Merge pull request #63482 from rafiss/backport21.1-60676

release-21.1: sql/sem,sql/parser: fix the AST anonymization
cockroachdb · Apr 12, 2021 · 71a2014 · 71a2014
2 parents ab774e5 + 2ec43e8
commit 71a2014
Show file tree

Hide file tree

Showing 94 changed files with 17,345 additions and 3,066 deletions.
diff --git a/pkg/ccl/backupccl/backup_test.go b/pkg/ccl/backupccl/backup_test.go
@@ -1152,7 +1152,7 @@ func TestBackupRestoreSystemJobs(t *testing.T) {
 	if err := jobutils.VerifySystemJob(t, sqlDB, 0, jobspb.TypeRestore, jobs.StatusSucceeded, jobs.Record{
 		Username: security.RootUserName(),
 		Description: fmt.Sprintf(
-			`RESTORE TABLE bank FROM '%s', '%s' WITH into_db='restoredb'`,
+			`RESTORE TABLE bank FROM '%s', '%s' WITH into_db = 'restoredb'`,
 			sanitizedFullDir+"redacted", sanitizedIncDir+"redacted",
 		),
 		DescriptorIDs: descpb.IDs{
@@ -1207,16 +1207,19 @@ func TestEncryptedBackupRestoreSystemJobs(t *testing.T) {
 	} {
 		t.Run(tc.name, func(t *testing.T) {
 			var encryptionOption string
-			var sanitizedEncryptionOption string
+			var sanitizedEncryptionOption1 string
+			var sanitizedEncryptionOption2 string
 			if tc.useKMS {
 				correctKMSURI, _ := getAWSKMSURI(t, regionEnvVariable, keyIDEnvVariable)
-				encryptionOption = fmt.Sprintf("kms='%s'", correctKMSURI)
+				encryptionOption = fmt.Sprintf("kms = '%s'", correctKMSURI)
 				sanitizedURI, err := redactTestKMSURI(correctKMSURI)
 				require.NoError(t, err)
-				sanitizedEncryptionOption = fmt.Sprintf("kms='%s'", sanitizedURI)
+				sanitizedEncryptionOption1 = fmt.Sprintf("kms = '%s'", sanitizedURI)
+				sanitizedEncryptionOption2 = sanitizedEncryptionOption1
 			} else {
-				encryptionOption = "encryption_passphrase='abcdefg'"
-				sanitizedEncryptionOption = "encryption_passphrase='redacted'"
+				encryptionOption = "encryption_passphrase = 'abcdefg'"
+				sanitizedEncryptionOption1 = "encryption_passphrase = '*****'"
+				sanitizedEncryptionOption2 = "encryption_passphrase = 'redacted'"
 			}
 			_, _, sqlDB, _, cleanupFn := BackupRestoreTestSetup(t, MultiNode, 3, InitManualReplication)
 			conn := sqlDB.DB.(*gosql.DB)
@@ -1238,7 +1241,7 @@ func TestEncryptedBackupRestoreSystemJobs(t *testing.T) {
 					Username: security.RootUserName(),
 					Description: fmt.Sprintf(
 						`BACKUP DATABASE data TO '%s' WITH %s`,
-						backupLoc1, sanitizedEncryptionOption),
+						backupLoc1, sanitizedEncryptionOption1),
 					DescriptorIDs: descpb.IDs{
 						descpb.ID(backupDatabaseID),
 						descpb.ID(backupTableID),
@@ -1255,8 +1258,8 @@ into_db='restoredb', %s)`, encryptionOption), backupLoc1)
 			if err := jobutils.VerifySystemJob(t, sqlDB, 0, jobspb.TypeRestore, jobs.StatusSucceeded, jobs.Record{
 				Username: security.RootUserName(),
 				Description: fmt.Sprintf(
-					`RESTORE TABLE data.bank FROM '%s' WITH %s, into_db='restoredb'`,
-					backupLoc1, sanitizedEncryptionOption,
+					`RESTORE TABLE data.bank FROM '%s' WITH %s, into_db = 'restoredb'`,
+					backupLoc1, sanitizedEncryptionOption2,
 				),
 				DescriptorIDs: descpb.IDs{
 					descpb.ID(restoreDatabaseID + 1),
@@ -4278,8 +4281,8 @@ func TestEncryptedBackup(t *testing.T) {
 				encryptionOption = fmt.Sprintf("kms='%s'", correctKMSURI)
 				incorrectEncryptionOption = fmt.Sprintf("kms='%s'", incorrectKeyARNURI)
 			} else {
-				encryptionOption = "encryption_passphrase='abcdefg'"
-				incorrectEncryptionOption = "encryption_passphrase='wrongpassphrase'"
+				encryptionOption = "encryption_passphrase = 'abcdefg'"
+				incorrectEncryptionOption = "encryption_passphrase = 'wrongpassphrase'"
 			}
 			ctx, _, sqlDB, rawDir, cleanupFn := BackupRestoreTestSetup(t, MultiNode, 3, InitManualReplication)
 			defer cleanupFn()
@@ -5531,7 +5534,7 @@ func TestBackupRestoreShowJob(t *testing.T) {
 		t, "SELECT description FROM [SHOW JOBS] WHERE description != 'updating privileges' ORDER BY description",
 		[][]string{
 			{"BACKUP DATABASE data TO 'nodelocal://0/foo' WITH revision_history"},
-			{"RESTORE TABLE data.bank FROM 'nodelocal://0/foo' WITH into_db='data 2', skip_missing_foreign_keys"},
+			{"RESTORE TABLE data.bank FROM 'nodelocal://0/foo' WITH into_db = 'data 2', skip_missing_foreign_keys"},
 		},
 	)
 }
@@ -7597,10 +7600,10 @@ func TestManifestBitFlip(t *testing.T) {
 	})
 
 	t.Run("encrypted", func(t *testing.T) {
-		sqlDB.Exec(t, `BACKUP DATABASE data TO 'nodelocal://0/bit_flip_encrypted' WITH encryption_passphrase='abc'`)
+		sqlDB.Exec(t, `BACKUP DATABASE data TO 'nodelocal://0/bit_flip_encrypted' WITH encryption_passphrase = 'abc'`)
 		flipBitInManifests(t, rawDir)
 		sqlDB.ExpectErr(t, checksumError,
-			`RESTORE data.* FROM 'nodelocal://0/bit_flip_encrypted' WITH encryption_passphrase='abc', into_db='r3'`)
+			`RESTORE data.* FROM 'nodelocal://0/bit_flip_encrypted' WITH encryption_passphrase = 'abc', into_db = 'r3'`)
 	})
 }
 

diff --git a/pkg/ccl/backupccl/create_scheduled_backup.go b/pkg/ccl/backupccl/create_scheduled_backup.go
@@ -457,7 +457,10 @@ func makeBackupSchedule(
 
 	// We do not set backupNode.AsOf: this is done when the scheduler kicks off the backup.
 	// Serialize backup statement and set schedule executor and its args.
-	args.BackupStatement = tree.AsString(backupNode)
+	//
+	// TODO(bulkio): this serialization is erroneous, see issue
+	// https://github.com/cockroachdb/cockroach/issues/63216
+	args.BackupStatement = tree.AsStringWithFlags(backupNode, tree.FmtSimple|tree.FmtShowPasswords)
 	any, err := pbtypes.MarshalAny(args)
 	if err != nil {
 		return nil, err

diff --git a/pkg/ccl/backupccl/create_scheduled_backup_test.go b/pkg/ccl/backupccl/create_scheduled_backup_test.go
@@ -304,7 +304,7 @@ func TestSerializesScheduledBackupExecutionArgs(t *testing.T) {
 		},
 		{
 			name:   "enterprise-license-required-for-encryption",
-			query:  "CREATE SCHEDULE FOR BACKUP INTO 'nodelocal://0/backup'  WITH encryption_passphrase='secret' RECURRING '@hourly'",
+			query:  "CREATE SCHEDULE FOR BACKUP INTO 'nodelocal://0/backup'  WITH encryption_passphrase = 'secret' RECURRING '@hourly'",
 			user:   freeUser,
 			errMsg: "use of BACKUP with encryption requires an enterprise license",
 		},
@@ -333,12 +333,12 @@ func TestSerializesScheduledBackupExecutionArgs(t *testing.T) {
 			user: enterpriseUser,
 			query: `
 		CREATE SCHEDULE FOR BACKUP TABLE system.jobs, system.scheduled_jobs INTO 'nodelocal://0/backup'
-		WITH encryption_passphrase='secret' RECURRING '@weekly'`,
+		WITH encryption_passphrase = 'secret' RECURRING '@weekly'`,
 			expectedSchedules: []expectedSchedule{
 				{
 					nameRe:     "BACKUP .*",
-					backupStmt: "BACKUP TABLE system.jobs, system.scheduled_jobs INTO 'nodelocal://0/backup' WITH encryption_passphrase='secret', detached",
-					shownStmt:  "BACKUP TABLE system.jobs, system.scheduled_jobs INTO 'nodelocal://0/backup' WITH encryption_passphrase='redacted', detached",
+					backupStmt: "BACKUP TABLE system.jobs, system.scheduled_jobs INTO 'nodelocal://0/backup' WITH encryption_passphrase = 'secret', detached",
+					shownStmt:  "BACKUP TABLE system.jobs, system.scheduled_jobs INTO 'nodelocal://0/backup' WITH encryption_passphrase = '*****', detached",
 					period:     7 * 24 * time.Hour,
 				},
 			},

diff --git a/pkg/sql/opt/exec/execbuilder/scalar.go b/pkg/sql/opt/exec/execbuilder/scalar.go
@@ -376,7 +376,7 @@ func (b *Builder) buildColumnAccess(
 	if childTyp.TupleLabels() != nil {
 		lbl = childTyp.TupleLabels()[colIdx]
 	}
-	return tree.NewTypedColumnAccessExpr(input, lbl, colIdx), nil
+	return tree.NewTypedColumnAccessExpr(input, tree.Name(lbl), colIdx), nil
 }
 
 func (b *Builder) buildArray(ctx *buildScalarCtx, scalar opt.ScalarExpr) (tree.TypedExpr, error) {

diff --git a/pkg/sql/opt/optbuilder/util.go b/pkg/sql/opt/optbuilder/util.go
@@ -101,7 +101,7 @@ func (b *Builder) expandStar(
 				}
 				// NewTypedColumnAccessExpr expects colName to be empty if the tuple
 				// should be accessed by index.
-				exprs[i] = tree.NewTypedColumnAccessExpr(texpr, colName, i)
+				exprs[i] = tree.NewTypedColumnAccessExpr(texpr, tree.Name(colName), i)
 			}
 		}
 		for i := len(aliases); i < len(typ.TupleContents()); i++ {