged-op-tenant | ||
ALTER TABLE t SCATTER | ||
---- | ||
ok |
49 changes: 47 additions & 2 deletions
49
pkg/ccl/multitenantccl/tenantcapabilitiesccl/testdata/can_admin_split
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,34 +1,79 @@ | ||
query-sql-system | ||
SELECT * FROM [SHOW TENANT [10] WITH CAPABILITIES] WHERE capability_id = 'can_admin_split' | ||
---- | ||
10 tenant-10 ready none can_admin_split false | ||
10 tenant-10 ready none can_admin_split true | ||
|
||
exec-sql-tenant | ||
CREATE TABLE t(a INT) | ||
---- | ||
ok | ||
|
||
exec-sql-tenant | ||
CREATE INDEX idx on t(a) | ||
---- | ||
ok | ||
|
||
# By default, we should be able to split. | ||
exec-privileged-op-tenant | ||
ALTER TABLE t SPLIT AT VALUES (0) | ||
---- | ||
ok | ||
|
||
# ditto for the index. | ||
exec-privileged-op-tenant | ||
ALTER INDEX t@idx SPLIT AT VALUES (1) | ||
---- | ||
ok | ||
|
||
|
||
update-capabilities | ||
ALTER TENANT [10] GRANT CAPABILITY can_admin_split=false | ||
---- | ||
ok | ||
|
||
exec-privileged-op-tenant | ||
ALTER TABLE t SPLIT AT VALUES (0) | ||
---- | ||
pq: ba: AdminSplit [/Tenant/10/Table/104/1/0,/Min) RPC error: rpc error: code = Unauthenticated desc = client tenant does not have capability "can_admin_split" (*kvpb.AdminSplitRequest) | ||
|
||
# Check the index as well. | ||
exec-privileged-op-tenant | ||
ALTER INDEX t@idx SPLIT AT VALUES (1) | ||
---- | ||
pq: ba: AdminSplit [/Tenant/10/Table/104/2/1,/Min) RPC error: rpc error: code = Unauthenticated desc = client tenant does not have capability "can_admin_split" (*kvpb.AdminSplitRequest) | ||
|
||
# Grant the capability without providing an explicit value. | ||
update-capabilities | ||
ALTER TENANT [10] GRANT CAPABILITY can_admin_split=true | ||
ALTER TENANT [10] GRANT CAPABILITY can_admin_split | ||
---- | ||
ok | ||
|
||
# Splits should work now. | ||
exec-privileged-op-tenant | ||
ALTER TABLE t SPLIT AT VALUES (0) | ||
---- | ||
ok | ||
|
||
# Revoke the capability using REVOKE syntax. | ||
update-capabilities | ||
ALTER TENANT [10] REVOKE CAPABILITY can_admin_split | ||
---- | ||
ok | ||
|
||
# Splits should no longer work. | ||
exec-privileged-op-tenant | ||
ALTER TABLE t SPLIT AT VALUES (0) | ||
---- | ||
pq: ba: AdminSplit [/Tenant/10/Table/104/1/0,/Min) RPC error: rpc error: code = Unauthenticated desc = client tenant does not have capability "can_admin_split" (*kvpb.AdminSplitRequest) | ||
|
||
# Lastly, use the explicitly set to true syntax. | ||
update-capabilities | ||
ALTER TENANT [10] GRANT CAPABILITY can_admin_split=true | ||
---- | ||
ok | ||
|
||
# Splits should now work. | ||
exec-privileged-op-tenant | ||
ALTER TABLE t SPLIT AT VALUES (0) | ||
---- | ||
ok |
34 changes: 34 additions & 0 deletions
34
pkg/ccl/multitenantccl/tenantcapabilitiesccl/testdata/can_admin_unsplit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
query-sql-system | ||
SELECT * FROM [SHOW TENANT [10] WITH CAPABILITIES] WHERE capability_id = 'can_admin_unsplit' | ||
---- | ||
10 tenant-10 ready none can_admin_unsplit false | ||
|
||
exec-sql-tenant | ||
CREATE TABLE t(a INT) | ||
---- | ||
ok | ||
|
||
exec-privileged-op-tenant | ||
ALTER TABLE t UNSPLIT AT VALUES (0) | ||
---- | ||
pq: could not UNSPLIT AT (0): ba: AdminUnsplit [/Tenant/10/Table/104/1/0,/Min) RPC error: grpc: client tenant does not have capability "can_admin_unsplit" (*kvpb.AdminUnsplitRequest) [code 16/Unauthenticated] | ||
|
||
update-capabilities | ||
ALTER TENANT [10] GRANT CAPABILITY can_admin_unsplit=true | ||
---- | ||
ok | ||
|
||
exec-privileged-op-tenant | ||
ALTER TABLE t UNSPLIT AT VALUES (0) | ||
---- | ||
pq: could not UNSPLIT AT (0): key /Tenant/10/Table/104/1/0 is not the start of a range | ||
|
||
update-capabilities | ||
ALTER TENANT [10] REVOKE CAPABILITY can_admin_unsplit | ||
---- | ||
ok | ||
|
||
exec-privileged-op-tenant | ||
ALTER TABLE t UNSPLIT AT VALUES (0) | ||
---- | ||
pq: could not UNSPLIT AT (0): ba: AdminUnsplit [/Tenant/10/Table/104/1/0,/Min) RPC error: grpc: client tenant does not have capability "can_admin_unsplit" (*kvpb.AdminUnsplitRequest) [code 16/Unauthenticated] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.