Skip to content

Commit

Permalink
security, sql: Add User IDs in system tables and User Info struct
Browse files Browse the repository at this point in the history 
Previously we used usernames to access user information and privileges.
We will transition to using IDs by first adding user ids and updating the code
to use IDs where possible.

Release justification: Justified in RFC cockroachdb#77453
Release note: None
  • Loading branch information
@Fenil-P
Fenil-P committed Mar 28, 2022
1 parent a1c1879 commit 3d2c91c
Show file tree
Hide file tree
Showing 55 changed files with 798 additions and 380 deletions.
30 changes: 15 additions & 15 deletions pkg/bench/rttanalysis/testdata/benchmark_expectations
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
exp,benchmark
11,AlterRole/alter_role_with_1_option
12,AlterRole/alter_role_with_2_options
16,AlterRole/alter_role_with_3_options
13,AlterRole/alter_role_with_1_option
14,AlterRole/alter_role_with_2_options
18,AlterRole/alter_role_with_3_options
13,AlterTableAddCheckConstraint/alter_table_add_1_check_constraint
13,AlterTableAddCheckConstraint/alter_table_add_2_check_constraints
13,AlterTableAddCheckConstraint/alter_table_add_3_check_constraints
Expand Down Expand Up @@ -36,8 +36,8 @@ exp,benchmark
16,DropDatabase/drop_database_2_tables
17,DropDatabase/drop_database_3_tables
20,DropRole/drop_1_role
27,DropRole/drop_2_roles
34,DropRole/drop_3_roles
29,DropRole/drop_2_roles
37,DropRole/drop_3_roles
14,DropSequence/drop_1_sequence
16,DropSequence/drop_2_sequences
18,DropSequence/drop_3_sequences
Expand All @@ -47,11 +47,11 @@ exp,benchmark
16,DropView/drop_1_view
18,DropView/drop_2_views
20,DropView/drop_3_views
14,Grant/grant_all_on_1_table
14,Grant/grant_all_on_2_tables
14,Grant/grant_all_on_3_tables
10,GrantRole/grant_1_role
12,GrantRole/grant_2_roles
16,Grant/grant_all_on_1_table
16,Grant/grant_all_on_2_tables
16,Grant/grant_all_on_3_tables
14,GrantRole/grant_1_role
18,GrantRole/grant_2_roles
2,ORMQueries/activerecord_type_introspection_query
2,ORMQueries/django_table_introspection_1_table
2,ORMQueries/django_table_introspection_4_tables
Expand All @@ -76,11 +76,11 @@ exp,benchmark
4,ORMQueries/pg_my_temp_schema_multiple_times
4,ORMQueries/pg_namespace
2,ORMQueries/pg_type
14,Revoke/revoke_all_on_1_table
14,Revoke/revoke_all_on_2_tables
14,Revoke/revoke_all_on_3_tables
10,RevokeRole/revoke_1_role
12,RevokeRole/revoke_2_roles
16,Revoke/revoke_all_on_1_table
16,Revoke/revoke_all_on_2_tables
16,Revoke/revoke_all_on_3_tables
13,RevokeRole/revoke_1_role
16,RevokeRole/revoke_2_roles
1,SystemDatabaseQueries/select_system.users_with_empty_database_Name
1,SystemDatabaseQueries/select_system.users_with_schema_Name
2,SystemDatabaseQueries/select_system.users_without_schema_Name
Expand Down
6 changes: 3 additions & 3 deletions pkg/ccl/backupccl/backup_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9881,7 +9881,7 @@ func TestBackupRestoreSystemUsers(t *testing.T) {

// Role 'app_role' and user 'app' will be added, and 'app' is granted with 'app_role'
// User test will remain untouched with no role granted
sqlDBRestore.CheckQueryResults(t, "SELECT * FROM system.users", [][]string{
sqlDBRestore.CheckQueryResults(t, "SELECT username, \"hashedPassword\", \"isRole\" FROM system.users", [][]string{
{"admin", "", "true"},
{"app", "NULL", "false"},
{"app_role", "NULL", "true"},
Expand Down Expand Up @@ -9915,15 +9915,15 @@ func TestBackupRestoreSystemUsers(t *testing.T) {
t.Run("restore-from-backup-with-no-system-role-members", func(t *testing.T) {
sqlDBRestore1.Exec(t, "RESTORE SYSTEM USERS FROM $1", localFoo+"/3")

sqlDBRestore1.CheckQueryResults(t, "SELECT * FROM system.users", [][]string{
sqlDBRestore1.CheckQueryResults(t, "SELECT username, \"hashedPassword\", \"isRole\" FROM system.users", [][]string{
{"admin", "", "true"},
{"app", "NULL", "false"},
{"app_role", "NULL", "true"},
{"root", "", "false"},
{"test", "NULL", "false"},
{"test_role", "NULL", "true"},
})
sqlDBRestore1.CheckQueryResults(t, "SELECT * FROM system.role_members", [][]string{
sqlDBRestore1.CheckQueryResults(t, "SELECT \"role\", \"member\", \"isAdmin\" FROM system.role_members", [][]string{
{"admin", "root", "true"},
})
sqlDBRestore1.CheckQueryResults(t, "SHOW USERS", [][]string{
Expand Down
1 change: 1 addition & 0 deletions pkg/ccl/logictestccl/testdata/logic_test/crdb_internal_tenant
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ SELECT node_id, name FROM crdb_internal.leases ORDER BY name
0 settings
0 statement_diagnostics_requests
0 test
0 user_id_seq
0 users

query error database "crdb_internal" does not exist
Expand Down
3 changes: 2 additions & 1 deletion pkg/ccl/spanconfigccl/spanconfigcomparedccl/testdata/multitenant
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,10 +62,10 @@ diff offset=48 limit=10
+/Tenant/11/Table/5 database system (tenant)
+/Tenant/11/Table/6 database system (tenant)
+/Tenant/11/Table/7 database system (tenant)
+/Tenant/11/Table/9 database system (tenant)
+/Tenant/11/Table/11 database system (tenant)
+/Tenant/11/Table/12 database system (tenant)
+/Tenant/11/Table/13 database system (tenant)
+/Tenant/11/Table/14 database system (tenant)
...

# Sanity check that new tenant tables show up correctly.
Expand All @@ -88,6 +88,7 @@ diff offset=48
+/Tenant/11/Table/5 database system (tenant)
+/Tenant/11/Table/6 database system (tenant)
+/Tenant/11/Table/7 database system (tenant)
+/Tenant/11/Table/9 database system (tenant)
+/Tenant/11/Table/11 database system (tenant)
+/Tenant/11/Table/12 database system (tenant)
+/Tenant/11/Table/13 database system (tenant)
Expand Down
6 changes: 5 additions & 1 deletion pkg/ccl/spanconfigccl/spanconfigreconcilerccl/testdata/basic
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ upsert /Table/{4-5} database system (host)
upsert /Table/{5-6} database system (host)
upsert /Table/{6-7} database system (host)
upsert /Table/{8-9} database system (host)
upsert /Table/{9-10} database system (host)
upsert /Table/1{1-2} database system (host)
upsert /Table/1{2-3} database system (host)
upsert /Table/1{3-4} database system (host)
Expand Down Expand Up @@ -91,6 +92,7 @@ upsert /Table/11{2-3} num_replicas=7
state offset=47
----
...
/Table/4{7-8} database system (host)
/Table/5{0-1} database system (host)
/Table/10{6-7} num_replicas=7 num_voters=5
/Table/10{7-8} num_replicas=7
Expand All @@ -113,6 +115,8 @@ delete /Table/{6-7}
upsert /Table/{6-7} ttl_seconds=100 ignore_strict_gc=true num_replicas=5 rangefeed_enabled=true
delete /Table/{8-9}
upsert /Table/{8-9} ttl_seconds=100 ignore_strict_gc=true num_replicas=5 rangefeed_enabled=true
delete /Table/{9-10}
upsert /Table/{9-10} ttl_seconds=100 ignore_strict_gc=true num_replicas=5 rangefeed_enabled=true
delete /Table/1{1-2}
upsert /Table/1{1-2} ttl_seconds=100 ignore_strict_gc=true num_replicas=5 rangefeed_enabled=true
delete /Table/1{2-3}
Expand Down Expand Up @@ -192,6 +196,7 @@ state offset=5 limit=42
/Table/{5-6} ttl_seconds=100 ignore_strict_gc=true num_replicas=5 rangefeed_enabled=true
/Table/{6-7} ttl_seconds=100 ignore_strict_gc=true num_replicas=5 rangefeed_enabled=true
/Table/{8-9} ttl_seconds=100 ignore_strict_gc=true num_replicas=5 rangefeed_enabled=true
/Table/{9-10} ttl_seconds=100 ignore_strict_gc=true num_replicas=5 rangefeed_enabled=true
/Table/1{1-2} ttl_seconds=100 ignore_strict_gc=true num_replicas=5 rangefeed_enabled=true
/Table/1{2-3} ttl_seconds=100 ignore_strict_gc=true num_replicas=5 rangefeed_enabled=true
/Table/1{3-4} ttl_seconds=100 ignore_strict_gc=true num_replicas=5 rangefeed_enabled=true
Expand Down Expand Up @@ -228,5 +233,4 @@ state offset=5 limit=42
/Table/4{4-5} ttl_seconds=100 ignore_strict_gc=true num_replicas=5 rangefeed_enabled=true
/Table/4{5-6} ttl_seconds=7200 ignore_strict_gc=true num_replicas=5 rangefeed_enabled=true
/Table/4{6-7} ttl_seconds=100 ignore_strict_gc=true num_replicas=5 rangefeed_enabled=true
/Table/4{7-8} ttl_seconds=100 ignore_strict_gc=true num_replicas=5 rangefeed_enabled=true
...
5 changes: 5 additions & 0 deletions pkg/ccl/spanconfigccl/spanconfigreconcilerccl/testdata/indexes
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ upsert /Table/10{6-7} range default
state offset=47
----
...
/Table/4{7-8} database system (host)
/Table/5{0-1} database system (host)
/Table/10{6-7} range default

Expand All @@ -43,6 +44,7 @@ upsert /Table/10{6/3-7} num_replicas=7
state offset=47
----
...
/Table/4{7-8} database system (host)
/Table/5{0-1} database system (host)
/Table/106{-/2} num_replicas=7
/Table/106/{2-3} num_replicas=7 num_voters=5
Expand All @@ -67,6 +69,7 @@ upsert /Table/10{6/3-7} ttl_seconds=3600 num_replicas=7
state offset=47
----
...
/Table/4{7-8} database system (host)
/Table/5{0-1} database system (host)
/Table/106{-/2} ttl_seconds=3600 num_replicas=7
/Table/106/{2-3} ttl_seconds=25 num_replicas=7 num_voters=5
Expand All @@ -81,6 +84,7 @@ ALTER TABLE db.t CONFIGURE ZONE USING num_replicas = 9
state offset=47
----
...
/Table/4{7-8} database system (host)
/Table/5{0-1} database system (host)
/Table/106{-/2} ttl_seconds=3600 num_replicas=9
/Table/106/{2-3} ttl_seconds=25 num_replicas=9 num_voters=5
Expand Down Expand Up @@ -108,5 +112,6 @@ delete /Table/10{6/3-7}
state offset=46
----
...
/Table/4{6-7} database system (host)
/Table/4{7-8} database system (host)
/Table/5{0-1} database system (host)
6 changes: 6 additions & 0 deletions pkg/ccl/spanconfigccl/spanconfigreconcilerccl/testdata/multitenant/basic
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ mutations
state offset=47
----
...
/Table/4{7-8} database system (host)
/Table/5{0-1} database system (host)
/Tenant/10{-"\x00"} database system (tenant)
/Tenant/11{-"\x00"} database system (tenant)
Expand All @@ -38,6 +39,7 @@ upsert /Tenant/10/Table/{4-5} database system (tenant)
upsert /Tenant/10/Table/{5-6} database system (tenant)
upsert /Tenant/10/Table/{6-7} database system (tenant)
upsert /Tenant/10/Table/{7-8} database system (tenant)
upsert /Tenant/10/Table/{9-10} database system (tenant)
upsert /Tenant/10/Table/1{1-2} database system (tenant)
upsert /Tenant/10/Table/1{2-3} database system (tenant)
upsert /Tenant/10/Table/1{3-4} database system (tenant)
Expand Down Expand Up @@ -71,12 +73,14 @@ upsert /Tenant/10/Table/4{6-7} database system (tenant)
state offset=47
----
...
/Table/4{7-8} database system (host)
/Table/5{0-1} database system (host)
/Tenant/10{-/Table/4} database system (tenant)
/Tenant/10/Table/{4-5} database system (tenant)
/Tenant/10/Table/{5-6} database system (tenant)
/Tenant/10/Table/{6-7} database system (tenant)
/Tenant/10/Table/{7-8} database system (tenant)
/Tenant/10/Table/{9-10} database system (tenant)
/Tenant/10/Table/1{1-2} database system (tenant)
/Tenant/10/Table/1{2-3} database system (tenant)
/Tenant/10/Table/1{3-4} database system (tenant)
Expand Down Expand Up @@ -129,6 +133,8 @@ upsert /Tenant/10/Table/11{3-4} range default
state offset=81
----
...
/Tenant/10/Table/4{3-4} database system (tenant)
/Tenant/10/Table/4{4-5} database system (tenant)
/Tenant/10/Table/4{6-7} database system (tenant)
/Tenant/10/Table/10{6-7} range default
/Tenant/10/Table/10{7-8} range default
Expand Down
2 changes: 2 additions & 0 deletions pkg/ccl/spanconfigccl/spanconfigreconcilerccl/testdata/multitenant/protectedts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ mutations
state offset=47
----
...
/Table/4{7-8} database system (host)
/Table/5{0-1} database system (host)
/Tenant/10{-"\x00"} database system (tenant)

Expand Down Expand Up @@ -54,6 +55,7 @@ upsert /Tenant/10/Table/{4-5} database system (tenant)
upsert /Tenant/10/Table/{5-6} database system (tenant)
upsert /Tenant/10/Table/{6-7} database system (tenant)
upsert /Tenant/10/Table/{7-8} database system (tenant)
upsert /Tenant/10/Table/{9-10} database system (tenant)
upsert /Tenant/10/Table/1{1-2} database system (tenant)
upsert /Tenant/10/Table/1{2-3} database system (tenant)
upsert /Tenant/10/Table/1{3-4} database system (tenant)
Expand Down
2 changes: 2 additions & 0 deletions pkg/ccl/spanconfigccl/spanconfigreconcilerccl/testdata/named_zones
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,7 @@ state limit=5
state offset=46
----
...
/Table/4{6-7} database system (host)
/Table/4{7-8} database system (host)
/Table/5{0-1} database system (host)
/Table/10{6-7} ttl_seconds=50
Expand All @@ -139,6 +140,7 @@ upsert /Table/10{7-8} ttl_seconds=50
state offset=46
----
...
/Table/4{6-7} database system (host)
/Table/4{7-8} database system (host)
/Table/5{0-1} database system (host)
/Table/10{6-7} ttl_seconds=50
Expand Down
8 changes: 8 additions & 0 deletions pkg/ccl/spanconfigccl/spanconfigreconcilerccl/testdata/partitions
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ mutations discard
state offset=47
----
...
/Table/4{7-8} database system (host)
/Table/5{0-1} database system (host)

exec-sql
Expand All @@ -33,6 +34,7 @@ upsert /Table/10{6-7} range default
state offset=47
----
...
/Table/4{7-8} database system (host)
/Table/5{0-1} database system (host)
/Table/10{6-7} range default

Expand All @@ -50,6 +52,7 @@ upsert /Table/10{6-7} num_replicas=7 num_voters=5
state offset=47
----
...
/Table/4{7-8} database system (host)
/Table/5{0-1} database system (host)
/Table/10{6-7} num_replicas=7 num_voters=5

Expand All @@ -72,6 +75,7 @@ upsert /Table/10{6/1/3-7} num_replicas=7 num_voters=5
state offset=47
----
...
/Table/4{7-8} database system (host)
/Table/5{0-1} database system (host)
/Table/106{-/1/1} num_replicas=7 num_voters=5
/Table/106/1/{1-2} global_reads=true num_replicas=7 num_voters=5
Expand All @@ -94,6 +98,7 @@ upsert /Table/10{6/1/5-7} num_replicas=7 num_voters=5
state offset=47
----
...
/Table/4{7-8} database system (host)
/Table/5{0-1} database system (host)
/Table/106{-/1/1} num_replicas=7 num_voters=5
/Table/106/1/{1-2} global_reads=true num_replicas=7 num_voters=5
Expand Down Expand Up @@ -130,6 +135,7 @@ upsert /Table/10{6/2-7} num_replicas=7 num_voters=5
state offset=47
----
...
/Table/4{7-8} database system (host)
/Table/5{0-1} database system (host)
/Table/106{-/1} num_replicas=7 num_voters=5
/Table/106/1{-/1} num_replicas=7 num_voters=6
Expand Down Expand Up @@ -164,6 +170,7 @@ upsert /Table/10{6/2-7} num_replicas=7
state offset=47
----
...
/Table/4{7-8} database system (host)
/Table/5{0-1} database system (host)
/Table/106{-/1} num_replicas=7
/Table/106/1{-/1} num_replicas=7 num_voters=6
Expand Down Expand Up @@ -192,4 +199,5 @@ delete /Table/10{6/2-7}
state offset=47
----
...
/Table/4{7-8} database system (host)
/Table/5{0-1} database system (host)
1 change: 1 addition & 0 deletions pkg/ccl/spanconfigccl/spanconfigreconcilerccl/testdata/protectedts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ state limit=3
state offset=51
----
...
/Table/5{0-1} database system (host)
/Table/10{6-7} protection_policies=[{ts: 3} {ts: 4}]
/Table/10{7-8} protection_policies=[{ts: 3} {ts: 4}]

Expand Down
1 change: 1 addition & 0 deletions pkg/ccl/spanconfigccl/spanconfigsqltranslatorccl/testdata/full_translate
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ full-translate
/Table/{5-6} database system (host)
/Table/{6-7} database system (host)
/Table/{8-9} database system (host)
/Table/{9-10} database system (host)
/Table/1{1-2} database system (host)
/Table/1{2-3} database system (host)
/Table/1{3-4} database system (host)
Expand Down
1 change: 1 addition & 0 deletions pkg/ccl/spanconfigccl/spanconfigsqltranslatorccl/testdata/full_translate_named_zones_deleted
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ full-translate
/Table/{5-6} database system (host)
/Table/{6-7} database system (host)
/Table/{8-9} database system (host)
/Table/{9-10} database system (host)
/Table/1{1-2} database system (host)
/Table/1{2-3} database system (host)
/Table/1{3-4} database system (host)
Expand Down
3 changes: 3 additions & 0 deletions pkg/ccl/spanconfigccl/spanconfigsqltranslatorccl/testdata/system_database
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ translate database=system
/Table/{5-6} database system (host)
/Table/{6-7} database system (host)
/Table/{8-9} database system (host)
/Table/{9-10} database system (host)
/Table/1{1-2} database system (host)
/Table/1{2-3} database system (host)
/Table/1{3-4} database system (host)
Expand Down Expand Up @@ -60,6 +61,7 @@ translate database=system
/Table/{5-6} ignore_strict_gc=true num_replicas=7 rangefeed_enabled=true
/Table/{6-7} ignore_strict_gc=true num_replicas=7 rangefeed_enabled=true
/Table/{8-9} ignore_strict_gc=true num_replicas=7 rangefeed_enabled=true
/Table/{9-10} ignore_strict_gc=true num_replicas=7 rangefeed_enabled=true
/Table/1{1-2} ignore_strict_gc=true num_replicas=7 rangefeed_enabled=true
/Table/1{2-3} ignore_strict_gc=true num_replicas=7 rangefeed_enabled=true
/Table/1{3-4} ignore_strict_gc=true num_replicas=7 rangefeed_enabled=true
Expand Down Expand Up @@ -117,6 +119,7 @@ full-translate
/Table/{5-6} ignore_strict_gc=true num_replicas=7 rangefeed_enabled=true
/Table/{6-7} ignore_strict_gc=true num_replicas=7 rangefeed_enabled=true
/Table/{8-9} ignore_strict_gc=true num_replicas=7 rangefeed_enabled=true
/Table/{9-10} ignore_strict_gc=true num_replicas=7 rangefeed_enabled=true
/Table/1{1-2} ignore_strict_gc=true num_replicas=7 rangefeed_enabled=true
/Table/1{2-3} ignore_strict_gc=true num_replicas=7 rangefeed_enabled=true
/Table/1{3-4} ignore_strict_gc=true num_replicas=7 rangefeed_enabled=true
Expand Down
2 changes: 2 additions & 0 deletions pkg/ccl/spanconfigccl/spanconfigsqltranslatorccl/testdata/tenant/full_translate
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ full-translate
/Tenant/10/Table/{5-6} database system (tenant)
/Tenant/10/Table/{6-7} database system (tenant)
/Tenant/10/Table/{7-8} database system (tenant)
/Tenant/10/Table/{9-10} database system (tenant)
/Tenant/10/Table/1{1-2} database system (tenant)
/Tenant/10/Table/1{2-3} database system (tenant)
/Tenant/10/Table/1{3-4} database system (tenant)
Expand Down Expand Up @@ -63,6 +64,7 @@ translate named-zone=default
/Tenant/10/Table/{5-6} database system (tenant)
/Tenant/10/Table/{6-7} database system (tenant)
/Tenant/10/Table/{7-8} database system (tenant)
/Tenant/10/Table/{9-10} database system (tenant)
/Tenant/10/Table/1{1-2} database system (tenant)
/Tenant/10/Table/1{2-3} database system (tenant)
/Tenant/10/Table/1{3-4} database system (tenant)
Expand Down
Loading

0 comments on commit 3d2c91c

Please sign in to comment.