sql: add id column to system.users and system.role_id_seq

In preparation for keying roles by ids. See RFC: #77453 Release note: None Co-authored-by: Fenil-P <[email protected]>
cockroachdb · May 24, 2022 · 391a6f7 · 391a6f7
1 parent 85d99af
commit 391a6f7
Show file tree

Hide file tree

Showing 68 changed files with 982 additions and 304 deletions.
diff --git a/docs/generated/settings/settings-for-tenants.txt b/docs/generated/settings/settings-for-tenants.txt
@@ -282,4 +282,4 @@ trace.jaeger.agent	string		the address of a Jaeger agent to receive traces using
 trace.opentelemetry.collector	string		address of an OpenTelemetry trace collector to receive traces using the otel gRPC protocol, as <host>:<port>. If no port is specified, 4317 will be used.
 trace.span_registry.enabled	boolean	true	if set, ongoing traces can be seen at https://<ui>/#/debug/tracez
 trace.zipkin.collector	string		the address of a Zipkin instance to receive traces, as <host>:<port>. If no port is specified, 9411 will be used.
-version	version	22.1-8	set the active cluster version in the format '<major>.<minor>'
+version	version	22.1-12	set the active cluster version in the format '<major>.<minor>'
diff --git a/docs/generated/settings/settings.html b/docs/generated/settings/settings.html
@@ -213,6 +213,6 @@
 <tr><td><code>trace.opentelemetry.collector</code></td><td>string</td><td><code></code></td><td>address of an OpenTelemetry trace collector to receive traces using the otel gRPC protocol, as <host>:<port>. If no port is specified, 4317 will be used.</td></tr>
 <tr><td><code>trace.span_registry.enabled</code></td><td>boolean</td><td><code>true</code></td><td>if set, ongoing traces can be seen at https://<ui>/#/debug/tracez</td></tr>
 <tr><td><code>trace.zipkin.collector</code></td><td>string</td><td><code></code></td><td>the address of a Zipkin instance to receive traces, as <host>:<port>. If no port is specified, 9411 will be used.</td></tr>
-<tr><td><code>version</code></td><td>version</td><td><code>22.1-8</code></td><td>set the active cluster version in the format '<major>.<minor>'</td></tr>
+<tr><td><code>version</code></td><td>version</td><td><code>22.1-12</code></td><td>set the active cluster version in the format '<major>.<minor>'</td></tr>
 </tbody>
 </table>
diff --git a/pkg/bench/rttanalysis/testdata/benchmark_expectations b/pkg/bench/rttanalysis/testdata/benchmark_expectations
@@ -35,15 +35,15 @@ exp,benchmark
 15,DropDatabase/drop_database_1_table
 16,DropDatabase/drop_database_2_tables
 17,DropDatabase/drop_database_3_tables
-20,DropRole/drop_1_role
-27,DropRole/drop_2_roles
-34,DropRole/drop_3_roles
-14,DropSequence/drop_1_sequence
-16,DropSequence/drop_2_sequences
-18,DropSequence/drop_3_sequences
-14,DropTable/drop_1_table
-16,DropTable/drop_2_tables
-18,DropTable/drop_3_tables
+21,DropRole/drop_1_role
+29,DropRole/drop_2_roles
+37,DropRole/drop_3_roles
+15,DropSequence/drop_1_sequence
+17,DropSequence/drop_2_sequences
+19,DropSequence/drop_3_sequences
+15,DropTable/drop_1_table
+17,DropTable/drop_2_tables
+19,DropTable/drop_3_tables
 16,DropView/drop_1_view
 18,DropView/drop_2_views
 20,DropView/drop_3_views

diff --git a/pkg/ccl/backupccl/backup_test.go b/pkg/ccl/backupccl/backup_test.go
@@ -66,6 +66,7 @@ import (
 	"github.com/cockroachdb/cockroach/pkg/sql"
 	"github.com/cockroachdb/cockroach/pkg/sql/catalog"
 	"github.com/cockroachdb/cockroach/pkg/sql/catalog/bootstrap"
+	"github.com/cockroachdb/cockroach/pkg/sql/catalog/catalogkeys"
 	"github.com/cockroachdb/cockroach/pkg/sql/catalog/descidgen"
 	"github.com/cockroachdb/cockroach/pkg/sql/catalog/descpb"
 	"github.com/cockroachdb/cockroach/pkg/sql/catalog/desctestutils"
@@ -1034,14 +1035,17 @@ func TestBackupRestoreSystemTables(t *testing.T) {
 
 	// At the time this test was written, these were the only system tables that
 	// were reasonable for a user to backup and restore into another cluster.
-	tables := []string{"locations", "role_members", "users", "zones"}
+	tables := []string{"locations", "role_members", "users", "zones", "role_id_seq"}
 	tableSpec := "system." + strings.Join(tables, ", system.")
 
 	// Take a consistent fingerprint of the original tables.
 	var backupAsOf string
 	expectedFingerprints := map[string][][]string{}
 	err := crdb.ExecuteTx(ctx, conn, nil /* txopts */, func(tx *gosql.Tx) error {
 		for _, table := range tables {
+			if table == "role_id_seq" {
+				continue
+			}
 			rows, err := conn.Query("SHOW EXPERIMENTAL_FINGERPRINTS FROM TABLE system." + table)
 			if err != nil {
 				return err
@@ -1067,6 +1071,9 @@ func TestBackupRestoreSystemTables(t *testing.T) {
 
 	// Verify the fingerprints match.
 	for _, table := range tables {
+		if table == "role_id_seq" {
+			continue
+		}
 		a := sqlDB.QueryStr(t, "SHOW EXPERIMENTAL_FINGERPRINTS FROM TABLE system_new."+table)
 		if e := expectedFingerprints[table]; !reflect.DeepEqual(e, a) {
 			t.Fatalf("fingerprints between system.%[1]s and system_new.%[1]s did not match:%s\n",
@@ -9388,6 +9395,7 @@ func TestExcludeDataFromBackupDoesNotHoldupGC(t *testing.T) {
 func TestBackupRestoreSystemUsers(t *testing.T) {
 	defer leaktest.AfterTest(t)()
 	defer log.Scope(t).Close(t)
+	skip.WithIssue(t, 78963)
 
 	sqlDB, tempDir, cleanupFn := createEmptyCluster(t, singleNode)
 	_, sqlDBRestore, cleanupEmptyCluster := backupRestoreTestSetupEmpty(t, singleNode, tempDir, InitManualReplication, base.TestClusterArgs{})
@@ -9415,7 +9423,7 @@ func TestBackupRestoreSystemUsers(t *testing.T) {
 
 		// Role 'app_role' and user 'app' will be added, and 'app' is granted with 'app_role'
 		// User test will remain untouched with no role granted
-		sqlDBRestore.CheckQueryResults(t, "SELECT * FROM system.users", [][]string{
+		sqlDBRestore.CheckQueryResults(t, "SELECT username, \"hashedPassword\", \"isRole\" FROM system.users", [][]string{
 			{"admin", "", "true"},
 			{"app", "NULL", "false"},
 			{"app_role", "NULL", "true"},
@@ -9449,15 +9457,15 @@ func TestBackupRestoreSystemUsers(t *testing.T) {
 	t.Run("restore-from-backup-with-no-system-role-members", func(t *testing.T) {
 		sqlDBRestore1.Exec(t, "RESTORE SYSTEM USERS FROM $1", localFoo+"/3")
 
-		sqlDBRestore1.CheckQueryResults(t, "SELECT * FROM system.users", [][]string{
+		sqlDBRestore1.CheckQueryResults(t, "SELECT username, \"hashedPassword\", \"isRole\" FROM system.users", [][]string{
 			{"admin", "", "true"},
 			{"app", "NULL", "false"},
 			{"app_role", "NULL", "true"},
 			{"root", "", "false"},
 			{"test", "NULL", "false"},
 			{"test_role", "NULL", "true"},
 		})
-		sqlDBRestore1.CheckQueryResults(t, "SELECT * FROM system.role_members", [][]string{
+		sqlDBRestore1.CheckQueryResults(t, "SELECT \"role\", \"member\", \"isAdmin\" FROM system.role_members", [][]string{
 			{"admin", "root", "true"},
 		})
 		sqlDBRestore1.CheckQueryResults(t, "SHOW USERS", [][]string{
@@ -10027,6 +10035,17 @@ func TestBackupLatestInBaseDirectory(t *testing.T) {
 	require.NoError(t, err)
 	r.Close(ctx)
 
+	// Drop the system.role_seq_id so that we can perform the migration.
+	sqlDB.Exec(t, `INSERT INTO system.users VALUES ('node', '', false, 0)`)
+	sqlDB.Exec(t, `GRANT node TO root`)
+	sqlDB.Exec(t, `DROP SEQUENCE system.role_id_seq`)
+	sqlDB.Exec(t, `REVOKE node FROM root`)
+
+	err = tc.Servers[0].DB().Del(ctx, catalogkeys.MakeDescMetadataKey(keys.SystemSQLCodec, keys.RoleIDSequenceID))
+	require.NoError(t, err)
+	err = tc.Servers[0].DB().Del(ctx, keys.SystemSQLCodec.SequenceKey(uint32(keys.RoleIDSequenceID)))
+	require.NoError(t, err)
+
 	// Close the channel so that the cluster version is upgraded.
 	close(disableUpgradeCh)
 	// Check the cluster version is bumped to newVersion.

diff --git a/pkg/ccl/backupccl/full_cluster_backup_restore_test.go b/pkg/ccl/backupccl/full_cluster_backup_restore_test.go
@@ -591,7 +591,7 @@ func TestRestoreFromFullClusterBackup(t *testing.T) {
 
 	t.Run("system tables", func(t *testing.T) {
 		sqlDB.Exec(t, `CREATE DATABASE temp_sys`)
-		sqlDB.Exec(t, `RESTORE system.users FROM $1 WITH into_db='temp_sys'`, localFoo)
+		sqlDB.Exec(t, `RESTORE system.users, system.role_id_seq FROM $1 WITH into_db='temp_sys'`, localFoo)
 		sqlDB.CheckQueryResults(t, "SELECT * FROM temp_sys.users", sqlDB.QueryStr(t, "SELECT * FROM system.users"))
 	})
 }
@@ -676,6 +676,7 @@ func TestClusterRestoreFailCleanup(t *testing.T) {
 				{"database_role_settings"},
 				{"jobs"},
 				{"locations"},
+				{"role_id_seq"},
 				{"role_members"},
 				{"role_options"},
 				{"scheduled_jobs"},
@@ -767,6 +768,7 @@ func TestClusterRestoreFailCleanup(t *testing.T) {
 				{"database_role_settings"},
 				{"jobs"},
 				{"locations"},
+				{"role_id_seq"},
 				{"role_members"},
 				{"role_options"},
 				{"scheduled_jobs"},

diff --git a/pkg/ccl/backupccl/system_schema.go b/pkg/ccl/backupccl/system_schema.go
@@ -402,6 +402,10 @@ var systemTableBackupConfiguration = map[string]systemBackupConfiguration{
 	systemschema.SpanCountTable.GetName(): {
 		shouldIncludeInClusterBackup: optOutOfClusterBackup,
 	},
+	systemschema.RoleIDSequence.GetName(): {
+		shouldIncludeInClusterBackup: optInToClusterBackup,
+		customRestoreFunc:            roleIDSequenceCustomRestoreFunc,
+	},
 }
 
 // GetSystemTablesToIncludeInClusterBackup returns a set of system table names that
@@ -464,3 +468,12 @@ func getSystemTablesToRestoreBeforeData() map[string]struct{} {
 
 	return systemTablesToRestoreBeforeData
 }
+
+func roleIDSequenceCustomRestoreFunc(
+	ctx context.Context,
+	execCfg *sql.ExecutorConfig,
+	txn *kv.Txn,
+	systemTableName, tempTableName string,
+) error {
+	return nil
+}
diff --git a/pkg/ccl/backupccl/testdata/backup-restore/feature-flags b/pkg/ccl/backupccl/testdata/backup-restore/feature-flags
@@ -81,10 +81,4 @@ RESTORE TABLE d.t FROM 'nodelocal://1/deprecated';
 ----
 NOTICE: The `RESTORE FROM <backup>` syntax will be removed in a future release, please switch over to using `RESTORE FROM <backup> IN <collection>` to restore a particular backup from a collection: https://www.cockroachlabs.com/docs/stable/restore.html#view-the-backup-subdirectories
 
-
-exec-sql
-RESTORE SYSTEM USERS FROM 'nodelocal://1/deprecated';
-----
-NOTICE: The `RESTORE FROM <backup>` syntax will be removed in a future release, please switch over to using `RESTORE FROM <backup> IN <collection>` to restore a particular backup from a collection: https://www.cockroachlabs.com/docs/stable/restore.html#view-the-backup-subdirectories
-
 subtest end
diff --git a/pkg/ccl/logictestccl/testdata/logic_test/crdb_internal_tenant b/pkg/ccl/logictestccl/testdata/logic_test/crdb_internal_tenant
@@ -13,6 +13,7 @@ SELECT node_id, name FROM crdb_internal.leases ORDER BY name
 0  locations
 0  protected_ts_meta
 0  protected_ts_records
+0  role_id_seq
 0  role_members
 0  role_options
 0  scheduled_jobs

diff --git a/pkg/ccl/spanconfigccl/spanconfigcomparedccl/testdata/basic b/pkg/ccl/spanconfigccl/spanconfigcomparedccl/testdata/basic
@@ -48,6 +48,7 @@ configs version=current offset=41
 ...
 /Table/46                                  database system (host)
 /Table/47                                  database system (host)
+/Table/48                                  database system (host)
 /Table/50                                  database system (host)
 /Table/106                                 num_replicas=7 num_voters=5
 /Table/107                                 num_replicas=7
@@ -57,6 +58,7 @@ configs version=legacy offset=41
 ...
 /Table/46                                  database system (host)
 /Table/47                                  database system (host)
+/Table/48                                  database system (host)
 /Table/50                                  range system
 /Table/106                                 num_replicas=7 num_voters=5
 /Table/107                                 num_replicas=7
@@ -112,9 +114,9 @@ diff
 +/Table/38                                  range system
  /Table/39                                  database system (host)
  /Table/40                                  database system (host)
-@@ -42,5 +42,5 @@
- /Table/46                                  database system (host)
+@@ -43,5 +43,5 @@
  /Table/47                                  database system (host)
+ /Table/48                                  database system (host)
 -/Table/50                                  range system
 +/Table/50                                  database system (host)
  /Table/106                                 num_replicas=7 num_voters=5

diff --git a/pkg/ccl/spanconfigccl/spanconfigcomparedccl/testdata/multitenant b/pkg/ccl/spanconfigccl/spanconfigcomparedccl/testdata/multitenant
@@ -18,6 +18,7 @@ initialize tenant=11
 configs version=current offset=43
 ----
 ...
+/Table/48                                  database system (host)
 /Table/50                                  database system (host)
 /Tenant/10                                 database system (tenant)
 /Tenant/11                                 database system (tenant)

diff --git a/pkg/ccl/spanconfigccl/spanconfigreconcilerccl/testdata/basic b/pkg/ccl/spanconfigccl/spanconfigreconcilerccl/testdata/basic
@@ -54,6 +54,7 @@ upsert /Table/4{4-5}                       database system (host)
 upsert /Table/4{5-6}                       ttl_seconds=7200 ignore_strict_gc=true num_replicas=5 rangefeed_enabled=true
 upsert /Table/4{6-7}                       database system (host)
 upsert /Table/4{7-8}                       database system (host)
+upsert /Table/4{8-9}                       database system (host)
 upsert /Table/5{0-1}                       database system (host)
 
 exec-sql
@@ -91,6 +92,7 @@ upsert /Table/11{2-3}                      num_replicas=7
 state offset=47
 ----
 ...
+/Table/4{8-9}                              database system (host)
 /Table/5{0-1}                              database system (host)
 /Table/10{6-7}                             num_replicas=7 num_voters=5
 /Table/10{7-8}                             num_replicas=7
@@ -181,6 +183,8 @@ delete /Table/4{6-7}
 upsert /Table/4{6-7}                       ttl_seconds=100 ignore_strict_gc=true num_replicas=5 rangefeed_enabled=true
 delete /Table/4{7-8}
 upsert /Table/4{7-8}                       ttl_seconds=100 ignore_strict_gc=true num_replicas=5 rangefeed_enabled=true
+delete /Table/4{8-9}
+upsert /Table/4{8-9}                       ttl_seconds=100 ignore_strict_gc=true num_replicas=5 rangefeed_enabled=true
 delete /Table/5{0-1}
 upsert /Table/5{0-1}                       ttl_seconds=100 ignore_strict_gc=true num_replicas=5 rangefeed_enabled=true
 

diff --git a/pkg/ccl/spanconfigccl/spanconfigreconcilerccl/testdata/indexes b/pkg/ccl/spanconfigccl/spanconfigreconcilerccl/testdata/indexes
@@ -21,6 +21,7 @@ upsert /Table/10{6-7}                      range default
 state offset=47
 ----
 ...
+/Table/4{8-9}                              database system (host)
 /Table/5{0-1}                              database system (host)
 /Table/10{6-7}                             range default
 
@@ -43,6 +44,7 @@ upsert /Table/10{6/3-7}                    num_replicas=7
 state offset=47
 ----
 ...
+/Table/4{8-9}                              database system (host)
 /Table/5{0-1}                              database system (host)
 /Table/106{-/2}                            num_replicas=7
 /Table/106/{2-3}                           num_replicas=7 num_voters=5
@@ -67,6 +69,7 @@ upsert /Table/10{6/3-7}                    ttl_seconds=3600 num_replicas=7
 state offset=47
 ----
 ...
+/Table/4{8-9}                              database system (host)
 /Table/5{0-1}                              database system (host)
 /Table/106{-/2}                            ttl_seconds=3600 num_replicas=7
 /Table/106/{2-3}                           ttl_seconds=25 num_replicas=7 num_voters=5
@@ -81,6 +84,7 @@ ALTER TABLE db.t CONFIGURE ZONE USING num_replicas = 9
 state offset=47
 ----
 ...
+/Table/4{8-9}                              database system (host)
 /Table/5{0-1}                              database system (host)
 /Table/106{-/2}                            ttl_seconds=3600 num_replicas=9
 /Table/106/{2-3}                           ttl_seconds=25 num_replicas=9 num_voters=5
@@ -109,4 +113,5 @@ state offset=46
 ----
 ...
 /Table/4{7-8}                              database system (host)
+/Table/4{8-9}                              database system (host)
 /Table/5{0-1}                              database system (host)
diff --git a/pkg/ccl/spanconfigccl/spanconfigreconcilerccl/testdata/multitenant/basic b/pkg/ccl/spanconfigccl/spanconfigreconcilerccl/testdata/multitenant/basic
@@ -22,6 +22,7 @@ mutations
 state offset=47
 ----
 ...
+/Table/4{8-9}                              database system (host)
 /Table/5{0-1}                              database system (host)
 /Tenant/10{-"\x00"}                        database system (tenant)
 /Tenant/11{-"\x00"}                        database system (tenant)
@@ -67,11 +68,13 @@ upsert /Tenant/10/Table/4{2-3}             database system (tenant)
 upsert /Tenant/10/Table/4{3-4}             database system (tenant)
 upsert /Tenant/10/Table/4{4-5}             database system (tenant)
 upsert /Tenant/10/Table/4{6-7}             database system (tenant)
+upsert /Tenant/10/Table/4{8-9}             database system (tenant)
 upsert /Tenant/10/Table/5{0-1}             database system (tenant)
 
 state offset=47
 ----
 ...
+/Table/4{8-9}                              database system (host)
 /Table/5{0-1}                              database system (host)
 /Tenant/10{-/Table/4}                      database system (tenant)
 /Tenant/10/Table/{4-5}                     database system (tenant)
@@ -107,6 +110,7 @@ state offset=47
 /Tenant/10/Table/4{3-4}                    database system (tenant)
 /Tenant/10/Table/4{4-5}                    database system (tenant)
 /Tenant/10/Table/4{6-7}                    database system (tenant)
+/Tenant/10/Table/4{8-9}                    database system (tenant)
 /Tenant/10/Table/5{0-1}                    database system (tenant)
 /Tenant/11{-"\x00"}                        database system (tenant)
 
@@ -131,7 +135,9 @@ upsert /Tenant/10/Table/11{3-4}            range default
 state offset=81
 ----
 ...
+/Tenant/10/Table/4{4-5}                    database system (tenant)
 /Tenant/10/Table/4{6-7}                    database system (tenant)
+/Tenant/10/Table/4{8-9}                    database system (tenant)
 /Tenant/10/Table/5{0-1}                    database system (tenant)
 /Tenant/10/Table/10{6-7}                   range default
 /Tenant/10/Table/10{7-8}                   range default

diff --git a/pkg/ccl/spanconfigccl/spanconfigreconcilerccl/testdata/multitenant/protectedts b/pkg/ccl/spanconfigccl/spanconfigreconcilerccl/testdata/multitenant/protectedts
@@ -19,6 +19,7 @@ mutations
 state offset=47
 ----
 ...
+/Table/4{8-9}                              database system (host)
 /Table/5{0-1}                              database system (host)
 /Tenant/10{-"\x00"}                        database system (tenant)
 
@@ -83,6 +84,7 @@ upsert /Tenant/10/Table/4{2-3}             database system (tenant)
 upsert /Tenant/10/Table/4{3-4}             database system (tenant)
 upsert /Tenant/10/Table/4{4-5}             database system (tenant)
 upsert /Tenant/10/Table/4{6-7}             database system (tenant)
+upsert /Tenant/10/Table/4{8-9}             database system (tenant)
 upsert /Tenant/10/Table/5{0-1}             database system (tenant)
 
 exec-sql tenant=10

diff --git a/pkg/ccl/spanconfigccl/spanconfigreconcilerccl/testdata/named_zones b/pkg/ccl/spanconfigccl/spanconfigreconcilerccl/testdata/named_zones
@@ -124,6 +124,7 @@ state offset=46
 ----
 ...
 /Table/4{7-8}                              database system (host)
+/Table/4{8-9}                              database system (host)
 /Table/5{0-1}                              database system (host)
 /Table/10{6-7}                             ttl_seconds=50
 
@@ -140,6 +141,7 @@ state offset=46
 ----
 ...
 /Table/4{7-8}                              database system (host)
+/Table/4{8-9}                              database system (host)
 /Table/5{0-1}                              database system (host)
 /Table/10{6-7}                             ttl_seconds=50
 /Table/10{7-8}                             ttl_seconds=50