Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

release-23.2.6-rc: catalog: add descriptor repair to remove missing roles #124670

Merged
merged 1 commit into from
May 30, 2024
Merged

release-23.2.6-rc: catalog: add descriptor repair to remove missing roles #124670

merged 1 commit into from
May 30, 2024

Conversation

fqazi
Copy link
Collaborator

@fqazi fqazi commented May 24, 2024

Backport 1/1 commits from #122557.

/cc @cockroachdb/release

Previously, we had a bug that could lead to descriptors having privileages to roles that no longer exist. This could lead to certain commands like SHOW GRANTS breaking. To address this, this patch will add descirptor repair logic to automatically clean up oprhaned privileges.

Fixes: #122552

Release note (bug fix): Add automated clean up / validation for dropped roles inside descriptors.
Release justification: low risk repair operation that can resolve descriptor corruption and reduce support burden

@fqazi fqazi requested a review from a team as a code owner May 24, 2024 17:34
@blathers-crl blathers[crl]
Copy link

blathers-crl bot commented May 24, 2024

Thanks for opening a backport.

Please check the backport criteria before merging:

  • Backports should only be created for serious
    issues     or test-only changes.
  • Backports should not break backwards-compatibility.
  • Backports should change as little code as possible.
  • Backports should not change on-disk formats or node communication protocols.
  • Backports should not add new functionality (except as defined
    here).
  • Backports must not add, edit, or otherwise modify cluster versions; or add version gates.
  • All backports must be reviewed by the owning areas TL and one additional
    TL. For more information as to how that review should be conducted, please consult the backport
    policy    .
If your backport adds new functionality, please ensure that the following additional criteria are satisfied:
  • There is a high priority need for the functionality that cannot wait until the next release and is difficult to address in another way.
  • The new functionality is additive-only and only runs for clusters which have specifically “opted in” to it (e.g. by a cluster setting).
  • New code is protected by a conditional check that is trivial to verify and ensures that it only runs for opt-in clusters. State changes must be further protected such that nodes running old binaries will not be negatively impacted by the new state (with a mixed version test added).
  • The PM and TL on the team that owns the changed code have signed off that the change obeys the above rules.
  • Your backport must be accompanied by a post to the appropriate Slack
    channel (#db-backports-point-releases or #db-backports-XX-X-release) for awareness and discussion.

Also, please add a brief release justification to the body of your PR to justify this
backport.

@blathers-crl blathers-crl bot added the backport Label PR's that are backports to older release branches label May 24, 2024
@cockroach-teamcity
Copy link
Member

This change is Reviewable

@fqazi fqazi requested review from dhartunian and rafiss May 24, 2024 23:04
@fqazi
catalog: add descriptor repair to remove missing roles
d566192 
Previously, we had a bug that could lead to descriptors having
privileages to roles that no longer exist. This could lead to certain
commands like SHOW GRANTS breaking. To address this, this patch will add
descirptor repair logic to automatically clean up oprhaned privileges.

Fixes: cockroachdb#122552

Release note (bug fix): Add automated clean up / validation for dropped
roles inside descriptors.
@fqazi fqazi force-pushed the backport23.2.6-rc-122557 branch from 9308447 to d566192 Compare May 28, 2024 22:18
rafiss
rafiss approved these changes May 30, 2024
View reviewed changes
Copy link
Collaborator

@rafiss rafiss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 24 of 24 files at r1, all commit messages.
Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @fqazi)

@fqazi
Copy link
Collaborator Author

fqazi commented May 30, 2024

@rafiss @dhartunian TFTR!

@fqazi fqazi merged commit cc8fe8d into cockroachdb:release-23.2.6-rc May 30, 2024
5 of 6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rafiss rafiss rafiss approved these changes

@dhartunian dhartunian dhartunian approved these changes

Assignees
No one assigned
Labels
backport Label PR's that are backports to older release branches
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@fqazi @cockroach-teamcity @dhartunian @rafiss