From 86859a783aad6e81eaf0271364a7d17867499c7d Mon Sep 17 00:00:00 2001
From: irfan sharif <irfanmahmoudsharif@gmail.com>
Date: Wed, 25 Nov 2020 21:18:39 -0500
Subject: [PATCH] sql,clusterversion: remove
 VersionAuthLocalAndTrustRejectMethods

It's an old cluster version, introduced in the 19.2 release cycle. It's
now safe to remove. Part of #47447. Fixes #56398.

Release note: None
---
 pkg/ccl/gssapiccl/gssapi.go              |  3 +-
 pkg/clusterversion/cockroach_versions.go | 20 ---------
 pkg/clusterversion/versionkey_string.go  | 56 ++++++++++++------------
 pkg/sql/pgwire/auth_methods.go           | 12 +++--
 pkg/sql/pgwire/hba_conf.go               | 28 ++----------
 5 files changed, 37 insertions(+), 82 deletions(-)

diff --git a/pkg/ccl/gssapiccl/gssapi.go b/pkg/ccl/gssapiccl/gssapi.go
index 8790b78b9b61..f8ee5d797666 100644
--- a/pkg/ccl/gssapiccl/gssapi.go
+++ b/pkg/ccl/gssapiccl/gssapi.go
@@ -21,7 +21,6 @@ import (
 	"unsafe"
 
 	"github.com/cockroachdb/cockroach/pkg/ccl/utilccl"
-	"github.com/cockroachdb/cockroach/pkg/clusterversion"
 	"github.com/cockroachdb/cockroach/pkg/security"
 	"github.com/cockroachdb/cockroach/pkg/sql"
 	"github.com/cockroachdb/cockroach/pkg/sql/pgwire"
@@ -207,5 +206,5 @@ func checkEntry(entry hba.Entry) error {
 }
 
 func init() {
-	pgwire.RegisterAuthMethod("gss", authGSS, clusterversion.Version19_1, hba.ConnHostSSL, checkEntry)
+	pgwire.RegisterAuthMethod("gss", authGSS, hba.ConnHostSSL, checkEntry)
 }
diff --git a/pkg/clusterversion/cockroach_versions.go b/pkg/clusterversion/cockroach_versions.go
index 7ba8009d4c73..5733b56f237f 100644
--- a/pkg/clusterversion/cockroach_versions.go
+++ b/pkg/clusterversion/cockroach_versions.go
@@ -115,10 +115,6 @@ type VersionKey int
 const (
 	_ VersionKey = iota - 1 // want first named one to start at zero
 
-	// Version19_1 is CockroachDB v19.1. It's used for all v19.1.x patch
-	// releases.
-	Version19_1
-
 	// v20.1 versions.
 	//
 	// VersionNamespaceTableWithSchemas is
@@ -128,14 +124,6 @@ const (
 	// added parentSchemaID column. In addition to the new column, the table is
 	// no longer in the system config range -- implying it is no longer gossiped.
 	VersionNamespaceTableWithSchemas
-	// VersionAuthLocalAndTrustRejectMethods introduces the HBA rule
-	// prefix 'local' and auth methods 'trust' and 'reject', for use
-	// in server.host_based_authentication.configuration.
-	//
-	// A separate cluster version ensures the new syntax is not
-	// introduced while previous-version nodes are still running, as
-	// this would block any new SQL client.
-	VersionAuthLocalAndTrustRejectMethods
 
 	// TODO(irfansharif): The versions above can/should all be removed. They
 	// were orinally introduced in v20.1. There are inflight PRs to do so
@@ -240,18 +228,10 @@ const (
 // minor version until we are absolutely sure that no new migrations will need
 // to be added (i.e., when cutting the final release candidate).
 var versionsSingleton = keyedVersions([]keyedVersion{
-	{
-		Key:     Version19_1,
-		Version: roachpb.Version{Major: 19, Minor: 1},
-	},
 	{
 		Key:     VersionNamespaceTableWithSchemas,
 		Version: roachpb.Version{Major: 19, Minor: 2, Internal: 5},
 	},
-	{
-		Key:     VersionAuthLocalAndTrustRejectMethods,
-		Version: roachpb.Version{Major: 19, Minor: 2, Internal: 8},
-	},
 
 	// v20.2 versions.
 	{
diff --git a/pkg/clusterversion/versionkey_string.go b/pkg/clusterversion/versionkey_string.go
index 469008264afb..61075b57e639 100644
--- a/pkg/clusterversion/versionkey_string.go
+++ b/pkg/clusterversion/versionkey_string.go
@@ -8,38 +8,36 @@ func _() {
 	// An "invalid array index" compiler error signifies that the constant values have changed.
 	// Re-run the stringer command to generate them again.
 	var x [1]struct{}
-	_ = x[Version19_1-0]
-	_ = x[VersionNamespaceTableWithSchemas-1]
-	_ = x[VersionAuthLocalAndTrustRejectMethods-2]
-	_ = x[VersionStart20_2-3]
-	_ = x[VersionGeospatialType-4]
-	_ = x[VersionEnums-5]
-	_ = x[VersionRangefeedLeases-6]
-	_ = x[VersionAlterColumnTypeGeneral-7]
-	_ = x[VersionAlterSystemJobsAddCreatedByColumns-8]
-	_ = x[VersionAddScheduledJobsTable-9]
-	_ = x[VersionUserDefinedSchemas-10]
-	_ = x[VersionNoOriginFKIndexes-11]
-	_ = x[VersionClientRangeInfosOnBatchResponse-12]
-	_ = x[VersionNodeMembershipStatus-13]
-	_ = x[VersionRangeStatsRespHasDesc-14]
-	_ = x[VersionMinPasswordLength-15]
-	_ = x[VersionAbortSpanBytes-16]
-	_ = x[VersionAlterSystemJobsAddSqllivenessColumnsAddNewSystemSqllivenessTable-17]
-	_ = x[VersionMaterializedViews-18]
-	_ = x[VersionBox2DType-19]
-	_ = x[VersionLeasedDatabaseDescriptors-20]
-	_ = x[VersionUpdateScheduledJobsSchema-21]
-	_ = x[VersionCreateLoginPrivilege-22]
-	_ = x[VersionHBAForNonTLS-23]
-	_ = x[Version20_2-24]
-	_ = x[VersionStart21_1-25]
-	_ = x[VersionEmptyArraysInInvertedIndexes-26]
+	_ = x[VersionNamespaceTableWithSchemas-0]
+	_ = x[VersionStart20_2-1]
+	_ = x[VersionGeospatialType-2]
+	_ = x[VersionEnums-3]
+	_ = x[VersionRangefeedLeases-4]
+	_ = x[VersionAlterColumnTypeGeneral-5]
+	_ = x[VersionAlterSystemJobsAddCreatedByColumns-6]
+	_ = x[VersionAddScheduledJobsTable-7]
+	_ = x[VersionUserDefinedSchemas-8]
+	_ = x[VersionNoOriginFKIndexes-9]
+	_ = x[VersionClientRangeInfosOnBatchResponse-10]
+	_ = x[VersionNodeMembershipStatus-11]
+	_ = x[VersionRangeStatsRespHasDesc-12]
+	_ = x[VersionMinPasswordLength-13]
+	_ = x[VersionAbortSpanBytes-14]
+	_ = x[VersionAlterSystemJobsAddSqllivenessColumnsAddNewSystemSqllivenessTable-15]
+	_ = x[VersionMaterializedViews-16]
+	_ = x[VersionBox2DType-17]
+	_ = x[VersionLeasedDatabaseDescriptors-18]
+	_ = x[VersionUpdateScheduledJobsSchema-19]
+	_ = x[VersionCreateLoginPrivilege-20]
+	_ = x[VersionHBAForNonTLS-21]
+	_ = x[Version20_2-22]
+	_ = x[VersionStart21_1-23]
+	_ = x[VersionEmptyArraysInInvertedIndexes-24]
 }
 
-const _VersionKey_name = "Version19_1VersionNamespaceTableWithSchemasVersionAuthLocalAndTrustRejectMethodsVersionStart20_2VersionGeospatialTypeVersionEnumsVersionRangefeedLeasesVersionAlterColumnTypeGeneralVersionAlterSystemJobsAddCreatedByColumnsVersionAddScheduledJobsTableVersionUserDefinedSchemasVersionNoOriginFKIndexesVersionClientRangeInfosOnBatchResponseVersionNodeMembershipStatusVersionRangeStatsRespHasDescVersionMinPasswordLengthVersionAbortSpanBytesVersionAlterSystemJobsAddSqllivenessColumnsAddNewSystemSqllivenessTableVersionMaterializedViewsVersionBox2DTypeVersionLeasedDatabaseDescriptorsVersionUpdateScheduledJobsSchemaVersionCreateLoginPrivilegeVersionHBAForNonTLSVersion20_2VersionStart21_1VersionEmptyArraysInInvertedIndexes"
+const _VersionKey_name = "VersionNamespaceTableWithSchemasVersionStart20_2VersionGeospatialTypeVersionEnumsVersionRangefeedLeasesVersionAlterColumnTypeGeneralVersionAlterSystemJobsAddCreatedByColumnsVersionAddScheduledJobsTableVersionUserDefinedSchemasVersionNoOriginFKIndexesVersionClientRangeInfosOnBatchResponseVersionNodeMembershipStatusVersionRangeStatsRespHasDescVersionMinPasswordLengthVersionAbortSpanBytesVersionAlterSystemJobsAddSqllivenessColumnsAddNewSystemSqllivenessTableVersionMaterializedViewsVersionBox2DTypeVersionLeasedDatabaseDescriptorsVersionUpdateScheduledJobsSchemaVersionCreateLoginPrivilegeVersionHBAForNonTLSVersion20_2VersionStart21_1VersionEmptyArraysInInvertedIndexes"
 
-var _VersionKey_index = [...]uint16{0, 11, 43, 80, 96, 117, 129, 151, 180, 221, 249, 274, 298, 336, 363, 391, 415, 436, 507, 531, 547, 579, 611, 638, 657, 668, 684, 719}
+var _VersionKey_index = [...]uint16{0, 32, 48, 69, 81, 103, 132, 173, 201, 226, 250, 288, 315, 343, 367, 388, 459, 483, 499, 531, 563, 590, 609, 620, 636, 671}
 
 func (i VersionKey) String() string {
 	if i < 0 || i >= VersionKey(len(_VersionKey_index)-1) {
diff --git a/pkg/sql/pgwire/auth_methods.go b/pkg/sql/pgwire/auth_methods.go
index 9856a8f8cadc..6cbc28f95f8d 100644
--- a/pkg/sql/pgwire/auth_methods.go
+++ b/pkg/sql/pgwire/auth_methods.go
@@ -16,7 +16,6 @@ import (
 	"crypto/tls"
 	"fmt"
 
-	"github.com/cockroachdb/cockroach/pkg/clusterversion"
 	"github.com/cockroachdb/cockroach/pkg/security"
 	"github.com/cockroachdb/cockroach/pkg/sql"
 	"github.com/cockroachdb/cockroach/pkg/sql/pgwire/hba"
@@ -41,27 +40,26 @@ func loadDefaultMethods() {
 	//
 	// Care should be taken by administrators to only accept this auth
 	// method over secure connections, e.g. those encrypted using SSL.
-	RegisterAuthMethod("password", authPassword, clusterversion.Version19_1, hba.ConnAny, nil)
+	RegisterAuthMethod("password", authPassword, hba.ConnAny, nil)
 
 	// The "cert" method requires a valid client certificate for the
 	// user attempting to connect.
 	//
 	// This method is only usable over SSL connections.
-	RegisterAuthMethod("cert", authCert, clusterversion.Version19_1, hba.ConnHostSSL, nil)
+	RegisterAuthMethod("cert", authCert, hba.ConnHostSSL, nil)
 
 	// The "cert-password" method requires either a valid client
 	// certificate for the connecting user, or, if no cert is provided,
 	// a cleartext password.
-	RegisterAuthMethod("cert-password", authCertPassword, clusterversion.Version19_1, hba.ConnAny, nil)
+	RegisterAuthMethod("cert-password", authCertPassword, hba.ConnAny, nil)
 
 	// The "reject" method rejects any connection attempt that matches
 	// the current rule.
-	RegisterAuthMethod("reject", authReject, clusterversion.VersionAuthLocalAndTrustRejectMethods, hba.ConnAny, nil)
+	RegisterAuthMethod("reject", authReject, hba.ConnAny, nil)
 
 	// The "trust" method accepts any connection attempt that matches
 	// the current rule.
-	RegisterAuthMethod("trust", authTrust, clusterversion.VersionAuthLocalAndTrustRejectMethods, hba.ConnAny, nil)
-
+	RegisterAuthMethod("trust", authTrust, hba.ConnAny, nil)
 }
 
 // AuthMethod defines a method for authentication of a connection.
diff --git a/pkg/sql/pgwire/hba_conf.go b/pkg/sql/pgwire/hba_conf.go
index 270ae5399802..998d10159790 100644
--- a/pkg/sql/pgwire/hba_conf.go
+++ b/pkg/sql/pgwire/hba_conf.go
@@ -143,13 +143,6 @@ func checkHBASyntaxBeforeUpdatingSetting(values *settings.Values, s string) erro
 		switch entry.ConnType {
 		case hba.ConnHostAny:
 		case hba.ConnLocal:
-			if vh != nil &&
-				!vh.IsActive(context.TODO(), clusterversion.VersionAuthLocalAndTrustRejectMethods) {
-				return pgerror.Newf(pgcode.ObjectNotInPrerequisiteState,
-					`authentication rule type 'local' requires all nodes to be upgraded to %s`,
-					clusterversion.VersionByKey(clusterversion.VersionAuthLocalAndTrustRejectMethods),
-				)
-			}
 		case hba.ConnHostSSL, hba.ConnHostNoSSL:
 			if vh != nil &&
 				!vh.IsActive(context.TODO(), clusterversion.VersionHBAForNonTLS) {
@@ -198,13 +191,6 @@ func checkHBASyntaxBeforeUpdatingSetting(values *settings.Values, s string) erro
 				"unknown auth method %q", entry.Method.Value),
 				"Supported methods: %s", listRegisteredMethods())
 		}
-		// Verify that the cluster setting is at least the required version.
-		if vh != nil && !vh.IsActive(context.TODO(), method.minReqVersion) {
-			return pgerror.Newf(pgcode.ObjectNotInPrerequisiteState,
-				`authentication method '%s' requires all nodes to be upgraded to %s`,
-				entry.Method.Value,
-				clusterversion.VersionByKey(method.minReqVersion))
-		}
 		// Run the per-method validation.
 		if check := hbaCheckHBAEntries[entry.Method.Value]; check != nil {
 			if err := check(entry); err != nil {
@@ -238,14 +224,14 @@ func ParseAndNormalize(val string) (*hba.Conf, error) {
 	// Lookup and cache the auth methods.
 	for i := range conf.Entries {
 		method := conf.Entries[i].Method.Value
-		methodEntry, ok := hbaAuthMethods[method]
+		methodInfo, ok := hbaAuthMethods[method]
 		if !ok {
 			// TODO(knz): Determine if an error should be reported
 			// upon unknown auth methods.
 			// See: https://github.com/cockroachdb/cockroach/issues/43716
 			return nil, errors.Errorf("unknown auth method %s", method)
 		}
-		conf.Entries[i].MethodFn = methodEntry.methodInfo
+		conf.Entries[i].MethodFn = methodInfo
 	}
 
 	return conf, nil
@@ -325,11 +311,10 @@ func (s *Server) GetAuthenticationConfiguration() *hba.Conf {
 func RegisterAuthMethod(
 	method string,
 	fn AuthMethod,
-	minReqVersion clusterversion.VersionKey,
 	validConnTypes hba.ConnType,
 	checkEntry CheckHBAEntry,
 ) {
-	hbaAuthMethods[method] = authMethodEntry{methodInfo{validConnTypes, fn}, minReqVersion}
+	hbaAuthMethods[method] = methodInfo{validConnTypes, fn}
 	if checkEntry != nil {
 		hbaCheckHBAEntries[method] = checkEntry
 	}
@@ -347,15 +332,10 @@ func listRegisteredMethods() string {
 }
 
 var (
-	hbaAuthMethods     = map[string]authMethodEntry{}
+	hbaAuthMethods     = map[string]methodInfo{}
 	hbaCheckHBAEntries = map[string]CheckHBAEntry{}
 )
 
-type authMethodEntry struct {
-	methodInfo
-	minReqVersion clusterversion.VersionKey
-}
-
 type methodInfo struct {
 	validConnTypes hba.ConnType
 	fn             AuthMethod