Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

release-23.1: server: replace admin checks with VIEWCLUSTERMETADATA and REPAIRCLUSTERMETADATA #111131

Merged
merged 2 commits into from
Sep 26, 2023
Merged

release-23.1: server: replace admin checks with VIEWCLUSTERMETADATA and REPAIRCLUSTERMETADATA #111131

merged 2 commits into from
Sep 26, 2023

Conversation

rafiss
Copy link
Collaborator

@rafiss rafiss commented Sep 22, 2023
edited by yuzefovich
Loading

Backport 2/2 commits from #110609.

/cc @cockroachdb/release

Release note (security update): Endpoints in the admin and status server
that previously required the admin role now can be used by users with
the VIEWCLUSTERMETADATA or REPAIRCLUSTERMETADATA system privilege,
depending on whether the endpoint is read-only or can modify state.

fixes #79571
fixes #109814
Release note: None

Release justification: needed for in-situ.

@rafiss rafiss requested review from dhartunian and a team September 22, 2023 18:52
@rafiss rafiss requested review from a team as code owners September 22, 2023 18:52
@rafiss rafiss requested a review from a team September 22, 2023 18:52
@rafiss rafiss requested review from a team as code owners September 22, 2023 18:52
@rafiss rafiss requested review from rhu713 and removed request for a team and rhu713 September 22, 2023 18:52
@cockroach-teamcity
Copy link
Member

This change is Reviewable

@rafiss rafiss changed the title server: replace admin checks with VIEWCLUSTERMETADATA and REPAIRCLUSTERMETADATA release-23.1: server: replace admin checks with VIEWCLUSTERMETADATA and REPAIRCLUSTERMETADATA Sep 25, 2023
@rafiss @yuzefovich
server: replace admin checks with VIEWCLUSTERMETADATA and REPAIRCLUST…
f4197e7 
…ERMETADATA

Release note (security update): Endpoints in the admin and status server
that previously required the admin role now can be used by users with
the VIEWCLUSTERMETADATA or REPAIRCLUSTERMETADATA system privilege,
depending on whether the endpoint is read-only or can modify state.
@rafiss @yuzefovich
sql: remove usages of UserHasAdminRole
548cd02 
This commit covers a few cases that were missed by an earlier commit:
cockroachdb#110084. No release note is
included since it would be redundant with the release note from that PR.

Release note: None
@yuzefovich
Copy link
Member

Ok, the CI is green. The merge conflicts were minor, RFAL @dhartunian. We'd like to get this in by the EOW for in-site IIUC.

dhartunian
dhartunian approved these changes Sep 26, 2023
View reviewed changes
Copy link
Collaborator

@dhartunian dhartunian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:lgtm:

Reviewed 3 of 5 files at r1, 1 of 10 files at r3, 9 of 9 files at r5, 8 of 8 files at r6, all commit messages.
Reviewable status: :shipit: complete! 1 of 0 LGTMs obtained (waiting on @rafiss)

@yuzefovich
Copy link
Member

TFTR!

@yuzefovich yuzefovich merged commit 7c6f45f into cockroachdb:release-23.1 Sep 26, 2023
2 checks passed
@rafiss
Copy link
Collaborator Author

rafiss commented Sep 26, 2023

thank you for taking this over!

@rafiss rafiss deleted the backport23.1-110609 branch October 2, 2023 15:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dhartunian dhartunian dhartunian approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rafiss @cockroach-teamcity @yuzefovich @dhartunian