Merge #110042 #110107

110042: roachprod: warn and continue on provider.List errors r=renatolabs a=DarrylWong Occasionally, provider.List will fail with an error, such as a 404 or unavailability error. Previously, such an error would cause roachprod list to fail for all providers, even if the erring provider is never used. Now, provider.List errors will instead log a warning that the list may not be complete and continue listing other providers. Epic: https://cockroachlabs.atlassian.net/browse/CRDB-10428 Release note: None Fixes: #77625 110107: builtins: add gen_random_bytes builtin function r=rafiss a=rafiss fixes #21001 Release note (sql change): Added the gen_random_bytes builtin function, which generates cryptographically secure random bytes. Co-authored-by: DarrylWong <[email protected]> Co-authored-by: Rafi Shamim <[email protected]>
cockroachdb · Sep 7, 2023 · cd2e060 · cd2e060
3 parents c5ca06d + 306eeff + c075f6c
commit cd2e060
Show file tree

Hide file tree

Showing 5 changed files with 50 additions and 2 deletions.
diff --git a/docs/generated/sql/functions.md b/docs/generated/sql/functions.md
@@ -428,6 +428,8 @@
 </ul>
 <p>This function requires an enterprise license on a CCL distribution.</p>
 </span></td><td>Immutable</td></tr>
+<tr><td><a name="gen_random_bytes"></a><code>gen_random_bytes(count: <a href="int.html">int</a>) &rarr; <a href="bytes.html">bytes</a></code></td><td><span class="funcdesc"><p>Returns <code>count</code> cryptographically strong random bytes. At most 1024 bytes can be extracted at a time.</p>
+</span></td><td>Volatile</td></tr>
 <tr><td><a name="gen_salt"></a><code>gen_salt(type: <a href="string.html">string</a>) &rarr; <a href="string.html">string</a></code></td><td><span class="funcdesc"><p>Generates a salt for input into the <code>crypt</code> function using the default number of rounds.</p>
 </span></td><td>Volatile</td></tr>
 <tr><td><a name="gen_salt"></a><code>gen_salt(type: <a href="string.html">string</a>, iter_count: <a href="int.html">int</a>) &rarr; <a href="string.html">string</a></code></td><td><span class="funcdesc"><p>Generates a salt for input into the <code>crypt</code> function using <code>iter_count</code> number of rounds.</p>

diff --git a/pkg/roachprod/cloud/cluster_cloud.go b/pkg/roachprod/cloud/cluster_cloud.go
@@ -185,12 +185,15 @@ func ListCloud(l *logger.Logger, options vm.ListOptions) (*Cloud, error) {
 		g.Go(func() error {
 			var err error
 			providerVMs[index], err = provider.List(l, options)
-			return err
+			return errors.Wrapf(err, "provider %s", provider.Name())
 		})
 	}
 
 	if err := g.Wait(); err != nil {
-		return nil, err
+		// We continue despite the error as we don't want to fail for all providers if only one
+		// has an issue. The function that calls ListCloud may not even use the erring provider.
+		// If it does, it will fail later when it doesn't find the specified cluster.
+		l.Printf("WARNING: Error listing VMs, continuing but list may be incomplete. %s \n", err.Error())
 	}
 
 	for _, vms := range providerVMs {

diff --git a/pkg/sql/logictest/testdata/logic_test/pgcrypto_builtins b/pkg/sql/logictest/testdata/logic_test/pgcrypto_builtins
@@ -308,3 +308,24 @@ query error pgcode XXC01 decrypt_iv can only be used with a CCL distribution
 SELECT decrypt_iv('\x91b4ef63852013c8da53829da662b871', 'key', '123', 'aes')
 
 subtest end
+
+subtest gen_random_bytes
+
+statement error pgcode 22023 length 0 is outside the range
+SELECT gen_random_bytes(0)
+
+statement error pgcode 22023 length 1025 is outside the range
+SELECT gen_random_bytes(1025)
+
+query I
+SELECT length(gen_random_bytes(10))
+----
+10
+
+# Basic to make sure the same result isn't returned.
+query B
+SELECT gen_random_bytes(5) = gen_random_bytes(5)
+----
+false
+
+subtest end
diff --git a/pkg/sql/sem/builtins/fixed_oids.go b/pkg/sql/sem/builtins/fixed_oids.go
@@ -2457,6 +2457,7 @@ var builtinOidsArray = []string{
 	2486: `encrypt_iv(data: bytes, key: bytes, iv: bytes, type: string) -> bytes`,
 	2487: `decrypt(data: bytes, key: bytes, type: string) -> bytes`,
 	2488: `decrypt_iv(data: bytes, key: bytes, iv: bytes, type: string) -> bytes`,
+	2489: `gen_random_bytes(count: int) -> bytes`,
 }
 
 var builtinOidsBySignature map[string]oid.Oid

diff --git a/pkg/sql/sem/builtins/pgcrypto_builtins.go b/pkg/sql/sem/builtins/pgcrypto_builtins.go
@@ -225,6 +225,27 @@ var pgcryptoBuiltins = map[string]builtinDefinition{
 
 	"gen_random_uuid": generateRandomUUID4Impl(),
 
+	"gen_random_bytes": makeBuiltin(
+		tree.FunctionProperties{Category: builtinconstants.CategoryCrypto},
+		tree.Overload{
+			Types:      tree.ParamTypes{{Name: "count", Typ: types.Int}},
+			ReturnType: tree.FixedReturnType(types.Bytes),
+			Fn: func(_ context.Context, _ *eval.Context, args tree.Datums) (tree.Datum, error) {
+				count := int(tree.MustBeDInt(args[0]))
+				if count < 1 || count > 1024 {
+					return nil, pgerror.Newf(pgcode.InvalidParameterValue, "length %d is outside the range [1, 1024]", count)
+				}
+				bytes, err := getRandomBytes(count)
+				if err != nil {
+					return nil, err
+				}
+				return tree.NewDBytes(tree.DBytes(bytes)), nil
+			},
+			Info:       "Returns `count` cryptographically strong random bytes. At most 1024 bytes can be extracted at a time.",
+			Volatility: volatility.Volatile,
+		},
+	),
+
 	"gen_salt": makeBuiltin(
 		tree.FunctionProperties{Category: builtinconstants.CategoryCrypto},
 		tree.Overload{