multitenant: add roachtest utility funcs for in-process tenants

Currently, a user can only observe the db console for the app tenant in a
secure cluster, after logging in with a provided role. This small patch adds
the createTenantAdminRole utility function which allows the roachtest writer to
create an admin role for the provided tenant, with the user name "secure" and
password "roach". Once the roachtest writer has called this function for each
tenant in their cluster, they can log into the db console and toggle between
tenant db consoles.

This patch also adds the createInMemoryTenant() function which makes it easy
for a roachtest writer to create an in-memory tenant.

Epic: none

Release note: None

pkg/cmd/roachtest/tests/BUILD.bazel

@@ -96,6 +96,7 @@ go_library(
         "mixed_version_schemachange.go",
         "multitenant.go",
         "multitenant_distsql.go",
+        "multitenant_shared_process.go",
         "multitenant_tpch.go",
         "multitenant_upgrade.go",
         "multitenant_utils.go",
@@ -155,7 +156,6 @@ go_library(
         "tpchvec.go",
         "ts_util.go",
         "typeorm.go",
-        "unified_arch.go",
         "unoptimized_query_oracle.go",
         "util.go",
         "util_disk_usage.go",

pkg/cmd/roachtest/tests/cluster_to_cluster.go

@@ -219,10 +219,14 @@ func setupC2C(
 	srcClusterSettings(t, srcSQL)
 	destClusterSettings(t, destSQL)
 
+	createTenantAdminRole(t, "src-system", srcSQL)
+	createTenantAdminRole(t, "dst-system", destSQL)
+
 	srcTenantID, destTenantID := 2, 2
 	srcTenantName := "src-tenant"
 	destTenantName := "destination-tenant"
-	srcSQL.Exec(t, fmt.Sprintf(`CREATE TENANT %q`, srcTenantName))
+
+	createInMemoryTenant(ctx, t, c, srcTenantName, srcCluster, true)
 
 	pgURL, err := copyPGCertsAndMakeURL(ctx, t, c, srcNode, srcClusterSetting.PGUrlCertsDir, addr[0])
 	require.NoError(t, err)
@@ -241,35 +245,13 @@ func setupC2C(
 		db:    destDB,
 		nodes: dstCluster}
 
-	// Currently, a tenant has by default a 10m RU burst limit, which can be
-	// reached during these tests. To prevent RU limit throttling, add 10B RUs to
-	// the tenant.
-	srcTenantInfo.sql.Exec(t, `SELECT crdb_internal.update_tenant_resource_limits($1, 10000000000, 0,
-10000000000, now(), 0);`, srcTenantInfo.ID)
-
-	createSystemRole(t, srcTenantInfo.name+" system tenant", srcTenantInfo.sql)
-	createSystemRole(t, srcTenantInfo.name+" system tenant", destTenantInfo.sql)
-
-	srcTenantDB := c.Conn(ctx, t.L(), srcNode[0], option.TenantName(srcTenantName))
-	srcTenantSQL := sqlutils.MakeSQLRunner(srcTenantDB)
-	createSystemRole(t, destTenantInfo.name+" app tenant", srcTenantSQL)
 	return &c2cSetup{
 		src:          srcTenantInfo,
 		dst:          destTenantInfo,
 		workloadNode: workloadNode,
 		metrics:      c2cMetrics{}}
 }
 
-// createSystemRole creates a role that can be used to log into the cluster's db console
-func createSystemRole(t test.Test, name string, sql *sqlutils.SQLRunner) {
-	username := "secure"
-	password := "roach"
-	sql.Exec(t, fmt.Sprintf(`CREATE ROLE %s WITH LOGIN PASSWORD '%s'`, username, password))
-	sql.Exec(t, fmt.Sprintf(`GRANT ADMIN TO %s`, username))
-	t.L().Printf(`Log into the %s db console with username "%s" and password "%s"`,
-		name, username, password)
-}
-
 type streamingWorkload interface {
 	// sourceInitCmd returns a command that will populate the src cluster with data before the
 	// replication stream begins

pkg/cmd/roachtest/tests/multitenant_shared_process.go

@@ -33,7 +33,6 @@ func registerMultiTenantSharedProcess(r registry.Registry) {
 		Timeout: 1 * time.Hour,
 		Run: func(ctx context.Context, t test.Test, c cluster.Cluster) {
 			var (
-				appTenantID    = 2
 				appTenantName  = "app"
 				tpccWarehouses = 500
 				crdbNodes      = c.Range(1, crdbNodeCount)
@@ -42,18 +41,18 @@ func registerMultiTenantSharedProcess(r registry.Registry) {
 			t.Status(`set up Unified Architecture Cluster`)
 			c.Put(ctx, t.Cockroach(), "./cockroach", crdbNodes)
 			c.Put(ctx, t.DeprecatedWorkload(), "./workload", workloadNode)
-			c.Start(ctx, t.L(), option.DefaultStartOpts(), install.MakeClusterSettings(), crdbNodes)
+
+			// In order to observe the app tenant's db console, create a secure
+			// cluster and add Admin roles to the system and app tenant.
+			clusterSettings := install.MakeClusterSettings(install.SecureOption(true))
+			c.Start(ctx, t.L(), option.DefaultStartOpts(), clusterSettings, crdbNodes)
 
 			sysConn := c.Conn(ctx, t.L(), crdbNodes.RandNode()[0])
 			sysSQL := sqlutils.MakeSQLRunner(sysConn)
 
-			sysSQL.Exec(t, fmt.Sprintf(`CREATE TENANT %s`, appTenantName))
+			createTenantAdminRole(t, "system", sysSQL)
 
-			// Currently, a tenant has by default a 10m RU burst limit, which can be
-			// reached during this test. To prevent RU limit throttling, add 10B RUs to
-			// the tenant.
-			sysSQL.Exec(t, `SELECT crdb_internal.update_tenant_resource_limits($1, 10000000000, 0,
-		10000000000, now(), 0);`, appTenantID)
+			createInMemoryTenant(ctx, t, c, appTenantName, crdbNodes, true)
 
 			t.Status(`initialize tpcc workload`)
 			initCmd := fmt.Sprintf(`./workload init tpcc --data-loader import --warehouses %d {pgurl%s:%s}`,

pkg/cmd/roachtest/tests/multitenant_utils.go

@@ -28,6 +28,7 @@ import (
 	"github.com/cockroachdb/cockroach/pkg/roachprod/config"
 	"github.com/cockroachdb/cockroach/pkg/security/username"
 	"github.com/cockroachdb/cockroach/pkg/testutils"
+	"github.com/cockroachdb/cockroach/pkg/testutils/sqlutils"
 	"github.com/stretchr/testify/require"
 )
 
@@ -321,3 +322,57 @@ func newTenantInstance(
 	c.Run(ctx, c.Node(node), "chmod", "0600", filepath.Join("certs", key))
 	return &inst, nil
 }
+
+// createTenantAdminRole creates a role that can be used to log into a secure cluster's db console.
+func createTenantAdminRole(t test.Test, tenantName string, tenantSQL *sqlutils.SQLRunner) {
+	username := "secure"
+	password := "roach"
+	tenantSQL.Exec(t, fmt.Sprintf(`CREATE ROLE %s WITH LOGIN PASSWORD '%s'`, username, password))
+	tenantSQL.Exec(t, fmt.Sprintf(`GRANT ADMIN TO %s`, username))
+	t.L().Printf(`Log into %s db console with username "%s" and password "%s"`,
+		tenantName, username, password)
+}
+
+// createInMemoryTenant runs through the necessary steps to create an in-memory tenant without
+// resource limits.
+func createInMemoryTenant(
+	ctx context.Context,
+	t test.Test,
+	c cluster.Cluster,
+	tenantName string,
+	nodes option.NodeListOption,
+	secure bool,
+) {
+	sysSQL := sqlutils.MakeSQLRunner(c.Conn(ctx, t.L(), nodes.RandNode()[0]))
+	sysSQL.Exec(t, "CREATE TENANT $1", tenantName)
+	sysSQL.Exec(t, "ALTER TENANT $1 START SERVICE SHARED", tenantName)
+
+	// Opening a SQL session to a newly created in-process tenant may require a
+	// few retries. Unfortunately, the c.ConnE and MakeSQLRunner APIs do not make
+	// it clear if they eagerly open a session with the tenant or wait until the
+	// first query. Therefore, wrap connection opening and a ping to the tenant
+	// server in a retry loop.
+	var tenantSQL *sqlutils.SQLRunner
+	testutils.SucceedsSoon(t, func() error {
+		tenantConn, err := c.ConnE(ctx, t.L(), nodes.RandNode()[0])
+		if err != nil {
+			return err
+		}
+		if err := tenantConn.Ping(); err != nil {
+			return err
+		}
+		tenantSQL = sqlutils.MakeSQLRunner(tenantConn)
+		return nil
+	})
+
+	// Currently, a tenant has by default a 10m RU burst limit, which can be
+	// reached during these tests. To prevent RU limit throttling, add 10B RUs to
+	// the tenant.
+	var tenantID int
+	sysSQL.QueryRow(t, `SELECT id FROM [SHOW TENANT $1]`, tenantName).Scan(&tenantID)
+	sysSQL.Exec(t, `SELECT crdb_internal.update_tenant_resource_limits($1, 10000000000, 0,
+10000000000, now(), 0);`, tenantID)
+	if secure {
+		createTenantAdminRole(t, tenantName, tenantSQL)
+	}
+}

pkg/sql/sem/builtins/builtins.go

@@ -6429,6 +6429,9 @@ Parameters:` + randgencfg.ConfigDoc,
 	),
 
 	// Used to configure the tenant token bucket. See UpdateTenantResourceLimits.
+	//
+	// TODO(multitenantTeam): use tenantName instead of tenantID. See issue:
+	// https://github.com/cockroachdb/cockroach/issues/96176
 	"crdb_internal.update_tenant_resource_limits": makeBuiltin(
 		tree.FunctionProperties{
 			Category:     builtinconstants.CategoryMultiTenancy,