kv: change meta ranges to honor fine grained data domiciliation zone configs over indexed values #70912
Description
Describe the problem
When using zone configs to home region-sensitive data to their particular regions, the meta ranges do not obey the zone configs and any region-sensitive data in table keys "escape" their region.
This makes it impossible to do strict data sovereignty partitioning using multi-region CockroachDB when domicilied data is indexed. (The issue does not exist when domicilied data is not indexed.)
Note: we already document this limitation in https://www.cockroachlabs.com/docs/stable/data-domiciling.html#limitations
Epic: CRDB-10287
To Reproduce
- create a geo-partitioned table with sensitive data in some indexed columns
- use a zone config to map the region-specific data to separate regions
- run
cockroach debug keyson all nodes
(A simpler version of steps 1-2 is to create a non-partitioned table and introduce split point manually, and simply "imagine" that we have applied separate zone config to each table range. The point below remains the same.)
At step 3, we can see that the indexed values from the table show up in Meta2 keys in nodes that are unrelated to the region specified by the zone config.
Expected behavior
The meta ranges that include data from zoned tables (in the range key boundaries) should not be stored outside of the zone-specified regions.
Today, this is impossible because we do not split the meta ranges at the same boundaries as the tables.
Environment:
crdb v21.2
Jira issue: CRDB-10283