allow users with VIEWACTIVITY to see cluster settings used by console #108373
Assignees
Labels
C-enhancement
Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)
Comments
maryliag
added
C-enhancement
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Aug 9, 2023
Previously, only users with `ADMIN`, `VIEWCLUSTERSETTING` or `MODIFYCLUSTERSETTING` could get the settings on the `_admin/v1/settings`. This API was used by the Console and then a few places retrieved that information. Users without those permissions would not be able to see the values and some functionalities where not working as expected, for example timezone was showing as UTC even when the cluster setting `ui.display_timezone` was set to other value. This commits modifies that endpoint (and that endpoint only) to return just the cluster settings that are not sensitive and that are required by the console to have all functionalities working. The list of cluster settings: "cross_cluster_replication.enabled", "keyvisualizer.enabled", "keyvisualizer.sample_interval", "sql.index_recommendation.drop_unused_duration", "sql.insights.anomaly_detection.latency_threshold", "sql.insights.high_retry_count.threshold", "sql.insights.latency_threshold", "sql.stats.automatic_collection.enabled", "timeseries.storage.resolution_10s.ttl", "timeseries.storage.resolution_30m.ttl", "ui.display_timezone", "version" Part Of cockroachdb#108373 Release note (bug fix): Users with VIEWACTIVITY can now view correct values for timezone.
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Aug 10, 2023
Previously, only users with `ADMIN`, `VIEWCLUSTERSETTING` or `MODIFYCLUSTERSETTING` could get the settings on the `_admin/v1/settings`. This API was used by the Console and then a few places retrieved that information. Users without those permissions would not be able to see the values and some functionalities where not working as expected, for example timezone was showing as UTC even when the cluster setting `ui.display_timezone` was set to other value. This commits modifies that endpoint (and that endpoint only) to return just the cluster settings that are not sensitive and that are required by the console to have all functionalities working. The list of cluster settings: "cross_cluster_replication.enabled", "keyvisualizer.enabled", "keyvisualizer.sample_interval", "sql.index_recommendation.drop_unused_duration", "sql.insights.anomaly_detection.latency_threshold", "sql.insights.high_retry_count.threshold", "sql.insights.latency_threshold", "sql.stats.automatic_collection.enabled", "timeseries.storage.resolution_10s.ttl", "timeseries.storage.resolution_30m.ttl", "ui.display_timezone", "version" Part Of cockroachdb#108373 Release note (bug fix): Users with VIEWACTIVITY can now view correct values for timezone.
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Aug 11, 2023
Previously, only users with `ADMIN`, `VIEWCLUSTERSETTING` or `MODIFYCLUSTERSETTING` could get the settings on the `_admin/v1/settings`. This API was used by the Console and then a few places retrieved that information. Users without those permissions would not be able to see the values and some functionalities where not working as expected, for example timezone was showing as UTC even when the cluster setting `ui.display_timezone` was set to other value. This commits modifies that endpoint (and that endpoint only) to return just the cluster settings that are not sensitive and that are required by the console to have all functionalities working. The list of cluster settings: "cross_cluster_replication.enabled", "keyvisualizer.enabled", "keyvisualizer.sample_interval", "sql.index_recommendation.drop_unused_duration", "sql.insights.anomaly_detection.latency_threshold", "sql.insights.high_retry_count.threshold", "sql.insights.latency_threshold", "sql.stats.automatic_collection.enabled", "timeseries.storage.resolution_10s.ttl", "timeseries.storage.resolution_30m.ttl", "ui.display_timezone", "version" Part Of cockroachdb#108373 Release note (bug fix): Users with VIEWACTIVITY can now view correct values for timezone.
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Aug 11, 2023
Part Of cockroachdb#108373 Use the value of the cluster setting `sql.index_recommendation.drop_unused_duration` from redux, instead of adding as part of the select. With this change, now users with VIEWACTIVITY or VIEWACTIVITYREDACTED can see index recommendations on the console, without the need the view cluster settings permission. This commit fixes on api from Database pages (Database Details and Table Details). Release note: None
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Aug 11, 2023
Part Of cockroachdb#108373 Use the value of the cluster setting `sql.index_recommendation.drop_unused_duration` from redux, instead of adding as part of the select. With this change, now users with VIEWACTIVITY or VIEWACTIVITYREDACTED can see index recommendations on the console, without the need the view cluster settings permission. This commit fixes on api from Database pages (Database Details and Table Details). Release note: None
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Aug 14, 2023
Part Of cockroachdb#108373 Use the value of the cluster setting `sql.index_recommendation.drop_unused_duration` from redux, instead of adding as part of the select. With this change, now users with VIEWACTIVITY or VIEWACTIVITYREDACTED can see index recommendations on the console, without the need the view cluster settings permission. This commit fixes on api from Database pages (Database Details and Table Details). Release note: None
craig bot
pushed a commit
that referenced
this issue
Aug 14, 2023
108628: ui: user cluster settings from redux r=maryliag a=maryliag Part Of #108373 https://www.loom.com/share/e8b2bc222db848f7a55d442c23c31fe6 Use the value of the cluster setting `sql.index_recommendation.drop_unused_duration` from redux, instead of adding as part of the select. With this change, now users with VIEWACTIVITY or VIEWACTIVITYREDACTED can see index recommendations on the console, without the need the view cluster settings permission. This commit fixes on api from Database pages (Database Details and Table Details). Release note: None 108636: tests: rename `StartNewTestCluster` to `StartCluster` r=yuzefovich a=knz Part of #107986. Epic: CRDB-18499 This follows for symmetry with `StartServer`. This is a simple searc-replace substitution: `serverutils.StartNewTestCluster` -> `serverutils.StartCluster` Release note: None 108721: sqlccl: remove base.TODOTestTenantDisabled r=yuzefovich a=yuzefovich In all of the touched tests we control the tenants explicitly. Also add some log scopes. Informs: #76378. Epic: CRDB-18499. Release note: None 108734: ui: fix filter font size r=maryliag a=maryliag On CC Console, the font size of the filter was using a wrong value inherited from another class. This commit makes the value explicit to be consistent. Before <img width="623" alt="Screenshot 2023-08-14 at 3 08 24 PM" src="https://github.com/cockroachdb/cockroach/assets/1017486/59bc6306-642e-4fbb-947f-500dd335ec10"> After <img width="1187" alt="Screenshot 2023-08-14 at 3 07 39 PM" src="https://github.com/cockroachdb/cockroach/assets/1017486/27034065-97a5-40a5-863d-231debc6faad"> Epic: none Release note: None Co-authored-by: maryliag <[email protected]> Co-authored-by: Raphael 'kena' Poss <[email protected]> Co-authored-by: Yahor Yuzefovich <[email protected]>
craig bot
pushed a commit
that referenced
this issue
Aug 15, 2023
108486: server: allow users with VIEWACTIVITY to get console settings r=maryliag a=maryliag Previously, only users with `ADMIN`, `VIEWCLUSTERSETTING` or `MODIFYCLUSTERSETTING` could get the settings on the `_admin/v1/settings`. This API was used by the Console and then a few places retrieved that information. Users without those permissions would not be able to see the values and some functionalities where not working as expected, for example timezone was showing as UTC even when the cluster setting `ui.display_timezone` was set to other value. This commits modifies that endpoint (and that endpoint only) to return just the cluster settings that are not sensitive and that are required by the console to have all functionalities working. The list of cluster settings: "cross_cluster_replication.enabled", "keyvisualizer.enabled", "keyvisualizer.sample_interval", "sql.index_recommendation.drop_unused_duration", "sql.insights.anomaly_detection.latency_threshold", "sql.insights.high_retry_count.threshold", "sql.insights.latency_threshold", "sql.stats.automatic_collection.enabled", "timeseries.storage.resolution_10s.ttl", "timeseries.storage.resolution_30m.ttl", "ui.display_timezone", "version" Part Of #108373 Fixes #108117 Release note (bug fix): Users with VIEWACTIVITY can now view correct values for timezone. Co-authored-by: maryliag <[email protected]>
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Aug 16, 2023
Previously, only users with `ADMIN`, `VIEWCLUSTERSETTING` or `MODIFYCLUSTERSETTING` could get the settings on the `_admin/v1/settings`. This API was used by the Console and then a few places retrieved that information. Users without those permissions would not be able to see the values and some functionalities where not working as expected, for example timezone was showing as UTC even when the cluster setting `ui.display_timezone` was set to other value. This commits modifies that endpoint (and that endpoint only) to return just the cluster settings that are not sensitive and that are required by the console to have all functionalities working. The list of cluster settings: "cross_cluster_replication.enabled", "keyvisualizer.enabled", "keyvisualizer.sample_interval", "sql.index_recommendation.drop_unused_duration", "sql.insights.anomaly_detection.latency_threshold", "sql.insights.high_retry_count.threshold", "sql.insights.latency_threshold", "sql.stats.automatic_collection.enabled", "timeseries.storage.resolution_10s.ttl", "timeseries.storage.resolution_30m.ttl", "ui.display_timezone", "version" Part Of cockroachdb#108373 Release note (bug fix): Users with VIEWACTIVITY can now view correct values for timezone.
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Aug 16, 2023
Previously, only users with `ADMIN`, `VIEWCLUSTERSETTING` or `MODIFYCLUSTERSETTING` could get the settings on the `_admin/v1/settings`. This API was used by the Console and then a few places retrieved that information. Users without those permissions would not be able to see the values and some functionalities where not working as expected, for example timezone was showing as UTC even when the cluster setting `ui.display_timezone` was set to other value. This commits modifies that endpoint (and that endpoint only) to return just the cluster settings that are not sensitive and that are required by the console to have all functionalities working. The list of cluster settings: "cross_cluster_replication.enabled", "keyvisualizer.enabled", "keyvisualizer.sample_interval", "sql.index_recommendation.drop_unused_duration", "sql.insights.anomaly_detection.latency_threshold", "sql.insights.high_retry_count.threshold", "sql.insights.latency_threshold", "sql.stats.automatic_collection.enabled", "timeseries.storage.resolution_10s.ttl", "timeseries.storage.resolution_30m.ttl", "ui.display_timezone", "version" Part Of cockroachdb#108373 Release note (bug fix): Users with VIEWACTIVITY can now view correct values for timezone.
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Aug 18, 2023
Part Of cockroachdb#108373 Use the value of the cluster setting `sql.index_recommendation.drop_unused_duration` from redux, instead of adding as part of the select. With this change, now users with VIEWACTIVITY or VIEWACTIVITYREDACTED can see index recommendations on the console, without the need the view cluster settings permission. This commit changes the Schema Insights Api. Release note (ui change): Users without `VIEWCLUSTERSETTINGS` permission but with `VIEWACTIVITY` or `VIEWACTIVITYREDACTED` can now see index recommendations.
maryliag
added a commit
that referenced
this issue
Aug 20, 2023
Part Of #108373 Use the value of the cluster setting `sql.index_recommendation.drop_unused_duration` from redux, instead of adding as part of the select. With this change, now users with VIEWACTIVITY or VIEWACTIVITYREDACTED can see index recommendations on the console, without the need the view cluster settings permission. This commit fixes on api from Database pages (Database Details and Table Details). Release note: None
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Aug 23, 2023
Part Of cockroachdb#108373 Use the value of the cluster setting `sql.index_recommendation.drop_unused_duration` from redux, instead of adding as part of the select. With this change, now users with VIEWACTIVITY or VIEWACTIVITYREDACTED can see index recommendations on the console, without the need the view cluster settings permission. This commit changes the Schema Insights Api. Release note (ui change): Users without `VIEWCLUSTERSETTINGS` permission but with `VIEWACTIVITY` or `VIEWACTIVITYREDACTED` can now see index recommendations.
craig bot
pushed a commit
that referenced
this issue
Aug 24, 2023
108398: sql: disable pausable portals for all statements with mutations r=rharding6373 a=rharding6373 Previously we examined the AST to determine whether a statement could be executed in a pausable portal or not. However, this was insufficient to identify volatile UDFs that could also contain mutations. This PR revokes a portal's pausability if the statement's plan contains a mutation. That is, if the opt builder determines that any operator is a mutation operator (see `IsMutationOp`). Although there is some overlap between this PR and the existing `IsAllowedToPause`, this PR leaves the latter in place, since it restricts some statements that are not considered mutation operators, e.g., import operators. Epic: None Fixes: #107130 Release note: None 108559: schematelemetry: emit metrics and logs about invalid objects r=fqazi,andyyang890 a=chrisseto Short of continuously polling `crdb_internal.invalid_objects`, there was not a convenient way to monitor a cluster for descriptor corruption. Having such an indicator would allow customers to perform preflight checks ahead of upgrades to avoid being stuck in a mixed version state. It would also allow CRL to more easily monitor cloud clusters for corruptions in the wild. This commit updates the schematelemetry job to additionally update the `sql.schema.invalid_objects` gauge and emit logs for any encountered corruptions. Informs: #104266 Epic: CRDB-28665 Release note: None 109047: ui: use cluster setting from redux on schema insights r=maryliag a=maryliag Part Of #108373 Use the value of the cluster setting `sql.index_recommendation.drop_unused_duration` from redux, instead of adding as part of the select. With this change, now users with VIEWACTIVITY or VIEWACTIVITYREDACTED can see index recommendations on the console, without the need the view cluster settings permission. This commit changes the Schema Insights Api. https://www.loom.com/share/6b9ef154c9c44157a45e1e66b1fbc890 Release note (ui change): Users without `VIEWCLUSTERSETTINGS` permission but with `VIEWACTIVITY` or `VIEWACTIVITYREDACTED` can now see index recommendations. 109251: roachtest: update import-cancellation owner to queries r=dt a=dt Release note: none. Epic: none. 109442: build: fix PR coverage when a package is added/removed r=RaduBerinde a=RaduBerinde The PR coverage script for running tests fails if a package does not exist (because it was added or removed in the PR). This change improves the script to ignore package paths for which a `BUILD.bazel` does not exist. Epic: none Release note: None Co-authored-by: rharding6373 <[email protected]> Co-authored-by: Chris Seto <[email protected]> Co-authored-by: maryliag <[email protected]> Co-authored-by: David Taylor <[email protected]> Co-authored-by: Radu Berinde <[email protected]>
maryliag
added a commit
that referenced
this issue
Aug 25, 2023
Part Of #108373 Use the value of the cluster setting `sql.index_recommendation.drop_unused_duration` from redux, instead of adding as part of the select. With this change, now users with VIEWACTIVITY or VIEWACTIVITYREDACTED can see index recommendations on the console, without the need the view cluster settings permission. This commit changes the Schema Insights Api. Release note (ui change): Users without `VIEWCLUSTERSETTINGS` permission but with `VIEWACTIVITY` or `VIEWACTIVITYREDACTED` can now see index recommendations.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, some cluster settings are required to make features possible on the Console. Users with permission VIEWACTIVITY and VIEWACTIVITYREDACTED should be able to retrieve these values, without the need of the extra permissions.
This is valid only for the call to retrieve the cluster settings and only for cluster settings with non-sensitive data that are used on Console.
Jira issue: CRDB-30442
The text was updated successfully, but these errors were encountered: