release-20.2: sql: fix performance regression in user authn #58739
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The authn code needs to query system.users and system.role_options. These queries are run by the internal executor, which has a current DB of "". This causes the name to be resolved as "".system.users and "".system.role_options. The lookup for the "" DB always fails, but that result is not cached, so the lookup occurs on every authn attempt. There is fallback logic that then looks up the correct name. Now we specify the fully-qualified 3-part name for these two queries. To show that this fix is important, new benchmarks are added to the bench/ddl_analysis tests. Release note (bug fix): The user authentication flow no longer performs extraneous name lookups. This performance regression was present since v20.2.
|
This change is |
otan
approved these changes
Jan 11, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport 1/1 commits from #58671.
/cc @cockroachdb/release
The authn code needs to query system.users and system.role_options.
These queries are run by the internal executor, which has a current DB
of "". This causes the name to be resolved as "".system.users and
"".system.role_options. The lookup for the "" DB always fails, but that
result is not cached, so the lookup occurs on every authn attempt. There
is fallback logic that then looks up the correct name.
Now we specify the fully-qualified 3-part name for these two queries.
This is a low-risk change that can be backported. A more robust fix that
will prevent this class of mistaken lookups will follow later, but probably
can't be backported.
Release note (bug fix): The user authentication flow no longer performs
extraneous name lookups. This performance regression was present since
v20.2.