Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

server: add end-to-end tenant authentication test #52589

Merged
merged 2 commits into from
Aug 11, 2020
Merged

server: add end-to-end tenant authentication test #52589

merged 2 commits into from
Aug 11, 2020

Conversation

nvanbenschoten
Copy link
Member

This commit ensures that authentication errors correctly propagate through
KV client code. It then adds a new TestTenantUnauthenticatedAccess test that
spins up a SQL-only tenant process with an incorrect key codec and ensures
that the server fails due to an authentication error from the KV layer.

@nvanbenschoten nvanbenschoten requested a review from tbg August 10, 2020 18:07
@cockroach-teamcity
Copy link
Member

This change is Reviewable

@nvanbenschoten
roachpb: create new NewAmbiguousResultErrorf constructor
4877173
@nvanbenschoten
server: add end-to-end tenant authentication test
cd84345 
This commit ensures that authentication errors correctly propagate through
KV client code. It then adds a new TestTenantUnauthenticatedAccess test that
spins up a SQL-only tenant process with an incorrect key codec and ensures
that the server fails due to an authentication error from the KV layer.
@nvanbenschoten nvanbenschoten force-pushed the nvanbenschoten/distSenderAuth branch from 4a4dee1 to cd84345 Compare August 10, 2020 19:29
nvanbenschoten added a commit to nvanbenschoten/cockroach that referenced this pull request Aug 10, 2020
@nvanbenschoten
kv: reject admin KV requests from tenant SQL processes
730a44e 
Fixes cockroachdb#52360.
First two commits from cockroachdb#52589.

This commit adds a new restriction to the tenantAuth policy that it
accepts no "Admin" KV requests. This prevents tenants from splitting
ranges, merging range, rebalancing ranges, or issuing any other KV
requests with the `isAdmin` flag that could dictate KV-level
distribution decisions.

This further mitigates the impact that a compromised tenant SQL process
could have on the rest of the cluster.
@nvanbenschoten nvanbenschoten mentioned this pull request Aug 10, 2020
Merged
@tbg tbg added the A-multitenancy Related to multi-tenancy label Aug 11, 2020
@nvanbenschoten
Copy link
Member Author

bors r+

@craig
Copy link
Contributor

craig bot commented Aug 11, 2020

Build succeeded:

@craig craig bot merged commit 53df364 into cockroachdb:master Aug 11, 2020
@nvanbenschoten nvanbenschoten deleted the nvanbenschoten/distSenderAuth branch August 14, 2020 22:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tbg tbg tbg approved these changes

Assignees
No one assigned
Labels
A-multitenancy Related to multi-tenancy
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nvanbenschoten @cockroach-teamcity @tbg