Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

release-21.1: sql: fix Usage privilege on Tables/DBs after upgrading from 20.1 #65160

Merged
merged 2 commits into from
May 14, 2021
Merged

release-21.1: sql: fix Usage privilege on Tables/DBs after upgrading from 20.1 #65160

merged 2 commits into from
May 14, 2021

Conversation

RichardJCai
Copy link
Contributor

@RichardJCai RichardJCai commented May 13, 2021
edited
Loading

Backport 2/2 commits from #65010.

/cc @cockroachdb/release

In 20.2, I made a mistake when introducing USAGE privilege by
adding it before ZONECONFIG privilege in the bitfield.
Due to this, when updating from 20.1 to 20.2, ZONECONFIG privilege will be
interpretted as USAGE.

Fortunately, ZONECONFIG was only a valid privilege on tables and databases
while USAGE is invalid on both those objects. Due to this, whenever we encounter
USAGE on a privilege descriptor versioned 20.1 (InitialVersion) we can fix
this by removing the bit for USAGE and adding the bit for ZONECONFIG on the
privilege descriptor.

Release note (bug fix): When updating from 20.1 to 20.2, the ZONECONFIG
privilege on Tables/Databases will be incorrectly interpretted as
USAGE causing the table/database to be corrupted because USAGE is
invalid on tables and databases. This bug fix ensures the ZONECONFIG bit
will continue to be interpretted as ZONECONFIG in 20.2 and onwards
ensuring the tables and databases with ZONECONFIG are not corrupted
and have the correct privilege.

Release note (bug fix): Fix case when ZONECONFIG privilege would be incorrectly
restored as USAGE privilege for Tables/Databases created and backed up in 20.1
or prior and restored through a full cluster restore in a 20.2 or later version.

@RichardJCai RichardJCai requested review from a team and nihalpednekar and removed request for a team May 13, 2021 20:13
@cockroach-teamcity
Copy link
Member

This change is Reviewable

@RichardJCai RichardJCai requested review from pbardea and ajwerner May 13, 2021 21:29
ajwerner
ajwerner approved these changes May 14, 2021
View reviewed changes
Copy link
Contributor

@ajwerner ajwerner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The thing I find surprising about these commits is that they do not have a release note.

:lgtm:

Reviewed 4 of 4 files at r1, 4 of 16 files at r2.
Reviewable status: :shipit: complete! 1 of 0 LGTMs obtained (waiting on @ajwerner, @nihalpednekar, and @pbardea)

@RichardJCai
Copy link
Contributor Author

RichardJCai commented May 14, 2021
edited by petermattis
Loading

The thing I find surprising about these commits is that they do not have a release note.

:lgtm:

Reviewed 4 of 4 files at r1, 4 of 16 files at r2.
Reviewable status: :shipit: complete! 1 of 0 LGTMs obtained (waiting on @ajwerner, @nihalpednekar, and @pbardea)

True, when I wrote it, I thought there wasn't anything that was needed to write on the docs side, but thinking about it now, I'll add a bug fix release note.

@RichardJCai
sql: fix Usage privilege on Tables/DBs after upgrading from 20.1
c276b49 
In 20.2, I made a mistake when introducing USAGE privilege by
adding it before ZONECONFIG privilege in the bitfield.
Due to this, when updating from 20.1 to 20.2, ZONECONFIG privilege will be
interpretted as USAGE.

Fortunately, ZONECONFIG was only a valid privilege on tables and databases
while USAGE is invalid on both those objects. Due to this, whenever we encounter
USAGE on a privilege descriptor versioned 20.1 (InitialVersion) we can fix
this by removing the bit for USAGE and adding the bit for ZONECONFIG on the
privilege descriptor.

Release note (bug fix): When updating from 20.1 to 20.2, the ZONECONFIG
privilege on Tables/Databases will be incorrectly interpretted as
USAGE causing the table/database to be corrupted because USAGE is
invalid on tables and databases. This bug fix ensures the ZONECONFIG bit
will continue to be interpretted as ZONECONFIG in 20.2 and onwards
ensuring the tables and databases with ZONECONFIG are not corrupted
and have the correct privilege.
@RichardJCai
restore: fix ZONECONFIG privilege when restoring from 20.1 version or…
f0fc849 
… prior.

This is needed in addition to the previous commit to fix ZONECONFIG privilege
when restoring from a version from 20.1 or prior.

Release note (bug fix): Fix case when ZONECONFIG privilege would be incorrectly
restored as USAGE privilege for Tables/Databases created and backed up in 20.1
or prior and restored through a full cluster restore in a 20.2 or later version.
@RichardJCai RichardJCai force-pushed the backport21.1-65010 branch from e673446 to f0fc849 Compare May 14, 2021 16:15
@RichardJCai
Copy link
Contributor Author

RichardJCai commented May 14, 2021
edited by petermattis
Loading

The thing I find surprising about these commits is that they do not have a release note.

:lgtm:

Reviewed 4 of 4 files at r1, 4 of 16 files at r2.
Reviewable status: :shipit: complete! 1 of 0 LGTMs obtained (waiting on @ajwerner, @nihalpednekar, and @pbardea)

Updated release notes.

@RichardJCai RichardJCai merged commit abf01fc into cockroachdb:release-21.1 May 14, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ajwerner ajwerner ajwerner approved these changes

@nihalpednekar nihalpednekar Awaiting requested review from nihalpednekar

@pbardea pbardea Awaiting requested review from pbardea

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@RichardJCai @cockroach-teamcity @ajwerner