Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

release-23.1: prevent data loss for at risk indexes and add tooling to detect them #106863

Merged
merged 2 commits into from
Jul 18, 2023
Merged

release-23.1: prevent data loss for at risk indexes and add tooling to detect them #106863

merged 2 commits into from
Jul 18, 2023

Conversation

fqazi
Copy link
Collaborator

@fqazi fqazi commented Jul 14, 2023
edited
Loading

This patch aims at doing the following:

  1. Extend the debug doctor / crdb_internal.invalid_objects to detect indexes which could potentially lose data by being dropped specifically when a column is only stored inside them
  2. Add a check inside DROP INDEX to prevent dropping indexes with this problem to avoid data loss.

Fixes: #106794
Informs: #106739

Release justification: low risk and prevents a potentially dangerous action by users

@fqazi
sql/schemachanger: block dropping indexes that are the only source of…
6c8bd9a 
… a column

Previously, because of a bug we could end up with secondary indexes
being the only thing that stored a column. This could lead to data
loss if that secondary index was dropped. To address this, this patch
will block dropping such indexes with a link to the technical advisory.

Informs: cockroachdb#106739

Release note (bug fix): Block dropping of indexes impacted by
technical advisory 99561 if data loss could occur.
@blathers-crl
Copy link

blathers-crl bot commented Jul 14, 2023

Thanks for opening a backport.

Please check the backport criteria before merging:

  • Patches should only be created for serious issues or test-only changes.
  • Patches should not break backwards-compatibility.
  • Patches should change as little code as possible.
  • Patches should not change on-disk formats or node communication protocols.
  • Patches should not add new functionality.
  • Patches must not add, edit, or otherwise modify cluster versions; or add version gates.
If some of the basic criteria cannot be satisfied, ensure that the exceptional criteria are satisfied within.
  • There is a high priority need for the functionality that cannot wait until the next release and is difficult to address in another way.
  • The new functionality is additive-only and only runs for clusters which have specifically “opted in” to it (e.g. by a cluster setting).
  • New code is protected by a conditional check that is trivial to verify and ensures that it only runs for opt-in clusters.
  • The PM and TL on the team that owns the changed code have signed off that the change obeys the above rules.

Add a brief release justification to the body of your PR to justify this backport.

Some other things to consider:

  • What did we do to ensure that a user that doesn’t know & care about this backport, has no idea that it happened?
  • Will this work in a cluster of mixed patch versions? Did we test that?
  • If a user upgrades a patch version, uses this feature, and then downgrades, what happens?

@cockroach-teamcity
Copy link
Member

This change is Reviewable

@fqazi fqazi force-pushed the blockDropIndexEnhance branch from 2f3e694 to 257c252 Compare July 14, 2023 20:05
@fqazi
sql/catalog: add optional validation that primary indexes store all c…
6d7c916 
…olumns

Previously, we had a bug were it was possible that the primary indexes
was not storing some non-virtual columns. Unfortunately, adding
validation in all cases would break existing customers, so as
a safety we have added validation to crdb_internal.invalid_objects
and the debug doctor command. To address this, this patch adds a
new validation level only for invalid_objects / doctor.

Fixes: cockroachdb#106794
Informs: cockroachdb#106739

Release note: None
@fqazi fqazi force-pushed the blockDropIndexEnhance branch from 257c252 to 6d7c916 Compare July 14, 2023 20:13
@fqazi fqazi marked this pull request as ready for review July 14, 2023 21:12
@fqazi fqazi requested a review from a team as a code owner July 14, 2023 21:12
@fqazi fqazi mentioned this pull request Jul 17, 2023
Merged
rafiss
rafiss approved these changes Jul 18, 2023
View reviewed changes
Copy link
Collaborator

@rafiss rafiss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is quite nice! just had a minor question about the tests

also, do you think we should forward-port the first commit to master?

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @fqazi)

pkg/sql/logictest/testdata/logic_test/drop_index line 558 at r1 (raw file):

# Drop INDEX will be blocked
statement error pq: index t_with_idx_data_loss_n_idx cannot be safely dropped, since doing so will lose data in certain columns
DROP INDEX t_with_idx_data_loss@t_with_idx_data_loss_n_idx;

nice test here. just wanted to check if the test already runs for both legacy and new schema changers?

@fqazi
Copy link
Collaborator Author

fqazi commented Jul 18, 2023

this is quite nice! just had a minor question about the tests

also, do you think we should forward-port the first commit to master?

That scenario is already blocked by validation on master, so we should no longer have the danger anymore.

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @fqazi)

pkg/sql/logictest/testdata/logic_test/drop_index line 558 at r1 (raw file):

# Drop INDEX will be blocked
statement error pq: index t_with_idx_data_loss_n_idx cannot be safely dropped, since doing so will lose data in certain columns
DROP INDEX t_with_idx_data_loss@t_with_idx_data_loss_n_idx;

nice test here. just wanted to check if the test already runs for both legacy and new schema changers?

Yes this test runs in both cases, so we should be covered

@fqazi fqazi merged commit dbda14c into cockroachdb:release-23.1 Jul 18, 2023
@blathers-crl
Copy link

blathers-crl bot commented Jul 18, 2023

Encountered an error creating backports. Some common things that can go wrong:

  1. The backport branch might have already existed.
  2. There was a merge conflict.
  3. The backport branch contained merge commits.

You might need to create your backport manually using the backport tool.

error creating merge commit from 6c8bd9a to blathers/backport-release-22.2-106863: POST https://api.github.com/repos/cockroachdb/cockroach/merges: 409 Merge conflict []

you may need to manually resolve merge conflicts with the backport tool.

Backport to branch 22.2.x failed. See errors above.

🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is dev-inf.

@celiala celiala mentioned this pull request Jul 21, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rafiss rafiss rafiss approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fqazi @cockroach-teamcity @rafiss