importccl: panic on IMPORT INTO by admin users without explicit privileges #44252
Description
Non-root admin users that are not given explicit create privileges will trigger a panic when attempting to IMPORT INTO and will not be able to perform an IMPORT due to errors around insufficient privileges.
Example reproduction steps (with an enterprise cluster):
CREATE USER someuser;
GRANT admin TO someuser;Then, as "someuser" (e.g. ./cockroach sql --insecure -u=someuser):
IMPORT TABLE bar (a INT) CSV DATA ('nodelocal:///some_data_file.csv');
Will yield an error: ERROR: creating tables: restoring table desc and namespace entries: user someuser does not have CREATE privilege on database defaultdb
Additionally, running:
CREATE TABLE foo (a int);
IMPORT INTO foo (a) CSV DATA ('nodelocal:///some_data_file.csv');
This will invoke a panic:
/usr/local/Cellar/go/1.13.4/libexec/src/runtime/debug/stack.go:24 +0x9d
github.com/cockroachdb/cockroach/pkg/util/log.ReportPanic(0x80bfe80, 0xc0047296c0, 0xc0003f0a80, 0x7399f80, 0xa18fbb0, 0x1)
/Users/pbardea/go/src/github.com/cockroachdb/cockroach/pkg/util/log/crash_reporting.go:217 +0xb5
github.com/cockroachdb/cockroach/pkg/util/stop.(*Stopper).Recover(0xc000b91680, 0x80bfe80, 0xc0047296c0)
/Users/pbardea/go/src/github.com/cockroachdb/cockroach/pkg/util/stop/stopper.go:180 +0xe4
panic(0x7399f80, 0xa18fbb0)
/usr/local/Cellar/go/1.13.4/libexec/src/runtime/panic.go:679 +0x1b2
sync.(*Mutex).Lock(...)
/usr/local/Cellar/go/1.13.4/libexec/src/sync/mutex.go:74
github.com/cockroachdb/cockroach/pkg/internal/client.(*Txn).ReadTimestamp(0x0, 0x0, 0x0)
/Users/pbardea/go/src/github.com/cockroachdb/cockroach/pkg/internal/client/txn.go:272 +0x3e
github.com/cockroachdb/cockroach/pkg/sql.(*TableCollection).getTableVersion(0xc006897cc0, 0x80bff40, 0xc0006f1170, 0x0, 0xa1fd4e0, 0x1, 0x0, 0xc005c0ca50, 0x4dca84a)
/Users/pbardea/go/src/github.com/cockroachdb/cockroach/pkg/sql/table.go:295 +0x4fb
github.com/cockroachdb/cockroach/pkg/sql.(*CachedPhysicalAccessor).GetObjectDesc(0xc000338fc0, 0x80bff40, 0xc0006f1170, 0x0, 0xc0003f0a80, 0xa1fd4e0, 0x1, 0x6, 0xc005c0ca90, 0x4dcc207, ...)
/Users/pbardea/go/src/github.com/cockroachdb/cockroach/pkg/sql/physical_schema_accessors.go:330 +0x2ab
github.com/cockroachdb/cockroach/pkg/sql.(*planner).MemberOfWithAdminOption(0xc0044ac000, 0x80bff40, 0xc0006f1170, 0xc000346070, 0x4, 0x2, 0x0, 0xc005c0cc68)
/Users/pbardea/go/src/github.com/cockroachdb/cockroach/pkg/sql/authorization.go:200 +0xba
github.com/cockroachdb/cockroach/pkg/sql.(*planner).CheckPrivilege(0xc0044ac000, 0x80bff40, 0xc0006f1170, 0x81269e0, 0xc00443e000, 0xc000000002, 0xc8691f0, 0x0)
/Users/pbardea/go/src/github.com/cockroachdb/cockroach/pkg/sql/authorization.go:103 +0x18a
github.com/cockroachdb/cockroach/pkg/ccl/importccl.prepareExistingTableDescForIngestion(0x80bff40, 0xc0006f1170, 0xc000b334d0, 0xc00443e000, 0x8152220, 0xc0044ac000, 0x6, 0x400bb4b, 0xc00004e000)
/Users/pbardea/go/src/github.com/cockroachdb/cockroach/pkg/ccl/importccl/import_stmt.go:789 +0x99
github.com/cockroachdb/cockroach/pkg/ccl/importccl.(*importResumer).prepareTableDescsForIngestion.func1(0x80bff40, 0xc0006f1170, 0xc000b334d0, 0x0, 0x0)
/Users/pbardea/go/src/github.com/cockroachdb/cockroach/pkg/ccl/importccl/import_stmt.go:848 +0x7d9
github.com/cockroachdb/cockroach/pkg/internal/client.(*DB).Txn.func1(0x80bff40, 0xc0006f1170, 0xc000b334d0, 0x8148e60, 0xc004327200)
/Users/pbardea/go/src/github.com/cockroachdb/cockroach/pkg/internal/client/db.go:717 +0x43
github.com/cockroachdb/cockroach/pkg/internal/client.(*Txn).exec(0xc000b334d0, 0x80bff40, 0xc0006f1170, 0xc00451d520, 0xc000b334d0, 0xc0004ef400)
/Users/pbardea/go/src/github.com/cockroachdb/cockroach/pkg/internal/client/txn.go:759 +0xd9
github.com/cockroachdb/cockroach/pkg/internal/client.(*DB).Txn(0xc000b9f680, 0x80bff40, 0xc0006f1170, 0xc005c0d570, 0x777e860, 0xc0006f11a0)
/Users/pbardea/go/src/github.com/cockroachdb/cockroach/pkg/internal/client/db.go:716 +0xd1
github.com/cockroachdb/cockroach/pkg/ccl/importccl.(*importResumer).prepareTableDescsForIngestion(0xc003f8b300, 0x80bff40, 0xc0006f1170, 0x8152220, 0xc0044ac000, 0xc0057e0980, 0x1, 0x1, 0xc004020590, 0x1, ...)
/Users/pbardea/go/src/github.com/cockroachdb/cockroach/pkg/ccl/importccl/import_stmt.go:837 +0xbe
github.com/cockroachdb/cockroach/pkg/ccl/importccl.(*importResumer).Resume(0xc003f8b300, 0x80bff40, 0xc0006f1170, 0x786bce0, 0xc0044ac000, 0xc000c6ccc0, 0xc0006f1170, 0x8126ae0)
/Users/pbardea/go/src/github.com/cockroachdb/cockroach/pkg/ccl/importccl/import_stmt.go:916 +0xa84
github.com/cockroachdb/cockroach/pkg/jobs.(*Registry).resume.func1(0x80bff40, 0xc0006f1170)
/Users/pbardea/go/src/github.com/cockroachdb/cockroach/pkg/jobs/registry.go:662 +0x36d
github.com/cockroachdb/cockroach/pkg/util/stop.(*Stopper).RunAsyncTask.func1(0xc000b91680, 0x80bfe80, 0xc0047296c0, 0xc003a42f80, 0x1e, 0x0, 0x0, 0xc003c8f9f0)
/Users/pbardea/go/src/github.com/cockroachdb/cockroach/pkg/util/stop/stopper.go:322 +0x152
created by github.com/cockroachdb/cockroach/pkg/util/stop.(*Stopper).RunAsyncTask
/Users/pbardea/go/src/github.com/cockroachdb/cockroach/pkg/util/stop/stopper.go:317 +0x131
Metadata
Metadata
Assignees
Labels
No labels