sql,externalconn: add owner_id column to system.external_connections

This patch adds a new `owner_id` column to the `system.external_connections` table, which corresponds to the existing `owner` column, in order to bring us closer to the eventual goal of allowing renaming of users. Migrations are also added to alter and backfill the table in older clusters. Release note: None
cockroachdb · Mar 6, 2023 · b7bdea3 · b7bdea3
1 parent 8dc3728
commit b7bdea3
Show file tree

Hide file tree

Showing 20 changed files with 388 additions and 45 deletions.
diff --git a/docs/generated/settings/settings-for-tenants.txt b/docs/generated/settings/settings-for-tenants.txt
@@ -297,4 +297,4 @@ trace.jaeger.agent	string		the address of a Jaeger agent to receive traces using
 trace.opentelemetry.collector	string		address of an OpenTelemetry trace collector to receive traces using the otel gRPC protocol, as <host>:<port>. If no port is specified, 4317 will be used.
 trace.span_registry.enabled	boolean	true	if set, ongoing traces can be seen at https://<ui>/#/debug/tracez
 trace.zipkin.collector	string		the address of a Zipkin instance to receive traces, as <host>:<port>. If no port is specified, 9411 will be used.
-version	version	1000022.2-64	set the active cluster version in the format '<major>.<minor>'
+version	version	1000022.2-68	set the active cluster version in the format '<major>.<minor>'
diff --git a/docs/generated/settings/settings.html b/docs/generated/settings/settings.html
@@ -238,6 +238,6 @@
 <tr><td><div id="setting-trace-opentelemetry-collector" class="anchored"><code>trace.opentelemetry.collector</code></div></td><td>string</td><td><code></code></td><td>address of an OpenTelemetry trace collector to receive traces using the otel gRPC protocol, as &lt;host&gt;:&lt;port&gt;. If no port is specified, 4317 will be used.</td></tr>
 <tr><td><div id="setting-trace-span-registry-enabled" class="anchored"><code>trace.span_registry.enabled</code></div></td><td>boolean</td><td><code>true</code></td><td>if set, ongoing traces can be seen at https://&lt;ui&gt;/#/debug/tracez</td></tr>
 <tr><td><div id="setting-trace-zipkin-collector" class="anchored"><code>trace.zipkin.collector</code></div></td><td>string</td><td><code></code></td><td>the address of a Zipkin instance to receive traces, as &lt;host&gt;:&lt;port&gt;. If no port is specified, 9411 will be used.</td></tr>
-<tr><td><div id="setting-version" class="anchored"><code>version</code></div></td><td>version</td><td><code>1000022.2-64</code></td><td>set the active cluster version in the format &#39;&lt;major&gt;.&lt;minor&gt;&#39;</td></tr>
+<tr><td><div id="setting-version" class="anchored"><code>version</code></div></td><td>version</td><td><code>1000022.2-68</code></td><td>set the active cluster version in the format &#39;&lt;major&gt;.&lt;minor&gt;&#39;</td></tr>
 </tbody>
 </table>
diff --git a/pkg/ccl/cloudccl/externalconn/datadriven_test.go b/pkg/ccl/cloudccl/externalconn/datadriven_test.go
@@ -123,7 +123,11 @@ func TestDataDriven(t *testing.T) {
 
 			case "inspect-system-table":
 				rows := tenant.Query(`
-SELECT connection_name, connection_type, crdb_internal.pb_to_json('cockroach.cloud.externalconn.connectionpb.ConnectionDetails', connection_details), owner
+SELECT connection_name,
+       connection_type,
+       crdb_internal.pb_to_json('cockroach.cloud.externalconn.connectionpb.ConnectionDetails', connection_details),
+       owner,
+       owner_id
 FROM system.external_connections;
 `)
 				output, err := sqlutils.RowsToDataDrivenOutput(rows)

diff --git a/pkg/ccl/cloudccl/externalconn/testdata/create_drop_external_connection b/pkg/ccl/cloudccl/externalconn/testdata/create_drop_external_connection
@@ -6,7 +6,7 @@ CREATE EXTERNAL CONNECTION foo AS 'nodelocal://1/foo/bar';
 
 inspect-system-table
 ----
-foo STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo/bar"}} root
+foo STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo/bar"}} root 1
 
 # Reject invalid nodelocal URIs.
 exec-sql
@@ -32,8 +32,8 @@ CREATE EXTERNAL CONNECTION bar123 AS 'nodelocal://1/baz';
 
 inspect-system-table
 ----
-bar123 STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/baz"}} root
-foo STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo/bar"}} root
+bar123 STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/baz"}} root 1
+foo STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo/bar"}} root 1
 
 # Drop an External Connection that does not exist.
 exec-sql
@@ -46,7 +46,7 @@ DROP EXTERNAL CONNECTION bar123;
 
 inspect-system-table
 ----
-foo STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo/bar"}} root
+foo STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo/bar"}} root 1
 
 exec-sql
 DROP EXTERNAL CONNECTION foo;
@@ -79,7 +79,7 @@ pq: failed to construct External Connection details: failed to create GCP KMS ex
 
 inspect-system-table
 ----
-foo-kms KMS {"provider": "gcp_kms", "simpleUri": {"uri": "gcp-kms:///cmk?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg=="}} root
+foo-kms KMS {"provider": "gcp_kms", "simpleUri": {"uri": "gcp-kms:///cmk?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg=="}} root 1
 
 exec-sql
 DROP EXTERNAL CONNECTION "foo-kms";
@@ -115,7 +115,7 @@ pq: failed to construct External Connection details: failed to create s3 externa
 
 inspect-system-table
 ----
-foo-s3 STORAGE {"provider": "s3", "simpleUri": {"uri": "s3://foo/bar?AUTH=implicit&AWS_ACCESS_KEY_ID=123&AWS_SECRET_ACCESS_KEY=456&ASSUME_ROLE=ronaldo,rashford,bruno"}} root
+foo-s3 STORAGE {"provider": "s3", "simpleUri": {"uri": "s3://foo/bar?AUTH=implicit&AWS_ACCESS_KEY_ID=123&AWS_SECRET_ACCESS_KEY=456&ASSUME_ROLE=ronaldo,rashford,bruno"}} root 1
 
 exec-sql
 DROP EXTERNAL CONNECTION "foo-s3";
@@ -148,7 +148,7 @@ pq: failed to construct External Connection details: invalid changefeed sink URI
 
 inspect-system-table
 ----
-foo-kafka STORAGE {"provider": "kafka", "simpleUri": {"uri": "kafka://broker.address.com:9092?topic_prefix=bar_&tls_enabled=true&ca_cert=Zm9vCg==&sasl_enabled=true&sasl_user={sasl user}&sasl_password={url-encoded password}&sasl_mechanism=SCRAM-SHA-256"}} root
+foo-kafka STORAGE {"provider": "kafka", "simpleUri": {"uri": "kafka://broker.address.com:9092?topic_prefix=bar_&tls_enabled=true&ca_cert=Zm9vCg==&sasl_enabled=true&sasl_user={sasl user}&sasl_password={url-encoded password}&sasl_mechanism=SCRAM-SHA-256"}} root 1
 
 exec-sql
 DROP EXTERNAL CONNECTION "foo-kafka"
@@ -164,7 +164,7 @@ CREATE EXTERNAL CONNECTION "foo-userfile" AS 'userfile:///foo/bar';
 
 inspect-system-table
 ----
-foo-userfile STORAGE {"provider": "userfile", "simpleUri": {"uri": "userfile:///foo/bar"}} root
+foo-userfile STORAGE {"provider": "userfile", "simpleUri": {"uri": "userfile:///foo/bar"}} root 1
 
 # Reject invalid userfile URIs.
 exec-sql
@@ -179,7 +179,7 @@ pq: failed to construct External Connection details: failed to create userfile e
 
 inspect-system-table
 ----
-foo-userfile STORAGE {"provider": "userfile", "simpleUri": {"uri": "userfile:///foo/bar"}} root
+foo-userfile STORAGE {"provider": "userfile", "simpleUri": {"uri": "userfile:///foo/bar"}} root 1
 
 exec-sql
 DROP EXTERNAL CONNECTION "foo-userfile";
@@ -209,7 +209,7 @@ pq: failed to construct External Connection details: failed to create gs externa
 
 inspect-system-table
 ----
-foo-gs STORAGE {"provider": "gs", "simpleUri": {"uri": "gs://bucket/path?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg=="}} root
+foo-gs STORAGE {"provider": "gs", "simpleUri": {"uri": "gs://bucket/path?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg=="}} root 1
 
 exec-sql
 DROP EXTERNAL CONNECTION "foo-gs";
@@ -247,7 +247,7 @@ pq: failed to construct External Connection details: failed to create azure exte
 
 inspect-system-table
 ----
-foo-azure STORAGE {"provider": "azure_storage", "simpleUri": {"uri": "azure-storage://bucket/path?AZURE_ACCOUNT_NAME=foo&AZURE_ACCOUNT_KEY=Zm9vCg==&AZURE_ENVIRONMENT=AzureUSGovernmentCloud"}} root
+foo-azure STORAGE {"provider": "azure_storage", "simpleUri": {"uri": "azure-storage://bucket/path?AZURE_ACCOUNT_NAME=foo&AZURE_ACCOUNT_KEY=Zm9vCg==&AZURE_ENVIRONMENT=AzureUSGovernmentCloud"}} root 1
 
 exec-sql
 DROP EXTERNAL CONNECTION "foo-azure";

diff --git a/pkg/ccl/cloudccl/externalconn/testdata/multi-tenant/create_drop_external_connection b/pkg/ccl/cloudccl/externalconn/testdata/multi-tenant/create_drop_external_connection
@@ -9,7 +9,7 @@ CREATE EXTERNAL CONNECTION foo AS 'nodelocal://1/foo/bar';
 
 inspect-system-table
 ----
-foo STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo/bar"}} root
+foo STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo/bar"}} root 1
 
 # Reject invalid nodelocal URIs.
 exec-sql
@@ -35,8 +35,8 @@ CREATE EXTERNAL CONNECTION bar123 AS 'nodelocal://1/baz';
 
 inspect-system-table
 ----
-bar123 STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/baz"}} root
-foo STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo/bar"}} root
+bar123 STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/baz"}} root 1
+foo STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo/bar"}} root 1
 
 # Drop an External Connection that does not exist.
 exec-sql
@@ -49,7 +49,7 @@ DROP EXTERNAL CONNECTION bar123;
 
 inspect-system-table
 ----
-foo STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo/bar"}} root
+foo STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo/bar"}} root 1
 
 exec-sql
 DROP EXTERNAL CONNECTION foo;
@@ -71,7 +71,7 @@ CREATE EXTERNAL CONNECTION "foo-kms" AS 'gcp-kms:///cmk?AUTH=specified&BEARER_TO
 
 inspect-system-table
 ----
-foo-kms KMS {"provider": "gcp_kms", "simpleUri": {"uri": "gcp-kms:///cmk?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg=="}} root
+foo-kms KMS {"provider": "gcp_kms", "simpleUri": {"uri": "gcp-kms:///cmk?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg=="}} root 1
 
 exec-sql
 DROP EXTERNAL CONNECTION "foo-kms";
@@ -107,7 +107,7 @@ pq: failed to construct External Connection details: failed to create s3 externa
 
 inspect-system-table
 ----
-foo-s3 STORAGE {"provider": "s3", "simpleUri": {"uri": "s3://foo/bar?AUTH=implicit&AWS_ACCESS_KEY_ID=123&AWS_SECRET_ACCESS_KEY=456&ASSUME_ROLE=ronaldo,rashford,bruno"}} root
+foo-s3 STORAGE {"provider": "s3", "simpleUri": {"uri": "s3://foo/bar?AUTH=implicit&AWS_ACCESS_KEY_ID=123&AWS_SECRET_ACCESS_KEY=456&ASSUME_ROLE=ronaldo,rashford,bruno"}} root 1
 
 exec-sql
 DROP EXTERNAL CONNECTION "foo-s3";
@@ -140,7 +140,7 @@ pq: failed to construct External Connection details: invalid changefeed sink URI
 
 inspect-system-table
 ----
-foo-kafka STORAGE {"provider": "kafka", "simpleUri": {"uri": "kafka://broker.address.com:9092?topic_prefix=bar_&tls_enabled=true&ca_cert=Zm9vCg==&sasl_enabled=true&sasl_user={sasl user}&sasl_password={url-encoded password}&sasl_mechanism=SCRAM-SHA-256"}} root
+foo-kafka STORAGE {"provider": "kafka", "simpleUri": {"uri": "kafka://broker.address.com:9092?topic_prefix=bar_&tls_enabled=true&ca_cert=Zm9vCg==&sasl_enabled=true&sasl_user={sasl user}&sasl_password={url-encoded password}&sasl_mechanism=SCRAM-SHA-256"}} root 1
 
 exec-sql
 DROP EXTERNAL CONNECTION "foo-kafka"
@@ -156,7 +156,7 @@ CREATE EXTERNAL CONNECTION "foo-userfile" AS 'userfile:///foo/bar';
 
 inspect-system-table
 ----
-foo-userfile STORAGE {"provider": "userfile", "simpleUri": {"uri": "userfile:///foo/bar"}} root
+foo-userfile STORAGE {"provider": "userfile", "simpleUri": {"uri": "userfile:///foo/bar"}} root 1
 
 # Reject invalid userfile URIs.
 exec-sql
@@ -171,7 +171,7 @@ pq: failed to construct External Connection details: failed to create userfile e
 
 inspect-system-table
 ----
-foo-userfile STORAGE {"provider": "userfile", "simpleUri": {"uri": "userfile:///foo/bar"}} root
+foo-userfile STORAGE {"provider": "userfile", "simpleUri": {"uri": "userfile:///foo/bar"}} root 1
 
 exec-sql
 DROP EXTERNAL CONNECTION "foo-userfile";
@@ -206,7 +206,7 @@ pq: failed to construct External Connection details: failed to create azure exte
 
 inspect-system-table
 ----
-foo-azure STORAGE {"provider": "azure_storage", "simpleUri": {"uri": "azure-storage://bucket/path?AZURE_ACCOUNT_NAME=foo&AZURE_ACCOUNT_KEY=Zm9vCg==&AZURE_ENVIRONMENT=AzureUSGovernmentCloud"}} root
+foo-azure STORAGE {"provider": "azure_storage", "simpleUri": {"uri": "azure-storage://bucket/path?AZURE_ACCOUNT_NAME=foo&AZURE_ACCOUNT_KEY=Zm9vCg==&AZURE_ENVIRONMENT=AzureUSGovernmentCloud"}} root 1
 
 exec-sql
 DROP EXTERNAL CONNECTION "foo-azure";

diff --git a/pkg/ccl/cloudccl/externalconn/testdata/multi-tenant/privileges_external_connection b/pkg/ccl/cloudccl/externalconn/testdata/multi-tenant/privileges_external_connection
@@ -22,7 +22,7 @@ CREATE EXTERNAL CONNECTION "global-privileged" AS 'nodelocal://1/foo'
 
 inspect-system-table
 ----
-global-privileged STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}} testuser
+global-privileged STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}} testuser 100
 
 exec-sql
 DROP EXTERNAL CONNECTION "global-privileged";
@@ -57,8 +57,8 @@ pq: user testuser does not have DROP privilege on external_connection drop-privi
 
 inspect-system-table
 ----
-drop-privileged STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}} root
-drop-privileged-dup STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}} root
+drop-privileged STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}} root 1
+drop-privileged-dup STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}} root 1
 
 exec-sql
 GRANT DROP ON EXTERNAL CONNECTION "drop-privileged" TO testuser;
@@ -76,7 +76,7 @@ pq: user testuser does not have DROP privilege on external_connection drop-privi
 
 inspect-system-table
 ----
-drop-privileged-dup STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}} root
+drop-privileged-dup STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}} root 1
 
 exec-sql
 DROP EXTERNAL CONNECTION 'drop-privileged-dup'

diff --git a/pkg/ccl/cloudccl/externalconn/testdata/privileges_external_connection b/pkg/ccl/cloudccl/externalconn/testdata/privileges_external_connection
@@ -19,7 +19,7 @@ CREATE EXTERNAL CONNECTION "global-privileged" AS 'nodelocal://1/foo'
 
 inspect-system-table
 ----
-global-privileged STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}} testuser
+global-privileged STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}} testuser 100
 
 exec-sql
 DROP EXTERNAL CONNECTION "global-privileged";
@@ -54,8 +54,8 @@ pq: user testuser does not have DROP privilege on external_connection drop-privi
 
 inspect-system-table
 ----
-drop-privileged STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}} root
-drop-privileged-dup STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}} root
+drop-privileged STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}} root 1
+drop-privileged-dup STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}} root 1
 
 exec-sql
 GRANT DROP ON EXTERNAL CONNECTION "drop-privileged" TO testuser;
@@ -81,7 +81,7 @@ pq: user testuser does not have DROP privilege on external_connection drop-privi
 
 inspect-system-table
 ----
-drop-privileged-dup STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}} root
+drop-privileged-dup STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}} root 1
 
 exec-sql
 DROP EXTERNAL CONNECTION 'drop-privileged-dup'

diff --git a/pkg/cloud/externalconn/BUILD.bazel b/pkg/cloud/externalconn/BUILD.bazel
@@ -27,6 +27,7 @@ go_library(
         "//pkg/sql/sessiondata",
         "//pkg/util/protoutil",
         "@com_github_cockroachdb_errors//:errors",
+        "@com_github_lib_pq//oid",
     ],
 )
 

diff --git a/pkg/cloud/externalconn/record.go b/pkg/cloud/externalconn/record.go
@@ -26,6 +26,7 @@ import (
 	"github.com/cockroachdb/cockroach/pkg/sql/sessiondata"
 	"github.com/cockroachdb/cockroach/pkg/util/protoutil"
 	"github.com/cockroachdb/errors"
+	"github.com/lib/pq/oid"
 )
 
 // externalConnectionRecord is a reflective representation of a row in a
@@ -39,6 +40,7 @@ type externalConnectionRecord struct {
 	ConnectionType    string                         `col:"connection_type"`
 	ConnectionDetails connectionpb.ConnectionDetails `col:"connection_details"`
 	Owner             username.SQLUsername           `col:"owner"`
+	OwnerID           oid.Oid                        `col:"owner_id"`
 }
 
 // MutableExternalConnection is a mutable representation of an External
@@ -112,6 +114,11 @@ func LoadExternalConnection(
 	return ec, nil
 }
 
+// ConnectionName returns the connection_name.
+func (e *MutableExternalConnection) ConnectionName() string {
+	return e.rec.ConnectionName
+}
+
 // SetConnectionName updates the connection name.
 func (e *MutableExternalConnection) SetConnectionName(name string) {
 	e.rec.ConnectionName = name
@@ -151,9 +158,15 @@ func (e *MutableExternalConnection) SetOwner(owner username.SQLUsername) {
 	e.markDirty("owner")
 }
 
-// ConnectionName returns the connection_name.
-func (e *MutableExternalConnection) ConnectionName() string {
-	return e.rec.ConnectionName
+// OwnerID returns the user ID of the owner of the External Connection object.
+func (e *MutableExternalConnection) OwnerID() oid.Oid {
+	return e.rec.OwnerID
+}
+
+// SetOwnerID updates the External Connection object's owner user ID.
+func (e *MutableExternalConnection) SetOwnerID(id oid.Oid) {
+	e.rec.OwnerID = id
+	e.markDirty("owner_id")
 }
 
 // UnredactedConnectionStatement implements the External Connection interface.
@@ -181,6 +194,8 @@ func datumToNative(datum tree.Datum) (interface{}, error) {
 		return []byte(*d), nil
 	case *tree.DTimestamp:
 		return d.Time, nil
+	case *tree.DOid:
+		return d.Oid, nil
 	}
 	return nil, errors.Newf("cannot handle type %T", datum)
 }
@@ -337,6 +352,8 @@ func (e *MutableExternalConnection) marshalChanges() ([]string, []interface{}, e
 			arg, err = marshalProto(&e.rec.ConnectionDetails)
 		case `owner`:
 			arg = tree.NewDString(e.rec.Owner.Normalized())
+		case `owner_id`:
+			arg = tree.NewDOid(e.rec.OwnerID)
 		default:
 			return nil, nil, errors.Newf("cannot marshal column %q", col)
 		}

diff --git a/pkg/clusterversion/cockroach_versions.go b/pkg/clusterversion/cockroach_versions.go
@@ -463,6 +463,15 @@ const (
 	// on Pebble stores that have shared storage configured.
 	V23_1SetPebbleCreatorID
 
+	// V23_1ExternalConnectionsTableHasOwnerIDColumn is the version where the
+	// owner_id column has been added to the system.external_connections table.
+	V23_1ExternalConnectionsTableHasOwnerIDColumn
+
+	// V23_1ExternalConnectionsTableOwnerIDColumnBackfilled is the version
+	// where the owner_id column in the system.external_connections table
+	// has been backfilled.
+	V23_1ExternalConnectionsTableOwnerIDColumnBackfilled
+
 	// *************************************************
 	// Step (1): Add new versions here.
 	// Do not add new versions to a patch release.
@@ -804,6 +813,14 @@ var rawVersionsSingleton = keyedVersions{
 		Key:     V23_1SetPebbleCreatorID,
 		Version: roachpb.Version{Major: 22, Minor: 2, Internal: 64},
 	},
+	{
+		Key:     V23_1ExternalConnectionsTableHasOwnerIDColumn,
+		Version: roachpb.Version{Major: 22, Minor: 2, Internal: 66},
+	},
+	{
+		Key:     V23_1ExternalConnectionsTableOwnerIDColumnBackfilled,
+		Version: roachpb.Version{Major: 22, Minor: 2, Internal: 68},
+	},
 
 	// *************************************************
 	// Step (2): Add new versions here.