release-19.2: backupccl,importccl: fix privilege checks for BACKUP/RESTORE and IMPORT#44456
Merged
craig[bot] merged 3 commits intocockroachdb:release-19.2from Jan 28, 2020
Merged
Conversation
Add failing tests for a non-root admin user trying to IMPORT{,INTO},
BACKUP and RESTORE. These types of users should be allowed to do these
operations but we have found issues with permissions not letting them as
well as panics due to incorrect usage of the planner in IMPORT INTO.
Release note: None
This changes the privilege checks in IMPORT, IMPORT INTO and RESTORE to run during the *planning* of the job, in the SQL plan hook execution, rather than during the execution of the job. This is done because privilege checks are implemented on planner, and close over the planner's txn in some branches/cases, so invoking them later, on a txn-less planner in a resumed jobs execution, can cause problems. Release note (bug fix): Allow all admin users to use BACKUP/RESTORE and IMPORT.
Member
|
This change is |
Include the role package in the backup test so that the tests have access to the appropriate binary allowing to test BACKUP/RESTORE interaction with RBAC. Release note: None
dt
approved these changes
Jan 28, 2020
Contributor
Author
|
bors r+ |
craig bot
pushed a commit
that referenced
this pull request
Jan 28, 2020
44456: release-19.2: backupccl,importccl: fix privilege checks for BACKUP/RESTORE and IMPORT r=pbardea a=pbardea Backport 2/2 commits from #44250. /cc @cockroachdb/release --- This changes the privilege checks in IMPORT, IMPORT INTO and RESTORE to run during the *planning* of the job, in the SQL plan hook execution, rather than during the execution of the job. This is done because privilege checks are implemented on planner, and close over the planner's txn in some branches/cases, so invoking them later, on a txn-less planner in a resumed jobs execution, can cause problems. Before this, the planStateHook's txn was assumed to be set and caused a panic on checking RBAC privileges. Additionally, permission checks in these operations did not properly give access to all admin users. Fixes #44252. Release note (bug fix): Allow all admin users to use BACKUP/RESTORE and IMPORT. Co-authored-by: Paul Bardea <pbardea@gmail.com>
Contributor
Build succeeded |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport 2/2 commits from #44250.
/cc @cockroachdb/release
This changes the privilege checks in IMPORT, IMPORT INTO and RESTORE to
run during the planning of the job, in the SQL plan hook execution,
rather than during the execution of the job. This is done because
privilege checks are implemented on planner, and close over the
planner's txn in some branches/cases, so invoking them later, on a
txn-less planner in a resumed jobs execution, can cause problems.
Before this, the planStateHook's txn was assumed to be set and caused a
panic on checking RBAC privileges. Additionally, permission checks in these
operations did not properly give access to all admin users.
Fixes #44252.
Release note (bug fix): Allow all admin users to use BACKUP/RESTORE and
IMPORT.