From 4bfaac01799ab497d8a38ee6a8b92f4e45762f64 Mon Sep 17 00:00:00 2001 From: irfan sharif Date: Wed, 25 Nov 2020 21:18:39 -0500 Subject: [PATCH] sql,clusterversion: remove VersionAuthLocalAndTrustRejectMethods It's an old cluster version, introduced in the 19.2 release cycle. It's now safe to remove. Part of #47447. Fixes #56398. Release note: None --- pkg/ccl/gssapiccl/gssapi.go | 3 +- pkg/clusterversion/cockroach_versions.go | 18 -------- pkg/clusterversion/versionkey_string.go | 53 ++++++++++++------------ pkg/sql/pgwire/auth_methods.go | 12 +++--- pkg/sql/pgwire/hba_conf.go | 24 +---------- 5 files changed, 34 insertions(+), 76 deletions(-) diff --git a/pkg/ccl/gssapiccl/gssapi.go b/pkg/ccl/gssapiccl/gssapi.go index 8790b78b9b61..f8ee5d797666 100644 --- a/pkg/ccl/gssapiccl/gssapi.go +++ b/pkg/ccl/gssapiccl/gssapi.go @@ -21,7 +21,6 @@ import ( "unsafe" "github.com/cockroachdb/cockroach/pkg/ccl/utilccl" - "github.com/cockroachdb/cockroach/pkg/clusterversion" "github.com/cockroachdb/cockroach/pkg/security" "github.com/cockroachdb/cockroach/pkg/sql" "github.com/cockroachdb/cockroach/pkg/sql/pgwire" @@ -207,5 +206,5 @@ func checkEntry(entry hba.Entry) error { } func init() { - pgwire.RegisterAuthMethod("gss", authGSS, clusterversion.Version19_1, hba.ConnHostSSL, checkEntry) + pgwire.RegisterAuthMethod("gss", authGSS, hba.ConnHostSSL, checkEntry) } diff --git a/pkg/clusterversion/cockroach_versions.go b/pkg/clusterversion/cockroach_versions.go index 0b71843341ea..27670fe2a11a 100644 --- a/pkg/clusterversion/cockroach_versions.go +++ b/pkg/clusterversion/cockroach_versions.go @@ -65,9 +65,7 @@ type VersionKey int //go:generate stringer -type=VersionKey const ( _ VersionKey = iota - 1 // want first named one to start at zero - Version19_1 VersionNamespaceTableWithSchemas - VersionAuthLocalAndTrustRejectMethods VersionStart20_2 VersionGeospatialType @@ -116,11 +114,6 @@ const ( // minor version until we are absolutely sure that no new migrations will need // to be added (i.e., when cutting the final release candidate). var versionsSingleton = keyedVersions([]keyedVersion{ - { - // Version19_1 is CockroachDB v19.1. It's used for all v19.1.x patch releases. - Key: Version19_1, - Version: roachpb.Version{Major: 19, Minor: 1}, - }, { // VersionNamespaceTableWithSchemas is https://github.com/cockroachdb/cockroach/pull/41977 // @@ -130,17 +123,6 @@ var versionsSingleton = keyedVersions([]keyedVersion{ Key: VersionNamespaceTableWithSchemas, Version: roachpb.Version{Major: 19, Minor: 2, Internal: 5}, }, - { - // VersionAuthLocalAndTrustRejectMethods introduces the HBA rule - // prefix 'local' and auth methods 'trust' and 'reject', for use - // in server.host_based_authentication.configuration. - // - // A separate cluster version ensures the new syntax is not - // introduced while previous-version nodes are still running, as - // this would block any new SQL client. - Key: VersionAuthLocalAndTrustRejectMethods, - Version: roachpb.Version{Major: 19, Minor: 2, Internal: 8}, - }, { // VersionStart20_2 demarcates work towards CockroachDB v20.2. Key: VersionStart20_2, diff --git a/pkg/clusterversion/versionkey_string.go b/pkg/clusterversion/versionkey_string.go index 469008264afb..c509859f2625 100644 --- a/pkg/clusterversion/versionkey_string.go +++ b/pkg/clusterversion/versionkey_string.go @@ -10,36 +10,35 @@ func _() { var x [1]struct{} _ = x[Version19_1-0] _ = x[VersionNamespaceTableWithSchemas-1] - _ = x[VersionAuthLocalAndTrustRejectMethods-2] - _ = x[VersionStart20_2-3] - _ = x[VersionGeospatialType-4] - _ = x[VersionEnums-5] - _ = x[VersionRangefeedLeases-6] - _ = x[VersionAlterColumnTypeGeneral-7] - _ = x[VersionAlterSystemJobsAddCreatedByColumns-8] - _ = x[VersionAddScheduledJobsTable-9] - _ = x[VersionUserDefinedSchemas-10] - _ = x[VersionNoOriginFKIndexes-11] - _ = x[VersionClientRangeInfosOnBatchResponse-12] - _ = x[VersionNodeMembershipStatus-13] - _ = x[VersionRangeStatsRespHasDesc-14] - _ = x[VersionMinPasswordLength-15] - _ = x[VersionAbortSpanBytes-16] - _ = x[VersionAlterSystemJobsAddSqllivenessColumnsAddNewSystemSqllivenessTable-17] - _ = x[VersionMaterializedViews-18] - _ = x[VersionBox2DType-19] - _ = x[VersionLeasedDatabaseDescriptors-20] - _ = x[VersionUpdateScheduledJobsSchema-21] - _ = x[VersionCreateLoginPrivilege-22] - _ = x[VersionHBAForNonTLS-23] - _ = x[Version20_2-24] - _ = x[VersionStart21_1-25] - _ = x[VersionEmptyArraysInInvertedIndexes-26] + _ = x[VersionStart20_2-2] + _ = x[VersionGeospatialType-3] + _ = x[VersionEnums-4] + _ = x[VersionRangefeedLeases-5] + _ = x[VersionAlterColumnTypeGeneral-6] + _ = x[VersionAlterSystemJobsAddCreatedByColumns-7] + _ = x[VersionAddScheduledJobsTable-8] + _ = x[VersionUserDefinedSchemas-9] + _ = x[VersionNoOriginFKIndexes-10] + _ = x[VersionClientRangeInfosOnBatchResponse-11] + _ = x[VersionNodeMembershipStatus-12] + _ = x[VersionRangeStatsRespHasDesc-13] + _ = x[VersionMinPasswordLength-14] + _ = x[VersionAbortSpanBytes-15] + _ = x[VersionAlterSystemJobsAddSqllivenessColumnsAddNewSystemSqllivenessTable-16] + _ = x[VersionMaterializedViews-17] + _ = x[VersionBox2DType-18] + _ = x[VersionLeasedDatabaseDescriptors-19] + _ = x[VersionUpdateScheduledJobsSchema-20] + _ = x[VersionCreateLoginPrivilege-21] + _ = x[VersionHBAForNonTLS-22] + _ = x[Version20_2-23] + _ = x[VersionStart21_1-24] + _ = x[VersionEmptyArraysInInvertedIndexes-25] } -const _VersionKey_name = "Version19_1VersionNamespaceTableWithSchemasVersionAuthLocalAndTrustRejectMethodsVersionStart20_2VersionGeospatialTypeVersionEnumsVersionRangefeedLeasesVersionAlterColumnTypeGeneralVersionAlterSystemJobsAddCreatedByColumnsVersionAddScheduledJobsTableVersionUserDefinedSchemasVersionNoOriginFKIndexesVersionClientRangeInfosOnBatchResponseVersionNodeMembershipStatusVersionRangeStatsRespHasDescVersionMinPasswordLengthVersionAbortSpanBytesVersionAlterSystemJobsAddSqllivenessColumnsAddNewSystemSqllivenessTableVersionMaterializedViewsVersionBox2DTypeVersionLeasedDatabaseDescriptorsVersionUpdateScheduledJobsSchemaVersionCreateLoginPrivilegeVersionHBAForNonTLSVersion20_2VersionStart21_1VersionEmptyArraysInInvertedIndexes" +const _VersionKey_name = "Version19_1VersionNamespaceTableWithSchemasVersionStart20_2VersionGeospatialTypeVersionEnumsVersionRangefeedLeasesVersionAlterColumnTypeGeneralVersionAlterSystemJobsAddCreatedByColumnsVersionAddScheduledJobsTableVersionUserDefinedSchemasVersionNoOriginFKIndexesVersionClientRangeInfosOnBatchResponseVersionNodeMembershipStatusVersionRangeStatsRespHasDescVersionMinPasswordLengthVersionAbortSpanBytesVersionAlterSystemJobsAddSqllivenessColumnsAddNewSystemSqllivenessTableVersionMaterializedViewsVersionBox2DTypeVersionLeasedDatabaseDescriptorsVersionUpdateScheduledJobsSchemaVersionCreateLoginPrivilegeVersionHBAForNonTLSVersion20_2VersionStart21_1VersionEmptyArraysInInvertedIndexes" -var _VersionKey_index = [...]uint16{0, 11, 43, 80, 96, 117, 129, 151, 180, 221, 249, 274, 298, 336, 363, 391, 415, 436, 507, 531, 547, 579, 611, 638, 657, 668, 684, 719} +var _VersionKey_index = [...]uint16{0, 11, 43, 59, 80, 92, 114, 143, 184, 212, 237, 261, 299, 326, 354, 378, 399, 470, 494, 510, 542, 574, 601, 620, 631, 647, 682} func (i VersionKey) String() string { if i < 0 || i >= VersionKey(len(_VersionKey_index)-1) { diff --git a/pkg/sql/pgwire/auth_methods.go b/pkg/sql/pgwire/auth_methods.go index 9856a8f8cadc..6cbc28f95f8d 100644 --- a/pkg/sql/pgwire/auth_methods.go +++ b/pkg/sql/pgwire/auth_methods.go @@ -16,7 +16,6 @@ import ( "crypto/tls" "fmt" - "github.com/cockroachdb/cockroach/pkg/clusterversion" "github.com/cockroachdb/cockroach/pkg/security" "github.com/cockroachdb/cockroach/pkg/sql" "github.com/cockroachdb/cockroach/pkg/sql/pgwire/hba" @@ -41,27 +40,26 @@ func loadDefaultMethods() { // // Care should be taken by administrators to only accept this auth // method over secure connections, e.g. those encrypted using SSL. - RegisterAuthMethod("password", authPassword, clusterversion.Version19_1, hba.ConnAny, nil) + RegisterAuthMethod("password", authPassword, hba.ConnAny, nil) // The "cert" method requires a valid client certificate for the // user attempting to connect. // // This method is only usable over SSL connections. - RegisterAuthMethod("cert", authCert, clusterversion.Version19_1, hba.ConnHostSSL, nil) + RegisterAuthMethod("cert", authCert, hba.ConnHostSSL, nil) // The "cert-password" method requires either a valid client // certificate for the connecting user, or, if no cert is provided, // a cleartext password. - RegisterAuthMethod("cert-password", authCertPassword, clusterversion.Version19_1, hba.ConnAny, nil) + RegisterAuthMethod("cert-password", authCertPassword, hba.ConnAny, nil) // The "reject" method rejects any connection attempt that matches // the current rule. - RegisterAuthMethod("reject", authReject, clusterversion.VersionAuthLocalAndTrustRejectMethods, hba.ConnAny, nil) + RegisterAuthMethod("reject", authReject, hba.ConnAny, nil) // The "trust" method accepts any connection attempt that matches // the current rule. - RegisterAuthMethod("trust", authTrust, clusterversion.VersionAuthLocalAndTrustRejectMethods, hba.ConnAny, nil) - + RegisterAuthMethod("trust", authTrust, hba.ConnAny, nil) } // AuthMethod defines a method for authentication of a connection. diff --git a/pkg/sql/pgwire/hba_conf.go b/pkg/sql/pgwire/hba_conf.go index 270ae5399802..9e457616cdc9 100644 --- a/pkg/sql/pgwire/hba_conf.go +++ b/pkg/sql/pgwire/hba_conf.go @@ -143,13 +143,6 @@ func checkHBASyntaxBeforeUpdatingSetting(values *settings.Values, s string) erro switch entry.ConnType { case hba.ConnHostAny: case hba.ConnLocal: - if vh != nil && - !vh.IsActive(context.TODO(), clusterversion.VersionAuthLocalAndTrustRejectMethods) { - return pgerror.Newf(pgcode.ObjectNotInPrerequisiteState, - `authentication rule type 'local' requires all nodes to be upgraded to %s`, - clusterversion.VersionByKey(clusterversion.VersionAuthLocalAndTrustRejectMethods), - ) - } case hba.ConnHostSSL, hba.ConnHostNoSSL: if vh != nil && !vh.IsActive(context.TODO(), clusterversion.VersionHBAForNonTLS) { @@ -198,13 +191,6 @@ func checkHBASyntaxBeforeUpdatingSetting(values *settings.Values, s string) erro "unknown auth method %q", entry.Method.Value), "Supported methods: %s", listRegisteredMethods()) } - // Verify that the cluster setting is at least the required version. - if vh != nil && !vh.IsActive(context.TODO(), method.minReqVersion) { - return pgerror.Newf(pgcode.ObjectNotInPrerequisiteState, - `authentication method '%s' requires all nodes to be upgraded to %s`, - entry.Method.Value, - clusterversion.VersionByKey(method.minReqVersion)) - } // Run the per-method validation. if check := hbaCheckHBAEntries[entry.Method.Value]; check != nil { if err := check(entry); err != nil { @@ -325,11 +311,10 @@ func (s *Server) GetAuthenticationConfiguration() *hba.Conf { func RegisterAuthMethod( method string, fn AuthMethod, - minReqVersion clusterversion.VersionKey, validConnTypes hba.ConnType, checkEntry CheckHBAEntry, ) { - hbaAuthMethods[method] = authMethodEntry{methodInfo{validConnTypes, fn}, minReqVersion} + hbaAuthMethods[method] = methodInfo{validConnTypes, fn} if checkEntry != nil { hbaCheckHBAEntries[method] = checkEntry } @@ -347,15 +332,10 @@ func listRegisteredMethods() string { } var ( - hbaAuthMethods = map[string]authMethodEntry{} + hbaAuthMethods = map[string]methodInfo{} hbaCheckHBAEntries = map[string]CheckHBAEntry{} ) -type authMethodEntry struct { - methodInfo - minReqVersion clusterversion.VersionKey -} - type methodInfo struct { validConnTypes hba.ConnType fn AuthMethod