Skip to content

sqlproxyccl: block session revival token in StartupMessage from client#76750

Merged
craig[bot] merged 1 commit intocockroachdb:masterfrom
rafiss:sqlproxy-block-session-revival
Feb 18, 2022
Merged

sqlproxyccl: block session revival token in StartupMessage from client#76750
craig[bot] merged 1 commit intocockroachdb:masterfrom
rafiss:sqlproxy-block-session-revival

Conversation

@rafiss
Copy link
Copy Markdown
Collaborator

@rafiss rafiss commented Feb 17, 2022
edited
Loading

fixes #74643

Only the SQL proxy itself should be setting this. To prevent an outsider
from trying to authenticate with a token, the proxy now checks for the
token in any incoming startup message. If it is present, it returns an
error.

Release note: None

@rafiss rafiss requested a review from jaylim-crl February 17, 2022 19:28
@rafiss rafiss requested a review from a team as a code owner February 17, 2022 19:28
@cockroach-teamcity
Copy link
Copy Markdown
Member

cockroach-teamcity commented Feb 17, 2022

This change is Reviewable

jaylim-crl
jaylim-crl reviewed Feb 17, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@jaylim-crl jaylim-crl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 4 of 4 files at r1, all commit messages.
Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @rafiss)

pkg/ccl/sqlproxyccl/frontend_admitter.go, line 83 at r1 (raw file):

		// The client is blocked from using session revival tokens; only the proxy
		// itself can.
		delete(startup.Parameters, sessionRevivalTokenStartupParam)

Should we return an error instead of silently removing the param to prevent confusions from the user's end (assuming that they end up using it)?

rafiss
rafiss commented Feb 17, 2022
View reviewed changes
Copy link
Copy Markdown
Collaborator Author

@rafiss rafiss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @jaylim-crl)

pkg/ccl/sqlproxyccl/frontend_admitter.go, line 83 at r1 (raw file):

Previously, jaylim-crl (Jay Lim) wrote…

Should we return an error instead of silently removing the param to prevent confusions from the user's end (assuming that they end up using it)?

sure, sounds good

@rafiss rafiss force-pushed the sqlproxy-block-session-revival branch from 09e37bb to 44a6cf8 Compare February 17, 2022 20:46
@rafiss rafiss requested a review from jaylim-crl February 17, 2022 20:48
jaylim-crl
jaylim-crl approved these changes Feb 17, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@jaylim-crl jaylim-crl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:lgtm: once the test passes. I suspect TestFrontendAdmitSessionRevivalToken will fail because we return a nil conn on error.

Reviewed 2 of 2 files at r2, all commit messages.
Reviewable status: :shipit: complete! 1 of 0 LGTMs obtained (waiting on @rafiss)

pkg/ccl/sqlproxyccl/frontend_admitter.go, line 84 at r2 (raw file):
We need to return conn here despite an error, or else the caller will panic.

// message received from the PG SQL client. The connection returned should never
// be nil in case of error. Depending on whether the error happened before the
// connection was upgraded to TLS or not it will either be the original or the
// TLS connection.

@rafiss rafiss force-pushed the sqlproxy-block-session-revival branch from 44a6cf8 to de22f1d Compare February 17, 2022 21:26
@rafiss
sqlproxyccl: block session revival token in StartupMessage from client
4871227 
Only the SQL proxy itself should be setting this. To prevent an outsider
from trying to authenticate with a token, the proxy now checks for the
token in any incoming startup message. If it is present, it returns an
error.

Release note: None
@rafiss rafiss force-pushed the sqlproxy-block-session-revival branch from de22f1d to 4871227 Compare February 17, 2022 22:43
rafiss
rafiss commented Feb 17, 2022
View reviewed changes
Copy link
Copy Markdown
Collaborator Author

@rafiss rafiss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tftr!

bors r=jaylim-crl

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (and 1 stale) (waiting on @jaylim-crl)

pkg/ccl/sqlproxyccl/frontend_admitter.go, line 84 at r2 (raw file):

Previously, jaylim-crl (Jay Lim) wrote…

We need to return conn here despite an error, or else the caller will panic.

// message received from the PG SQL client. The connection returned should never
// be nil in case of error. Depending on whether the error happened before the
// connection was upgraded to TLS or not it will either be the original or the
// TLS connection.

ty! fixed

@craig
Copy link
Copy Markdown
Contributor

craig bot commented Feb 18, 2022

Build succeeded:

@craig craig bot merged commit 4b5277f into cockroachdb:master Feb 18, 2022
@rafiss rafiss deleted the sqlproxy-block-session-revival branch February 18, 2022 17:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@jaylim-crl jaylim-crl jaylim-crl approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

sql,security: add functionality to revive a SQL session in multitenant clusters

3 participants

@rafiss @cockroach-teamcity @jaylim-crl