From ebf8c3e8ea2684a42b18835a9cf29c464c7f2e0d Mon Sep 17 00:00:00 2001 From: irfan sharif Date: Wed, 25 Nov 2020 21:18:39 -0500 Subject: [PATCH] sql,clusterversion: remove VersionAuthLocalAndTrustRejectMethods It's an old cluster version, introduced in the 19.2 release cycle. It's now safe to remove. Part of #47447. Fixes #56398. Release note: None --- pkg/ccl/gssapiccl/gssapi.go | 3 +- pkg/clusterversion/cockroach_versions.go | 20 --------- pkg/clusterversion/versionkey_string.go | 56 ++++++++++++------------ pkg/sql/pgwire/auth_methods.go | 12 +++-- pkg/sql/pgwire/hba_conf.go | 33 +++----------- 5 files changed, 38 insertions(+), 86 deletions(-) diff --git a/pkg/ccl/gssapiccl/gssapi.go b/pkg/ccl/gssapiccl/gssapi.go index 8790b78b9b61..f8ee5d797666 100644 --- a/pkg/ccl/gssapiccl/gssapi.go +++ b/pkg/ccl/gssapiccl/gssapi.go @@ -21,7 +21,6 @@ import ( "unsafe" "github.com/cockroachdb/cockroach/pkg/ccl/utilccl" - "github.com/cockroachdb/cockroach/pkg/clusterversion" "github.com/cockroachdb/cockroach/pkg/security" "github.com/cockroachdb/cockroach/pkg/sql" "github.com/cockroachdb/cockroach/pkg/sql/pgwire" @@ -207,5 +206,5 @@ func checkEntry(entry hba.Entry) error { } func init() { - pgwire.RegisterAuthMethod("gss", authGSS, clusterversion.Version19_1, hba.ConnHostSSL, checkEntry) + pgwire.RegisterAuthMethod("gss", authGSS, hba.ConnHostSSL, checkEntry) } diff --git a/pkg/clusterversion/cockroach_versions.go b/pkg/clusterversion/cockroach_versions.go index 7ba8009d4c73..5733b56f237f 100644 --- a/pkg/clusterversion/cockroach_versions.go +++ b/pkg/clusterversion/cockroach_versions.go @@ -115,10 +115,6 @@ type VersionKey int const ( _ VersionKey = iota - 1 // want first named one to start at zero - // Version19_1 is CockroachDB v19.1. It's used for all v19.1.x patch - // releases. - Version19_1 - // v20.1 versions. // // VersionNamespaceTableWithSchemas is @@ -128,14 +124,6 @@ const ( // added parentSchemaID column. In addition to the new column, the table is // no longer in the system config range -- implying it is no longer gossiped. VersionNamespaceTableWithSchemas - // VersionAuthLocalAndTrustRejectMethods introduces the HBA rule - // prefix 'local' and auth methods 'trust' and 'reject', for use - // in server.host_based_authentication.configuration. - // - // A separate cluster version ensures the new syntax is not - // introduced while previous-version nodes are still running, as - // this would block any new SQL client. - VersionAuthLocalAndTrustRejectMethods // TODO(irfansharif): The versions above can/should all be removed. They // were orinally introduced in v20.1. There are inflight PRs to do so @@ -240,18 +228,10 @@ const ( // minor version until we are absolutely sure that no new migrations will need // to be added (i.e., when cutting the final release candidate). var versionsSingleton = keyedVersions([]keyedVersion{ - { - Key: Version19_1, - Version: roachpb.Version{Major: 19, Minor: 1}, - }, { Key: VersionNamespaceTableWithSchemas, Version: roachpb.Version{Major: 19, Minor: 2, Internal: 5}, }, - { - Key: VersionAuthLocalAndTrustRejectMethods, - Version: roachpb.Version{Major: 19, Minor: 2, Internal: 8}, - }, // v20.2 versions. { diff --git a/pkg/clusterversion/versionkey_string.go b/pkg/clusterversion/versionkey_string.go index 469008264afb..61075b57e639 100644 --- a/pkg/clusterversion/versionkey_string.go +++ b/pkg/clusterversion/versionkey_string.go @@ -8,38 +8,36 @@ func _() { // An "invalid array index" compiler error signifies that the constant values have changed. // Re-run the stringer command to generate them again. var x [1]struct{} - _ = x[Version19_1-0] - _ = x[VersionNamespaceTableWithSchemas-1] - _ = x[VersionAuthLocalAndTrustRejectMethods-2] - _ = x[VersionStart20_2-3] - _ = x[VersionGeospatialType-4] - _ = x[VersionEnums-5] - _ = x[VersionRangefeedLeases-6] - _ = x[VersionAlterColumnTypeGeneral-7] - _ = x[VersionAlterSystemJobsAddCreatedByColumns-8] - _ = x[VersionAddScheduledJobsTable-9] - _ = x[VersionUserDefinedSchemas-10] - _ = x[VersionNoOriginFKIndexes-11] - _ = x[VersionClientRangeInfosOnBatchResponse-12] - _ = x[VersionNodeMembershipStatus-13] - _ = x[VersionRangeStatsRespHasDesc-14] - _ = x[VersionMinPasswordLength-15] - _ = x[VersionAbortSpanBytes-16] - _ = x[VersionAlterSystemJobsAddSqllivenessColumnsAddNewSystemSqllivenessTable-17] - _ = x[VersionMaterializedViews-18] - _ = x[VersionBox2DType-19] - _ = x[VersionLeasedDatabaseDescriptors-20] - _ = x[VersionUpdateScheduledJobsSchema-21] - _ = x[VersionCreateLoginPrivilege-22] - _ = x[VersionHBAForNonTLS-23] - _ = x[Version20_2-24] - _ = x[VersionStart21_1-25] - _ = x[VersionEmptyArraysInInvertedIndexes-26] + _ = x[VersionNamespaceTableWithSchemas-0] + _ = x[VersionStart20_2-1] + _ = x[VersionGeospatialType-2] + _ = x[VersionEnums-3] + _ = x[VersionRangefeedLeases-4] + _ = x[VersionAlterColumnTypeGeneral-5] + _ = x[VersionAlterSystemJobsAddCreatedByColumns-6] + _ = x[VersionAddScheduledJobsTable-7] + _ = x[VersionUserDefinedSchemas-8] + _ = x[VersionNoOriginFKIndexes-9] + _ = x[VersionClientRangeInfosOnBatchResponse-10] + _ = x[VersionNodeMembershipStatus-11] + _ = x[VersionRangeStatsRespHasDesc-12] + _ = x[VersionMinPasswordLength-13] + _ = x[VersionAbortSpanBytes-14] + _ = x[VersionAlterSystemJobsAddSqllivenessColumnsAddNewSystemSqllivenessTable-15] + _ = x[VersionMaterializedViews-16] + _ = x[VersionBox2DType-17] + _ = x[VersionLeasedDatabaseDescriptors-18] + _ = x[VersionUpdateScheduledJobsSchema-19] + _ = x[VersionCreateLoginPrivilege-20] + _ = x[VersionHBAForNonTLS-21] + _ = x[Version20_2-22] + _ = x[VersionStart21_1-23] + _ = x[VersionEmptyArraysInInvertedIndexes-24] } -const _VersionKey_name = "Version19_1VersionNamespaceTableWithSchemasVersionAuthLocalAndTrustRejectMethodsVersionStart20_2VersionGeospatialTypeVersionEnumsVersionRangefeedLeasesVersionAlterColumnTypeGeneralVersionAlterSystemJobsAddCreatedByColumnsVersionAddScheduledJobsTableVersionUserDefinedSchemasVersionNoOriginFKIndexesVersionClientRangeInfosOnBatchResponseVersionNodeMembershipStatusVersionRangeStatsRespHasDescVersionMinPasswordLengthVersionAbortSpanBytesVersionAlterSystemJobsAddSqllivenessColumnsAddNewSystemSqllivenessTableVersionMaterializedViewsVersionBox2DTypeVersionLeasedDatabaseDescriptorsVersionUpdateScheduledJobsSchemaVersionCreateLoginPrivilegeVersionHBAForNonTLSVersion20_2VersionStart21_1VersionEmptyArraysInInvertedIndexes" +const _VersionKey_name = "VersionNamespaceTableWithSchemasVersionStart20_2VersionGeospatialTypeVersionEnumsVersionRangefeedLeasesVersionAlterColumnTypeGeneralVersionAlterSystemJobsAddCreatedByColumnsVersionAddScheduledJobsTableVersionUserDefinedSchemasVersionNoOriginFKIndexesVersionClientRangeInfosOnBatchResponseVersionNodeMembershipStatusVersionRangeStatsRespHasDescVersionMinPasswordLengthVersionAbortSpanBytesVersionAlterSystemJobsAddSqllivenessColumnsAddNewSystemSqllivenessTableVersionMaterializedViewsVersionBox2DTypeVersionLeasedDatabaseDescriptorsVersionUpdateScheduledJobsSchemaVersionCreateLoginPrivilegeVersionHBAForNonTLSVersion20_2VersionStart21_1VersionEmptyArraysInInvertedIndexes" -var _VersionKey_index = [...]uint16{0, 11, 43, 80, 96, 117, 129, 151, 180, 221, 249, 274, 298, 336, 363, 391, 415, 436, 507, 531, 547, 579, 611, 638, 657, 668, 684, 719} +var _VersionKey_index = [...]uint16{0, 32, 48, 69, 81, 103, 132, 173, 201, 226, 250, 288, 315, 343, 367, 388, 459, 483, 499, 531, 563, 590, 609, 620, 636, 671} func (i VersionKey) String() string { if i < 0 || i >= VersionKey(len(_VersionKey_index)-1) { diff --git a/pkg/sql/pgwire/auth_methods.go b/pkg/sql/pgwire/auth_methods.go index 9856a8f8cadc..6cbc28f95f8d 100644 --- a/pkg/sql/pgwire/auth_methods.go +++ b/pkg/sql/pgwire/auth_methods.go @@ -16,7 +16,6 @@ import ( "crypto/tls" "fmt" - "github.com/cockroachdb/cockroach/pkg/clusterversion" "github.com/cockroachdb/cockroach/pkg/security" "github.com/cockroachdb/cockroach/pkg/sql" "github.com/cockroachdb/cockroach/pkg/sql/pgwire/hba" @@ -41,27 +40,26 @@ func loadDefaultMethods() { // // Care should be taken by administrators to only accept this auth // method over secure connections, e.g. those encrypted using SSL. - RegisterAuthMethod("password", authPassword, clusterversion.Version19_1, hba.ConnAny, nil) + RegisterAuthMethod("password", authPassword, hba.ConnAny, nil) // The "cert" method requires a valid client certificate for the // user attempting to connect. // // This method is only usable over SSL connections. - RegisterAuthMethod("cert", authCert, clusterversion.Version19_1, hba.ConnHostSSL, nil) + RegisterAuthMethod("cert", authCert, hba.ConnHostSSL, nil) // The "cert-password" method requires either a valid client // certificate for the connecting user, or, if no cert is provided, // a cleartext password. - RegisterAuthMethod("cert-password", authCertPassword, clusterversion.Version19_1, hba.ConnAny, nil) + RegisterAuthMethod("cert-password", authCertPassword, hba.ConnAny, nil) // The "reject" method rejects any connection attempt that matches // the current rule. - RegisterAuthMethod("reject", authReject, clusterversion.VersionAuthLocalAndTrustRejectMethods, hba.ConnAny, nil) + RegisterAuthMethod("reject", authReject, hba.ConnAny, nil) // The "trust" method accepts any connection attempt that matches // the current rule. - RegisterAuthMethod("trust", authTrust, clusterversion.VersionAuthLocalAndTrustRejectMethods, hba.ConnAny, nil) - + RegisterAuthMethod("trust", authTrust, hba.ConnAny, nil) } // AuthMethod defines a method for authentication of a connection. diff --git a/pkg/sql/pgwire/hba_conf.go b/pkg/sql/pgwire/hba_conf.go index 270ae5399802..c1b8816e4f61 100644 --- a/pkg/sql/pgwire/hba_conf.go +++ b/pkg/sql/pgwire/hba_conf.go @@ -143,13 +143,6 @@ func checkHBASyntaxBeforeUpdatingSetting(values *settings.Values, s string) erro switch entry.ConnType { case hba.ConnHostAny: case hba.ConnLocal: - if vh != nil && - !vh.IsActive(context.TODO(), clusterversion.VersionAuthLocalAndTrustRejectMethods) { - return pgerror.Newf(pgcode.ObjectNotInPrerequisiteState, - `authentication rule type 'local' requires all nodes to be upgraded to %s`, - clusterversion.VersionByKey(clusterversion.VersionAuthLocalAndTrustRejectMethods), - ) - } case hba.ConnHostSSL, hba.ConnHostNoSSL: if vh != nil && !vh.IsActive(context.TODO(), clusterversion.VersionHBAForNonTLS) { @@ -198,13 +191,6 @@ func checkHBASyntaxBeforeUpdatingSetting(values *settings.Values, s string) erro "unknown auth method %q", entry.Method.Value), "Supported methods: %s", listRegisteredMethods()) } - // Verify that the cluster setting is at least the required version. - if vh != nil && !vh.IsActive(context.TODO(), method.minReqVersion) { - return pgerror.Newf(pgcode.ObjectNotInPrerequisiteState, - `authentication method '%s' requires all nodes to be upgraded to %s`, - entry.Method.Value, - clusterversion.VersionByKey(method.minReqVersion)) - } // Run the per-method validation. if check := hbaCheckHBAEntries[entry.Method.Value]; check != nil { if err := check(entry); err != nil { @@ -238,14 +224,14 @@ func ParseAndNormalize(val string) (*hba.Conf, error) { // Lookup and cache the auth methods. for i := range conf.Entries { method := conf.Entries[i].Method.Value - methodEntry, ok := hbaAuthMethods[method] + info, ok := hbaAuthMethods[method] if !ok { // TODO(knz): Determine if an error should be reported // upon unknown auth methods. // See: https://github.com/cockroachdb/cockroach/issues/43716 return nil, errors.Errorf("unknown auth method %s", method) } - conf.Entries[i].MethodFn = methodEntry.methodInfo + conf.Entries[i].MethodFn = info } return conf, nil @@ -323,13 +309,9 @@ func (s *Server) GetAuthenticationConfiguration() *hba.Conf { // configuration. It can block the configuration if e.g. the syntax is // invalid. func RegisterAuthMethod( - method string, - fn AuthMethod, - minReqVersion clusterversion.VersionKey, - validConnTypes hba.ConnType, - checkEntry CheckHBAEntry, + method string, fn AuthMethod, validConnTypes hba.ConnType, checkEntry CheckHBAEntry, ) { - hbaAuthMethods[method] = authMethodEntry{methodInfo{validConnTypes, fn}, minReqVersion} + hbaAuthMethods[method] = methodInfo{validConnTypes, fn} if checkEntry != nil { hbaCheckHBAEntries[method] = checkEntry } @@ -347,15 +329,10 @@ func listRegisteredMethods() string { } var ( - hbaAuthMethods = map[string]authMethodEntry{} + hbaAuthMethods = map[string]methodInfo{} hbaCheckHBAEntries = map[string]CheckHBAEntry{} ) -type authMethodEntry struct { - methodInfo - minReqVersion clusterversion.VersionKey -} - type methodInfo struct { validConnTypes hba.ConnType fn AuthMethod