bulkio: lock down RESTORE/IMPORT/BACKUP on sql tenants #47913
Assignees
Labels
A-multitenancy
Related to multi-tenancy
E-quick-win
Likely to be a quick win for someone experienced.
T-disaster-recovery
Comments
This was referenced Apr 22, 2020
|
From the sounds of this, BACKUP should also be locked down, correct? It doesn't pull in data from the outside world, but it does open a connection to the outside world. It also currently uses protected timestamps. |
|
Yes, that sounds right. Note that protected timestamps are optional in backup (ie we could skip them) but letting tenants take backups of their logical data is definitely out of scope, so we should lock it down too. |
tbg
changed the title
RaduBerinde
added
the
E-quick-win
|
This has been addressed, and moreover we're going to allow tenants to run these bulk i/o operations. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
SQL tenants must not use RESTORE/IMPORT. This is because it won't work (without extra engineering work not slated for phase 2) but also because we can't have SQL tenants make arbitrary connections to the outside world.
Additionally, IMPORT INTO uses protected timestamps which won't be available.
All import/restore related functionality ought to be disabled for SQL tenant servers.
Should wait for #47903 to close.
Jira issue: CRDB-4377
The text was updated successfully, but these errors were encountered: