-
Notifications
You must be signed in to change notification settings - Fork 3.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
102635: server, tenant: gate process debugging behind capability r=knz,abarganier a=dhartunian Previously, all tenant servers were started with a debug server that granted process-manipulating power via pprof and vmodule HTTP endpoints. This implementation is fine when servers serve just 1 tenant in a given process; that tenant then legitimately has access to all process-level control. However, it becomes a problem in shared-process multitenancy, when the same process is shared by multiple tenants. In that case, it is undesirable for 1 tenant to have access to & control process properties, as it could influence the well-functioning of other tenants or potentially leak data across tenant boundaries. This commit gates access to the debug server behind a capability **only with shared process multitenancy**. Tenant servers running within their own process will contain a debug server with no capability gating since they own their process. The gating is implemented via a tenant authorizer function backed by the capability store that is injected into the debug server upon startup. Shared process tenants are provided this authorizer, while separate process tenants and the system tenant use the no-op authorizer. Epic: CRDB-12100 Resolves: #97946 Release note: None Co-authored-by: David Hartunian <[email protected]>
- Loading branch information
Showing
48 changed files
with
472 additions
and
160 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.