Merge #80687 #80841 #80882

80687: sql/sem/tree: break dependencies on catalog, sessiondata, security r=ajwerner a=ajwerner This pile of commits moves stuff and makes some minor changes to break more dependencies of tree. Most of the commits are totally mechanical. The ones which aren't relate to abstracting `SearchPath` a tad and moving cast options to a struct. This should be straightforward to review commit-by-commit. The end goal here will be to break the dependencies of the parser on `util/log`. There's still a few more things remaining here and there, but this felt like a reasonable stopping point. 80841: roachtest/django: miscellaneous changes r=otan a=otan We do this for /mnt/data1/django, so do django-cockroach too, just in case. Not sure if it'll do anything, but just in case. Refs: #80614 Release note: None 80882: bazci: add more logging for bazel calls that fail r=ajwerner a=rickystewart Release note: None Co-authored-by: Andrew Werner <[email protected]> Co-authored-by: Oliver Tan <[email protected]> Co-authored-by: Ricky Stewart <[email protected]>
cockroachdb · May 2, 2022 · 480c3e4 · 480c3e4
4 parents f4db230 + a53fad6 + d43074a + 52ef49e
commit 480c3e4
Show file tree

Hide file tree

Showing 579 changed files with 3,928 additions and 3,628 deletions.
diff --git a/pkg/BUILD.bazel b/pkg/BUILD.bazel
@@ -21,7 +21,6 @@ ALL_TESTS = [
     "//pkg/ccl/changefeedccl:changefeedccl_test",
     "//pkg/ccl/cliccl:cliccl_test",
     "//pkg/ccl/importerccl:importerccl_test",
-    "//pkg/ccl/jobsccl/jobsprotectedtsccl:jobsccl_test",
     "//pkg/ccl/jobsccl/jobsprotectedtsccl:jobsprotectedtsccl_test",
     "//pkg/ccl/kvccl/kvfollowerreadsccl:kvfollowerreadsccl_test",
     "//pkg/ccl/kvccl/kvtenantccl:kvtenantccl_test",
@@ -192,6 +191,8 @@ ALL_TESTS = [
     "//pkg/security/certmgr:certmgr_test",
     "//pkg/security/password:password_test",
     "//pkg/security/sessionrevival:sessionrevival_test",
+    "//pkg/security/username:username_disallowed_imports_test",
+    "//pkg/security/username:username_test",
     "//pkg/security:security_test",
     "//pkg/server/debug/goroutineui:goroutineui_test",
     "//pkg/server/debug/pprofui:pprofui_test",
@@ -286,6 +287,7 @@ ALL_TESTS = [
     "//pkg/sql/contention:contention_test",
     "//pkg/sql/contentionpb:contentionpb_test",
     "//pkg/sql/covering:covering_test",
+    "//pkg/sql/decodeusername:decodeusername_test",
     "//pkg/sql/delegate:delegate_test",
     "//pkg/sql/descmetadata:descmetadata_test",
     "//pkg/sql/distsql:distsql_test",
@@ -379,10 +381,12 @@ ALL_TESTS = [
     "//pkg/sql/schemachanger:schemachanger_test",
     "//pkg/sql/sem/builtins:builtins_test",
     "//pkg/sql/sem/cast:cast_test",
+    "//pkg/sql/sem/catconstants:catconstants_disallowed_imports_test",
     "//pkg/sql/sem/eval/cast_test:cast_test_test",
     "//pkg/sql/sem/eval/eval_test:eval_test_test",
     "//pkg/sql/sem/eval:eval_test",
     "//pkg/sql/sem/normalize:normalize_test",
+    "//pkg/sql/sem/tree:tree_disallowed_imports_test",
     "//pkg/sql/sem/tree:tree_test",
     "//pkg/sql/sessiondata:sessiondata_test",
     "//pkg/sql/sessioninit:sessioninit_test",

diff --git a/pkg/acceptance/BUILD.bazel b/pkg/acceptance/BUILD.bazel
@@ -14,8 +14,8 @@ go_library(
         "//pkg/acceptance/cluster",
         "//pkg/base",
         "//pkg/build/bazel",
-        "//pkg/security",
         "//pkg/security/securitytest",  #keep
+        "//pkg/security/username",
         "//pkg/server",  # keep
         "//pkg/testutils",
         "//pkg/testutils/serverutils",  # keep
@@ -52,7 +52,8 @@ go_test(
     deps = [
         "//pkg/acceptance/cluster",
         "//pkg/build/bazel",
-        "//pkg/security",
+        "//pkg/security",  # keep
+        "//pkg/security/username",
         "//pkg/testutils/skip",
         "//pkg/util/log",
     ],

diff --git a/pkg/acceptance/cli_test.go b/pkg/acceptance/cli_test.go
@@ -19,7 +19,7 @@ import (
 
 	"github.com/cockroachdb/cockroach/pkg/acceptance/cluster"
 	"github.com/cockroachdb/cockroach/pkg/build/bazel"
-	"github.com/cockroachdb/cockroach/pkg/security"
+	"github.com/cockroachdb/cockroach/pkg/security/username"
 	"github.com/cockroachdb/cockroach/pkg/testutils/skip"
 	"github.com/cockroachdb/cockroach/pkg/util/log"
 )
@@ -38,7 +38,7 @@ func TestDockerCLI(t *testing.T) {
 
 	containerConfig := defaultContainerConfig()
 	containerConfig.Cmd = []string{"stat", cluster.CockroachBinaryInContainer}
-	containerConfig.Env = []string{fmt.Sprintf("PGUSER=%s", security.RootUser)}
+	containerConfig.Env = []string{fmt.Sprintf("PGUSER=%s", username.RootUser)}
 	ctx := context.Background()
 	if err := testDockerOneShot(ctx, t, "cli_test", containerConfig); err != nil {
 		skip.IgnoreLintf(t, `TODO(dt): No binary in one-shot container, see #6086: %s`, err)
@@ -111,7 +111,7 @@ func TestDockerUnixSocket(t *testing.T) {
 		skip.IgnoreLintf(t, `TODO(dt): No binary in one-shot container, see #6086: %s`, err)
 	}
 
-	containerConfig.Env = []string{fmt.Sprintf("PGUSER=%s", security.RootUser)}
+	containerConfig.Env = []string{fmt.Sprintf("PGUSER=%s", username.RootUser)}
 	containerConfig.Cmd = append(cmdBase,
 		"/mnt/data/psql/test-psql-unix.sh "+cluster.CockroachBinaryInContainer)
 	if err := testDockerOneShot(ctx, t, "unix_socket_test", containerConfig); err != nil {
@@ -135,7 +135,7 @@ func TestSQLWithoutTLS(t *testing.T) {
 		skip.IgnoreLintf(t, `TODO(dt): No binary in one-shot container, see #6086: %s`, err)
 	}
 
-	containerConfig.Env = []string{fmt.Sprintf("PGUSER=%s", security.RootUser)}
+	containerConfig.Env = []string{fmt.Sprintf("PGUSER=%s", username.RootUser)}
 	containerConfig.Cmd = append(cmdBase,
 		"/mnt/data/psql/test-psql-notls.sh "+cluster.CockroachBinaryInContainer)
 	if err := testDockerOneShot(ctx, t, "notls_secure_test", containerConfig); err != nil {

diff --git a/pkg/acceptance/cluster/BUILD.bazel b/pkg/acceptance/cluster/BUILD.bazel
@@ -18,6 +18,7 @@ go_library(
         "//pkg/base",
         "//pkg/config/zonepb",
         "//pkg/security",
+        "//pkg/security/username",
         "//pkg/util/contextutil",
         "//pkg/util/log",
         "//pkg/util/log/logflags",

diff --git a/pkg/acceptance/cluster/certs.go b/pkg/acceptance/cluster/certs.go
@@ -19,6 +19,7 @@ import (
 	"time"
 
 	"github.com/cockroachdb/cockroach/pkg/security"
+	"github.com/cockroachdb/cockroach/pkg/security/username"
 )
 
 const certsDir = ".localcluster.certs"
@@ -53,12 +54,12 @@ func GenerateCerts(ctx context.Context) func() {
 	// Root user.
 	maybePanic(security.CreateClientPair(
 		certsDir, filepath.Join(certsDir, security.EmbeddedCAKey),
-		2048, 48*time.Hour, false, security.RootUserName(), true /* generate pk8 key */))
+		2048, 48*time.Hour, false, username.RootUserName(), true /* generate pk8 key */))
 
 	// Test user.
 	maybePanic(security.CreateClientPair(
 		certsDir, filepath.Join(certsDir, security.EmbeddedCAKey),
-		1024, 48*time.Hour, false, security.TestUserName(), true /* generate pk8 key */))
+		1024, 48*time.Hour, false, username.TestUserName(), true /* generate pk8 key */))
 
 	// Certs for starting a cockroach server. Key size is from cli/cert.go:defaultKeySize.
 	maybePanic(security.CreateNodePair(

diff --git a/pkg/acceptance/cluster/dockercluster.go b/pkg/acceptance/cluster/dockercluster.go
@@ -31,6 +31,7 @@ import (
 	"github.com/cockroachdb/cockroach/pkg/base"
 	"github.com/cockroachdb/cockroach/pkg/config/zonepb"
 	"github.com/cockroachdb/cockroach/pkg/security"
+	"github.com/cockroachdb/cockroach/pkg/security/username"
 	"github.com/cockroachdb/cockroach/pkg/util/log"
 	"github.com/cockroachdb/cockroach/pkg/util/log/logflags"
 	"github.com/cockroachdb/cockroach/pkg/util/stop"
@@ -768,7 +769,7 @@ func (l *DockerCluster) InternalIP(ctx context.Context, i int) net.IP {
 
 // PGUrl returns a URL string for the given node postgres server.
 func (l *DockerCluster) PGUrl(ctx context.Context, i int) string {
-	certUser := security.RootUser
+	certUser := username.RootUser
 	options := url.Values{}
 	options.Add("sslmode", "verify-full")
 	options.Add("sslcert", filepath.Join(certsDir, security.EmbeddedRootCert))

diff --git a/pkg/acceptance/localcluster/BUILD.bazel b/pkg/acceptance/localcluster/BUILD.bazel
@@ -14,7 +14,7 @@ go_library(
         "//pkg/config/zonepb",
         "//pkg/roachpb",
         "//pkg/rpc",
-        "//pkg/security",
+        "//pkg/security/username",
         "//pkg/server/serverpb",
         "//pkg/settings/cluster",
         "//pkg/testutils",

diff --git a/pkg/acceptance/localcluster/cluster.go b/pkg/acceptance/localcluster/cluster.go
@@ -34,7 +34,7 @@ import (
 	"github.com/cockroachdb/cockroach/pkg/config/zonepb"
 	"github.com/cockroachdb/cockroach/pkg/roachpb"
 	"github.com/cockroachdb/cockroach/pkg/rpc"
-	"github.com/cockroachdb/cockroach/pkg/security"
+	"github.com/cockroachdb/cockroach/pkg/security/username"
 	"github.com/cockroachdb/cockroach/pkg/server/serverpb"
 	"github.com/cockroachdb/cockroach/pkg/settings/cluster"
 	"github.com/cockroachdb/cockroach/pkg/testutils"
@@ -268,7 +268,7 @@ func (c *Cluster) RPCPort(nodeIdx int) string {
 
 func (c *Cluster) makeNode(ctx context.Context, nodeIdx int, cfg NodeConfig) (*Node, <-chan error) {
 	baseCtx := &base.Config{
-		User:     security.NodeUserName(),
+		User:     username.NodeUserName(),
 		Insecure: true,
 	}
 	rpcCtx := rpc.NewContext(ctx, rpc.ContextOptions{

diff --git a/pkg/acceptance/util_docker.go b/pkg/acceptance/util_docker.go
@@ -22,7 +22,7 @@ import (
 	"github.com/cockroachdb/cockroach/pkg/acceptance/cluster"
 	"github.com/cockroachdb/cockroach/pkg/base"
 	"github.com/cockroachdb/cockroach/pkg/build/bazel"
-	"github.com/cockroachdb/cockroach/pkg/security"
+	"github.com/cockroachdb/cockroach/pkg/security/username"
 	"github.com/containerd/containerd/platforms"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
@@ -32,7 +32,7 @@ func defaultContainerConfig() container.Config {
 	return container.Config{
 		Image: acceptanceImage,
 		Env: []string{
-			fmt.Sprintf("PGUSER=%s", security.RootUser),
+			fmt.Sprintf("PGUSER=%s", username.RootUser),
 			fmt.Sprintf("PGPORT=%s", base.DefaultPort),
 			"PGSSLCERT=/certs/client.root.crt",
 			"PGSSLKEY=/certs/client.root.key",

diff --git a/pkg/base/BUILD.bazel b/pkg/base/BUILD.bazel
@@ -21,7 +21,7 @@ go_library(
     deps = [
         "//pkg/cli/cliflags",
         "//pkg/roachpb",
-        "//pkg/security",
+        "//pkg/security/username",
         "//pkg/settings/cluster",
         "//pkg/util",
         "//pkg/util/envutil",

diff --git a/pkg/base/config.go b/pkg/base/config.go
@@ -16,7 +16,7 @@ import (
 	"time"
 
 	"github.com/cockroachdb/cockroach/pkg/roachpb"
-	"github.com/cockroachdb/cockroach/pkg/security"
+	"github.com/cockroachdb/cockroach/pkg/security/username"
 	"github.com/cockroachdb/cockroach/pkg/settings/cluster"
 	"github.com/cockroachdb/cockroach/pkg/util/envutil"
 	"github.com/cockroachdb/cockroach/pkg/util/mon"
@@ -27,7 +27,7 @@ import (
 // Base config defaults.
 const (
 	defaultInsecure = false
-	defaultUser     = security.RootUser
+	defaultUser     = username.RootUser
 	httpScheme      = "http"
 	httpsScheme     = "https"
 
@@ -170,7 +170,7 @@ type Config struct {
 
 	// User running this process. It could be the user under which
 	// the server is running or the user passed in client calls.
-	User security.SQLUsername
+	User username.SQLUsername
 
 	// Addr is the address the server is listening on.
 	Addr string
@@ -256,7 +256,7 @@ func (*Config) HistogramWindowInterval() time.Duration {
 // This is also used in tests to reset global objects.
 func (cfg *Config) InitDefaults() {
 	cfg.Insecure = defaultInsecure
-	cfg.User = security.MakeSQLUsernameFromPreNormalizedString(defaultUser)
+	cfg.User = username.MakeSQLUsernameFromPreNormalizedString(defaultUser)
 	cfg.Addr = defaultAddr
 	cfg.AdvertiseAddr = cfg.Addr
 	cfg.HTTPAddr = defaultHTTPAddr

diff --git a/pkg/bench/BUILD.bazel b/pkg/bench/BUILD.bazel
@@ -33,6 +33,7 @@ go_test(
         "//pkg/base",
         "//pkg/security",
         "//pkg/security/securitytest",
+        "//pkg/security/username",
         "//pkg/server",
         "//pkg/testutils/serverutils",
         "//pkg/testutils/skip",

diff --git a/pkg/bench/pgbench_test.go b/pkg/bench/pgbench_test.go
@@ -21,7 +21,7 @@ import (
 	"time"
 
 	"github.com/cockroachdb/cockroach/pkg/base"
-	"github.com/cockroachdb/cockroach/pkg/security"
+	"github.com/cockroachdb/cockroach/pkg/security/username"
 	"github.com/cockroachdb/cockroach/pkg/testutils/serverutils"
 	"github.com/cockroachdb/cockroach/pkg/testutils/skip"
 	"github.com/cockroachdb/cockroach/pkg/testutils/sqlutils"
@@ -113,7 +113,7 @@ func BenchmarkPgbenchExec(b *testing.B) {
 		defer s.Stopper().Stop(context.Background())
 
 		pgURL, cleanupFn := sqlutils.PGUrl(
-			b, s.ServingSQLAddr(), "benchmarkCockroach", url.User(security.RootUser))
+			b, s.ServingSQLAddr(), "benchmarkCockroach", url.User(username.RootUser))
 		pgURL.RawQuery = "sslmode=disable"
 		defer cleanupFn()
 

diff --git a/pkg/ccl/backupccl/BUILD.bazel b/pkg/ccl/backupccl/BUILD.bazel
@@ -63,14 +63,13 @@ go_library(
         "//pkg/kv/kvserver/protectedts/ptpb",
         "//pkg/roachpb",
         "//pkg/scheduledjobs",
-        "//pkg/security",
+        "//pkg/security/username",
         "//pkg/server/telemetry",
         "//pkg/settings",
         "//pkg/settings/cluster",
         "//pkg/sql",
         "//pkg/sql/catalog",
         "//pkg/sql/catalog/catalogkeys",
-        "//pkg/sql/catalog/catconstants",
         "//pkg/sql/catalog/catpb",
         "//pkg/sql/catalog/colinfo",
         "//pkg/sql/catalog/dbdesc",
@@ -101,6 +100,7 @@ go_library(
         "//pkg/sql/rowexec",
         "//pkg/sql/schemachanger/scbackup",
         "//pkg/sql/sem/builtins",
+        "//pkg/sql/sem/catconstants",
         "//pkg/sql/sem/eval",
         "//pkg/sql/sem/tree",
         "//pkg/sql/sessiondata",
@@ -212,6 +212,7 @@ go_test(
         "//pkg/scheduledjobs",
         "//pkg/security",
         "//pkg/security/securitytest",
+        "//pkg/security/username",
         "//pkg/server",
         "//pkg/settings/cluster",
         "//pkg/spanconfig",

diff --git a/pkg/ccl/backupccl/alter_backup_test.go b/pkg/ccl/backupccl/alter_backup_test.go
@@ -13,7 +13,7 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/cockroachdb/cockroach/pkg/security"
+	"github.com/cockroachdb/cockroach/pkg/security/username"
 	"github.com/cockroachdb/cockroach/pkg/sql"
 	"github.com/cockroachdb/cockroach/pkg/util/leaktest"
 	"github.com/cockroachdb/cockroach/pkg/util/log"
@@ -51,7 +51,7 @@ func TestAlterBackupStatement(t *testing.T) {
 	sqlDB.Exec(t, query)
 
 	ctx := context.Background()
-	store, err := execCfg.DistSQLSrv.ExternalStorageFromURI(ctx, "userfile:///a", security.RootUserName())
+	store, err := execCfg.DistSQLSrv.ExternalStorageFromURI(ctx, "userfile:///a", username.RootUserName())
 	require.NoError(t, err)
 
 	files, err := getEncryptionInfoFiles(ctx, store)

diff --git a/pkg/ccl/backupccl/backup_destination.go b/pkg/ccl/backupccl/backup_destination.go
@@ -20,7 +20,7 @@ import (
 	"github.com/cockroachdb/cockroach/pkg/featureflag"
 	"github.com/cockroachdb/cockroach/pkg/jobs/jobspb"
 	"github.com/cockroachdb/cockroach/pkg/roachpb"
-	"github.com/cockroachdb/cockroach/pkg/security"
+	"github.com/cockroachdb/cockroach/pkg/security/username"
 	"github.com/cockroachdb/cockroach/pkg/settings/cluster"
 	"github.com/cockroachdb/cockroach/pkg/sql"
 	"github.com/cockroachdb/cockroach/pkg/sql/pgwire/pgcode"
@@ -41,7 +41,7 @@ import (
 func fetchPreviousBackups(
 	ctx context.Context,
 	mem *mon.BoundAccount,
-	user security.SQLUsername,
+	user username.SQLUsername,
 	makeCloudStorage cloud.ExternalStorageFromURIFactory,
 	prevBackupURIs []string,
 	encryptionParams jobspb.BackupEncryptionOptions,
@@ -77,7 +77,7 @@ func fetchPreviousBackups(
 // backup manifests in the backup chain.
 func resolveDest(
 	ctx context.Context,
-	user security.SQLUsername,
+	user username.SQLUsername,
 	dest jobspb.BackupDetails_Destination,
 	endTime hlc.Timestamp,
 	incrementalFrom []string,
@@ -232,7 +232,7 @@ func resolveDest(
 func getBackupManifests(
 	ctx context.Context,
 	mem *mon.BoundAccount,
-	user security.SQLUsername,
+	user username.SQLUsername,
 	makeCloudStorage cloud.ExternalStorageFromURIFactory,
 	backupURIs []string,
 	encryption *jobspb.BackupEncryptionOptions,
@@ -299,7 +299,7 @@ func readLatestFile(
 	ctx context.Context,
 	collectionURI string,
 	makeCloudStorage cloud.ExternalStorageFromURIFactory,
-	user security.SQLUsername,
+	user username.SQLUsername,
 ) (string, error) {
 	collection, err := makeCloudStorage(ctx, collectionURI, user)
 	if err != nil {