sql: Add ownership concept

Added ownership when creating objects. Owners have ALL privilege on the object. Currently, ownership cannot be changed, we will need to implement the ALTER OWNER commands for all objects. The privileges CREATE/DROP currently exist to alleviate missing privileges from the lack of ownership, this PR does affect CREATE/DROP privileges. Also added testuser2 certs to allow using testuser2 in logictests to test inheritance between multiple roles. Objects created before 20.2 will have not have ownership explicitly set, however we have logic to check that ownerless objects before 20.2 have admin as their owner if not a system object and node as an owner if it is a system object. Release note (sql change): Added "ownership" concept objects. Objects must have an owner, all objects that do not have owners currently will have admin set as the default owner except system objects. System objects without owners will have node as their owner. By default, owners are the creator of the object. Owners have all privileges to the objects they own. Similarly, any roles that are members of the owner role also have all privileges on the object. Roles cannot be dropped if they own objects. This pr does not add support for changing the ownership of objects, it will be added in a future pr to support dropping roles.
cockroachdb · Jul 30, 2020 · 8f00be1 · 8f00be1
1 parent 89dda79
commit 8f00be1
Show file tree

Hide file tree

Showing 42 changed files with 765 additions and 217 deletions.
diff --git a/pkg/ccl/backupccl/restore_job.go b/pkg/ccl/backupccl/restore_job.go
@@ -449,7 +449,7 @@ func WriteDescriptors(
 			// the users on the restoring cluster match the ones that were on the
 			// cluster that was backed up. So we wipe the privileges on the database.
 			if descCoverage != tree.AllDescriptors {
-				desc.Privileges = sqlbase.NewDefaultPrivilegeDescriptor()
+				desc.Privileges = sqlbase.NewDefaultPrivilegeDescriptor(sqlbase.AdminRole)
 			}
 			wroteDBs[desc.GetID()] = desc
 			if err := catalogkv.WriteNewDescToBatch(ctx, false /* kvTrace */, settings, b, keys.SystemSQLCodec, desc.GetID(), desc); err != nil {
@@ -972,7 +972,7 @@ func createImportingDescriptors(
 	}
 	if details.DescriptorCoverage == tree.AllDescriptors {
 		databases = append(databases, sqlbase.NewInitialDatabaseDescriptor(
-			sqlbase.ID(tempSystemDBID), restoreTempSystemDB))
+			sqlbase.ID(tempSystemDBID), restoreTempSystemDB, sqlbase.AdminRole))
 	}
 
 	// We get the spans of the restoring tables _as they appear in the backup_,

diff --git a/pkg/ccl/backupccl/targets_test.go b/pkg/ccl/backupccl/targets_test.go
@@ -46,7 +46,7 @@ func TestDescriptorsMatchingTargets(t *testing.T) {
 			return *desc.DescriptorProto()
 		}
 		mkDB := func(id sqlbase.ID, name string) sqlbase.Descriptor {
-			return *sqlbase.NewInitialDatabaseDescriptor(id, name).DescriptorProto()
+			return *sqlbase.NewInitialDatabaseDescriptor(id, name, sqlbase.AdminRole).DescriptorProto()
 		}
 		mkTyp := func(desc typDesc) sqlbase.Descriptor {
 			return *sqlbase.NewImmutableTypeDescriptor(desc).DescriptorProto()

diff --git a/pkg/ccl/importccl/import_table_creation.go b/pkg/ccl/importccl/import_table_creation.go
@@ -162,7 +162,7 @@ func MakeSimpleTableDescriptor(
 		keys.PublicSchemaID,
 		tableID,
 		hlc.Timestamp{WallTime: walltime},
-		sqlbase.NewDefaultPrivilegeDescriptor(),
+		sqlbase.NewDefaultPrivilegeDescriptor(sqlbase.AdminRole),
 		affected,
 		semaCtx,
 		&evalCtx,

diff --git a/pkg/ccl/importccl/load_test.go b/pkg/ccl/importccl/load_test.go
@@ -57,8 +57,8 @@ func TestGetDescriptorFromDB(t *testing.T) {
 	s, sqlDB, kvDB := serverutils.StartServer(t, params)
 	defer s.Stopper().Stop(ctx)
 
-	aliceDesc := sqlbase.NewInitialDatabaseDescriptor(10000, "alice")
-	bobDesc := sqlbase.NewInitialDatabaseDescriptor(9999, "bob")
+	aliceDesc := sqlbase.NewInitialDatabaseDescriptor(10000, "alice", sqlbase.AdminRole)
+	bobDesc := sqlbase.NewInitialDatabaseDescriptor(9999, "bob", sqlbase.AdminRole)
 
 	err := kvDB.Txn(ctx, func(ctx context.Context, txn *kv.Txn) error {
 		if err := txn.SetSystemConfigTrigger(true /* forSystemTenant */); err != nil {

diff --git a/pkg/ccl/importccl/read_import_mysql.go b/pkg/ccl/importccl/read_import_mysql.go
@@ -392,9 +392,9 @@ func mysqlTableToCockroach(
 	}
 
 	var seqDesc *sqlbase.TableDescriptor
+	owner := sqlbase.AdminRole
 	// If we have an auto-increment seq, create it and increment the id.
 	if seqName != "" {
-		priv := sqlbase.NewDefaultPrivilegeDescriptor()
 		var opts tree.SequenceOptions
 		if startingValue != 0 {
 			opts = tree.SequenceOptions{{Name: tree.SeqOptStart, IntVal: &startingValue}}
@@ -404,6 +404,10 @@ func mysqlTableToCockroach(
 		var err error
 		if p != nil {
 			params := p.RunParams(ctx)
+			if params.SessionData() != nil {
+				owner = params.SessionData().User
+			}
+			priv := sqlbase.NewDefaultPrivilegeDescriptor(owner)
 			desc, err = sql.MakeSequenceTableDesc(
 				seqName,
 				opts,
@@ -416,6 +420,7 @@ func mysqlTableToCockroach(
 				&params,
 			)
 		} else {
+			priv := sqlbase.NewDefaultPrivilegeDescriptor(owner)
 			desc, err = sql.MakeSequenceTableDesc(
 				seqName,
 				opts,

diff --git a/pkg/ccl/importccl/read_import_pgdump.go b/pkg/ccl/importccl/read_import_pgdump.go
@@ -234,6 +234,10 @@ func readPostgresCreateTable(
 		stmt, err := ps.Next()
 		if err == io.EOF {
 			ret := make([]*sqlbase.TableDescriptor, 0, len(createTbl))
+			owner := sqlbase.AdminRole
+			if params.SessionData() != nil {
+				owner = params.SessionData().User
+			}
 			for name, seq := range createSeq {
 				id := sqlbase.ID(int(defaultCSVTableID) + len(ret))
 				desc, err := sql.MakeSequenceTableDesc(
@@ -243,7 +247,7 @@ func readPostgresCreateTable(
 					keys.PublicSchemaID,
 					id,
 					hlc.Timestamp{WallTime: walltime},
-					sqlbase.NewDefaultPrivilegeDescriptor(),
+					sqlbase.NewDefaultPrivilegeDescriptor(owner),
 					false, /* temporary */
 					&params,
 				)

diff --git a/pkg/ccl/importccl/testutils_test.go b/pkg/ccl/importccl/testutils_test.go
@@ -50,7 +50,7 @@ func descForTable(
 		name := parsed[0].AST.(*tree.CreateSequence).Name.String()
 
 		ts := hlc.Timestamp{WallTime: nanos}
-		priv := sqlbase.NewDefaultPrivilegeDescriptor()
+		priv := sqlbase.NewDefaultPrivilegeDescriptor(sqlbase.AdminRole)
 		desc, err := sql.MakeSequenceTableDesc(
 			name,
 			tree.SequenceOptions{},

diff --git a/pkg/kv/kvserver/client_rangefeed_test.go b/pkg/kv/kvserver/client_rangefeed_test.go
@@ -65,7 +65,8 @@ func TestRangefeedWorksOnSystemRangesUnconditionally(t *testing.T) {
 		const junkDescriptorID = 42
 		require.GreaterOrEqual(t, keys.MaxReservedDescID, junkDescriptorID)
 		junkDescriptorKey := sqlbase.MakeDescMetadataKey(keys.SystemSQLCodec, junkDescriptorID)
-		junkDescriptor := sqlbase.NewInitialDatabaseDescriptor(junkDescriptorID, "junk")
+		junkDescriptor := sqlbase.NewInitialDatabaseDescriptor(
+			junkDescriptorID, "junk", sqlbase.AdminRole)
 		require.NoError(t, db.Txn(ctx, func(ctx context.Context, txn *kv.Txn) error {
 			if err := txn.SetSystemConfigTrigger(true /* forSystemTenant */); err != nil {
 				return err

diff --git a/pkg/kv/kvserver/gossip_test.go b/pkg/kv/kvserver/gossip_test.go
@@ -219,13 +219,13 @@ func TestGossipAfterAbortOfSystemConfigTransactionAfterFailureDueToIntents(t *te
 	txB := db.NewTxn(ctx, "b")
 
 	require.NoError(t, txA.SetSystemConfigTrigger(true /* forSystemTenant */))
-	db1000 := sqlbase.NewInitialDatabaseDescriptor(1000, "1000")
+	db1000 := sqlbase.NewInitialDatabaseDescriptor(1000, "1000", sqlbase.AdminRole)
 	require.NoError(t, txA.Put(ctx,
 		keys.SystemSQLCodec.DescMetadataKey(1000),
 		db1000.DescriptorProto()))
 
 	require.NoError(t, txB.SetSystemConfigTrigger(true /* forSystemTenant */))
-	db2000 := sqlbase.NewInitialDatabaseDescriptor(2000, "2000")
+	db2000 := sqlbase.NewInitialDatabaseDescriptor(2000, "2000", sqlbase.AdminRole)
 	require.NoError(t, txB.Put(ctx,
 		keys.SystemSQLCodec.DescMetadataKey(2000),
 		db2000.DescriptorProto()))

diff --git a/pkg/kv/kvserver/reports/constraint_stats_report_test.go b/pkg/kv/kvserver/reports/constraint_stats_report_test.go
@@ -758,7 +758,7 @@ func compileTestCase(tc baseReportTestCase) (compiledTestCase, error) {
 			}
 		}
 		sysCfgBuilder.addDBDesc(dbID,
-			sqlbase.NewInitialDatabaseDescriptor(sqlbase.ID(dbID), db.name))
+			sqlbase.NewInitialDatabaseDescriptor(sqlbase.ID(dbID), db.name, sqlbase.AdminRole))
 
 		for _, table := range db.tables {
 			tableID := objectCounter

diff --git a/pkg/security/certificate_manager_test.go b/pkg/security/certificate_manager_test.go
@@ -40,7 +40,7 @@ func TestManagerWithEmbedded(t *testing.T) {
 		t.Error("expected non-nil NodeCert")
 	}
 	clientCerts := cm.ClientCerts()
-	if a, e := len(clientCerts), 2; a != e {
+	if a, e := len(clientCerts), 3; a != e {
 		t.Errorf("expected %d client certs, found %d", e, a)
 	}
 
@@ -61,6 +61,9 @@ func TestManagerWithEmbedded(t *testing.T) {
 	if _, err := cm.GetClientTLSConfig("testuser"); err != nil {
 		t.Error(err)
 	}
+	if _, err := cm.GetClientTLSConfig("testuser2"); err != nil {
+		t.Error(err)
+	}
 	if _, err := cm.GetClientTLSConfig("my-random-user"); err == nil {
 		t.Error("unexpected success")
 	}

diff --git a/pkg/security/securitytest/.gitignore b/pkg/security/securitytest/.gitignore
@@ -1,2 +1,2 @@
 # Override root gitignore rule on *.test*
-!client.testuser.*
+!client.testuser*.*