Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
126587: kvpb: removed disused Path field from ExportResp r=dt a=dt Release note: none. Epic: none. 134228: rpc: reduce certificate-related allocations during authentication r=mgartner a=mgartner #### rpc: add authenication benchmark Release note: None #### rpc: reduce certificate-related allocations during authentication This commit avoids certificate-related allocations in the happy path of authenticating network requests. Release note: None #### security: inline getCertificatePrincipals The `getCertificatePrincipals` function has been inlined into its one callsite to avoid allocating a slice of the results. Fixes #133317 Release note: None 135291: logictest: enable local-mixed-24.3 config r=RaduBerinde a=RaduBerinde #### bootstrap: add 24.3 bootstrap data Obtained by running (on release-24.3 branch): ``` ./dev build sql-bootstrap-data && bin/sql-bootstrap-data ``` Epic: REL-1322 Release note: None #### logictest: enable local-mixed-24.3 config Includes a minor fix to the schema changer (thanks Rafi and Annie!). Fixes #135358 Epic: REL-1322 Release note: None 135337: cli: skip TestTenantZip under deadlock r=dhartunian a=dhartunian We had some CPU profile failures under deadlock, skipping under that scenario since that's not relevant for this test. Resolves: #134187 Release note: None 135552: ldapccl: support partial ldap groups mapping on authz r=souravcrl a=souravcrl fixes #133779 Epic CRDB-33829 Currently, an LDAP user may be configured to be a member of multiple LDAP groups, and when we retrieve the group roles for the user during LDAP authZ we try to find corresponding roles for all the groups being synced and fail the roles grant operation if any of the group roles do not exist on CRDB. This is a problem as not all groups are desired to have corresponding CRDB roles and in such a case a partial roles grant should take place. Release note(security): This fix will add support for partial roles from ldap synced group to be mapped to crdb roles and ensure appropriate erroring for undesired behavior. 135565: gcs: remove test that asserts buckets produce not found error r=jeffswenson a=jeffswenson The behavior of GCS appears to have changed. If a bucket does not exist, it will return a 403 forbidden. So we can't disambiguate a bucket that does not exist from a bucket we can't access. Overall, this is annoying but fine. The main value of not found as a sentinel error the program can check is it indicates the name is free and can be used. This property doesn't apply if the bucket does not exist because CRDB will never create a bucket. Release Justification: Test only change Release Note: None Fixes: #135307 Fixes: #135348 Fixes: #135349 Fixes: #135350 Fixes: #135351 Fixes: #135352 Co-authored-by: David Taylor <[email protected]> Co-authored-by: Marcus Gartner <[email protected]> Co-authored-by: Radu Berinde <[email protected]> Co-authored-by: David Hartunian <[email protected]> Co-authored-by: souravcrl <[email protected]> Co-authored-by: Jeff Swenson <[email protected]>
- Loading branch information
