-
Notifications
You must be signed in to change notification settings - Fork 3.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
98897: server: fix tenant auth for status server r=knz,THardy98 a=dhartunian Previously, the authentication for gRPC endpoints that are exposed via HTTP on the tenant was not implemented correctly. Because the HTTP session is decoded into gRPC metadata, and that metadata was contained in the Context object passed through to the Tenant Connector, the username from the tenant could leak into the kv layer and be treated as an authenticated username. If that username happened to match one in the system tenant it would be accepted as valid. Additinally, some endpoints were missing their authentication code. This did not break functionality because a gRPC request without any metadata is treated as an internal request with admin permissions. *Warning*: If a request contains a validated username as part of gRPC metadata and that metadata is preserved as the request is handed down to the KV layer, it could be interpreted as a valid user on the system tenant and cause an escalation of privileges. This commit adds authentication to the HotRangesV2 endpoint and SpanStats endpoints which were missing it, and contains tests that ensure that the endpoints return errors when the user does not have the correct permissions. Epic: CRDB-12100 Release note: None 98958: sql,backupccl: set system table user ID columns to be NOT NULL r=rafiss,stevendanna a=andyyang890 This PR sets the user ID columns in system tables to be NOT NULL and when applicable, updates the `RESTORE` logic to account for the case where a backup may have been created before the user ID column was added. Part of #87079 Release note: None Co-authored-by: David Hartunian <[email protected]> Co-authored-by: Andy Yang <[email protected]>
- Loading branch information
Showing
59 changed files
with
638 additions
and
76 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
18 changes: 18 additions & 0 deletions
18
pkg/ccl/backupccl/testdata/restore_old_versions/create-system-database-role-settings.sql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
-- The below SQL is used to create the data that is then exported with BACKUP | ||
-- for use in the TestRestoreOldVersions test. This should be run on a v22.2 | ||
-- cluster and used to test that after a restore on a v23.1 cluster, the user | ||
-- ID column in the system.database_role_settings table is backfilled. | ||
|
||
CREATE DATABASE test; | ||
|
||
SET database = test; | ||
|
||
CREATE USER testuser1; | ||
|
||
CREATE USER testuser2; | ||
|
||
ALTER USER testuser1 SET application_name = 'roachdb'; | ||
|
||
ALTER USER testuser2 SET disallow_full_table_scans = on; | ||
|
||
ALTER ROLE ALL SET timezone = 'America/New_York'; |
Oops, something went wrong.