Skip to content

sql: adding/removing locality config on first region add/last region drop doesn't account for privileges  #61003

Closed
#62186
Closed
sql: adding/removing locality config on first region add/last region drop doesn't account for privileges #61003
#62186
Assignees
arulajmani
Labels
A-multiregionRelated to multi-regionC-bugCode not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior.GA-blocker
@arulajmani

Description

@arulajmani
arulajmani
opened on Feb 23, 2021

Describe the problem

For illustration, consider:

cockroach/pkg/sql/alter_database.go

Line 573 in 9e41034

if err := forEachTableDesc(ctx, p, desc, hideVirtual,

The API used here, ForEachTableDesc filters out descriptors that the user doesn't have visibility to (per privileges/ownership). This opens us up to a scenario where a user may add a region to a database but not modify all of the tables that exist inside the database with the default locality config. Later, when such a table is accessed, it will fail validation as we explicitly ensure all tables inside a MR database have a locality config set on them.

Expected behavior
In the illustration above, adding a region should fail if the user doesn't have permissions to modify all of the tables inside the database. Separately, the choice of API (ForEachTableDesc) is completely wrong here.

Additional context
This issue also manifests itself when we repartition Regional By Table tables when adding/dropping subsequent regions (albeit slightly differently).

Metadata

Metadata

Assignees

Labels

A-multiregionRelated to multi-regionC-bugCode not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior.GA-blocker

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions