upgrades: delete V22_2SystemPrivilegesTable upgrade and version gates #93281
Conversation
|
This change is |
andyyang890
force-pushed
the
delete_privileges_migration
branch
2 times, most recently
from
d3e3026 to
014aba6
Compare
andyyang890
changed the title
andyyang890
requested review from
a team,
rhu713,
rafiss and
dt
and removed request for
a team
andyyang890
force-pushed
the
delete_privileges_migration
branch
from
014aba6 to
d03d78a
Compare
There was a problem hiding this comment.
Reviewable status:
complete! 0 of 0 LGTMs obtained (waiting on @andyyang890, @dt, @rafiss, and @rhu713)
pkg/ccl/backupccl/restore_planning.go line 1236 at r1 (raw file):
) == nil if requiresRestoreSystemPrivilege && hasRestoreSystemPrivilege {
This isn't the part you changed, but this conditional seems kind of strange. I think it is easier to read as this to be more consistent with other code
if requiresRestoreSystemPrivilege {
if err := p.CheckPrivilegeForUser(
ctx, syntheticprivilege.GlobalPrivilegeObject, privilege.RESTORE, p.User()
); err != nil {
return pgerror.Newf(pgcode.InsufficientPrivilege,
"only users with the admin role or the RESTORE system privilege are allowed to perform"+
" a cluster restore")
}
return checkRestoreDestinationPrivileges(ctx, p, from)
}
pkg/ccl/backupccl/restore_planning.go line 1258 at r1 (raw file):
} if hasRestoreSystemPrivilege {
hasRestoreSystemPrivilege isn't used anywhere else so return checkRestoreDestinationPrivileges(ctx, p, from) can be moved into if len(restoreStmt.Targets.Databases) > 0 { ... }.
andyyang890
force-pushed
the
delete_privileges_migration
branch
from
d03d78a to
57841ab
Compare
There was a problem hiding this comment.
Reviewable status:
pkg/ccl/backupccl/restore_planning.go line 1236 at r1 (raw file):
Previously, ecwall (Evan Wall) wrote…
This isn't the part you changed, but this conditional seems kind of strange. I think it is easier to read as this to be more consistent with other code
if requiresRestoreSystemPrivilege { if err := p.CheckPrivilegeForUser( ctx, syntheticprivilege.GlobalPrivilegeObject, privilege.RESTORE, p.User() ); err != nil { return pgerror.Newf(pgcode.InsufficientPrivilege, "only users with the admin role or the RESTORE system privilege are allowed to perform"+ " a cluster restore") } return checkRestoreDestinationPrivileges(ctx, p, from) }
Done.
pkg/ccl/backupccl/restore_planning.go line 1258 at r1 (raw file):
Previously, ecwall (Evan Wall) wrote…
hasRestoreSystemPrivilegeisn't used anywhere else soreturn checkRestoreDestinationPrivileges(ctx, p, from)can be moved intoif len(restoreStmt.Targets.Databases) > 0 { ... }.
Done.
andyyang890
force-pushed
the
delete_privileges_migration
branch
from
57841ab to
3a59e57
Compare
There was a problem hiding this comment.
Reviewable status:
pkg/ccl/backupccl/backup_planning.go line 391 at r2 (raw file):
if requiresBackupSystemPrivilege { if p.CheckPrivilegeForUser(
nit: this part should be
if err := p.CheckPrivilegeForUser(
ctx, syntheticprivilege.GlobalPrivilegeObject, privilege.BACKUP, p.User(),
); err != nil {
return pgerror.Wrapf(
err,
pgcode.InsufficientPrivilege,
"only users with the admin role or the BACKUP system privilege are allowed to perform full cluster backups")
}
pkg/ccl/backupccl/restore_planning.go line 1236 at r2 (raw file):
ctx, syntheticprivilege.GlobalPrivilegeObject, privilege.RESTORE, p.User(), ); err != nil { return pgerror.Newf(pgcode.InsufficientPrivilege,
nit: use pgerror.Wrapf
pkg/ccl/backupccl/restore_planning.go line 1251 at r2 (raw file):
// options. if len(restoreStmt.Targets.Databases) > 0 && p.CheckPrivilegeForUser(ctx, syntheticprivilege.GlobalPrivilegeObject, privilege.RESTORE, p.User()) == nil {
hm, we don't need to return the error here if it fails? perhaps check with the DR team
pkg/sql/syntheticprivilege/README.md line 345 at r2 (raw file):
return err } if !hasModify && !hasView {
thanks for keeping the README up to date!
andyyang890
force-pushed
the
delete_privileges_migration
branch
from
3a59e57 to
1404660
Compare
There was a problem hiding this comment.
Reviewable status:
pkg/ccl/backupccl/backup_planning.go line 391 at r2 (raw file):
Previously, rafiss (Rafi Shamim) wrote…
nit: this part should be
if err := p.CheckPrivilegeForUser( ctx, syntheticprivilege.GlobalPrivilegeObject, privilege.BACKUP, p.User(), ); err != nil { return pgerror.Wrapf( err, pgcode.InsufficientPrivilege, "only users with the admin role or the BACKUP system privilege are allowed to perform full cluster backups") }
Done.
pkg/ccl/backupccl/restore_planning.go line 1236 at r2 (raw file):
Previously, rafiss (Rafi Shamim) wrote…
nit: use pgerror.Wrapf
Done.
pkg/ccl/backupccl/restore_planning.go line 1251 at r2 (raw file):
Previously, rafiss (Rafi Shamim) wrote…
hm, we don't need to return the error here if it fails? perhaps check with the DR team
Ok, will do.
andyyang890
force-pushed
the
delete_privileges_migration
branch
from
1404660 to
ec36f6d
Compare
There was a problem hiding this comment.
Reviewable status:
pkg/ccl/backupccl/restore_planning.go line 1251 at r2 (raw file):
Previously, andyyang890 (Andy Yang) wrote…
Ok, will do.
Talked to DR team on Slack and they're okay with filing an issue to fix that later. See #93630.
andyyang890
force-pushed
the
delete_privileges_migration
branch
from
ec36f6d to
eb4156e
Compare
|
Hmmm something weird happened with the latest rebase, need to fix it before it's ready for review again |
andyyang890
force-pushed
the
delete_privileges_migration
branch
from
eb4156e to
d8b9040
Compare
There was a problem hiding this comment.
thanks!
Reviewed 14 of 21 files at r1, 1 of 2 files at r3, 5 of 6 files at r4, 2 of 2 files at r5, all commit messages.
Reviewable status:
andyyang890
force-pushed
the
delete_privileges_migration
branch
from
d8b9040 to
a4cb0d5
Compare
This patch deletes the `V22_2SystemPrivilegesTable` upgrade since its associated unit test starts to fail when the bootstrap schema for the `system.privileges` table is updated. This is safe to do since the release engineering team has previously stated they will bump `binaryMinSupportedVersion` before cutting the branch for 23.1. Release note: None
andyyang890
force-pushed
the
delete_privileges_migration
branch
from
a4cb0d5 to
c636918
Compare
|
TFTR! bors r=rafiss |
|
Build succeeded: |
This patch deletes the
V22_2SystemPrivilegesTableupgrade since itsassociated unit test starts to fail when the bootstrap schema for the
system.privilegestable is updated. This is safe to do since therelease engineering team has previously stated they will bump
binaryMinSupportedVersionbefore cutting the branch for 23.1.Epic: None
Release note: None