Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
53974: sql: improve error message for search_path with commas r=jordanlewis a=jordanlewis
It's easy to accidentally surround your search path with quotes when
setting it, because you'd think that most things in `SET` syntax are
quoted. But you are not supposed to quote things in set search_path, and
it can lead to confusing scenarios. Now, if you try to set search_path
to a string containing a comma, which we don't support anyway, the error
message will be a bit friendlier.
Release note (sql change): improve error message when people use set
search_path incorrectly, or with a schema that legitimately has a comma
in its name
Release justification: error-message-only change
57519: auth: add region-based callback URLs for OIDC r=dhartunian a=dhartunian
Modifies `server.oidc_authentication.redirect_url` cluster setting to
accept valid JSON strings with a `redirect_urls` field that can support
region-based OIDC auth flows.
In addition to a simple string callback URL, here is an example of
valid JSON that this setting can accept:
```
'{
"redirect_urls": {
"us-east-1": "https://localhost:8080/oidc/v1/callback",
"eu-west-1": "example.com"
}
}'
```
Prerequisites to using the multi-region callback URLs:
1. `region` locality flag is available and set
2. `server.oidc_authentication.redirect_url` setting is set as valid
JSON containing the `redirect_urls` object with a key that matches the
`region` locality flag value on this node
When prerequisites above are met, the `callback_uri` OAuth param is set
to the region-specific value from the JSON setting upon redirect to the
auth provider.
If you are using region-specific configuration, and do not have the
`region` locality set, or try using OIDC in a region without a
corresponding entry in the JSON, OIDC will fail to run.
If you are using simple string-based configuration of a single redirect
URL, OIDC will always use it regardless of your region locality
configuration.
Be aware that the auth provider will likely need to be updated to know
about all possible redirect URLs it may get triggered with.
Resolves #56517
Release note (security update): Adds ability to set region-specific
callback URLs in the OIDC config. The
`server.oidc_authentication.redirect_url` cluster setting can now accept
JSON as an alternative to the basic URL string setting. If a JSON value
is set, it *must* contain a `redirect_url` key that maps to an object
with key, value pairs where the key is a `region` matching an existing
locality setting, and the value is a callback URL.
59256: sql: Implement ALTER TABLE from REGIONAL BY TABLE to GLOBAL r=arulajmani,otan a=ajstorm
Implement ALTER TABLE ... SET LOCALITY GLOBAL for tables starting as
REGIONAL BY ROW.
Release note (sql change): Implement ALTER TABLE ... SET LOCALITY GLOBAL
for tables starting as REGIONAL BY ROW.
Co-authored-by: Jordan Lewis <[email protected]>
Co-authored-by: David Hartunian <[email protected]>
Co-authored-by: Adam Storm <[email protected]>- Loading branch information
