Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

release-23.1.0: sql: avoid tenant ID reuse #101847

Merged
merged 4 commits into from
Apr 20, 2023
Merged

release-23.1.0: sql: avoid tenant ID reuse #101847

merged 4 commits into from
Apr 20, 2023

Conversation

knz
Copy link
Contributor

@knz knz commented Apr 19, 2023
edited
Loading

Backport

/cc @cockroachdb/release

Epic: CRDB-23559

Release justification: helps prevent data corruption and security issues in multi-tenant deployments

@knz knz requested a review from a team April 19, 2023 15:27
@knz knz requested review from a team as code owners April 19, 2023 15:27
@knz knz requested a review from a team April 19, 2023 15:27
@knz knz requested review from a team as code owners April 19, 2023 15:27
@blathers-crl
Copy link

blathers-crl bot commented Apr 19, 2023
edited by knz
Loading

Thanks for opening a backport.

Please check the backport criteria before merging:

  • Patches should only be created for serious issues or test-only changes.
  • Patches should not break backwards-compatibility.
  • Patches should change as little code as possible.
  • Patches should not change on-disk formats or node communication protocols.
  • Patches should not add new functionality.
  • Patches must not add, edit, or otherwise modify cluster versions; or add version gates.
If some of the basic criteria cannot be satisfied, ensure that the exceptional criteria are satisfied within.
  • There is a high priority need for the functionality that cannot wait until the next release and is difficult to address in another way.
  • The new functionality is additive-only and only runs for clusters which have specifically “opted in” to it (e.g. by a cluster setting).
  • New code is protected by a conditional check that is trivial to verify and ensures that it only runs for opt-in clusters.
  • The PM and TL on the team that owns the changed code have signed off that the change obeys the above rules.

Add a brief release justification to the body of your PR to justify this backport.

Some other things to consider:

  • What did we do to ensure that a user that doesn’t know & care about this backport, has no idea that it happened?
  • Will this work in a cluster of mixed patch versions? Did we test that?
  • If a user upgrades a patch version, uses this feature, and then downgrades, what happens?

@knz knz requested review from benbardin and cucaroach and removed request for a team April 19, 2023 15:27
@cockroach-teamcity
Copy link
Member

This change is Reviewable

@knz knz force-pushed the backport23.1.0-101845 branch from b623053 to 414c067 Compare April 19, 2023 15:43
knz added 2 commits April 19, 2023 18:13
@knz
sql: new sequence system.tenant_id_seq
725dec4 
Release note: None
@knz
sql: avoid tenant ID reuse
0b2e13c 
We really want to use different tenant IDs every time, to avoid tenant
ID reuse. For this, we use a new sequence `system.tenant_id_seq`.

However, there are two obstacles that prevent us from using only the
sequence.

The first is that the sequence is added in a migration and at the
point this function is called the migration may not have been
run yet.

Separately, we also have the function
`crdb_internal.create_tenant()` which can define an arbitrary tenant
ID.

So we proceed as follows:
- we find the maximum tenant ID that has been used so far. This covers
  cases where the migration has not been run yet and also arbitrary
  ID selection by create_tenant().
- we also find the next value of the sequence, if it exists already.
- we take the maximum of the two values (plus one) as the next ID.
- we also update the sequence with the new value we've chosen.

Release note: None
@knz knz force-pushed the backport23.1.0-101845 branch from 414c067 to 0b2e13c Compare April 19, 2023 16:13
@knz knz requested review from stevendanna and yuzefovich April 20, 2023 12:21
yuzefovich
yuzefovich approved these changes Apr 20, 2023
View reviewed changes
Copy link
Member

@yuzefovich yuzefovich left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same comments as on #101845, but otherwise LGTM.

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @benbardin, @cucaroach, and @stevendanna)

knz added 2 commits April 20, 2023 19:45
@knz
sql: cap the tenant IDs that can be allocated via create_tenant
9578bcf 
This patch introduces a limit (MaxUint32) to the fixed IDs that can be
selected by `crdb_internal.create_tenant`. This ensures that there are
always IDs remaining available for CREATE TENANT after the maximum
value has been selected via `create_tenant`.

Release note: None
@knz
sql: optimize a table name allocation
00b6740 
Release note: None
dhartunian
dhartunian approved these changes Apr 20, 2023
View reviewed changes
Copy link
Collaborator

@dhartunian dhartunian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:lgtm:

Reviewed 98 of 98 files at r1, 5 of 12 files at r2.
Reviewable status: :shipit: complete! 1 of 0 LGTMs obtained (waiting on @benbardin, @cucaroach, and @stevendanna)

@knz knz merged commit 9032a77 into cockroachdb:release-23.1.0 Apr 20, 2023
@knz knz deleted the backport23.1.0-101845 branch April 20, 2023 20:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuzefovich yuzefovich yuzefovich approved these changes

@dhartunian dhartunian dhartunian approved these changes

@benbardin benbardin Awaiting requested review from benbardin benbardin was automatically assigned from cockroachdb/disaster-recovery

@cucaroach cucaroach Awaiting requested review from cucaroach cucaroach was automatically assigned from cockroachdb/sql-queries

@stevendanna stevendanna Awaiting requested review from stevendanna

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@knz @cockroach-teamcity @dhartunian @yuzefovich