Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
87302: pkg/security: relax requirement to follow CRDB URI SAN cert scheme r=knz a=abarganier Recently, a customer upgraded to v22.1.6, a recent patch release which contains the new tenant-scoped client certificates and asssociated authorization logic updates. The new authz logic *required* that the SAN URIs included in the client certificate followed the URI SAN scheme: `crdb://tenant/<tenant_id>/user/<tenant_username>` However, for customers that use URI SANs that do not follow this convention or do not have the flexibility to alter the URI SAN, this was preventing them from using their existing certificates. This would generate an error when attempting to connect to a SQL shell. One example URI SAN is as follows: `mycompany:sv:rootclient:dev:usw1` This is a certificate that worked with the legacy behavior, but is rejected by the new authz logic. We should update the authz logic to be less strict about the URI SAN following our own scheme. If we are unable to parse the URI SAN then we should fallback to using the globally scoped client certificate instead, enabling backwards compatibility. This patch does just that, logging an error in the case where we are unable to parse the URI SAN and instead falling back to the legacy behavior, producing a global user scope for the certificate. Release note: none Release justification: low risk, necessary fix to enable customers using custom URI SAN schemes to continue using their existing certificates on newer CRDB versions. Addresses #87235 87311: backupccl: parallelize loading of manifests from External Storage r=benbardin a=adityamaru This change is a targetted change to parallelize the loading of backup manifests for each incremental layer of a backup. This method is shared by both restore as well as `SHOW BACKUP`. Fixes: #87183 Release note: None Release justification: low risk performance improvement required for making `SHOW BACKUP` in the presence of many incremental layers more performant 87316: sctest: Augmented BACKUP/RESTORE tests with table-level restore r=Xiang-Gu a=Xiang-Gu Commit 1: non-code minor changes (added comments, moved function a little bit) Commit 2: Previously, the Backup test in declarative schema changer backups the whole database and restore the whole database with `RESTORE DATABASE`. This PR augments the test by adding another flavor to restore: `RESTORE TABLE tbl1,...,tblN` where `tblx` are *all* the tables in the backup. This will nicely give us coverage for `RESTORE TABLE` when a declarative schema changer job is restored. Note that ideally we want to randomly restore only a subset of all the table. Indeed I tried to implement that but realize it was blocked by one limitation in the declarative shcema changer: We don't yet support restore schema changer job that skips missing sequences (E.g. if we have a table `t` and a sequence `s`, and I want to `ALTER TABLE t ADD COLUMN c DEFAULT nextval('s')`, we backup database in PostCommit phase. Later when we restore just `t`, the schema changer job will run into error `error executing 'missing rewrite for id 109 in <column_default_expression:<table_id:108 column_id:2 embedded_expr:<expr:"nextval(109:::REGCLASS)" uses_sequence_ids:109 >)`) This issue is tracked in #87518. Fixes: #86835 Release justification: test-only changes Release note: None 87446: authors: add faizaanmadhani to authors r=faizaanmadhani a=faizaanmadhani Release note: None Release justification: non-production code change 87459: scbuildstmt: fallback if adding a virtual column with NOT NULL r=Xiang-Gu a=Xiang-Gu We found a regression in the new schema changer for the following stmt: `ALTER TABLE t ADD COLUMN j INT AS (NULL::INT) VIRTUAL NOT NULL;` incorrectly succeeded. This PR made `ADD COLUMN` fall back if the to-be-added column is a virtual column with NOT NULL constraint. Surprisingly, we actually have logic tests in place for this case but it has incorrect expected output so we also changed the exsiting tests. Fix: #87457 Release justification: bug fix for GA blocker. Release note: None 87506: ci: add some extra environment variables for sqllogic corpus nightly r=healthy-pod a=rickystewart Without these extra environment variables, GitHub posting doesn't work correctly. Release justification: Non-production code changes Release note: None Co-authored-by: Alex Barganier <[email protected]> Co-authored-by: adityamaru <[email protected]> Co-authored-by: Xiang Gu <[email protected]> Co-authored-by: Faizaan Madhani <[email protected]> Co-authored-by: Ricky Stewart <[email protected]>
- Loading branch information