-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sql/builtins: remove the root
special case
#76518
Conversation
Release note (sql change): The buil-in functions `crdb_internal.force_panic`, `crdb_internal.force_log_fatal`, `crdb_internal.set_vmodule`, `crdb_internal.get_vmodule` are now available to all `admin` users, not just `root`.
Does this seem like a bug / do we think a backport would be (in)appropriate here? |
I don't see it as a bug unless you can point me to a doc that spells out these specific functions should have been allowed to all I put this PR out as a general v22.1 enhancement, but happy to backport if you have the evidence it's a bug fix. |
lgtm, but one question: this would mean that a CC admin user (either serverless or dedicated) could now cause a lot of extra logging. does our SRE team already expect that? |
They could do so already via cluster settings (statements exec log, txn tracing, session log). In dedicated they could also do it via the |
I do see your point with serverless though. These don't have access to cluster settings (yet, but will soon) and don't have access to the HTTP service. Perhaps we're missing a big picture analysis of what opening cluster settings to serverless admins will enable? |
I'm sure you can already find a statement or query that logs and just execute it a bunch if you want to generate more log-lines, so don't know that locking admins out of vmodule is really buying us protection there, vs just making things difficult/annoying to debug. |
thanks bors r=rafiss,dt |
Build succeeded: |
Discovered by @dt. This was leftover complexity from an earlier age.
Release note (sql change): The buil-in functions
crdb_internal.force_panic
,crdb_internal.force_log_fatal
,crdb_internal.set_vmodule
,crdb_internal.get_vmodule
are nowavailable to all
admin
users, not justroot
.