Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

release-24.3: roachprod: add sufficient tenant ids when creating v22.2 client certs #136326

Merged
merged 1 commit into from
Dec 2, 2024
Merged

release-24.3: roachprod: add sufficient tenant ids when creating v22.2 client certs #136326

merged 1 commit into from
Dec 2, 2024

Conversation

DarrylWong
Copy link
Contributor

Backport 1/1 commits from #136319.

/cc @cockroachdb/release

In v22.2, tenant ids must be specified when creating client certs. Previously, only a select number tenant ids of were specified. Those ids were chosen to match the hardcoded ids used by the old multitenant roachprod framework.

Now that the new mt framework assigns ids sequentially, we see that creating tenants with ids not specified causes auth issues on clusters bootstrapped on 22.2. Since there should be no drawback to assigning more valid tenant ids than needed, we now add tenants 1 to 100. This should be more than enough for roachprod/roachtest.

Fixes: #133282
Epic: none
Relese note: none

Release Justification: test only change

@blathers-crl blathers[crl]
Copy link

blathers-crl bot commented Nov 27, 2024

Thanks for opening a backport.

Please check the backport criteria before merging:

  • Backports should only be created for serious
    issues     or test-only changes.
  • Backports should not break backwards-compatibility.
  • Backports should change as little code as possible.
  • Backports should not change on-disk formats or node communication protocols.
  • Backports should not add new functionality (except as defined
    here).
  • Backports must not add, edit, or otherwise modify cluster versions; or add version gates.
  • All backports must be reviewed by the owning areas TL. For more information as to how that review should be conducted, please consult the backport
    policy    .
If your backport adds new functionality, please ensure that the following additional criteria are satisfied:
  • There is a high priority need for the functionality that cannot wait until the next release and is difficult to address in another way.
  • The new functionality is additive-only and only runs for clusters which have specifically “opted in” to it (e.g. by a cluster setting).
  • New code is protected by a conditional check that is trivial to verify and ensures that it only runs for opt-in clusters. State changes must be further protected such that nodes running old binaries will not be negatively impacted by the new state (with a mixed version test added).
  • The PM and TL on the team that owns the changed code have signed off that the change obeys the above rules.
  • Your backport must be accompanied by a post to the appropriate Slack
    channel (#db-backports-point-releases or #db-backports-XX-X-release) for awareness and discussion.

Also, please add a brief release justification to the body of your PR to justify this
backport.

@blathers-crl blathers-crl bot added the backport Label PR's that are backports to older release branches label Nov 27, 2024
@cockroach-teamcity
Copy link
Member

This change is Reviewable

@DarrylWong
roachprod: add sufficient tenant ids when creating v22.2 client certs
cd6e53c 
In v22.2, tenant ids must be specified when creating client certs.
Previously, only a select number tenant ids of were specified. Those ids
were chosen to match the hardcoded ids used by the old multitenant
roachprod framework.

Now that the new mt framework assigns ids sequentially, we see that
creating tenants with ids not specified causes auth issues on clusters
bootstrapped on 22.2. Since there should be no drawback to assigning
more valid tenant ids than needed, we now add tenants 1 to 100. This
should be more than enough for roachprod/roachtest.

Fixes: cockroachdb#133282
Epic: none
Relese note: none
@DarrylWong DarrylWong marked this pull request as ready for review December 2, 2024 16:09
@DarrylWong DarrylWong requested a review from a team as a code owner December 2, 2024 16:09
@DarrylWong DarrylWong requested review from nameisbhaskar and vidit-bhat and removed request for a team December 2, 2024 16:09
@srosenberg srosenberg self-requested a review December 2, 2024 16:17
@DarrylWong DarrylWong merged commit b8ec26a into cockroachdb:release-24.3 Dec 2, 2024
20 of 21 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@srosenberg srosenberg srosenberg approved these changes

@nameisbhaskar nameisbhaskar Awaiting requested review from nameisbhaskar nameisbhaskar is a code owner automatically assigned from cockroachdb/test-eng

@vidit-bhat vidit-bhat Awaiting requested review from vidit-bhat vidit-bhat is a code owner automatically assigned from cockroachdb/test-eng

Assignees
No one assigned
Labels
backport Label PR's that are backports to older release branches
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DarrylWong @cockroach-teamcity @srosenberg