sql: add builtin to request statement bundles #79693
Conversation
|
This change is |
pkg/sql/sem/builtins/builtins.go
Outdated
| ReturnType: tree.FixedReturnType(types.Bool), | ||
| Fn: func(evalCtx *tree.EvalContext, args tree.Datums) (tree.Datum, error) { | ||
| hasViewActivityRedacted, err := evalCtx.SessionAccessor.HasRoleOption( | ||
| evalCtx.Ctx(), roleoption.VIEWACTIVITYREDACTED) |
There was a problem hiding this comment.
Note to self: this is problematic, view activity redacted should not be able to request statement bundles
There was a problem hiding this comment.
Reviewed 4 of 6 files at r1.
Reviewable status:complete! 1 of 0 LGTMs obtained (waiting on @Azhng and @maryliag)
-- commits, line 23 at r1:
VIEWACTIVITYREDACTED should not have access to statement bundle, only VIEWACTIVITY
pkg/sql/sem/builtins/builtins.go, line 6894 at r1 (raw file):
Previously, Azhng (Archer Zhang) wrote…
Note to self: this is problematic, view activity redacted should not be able to request statement bundles
from your comment, this should not be here, VIEWACTIVITYREDACTED should not have access to statement bundle, so check for admin and VIEWACTIVITY
we do have function about require VIEWACTIVITY and NOT VIEWACTIVITYREDACTED
pkg/server/status_test.go, line 2753 at r1 (raw file):
}) t.Run("builtin", func(t *testing.T) {
after you make the changes to allow only admin and VIEWACTIVITY, create a test that checks those have access but that it will fail for VIEWACTIVITYREDACTED
pkg/sql/sem/builtins/builtins.go
Outdated
|
|
||
| return tree.DBoolTrue, nil | ||
| }, | ||
| Volatility: tree.VolatilityVolatile, |
There was a problem hiding this comment.
we should probably add an info field
Azhng
force-pushed
the
builtin-diag
branch
4 times, most recently
from
abf6a5d to
d5c5152
Compare
There was a problem hiding this comment.
Reviewable status:
Previously, maryliag (Marylia Gutierrez) wrote…
VIEWACTIVITYREDACTED should not have access to statement bundle, only VIEWACTIVITY
Done.
pkg/sql/sem/builtins/builtins.go line 6894 at r1 (raw file):
Previously, maryliag (Marylia Gutierrez) wrote…
from your comment, this should not be here, VIEWACTIVITYREDACTED should not have access to statement bundle, so check for admin and VIEWACTIVITY
we do have function about require VIEWACTIVITY and NOT VIEWACTIVITYREDACTED
Done.
pkg/sql/sem/builtins/builtins.go line 6925 at r1 (raw file):
Previously, otan (Oliver Tan) wrote…
we should probably add an info field
Done.
pkg/server/status_test.go line 2753 at r1 (raw file):
Previously, maryliag (Marylia Gutierrez) wrote…
after you make the changes to allow only admin and VIEWACTIVITY, create a test that checks those have access but that it will fail for VIEWACTIVITYREDACTED
Added the check in the TestCreateStatementDiagnosticsReportWithViewActivityOptions below
There was a problem hiding this comment.
small nits from me
Reviewed 2 of 8 files at r2, all commit messages.
Reviewable status:
pkg/sql/sem/builtins/builtins.go line 6894 at r1 (raw file):
Previously, Azhng (Archer Zhang) wrote…
Done.
you can move this part to just below the if !hasViewActivity { check, so you don't need to make this check if the user is not admin or doesn't have view activity role
pkg/sql/sem/builtins/builtins.go line 7004 at r2 (raw file):
if !hasViewActivity { return nil, errors.New("requesting statement bundle requires " + "VIEWACTIVITY option")
nit: VIEWACTIVITY or ADMIN
pkg/sql/sem/builtins/builtins.go line 7006 at r2 (raw file):
"VIEWACTIVITY option") }
move to here
pkg/sql/sem/builtins/builtins.go line 7029 at r2 (raw file):
Volatility: volatility.Volatile, Info: `Used to request statement bundle for a given statement fingerprint that has execution latency than the 'minExecutionLatency'. If the 'expiresAfter'
nit: ...latency greater than the...
pkg/sql/sem/eval/context.go line 208 at r2 (raw file):
// StmtDiagnosticsRequestInserter is used by the // crdb_internal.request_statement_bundle builtin to insert statement bundle
nit: insert a statement
pkg/sql/sem/eval/deps.go line 494 at r2 (raw file):
// StmtDiagnosticsRequestInsertFunc is an interface embedded in EvalCtx that can // be used by the builtins to insert statement diagnostics request. This
nit: insert a statement
pkg/server/status_test.go line 2810 at r2 (raw file):
"SELECT crdb_internal.request_statement_bundle('SELECT _', 0::INTERVAL, 0::INTERVAL)", ) require.Contains(t, err.Error(), "requesting statement bundle requires VIEWACTIVITY option")
nit: or ADMIN
Azhng
force-pushed
the
builtin-diag
branch
2 times, most recently
from
cc41448 to
f248c50
Compare
There was a problem hiding this comment.
Reviewable status:
pkg/sql/sem/builtins/builtins.go line 7004 at r2 (raw file):
Previously, maryliag (Marylia Gutierrez) wrote…
nit: VIEWACTIVITY or ADMIN
Done.
pkg/sql/sem/builtins/builtins.go line 7006 at r2 (raw file):
Previously, maryliag (Marylia Gutierrez) wrote…
move to here
Done.
pkg/sql/sem/builtins/builtins.go line 7029 at r2 (raw file):
Previously, maryliag (Marylia Gutierrez) wrote…
nit: ...latency greater than the...
Done.
pkg/sql/sem/eval/context.go line 208 at r2 (raw file):
Previously, maryliag (Marylia Gutierrez) wrote…
nit: insert a statement
Done.
pkg/sql/sem/eval/deps.go line 494 at r2 (raw file):
Previously, maryliag (Marylia Gutierrez) wrote…
nit: insert a statement
Done.
pkg/server/status_test.go line 2810 at r2 (raw file):
Previously, maryliag (Marylia Gutierrez) wrote…
nit: or ADMIN
Done.
There was a problem hiding this comment.
Reviewed 6 of 6 files at r3, all commit messages.
Reviewable status:
Makes cockroachdb#79547 less painful. Previously, there was no way to request statement bundle builtins for internal statements. This commit introduces crdb_internal.request_statement_bundle builtin which allows statement bundle being requested from SQL CLI. The new builtin takes three parameters: * statement fingerprint text * minimum execution latency for the statement * length of duration the statement bundle request will stay valid for VIEWACTIVITY or ADMIN role option is required to use this builtin. If user has VIEWACTIVITYREDACTED role option, user is not allowed to use this builtin. Release note (sql change): new crdb_internal.request_statement_bundle builtin allows statement bundle being requested from SQL CLI. The new builtin takes three parameters: * statement fingerprint text * minimum execution latency for the statement * length of duration the statement bundle request will stay valid for. VIEWACTIVITY or ADMIN role option is required to use this builtin. If user has VIEWACTIVITYREDACTED role option, user is not allowed to use this builtin.
|
TFTR! bors r+ |
|
Build succeeded: |
|
Encountered an error creating backports. Some common things that can go wrong:
You might need to create your backport manually using the backport tool. error creating merge commit from ce606f5 to blathers/backport-release-22.1-79693: POST https://api.github.com/repos/cockroachdb/cockroach/merges: 409 Merge conflict [] you may need to manually resolve merge conflicts with the backport tool. Backport to branch 22.1.x failed. See errors above. 🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is otan. |
Makes #79547 less painful.
Previously, there was no way to request statement bundle builtins for
internal statements.
This commit introduces crdb_internal.request_statement_bundle builtin
which allows statement bundle being requested from SQL CLI. The new
builtin takes three parameters:
VIEWACTIVITY or ADMIN role option is required to use this builtin. If user has
VIEWACTIVITYREDACTED role option, user is not allowed to use this builtin.
Release note (sql change): new crdb_internal.request_statement_bundle builtin
allows statement bundle being requested from SQL CLI. The new builtin takes
three parameters:
VIEWACTIVITY or ADMIN role option is required to use this builtin. If user has
VIEWACTIVITYREDACTED role option, user is not allowed to use this builtin.