Skip to content

Commit

Permalink
Merge pull request #123072 from cockroachdb/blathers/backport-release…
Browse files Browse the repository at this point in the history
…-24.1-123063

release-24.1: roleoption: fix error message for SUBJECT option
  • Loading branch information
souravcrl authored Apr 26, 2024
2 parents 809b50f + fd6b5cb commit aea98c1
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 3 deletions.
2 changes: 1 addition & 1 deletion pkg/ccl/logictestccl/testdata/logic_test/subject
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# LogicTest: !local-mixed-23.1 !local-mixed-23.2
# Tests for parsing/validation of the SUBJECT role option.

statement error role "root" cannot have a SUBJECT
statement error role "root" cannot have a SUBJECT\n.*use the --root-cert-distinguished-name CLI flag
ALTER ROLE root SUBJECT 'O=US, CN=John Doe'

statement error failed to parse distinguished name foo: DN ended with incomplete type, value pair
Expand Down
6 changes: 4 additions & 2 deletions pkg/sql/roleoption/role_option.go
Original file line number Diff line number Diff line change
Expand Up @@ -222,9 +222,11 @@ func MakeListFromKVOptions(
return err
}
if u.IsRootUser() {
return pgerror.Newf(pgcode.InvalidParameterValue, "role %q cannot have a SUBJECT", u,
return errors.WithDetailf(
pgerror.Newf(pgcode.InvalidParameterValue, "role %q cannot have a SUBJECT", u),
"use the --%s CLI flag to configure root",
cliflags.RootCertDistinguishedName.Name)
cliflags.RootCertDistinguishedName.Name,
)
}
if err := distinguishedname.ValidateDN(s); err != nil {
return pgerror.WithCandidateCode(err, pgcode.InvalidParameterValue)
Expand Down

0 comments on commit aea98c1

Please sign in to comment.