-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
backupccl: Support RESTORE SYSTEM USERS from a backup #71542
Conversation
cc @kathancox there is new syntax here. Do we need to open a Docs issue (this will be for v22.1). |
f6988bf
to
761c18c
Compare
This will automatically come through as a release notes docs issue for 22.1, so I don't think it is necessary to open one manually |
Hey @gh-casper apologies for the delay on this review, I will take a look at this today. |
This is looking great, I haven't looked at the tests yet but wanted to get a first round of comments out. I like that we're able to use the tempSystemDB. I'm adding another reviewer as well since this is a biggish change and i wouldnt mind another set of eyes. |
tempSysDBID, err = catalogkv.GenerateUniqueDescID(ctx, p.ExecCfg().DB, p.ExecCfg().Codec) | ||
if err != nil { | ||
return nil, err | ||
if nextID > descpb.ID(maxDescIDInBackup) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While I think this is correct, this change makes me a little nervous. Thinking through the cases:
-
In a full cluster restore we expect the restoring cluster to have no user defined objects prior to the restore. So
nextID
should be <=maxDescIDInBackup
and all subsequent descriptors will be written atmaxDescIDInBackup+1
. -
In a system users restore the restoring cluster could have any number of user defined objects. Further, in a future where system tables do not have static IDs,
maxDescIDInBackup
could also be any ID. Is it possible for us to get into a situation wherenextID
returns 55,maxDescIDInBackup
is set to 100 because that was the dynamic system table ID in the backing up cluster. In that case we would leave IDs 56-100 unused since we would see the generator with the ID 101? In todays world of static system table IDs I think this works fine but I'm wondering if there is some way we can future proof this.
What if we let cluster restores remain the way they were. For system user restore we just use whatever the next valid ID in the restoring cluster is for the tempSysDBID, and don't get into the business of reseeding the generator?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense.
761c18c
to
4536697
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for the delay! LGTM mod confirmation that role options don't have to be restored.
// Restore the key which generates descriptor IDs. | ||
if err = p.ExecCfg().DB.Txn(ctx, func(ctx context.Context, txn *kv.Txn) error { | ||
b := txn.NewBatch() | ||
// write int64 values. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: any reason to replace the N.B.? It provides a little more context for future readers.
return nil, err | ||
} | ||
} else if restoreSystemUsers { | ||
tempSysDBID, err = catalogkv.GenerateUniqueDescID(ctx, p.ExecCfg().DB, p.ExecCfg().Codec) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: can we add a small comment that we're just using the next available ID for the temp system ID in the case of system users restore.
systemTables = append(systemTables, desc) | ||
case systemschema.RoleMembersTable.GetName(): | ||
systemTables = append(systemTables, desc) | ||
// TODO(casper): should we handle role_options table? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@RichardJCai can we get your take on this. If we only restore users, and role members without role options is that okay? My understanding of what information the role options table contains is very shallow.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think ideally we should restore entries for the users we're restoring in the system.role_options
table. Role options are scoped per user and in a sense does contain information about a user.
I would add it to the restore and it seems like it wouldn't really be difficult to do so right?
4536697
to
1b730e7
Compare
Support a new variant of RESTORE that recreates system users that don't exist in current cluster from a backup that contains system.users and also grant roles for these users. Example invocation: RESTORE SYSTEM USERS FROM 'nodelocal://foo/1'; Similar with full cluster restore, we firstly restore a temp system database which contains system.users and system.role_members into the restoring cluster and insert users and roles into the current system table from the temp system table. Fixes: cockroachdb#45358 Release note (sql change): A special flavor of RESTORE, RESTORE SYSTEM USERS FROM ..., is added to support restoring system users from a backup. When executed, the statement recreates those users which are in a backup of system.users but do not currently exist (ignoring those who do) and re-grant roles for users if the backup contains system.role_members.
1b730e7
to
6f695f3
Compare
bors r+ |
Build failed (retrying...): |
Build succeeded: |
Support a new variant of RESTORE that recreates system users that don't exist in current cluster from a backup that contains system.users and also grant roles for these users. Example invocation: RESTORE SYSTEM USERS FROM 'nodelocal://foo/1';
Similar with full cluster restore, we firstly restore a temp system database which contains system.users and system.role_members into the restoring cluster and insert users and roles into the current system table from the temp system table.
Fixes: #45358
Release note (sql change): A special flavor of RESTORE, RESTORE SYSTEM USERS FROM ..., is added to support restoring system users from a backup. When executed, the statement recreates those users which are in a backup of system.users but do not currently exist (ignoring those who do) and re-grant roles for users if the backup contains system.role_members.