Skip to content

tenantcapabilities: allow secondary tenants to query capability state when performing SQL operations #95514

Open
Open
tenantcapabilities: allow secondary tenants to query capability state when performing SQL operations#95514
Labels
C-enhancementSolution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)ua-ux-papercutUX and OX bugs that would be GA blockers but are acceptable because UA is tech preview
@arulajmani

Description

@arulajmani
arulajmani
opened on Jan 19, 2023

Describe the problem

References #85954.

Once tenant capabilities are in effect, secondary tenants will be able to issue admin operations such as splits. If a tenant is trying to issue an operation for which it doesn't have the right capabilities, it will get an auth error. Ideally, the tenant should only issue the operation if it has the right capabilities. As such, we should perform a capability check in the SQL layer, instead of relying on the Auth code to bubble up errors.

The origin of the error (auth vs. SQL) isn't particularly meaningful for admin operations such as splits. However, once we expand capabilities to include span configurations as well, it'll become important -- we don't want tenants committing zone configuration changes that cannot be reconciled because they don't have the correct capabilities.

We should add a CapabilityChecker interface, and implement it via the Connector, that allows secondary tenants to query the status of their tenant capabilities.

Jira issue: CRDB-23566

Metadata

Metadata

Assignees

No one assigned

    Labels

    C-enhancementSolution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)ua-ux-papercutUX and OX bugs that would be GA blockers but are acceptable because UA is tech preview

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions