sql: gate setting zone configs behind a cluster setting for tenants

This patch gates setting zone configurations behind a the `sql.zone_configs.allow_for_secondary_tenant.enabled` cluster setting for secondary tenants. For now, this thing is not public. Release note: None
cockroachdb · Aug 20, 2021 · 84568b9 · 84568b9
1 parent 1c83fd9
commit 84568b9
Show file tree

Hide file tree

Showing 6 changed files with 46 additions and 1 deletion.
diff --git a/pkg/ccl/logictestccl/testdata/logic_test/zone_config_secondary_tenants b/pkg/ccl/logictestccl/testdata/logic_test/zone_config_secondary_tenants
@@ -4,6 +4,12 @@
 statement ok
 CREATE TABLE t();
 
+statement error pq: secondary tenants cannot set zone configurations unless sql.zone_configs.allow_for_secondary_tenant.enabled is enabled
+ALTER TABLE t CONFIGURE ZONE USING num_replicas = 5;
+
+statement ok
+SET CLUSTER SETTING sql.zone_configs.allow_for_secondary_tenant.enabled = true
+
 statement ok
 ALTER TABLE t CONFIGURE ZONE USING num_replicas = 5;
 

diff --git a/pkg/spanconfig/spanconfigmanager/manager.go b/pkg/spanconfig/spanconfigmanager/manager.go
@@ -7,7 +7,6 @@
 // the Business Source License, use of this software will be governed
 // by the Apache License, Version 2.0, included in the file
 // licenses/APL.txt.
-
 package spanconfigmanager
 
 import (

diff --git a/pkg/sql/logictest/testdata/logic_test/zone_config b/pkg/sql/logictest/testdata/logic_test/zone_config
@@ -1,3 +1,8 @@
+# As these tests are run for both the system tenant and secondary tenants, we
+# turn on the setting that gates setting zone configs for system tenants.
+statement ok
+SET CLUSTER SETTING sql.zone_configs.allow_for_secondary_tenant.enabled = true
+
 # Check that we can alter the default zone config.
 statement ok
 ALTER RANGE default CONFIGURE ZONE USING num_replicas = 1

diff --git a/pkg/sql/logictest/testdata/logic_test/zone_config_system_tenant b/pkg/sql/logictest/testdata/logic_test/zone_config_system_tenant
@@ -1,6 +1,19 @@
 # LogicTest: !3node-tenant
 # Zone config logic tests that are only meant to work for the system tenant.
 
+statement ok
+CREATE TABLE t();
+
+statement ok
+ALTER TABLE t CONFIGURE ZONE USING num_replicas = 5;
+
+# Should have no effect on the system tenant.
+statement ok
+SET CLUSTER SETTING sql.zone_configs.allow_for_secondary_tenant.enabled = false
+
+statement ok
+ALTER TABLE t CONFIGURE ZONE USING num_replicas = 3;
+
 statement ok
 CREATE TABLE a(id INT PRIMARY KEY)
 
@@ -23,3 +36,4 @@ SELECT zone_id, target FROM crdb_internal.zones ORDER BY 1
 22  RANGE liveness
 25  TABLE system.public.replication_constraint_stats
 27  TABLE system.public.replication_stats
+53  TABLE test.public.t
diff --git a/pkg/sql/set_zone_config.go b/pkg/sql/set_zone_config.go
@@ -183,6 +183,14 @@ func (p *planner) SetZoneConfig(ctx context.Context, n *tree.SetZoneConfig) (pla
 		return nil, err
 	}
 
+	if !p.ExecCfg().Codec.ForSystemTenant() &&
+		!secondaryTenantZoneConfigsEnabled.Get(&p.ExecCfg().Settings.SV) {
+		return nil, pgerror.Newf(pgcode.FeatureNotSupported,
+			"secondary tenants cannot set zone configurations unless %s is enabled",
+			secondaryTenantsZoneConfigsEnabledSettingName,
+		)
+	}
+
 	if err := checkPrivilegeForSetZoneConfig(ctx, p, n.ZoneSpecifier); err != nil {
 		return nil, err
 	}

diff --git a/pkg/sql/zone_config.go b/pkg/sql/zone_config.go
@@ -20,6 +20,7 @@ import (
 	"github.com/cockroachdb/cockroach/pkg/keys"
 	"github.com/cockroachdb/cockroach/pkg/kv"
 	"github.com/cockroachdb/cockroach/pkg/roachpb"
+	"github.com/cockroachdb/cockroach/pkg/settings"
 	"github.com/cockroachdb/cockroach/pkg/sql/catalog"
 	"github.com/cockroachdb/cockroach/pkg/sql/catalog/catalogkeys"
 	"github.com/cockroachdb/cockroach/pkg/sql/catalog/catalogkv"
@@ -41,6 +42,18 @@ func init() {
 
 var errNoZoneConfigApplies = errors.New("no zone config applies")
 
+const secondaryTenantsZoneConfigsEnabledSettingName = "sql.zone_configs.allow_for_secondary_tenant.enabled"
+
+// secondaryTenantZoneConfigsEnabled controls if secondary tenants are allowed
+// to set zone configurations. It has no effect for the system tenant.
+//
+// This setting has no effect on zone configurations that have already been set.
+var secondaryTenantZoneConfigsEnabled = settings.RegisterBoolSetting(
+	secondaryTenantsZoneConfigsEnabledSettingName,
+	"allow secondary tenants to set zone configurations; does not affect the system tenant",
+	false,
+)
+
 // getZoneConfig recursively looks up entries in system.zones until an
 // entry that applies to the object with the specified id is
 // found. Returns the ID of the matching zone, its zone config, and an