sql,clusterversion: remove VersionAuthLocalAndTrustRejectMethods

It's an old cluster version, introduced in the 19.2 release cycle. It's now safe to remove. Part of cockroachdb#47447. Fixes cockroachdb#56398. Release note: None
irfansharif · Nov 26, 2020 · 4bfaac0 · 4bfaac0
1 parent 6e889e4
commit 4bfaac0
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 76 deletions.
diff --git a/pkg/ccl/gssapiccl/gssapi.go b/pkg/ccl/gssapiccl/gssapi.go
@@ -21,7 +21,6 @@ import (
 	"unsafe"
 
 	"github.com/cockroachdb/cockroach/pkg/ccl/utilccl"
-	"github.com/cockroachdb/cockroach/pkg/clusterversion"
 	"github.com/cockroachdb/cockroach/pkg/security"
 	"github.com/cockroachdb/cockroach/pkg/sql"
 	"github.com/cockroachdb/cockroach/pkg/sql/pgwire"
@@ -207,5 +206,5 @@ func checkEntry(entry hba.Entry) error {
 }
 
 func init() {
-	pgwire.RegisterAuthMethod("gss", authGSS, clusterversion.Version19_1, hba.ConnHostSSL, checkEntry)
+	pgwire.RegisterAuthMethod("gss", authGSS, hba.ConnHostSSL, checkEntry)
 }
diff --git a/pkg/clusterversion/cockroach_versions.go b/pkg/clusterversion/cockroach_versions.go
@@ -65,9 +65,7 @@ type VersionKey int
 //go:generate stringer -type=VersionKey
 const (
 	_ VersionKey = iota - 1 // want first named one to start at zero
-	Version19_1
 	VersionNamespaceTableWithSchemas
-	VersionAuthLocalAndTrustRejectMethods
 
 	VersionStart20_2
 	VersionGeospatialType
@@ -116,11 +114,6 @@ const (
 // minor version until we are absolutely sure that no new migrations will need
 // to be added (i.e., when cutting the final release candidate).
 var versionsSingleton = keyedVersions([]keyedVersion{
-	{
-		// Version19_1 is CockroachDB v19.1. It's used for all v19.1.x patch releases.
-		Key:     Version19_1,
-		Version: roachpb.Version{Major: 19, Minor: 1},
-	},
 	{
 		// VersionNamespaceTableWithSchemas is https://github.com/cockroachdb/cockroach/pull/41977
 		//
@@ -130,17 +123,6 @@ var versionsSingleton = keyedVersions([]keyedVersion{
 		Key:     VersionNamespaceTableWithSchemas,
 		Version: roachpb.Version{Major: 19, Minor: 2, Internal: 5},
 	},
-	{
-		// VersionAuthLocalAndTrustRejectMethods introduces the HBA rule
-		// prefix 'local' and auth methods 'trust' and 'reject', for use
-		// in server.host_based_authentication.configuration.
-		//
-		// A separate cluster version ensures the new syntax is not
-		// introduced while previous-version nodes are still running, as
-		// this would block any new SQL client.
-		Key:     VersionAuthLocalAndTrustRejectMethods,
-		Version: roachpb.Version{Major: 19, Minor: 2, Internal: 8},
-	},
 	{
 		// VersionStart20_2 demarcates work towards CockroachDB v20.2.
 		Key:     VersionStart20_2,

diff --git a/pkg/clusterversion/versionkey_string.go b/pkg/clusterversion/versionkey_string.go
diff --git a/pkg/sql/pgwire/auth_methods.go b/pkg/sql/pgwire/auth_methods.go
@@ -16,7 +16,6 @@ import (
 	"crypto/tls"
 	"fmt"
 
-	"github.com/cockroachdb/cockroach/pkg/clusterversion"
 	"github.com/cockroachdb/cockroach/pkg/security"
 	"github.com/cockroachdb/cockroach/pkg/sql"
 	"github.com/cockroachdb/cockroach/pkg/sql/pgwire/hba"
@@ -41,27 +40,26 @@ func loadDefaultMethods() {
 	//
 	// Care should be taken by administrators to only accept this auth
 	// method over secure connections, e.g. those encrypted using SSL.
-	RegisterAuthMethod("password", authPassword, clusterversion.Version19_1, hba.ConnAny, nil)
+	RegisterAuthMethod("password", authPassword, hba.ConnAny, nil)
 
 	// The "cert" method requires a valid client certificate for the
 	// user attempting to connect.
 	//
 	// This method is only usable over SSL connections.
-	RegisterAuthMethod("cert", authCert, clusterversion.Version19_1, hba.ConnHostSSL, nil)
+	RegisterAuthMethod("cert", authCert, hba.ConnHostSSL, nil)
 
 	// The "cert-password" method requires either a valid client
 	// certificate for the connecting user, or, if no cert is provided,
 	// a cleartext password.
-	RegisterAuthMethod("cert-password", authCertPassword, clusterversion.Version19_1, hba.ConnAny, nil)
+	RegisterAuthMethod("cert-password", authCertPassword, hba.ConnAny, nil)
 
 	// The "reject" method rejects any connection attempt that matches
 	// the current rule.
-	RegisterAuthMethod("reject", authReject, clusterversion.VersionAuthLocalAndTrustRejectMethods, hba.ConnAny, nil)
+	RegisterAuthMethod("reject", authReject, hba.ConnAny, nil)
 
 	// The "trust" method accepts any connection attempt that matches
 	// the current rule.
-	RegisterAuthMethod("trust", authTrust, clusterversion.VersionAuthLocalAndTrustRejectMethods, hba.ConnAny, nil)
-
+	RegisterAuthMethod("trust", authTrust, hba.ConnAny, nil)
 }
 
 // AuthMethod defines a method for authentication of a connection.

diff --git a/pkg/sql/pgwire/hba_conf.go b/pkg/sql/pgwire/hba_conf.go
@@ -143,13 +143,6 @@ func checkHBASyntaxBeforeUpdatingSetting(values *settings.Values, s string) erro
 		switch entry.ConnType {
 		case hba.ConnHostAny:
 		case hba.ConnLocal:
-			if vh != nil &&
-				!vh.IsActive(context.TODO(), clusterversion.VersionAuthLocalAndTrustRejectMethods) {
-				return pgerror.Newf(pgcode.ObjectNotInPrerequisiteState,
-					`authentication rule type 'local' requires all nodes to be upgraded to %s`,
-					clusterversion.VersionByKey(clusterversion.VersionAuthLocalAndTrustRejectMethods),
-				)
-			}
 		case hba.ConnHostSSL, hba.ConnHostNoSSL:
 			if vh != nil &&
 				!vh.IsActive(context.TODO(), clusterversion.VersionHBAForNonTLS) {
@@ -198,13 +191,6 @@ func checkHBASyntaxBeforeUpdatingSetting(values *settings.Values, s string) erro
 				"unknown auth method %q", entry.Method.Value),
 				"Supported methods: %s", listRegisteredMethods())
 		}
-		// Verify that the cluster setting is at least the required version.
-		if vh != nil && !vh.IsActive(context.TODO(), method.minReqVersion) {
-			return pgerror.Newf(pgcode.ObjectNotInPrerequisiteState,
-				`authentication method '%s' requires all nodes to be upgraded to %s`,
-				entry.Method.Value,
-				clusterversion.VersionByKey(method.minReqVersion))
-		}
 		// Run the per-method validation.
 		if check := hbaCheckHBAEntries[entry.Method.Value]; check != nil {
 			if err := check(entry); err != nil {
@@ -325,11 +311,10 @@ func (s *Server) GetAuthenticationConfiguration() *hba.Conf {
 func RegisterAuthMethod(
 	method string,
 	fn AuthMethod,
-	minReqVersion clusterversion.VersionKey,
 	validConnTypes hba.ConnType,
 	checkEntry CheckHBAEntry,
 ) {
-	hbaAuthMethods[method] = authMethodEntry{methodInfo{validConnTypes, fn}, minReqVersion}
+	hbaAuthMethods[method] = methodInfo{validConnTypes, fn}
 	if checkEntry != nil {
 		hbaCheckHBAEntries[method] = checkEntry
 	}
@@ -347,15 +332,10 @@ func listRegisteredMethods() string {
 }
 
 var (
-	hbaAuthMethods     = map[string]authMethodEntry{}
+	hbaAuthMethods     = map[string]methodInfo{}
 	hbaCheckHBAEntries = map[string]CheckHBAEntry{}
 )
 
-type authMethodEntry struct {
-	methodInfo
-	minReqVersion clusterversion.VersionKey
-}
-
 type methodInfo struct {
 	validConnTypes hba.ConnType
 	fn             AuthMethod