backupccl: Support RESTORE SYSTEM USERS from a backup #71542
Conversation
|
This change is |
|
cc @kathancox there is new syntax here. Do we need to open a Docs issue (this will be for v22.1). |
gh-casper
force-pushed
the
fr-system-users
branch
from
f6988bf
to
761c18c
Compare
This will automatically come through as a release notes docs issue for 22.1, so I don't think it is necessary to open one manually |
|
Hey @gh-casper apologies for the delay on this review, I will take a look at this today. |
|
This is looking great, I haven't looked at the tests yet but wanted to get a first round of comments out. I like that we're able to use the tempSystemDB. I'm adding another reviewer as well since this is a biggish change and i wouldnt mind another set of eyes. |
| tempSysDBID, err = catalogkv.GenerateUniqueDescID(ctx, p.ExecCfg().DB, p.ExecCfg().Codec) | ||
| if err != nil { | ||
| return nil, err | ||
| if nextID > descpb.ID(maxDescIDInBackup) { |
There was a problem hiding this comment.
While I think this is correct, this change makes me a little nervous. Thinking through the cases:
-
In a full cluster restore we expect the restoring cluster to have no user defined objects prior to the restore. So
nextIDshould be <=maxDescIDInBackupand all subsequent descriptors will be written atmaxDescIDInBackup+1. -
In a system users restore the restoring cluster could have any number of user defined objects. Further, in a future where system tables do not have static IDs,
maxDescIDInBackupcould also be any ID. Is it possible for us to get into a situation wherenextIDreturns 55,maxDescIDInBackupis set to 100 because that was the dynamic system table ID in the backing up cluster. In that case we would leave IDs 56-100 unused since we would see the generator with the ID 101? In todays world of static system table IDs I think this works fine but I'm wondering if there is some way we can future proof this.
What if we let cluster restores remain the way they were. For system user restore we just use whatever the next valid ID in the restoring cluster is for the tempSysDBID, and don't get into the business of reseeding the generator?
adityamaru
requested review from
adityamaru and
dt
and removed request for
a team
gh-casper
force-pushed
the
fr-system-users
branch
from
761c18c
to
4536697
Compare
| // Restore the key which generates descriptor IDs. | ||
| if err = p.ExecCfg().DB.Txn(ctx, func(ctx context.Context, txn *kv.Txn) error { | ||
| b := txn.NewBatch() | ||
| // write int64 values. |
There was a problem hiding this comment.
nit: any reason to replace the N.B.? It provides a little more context for future readers.
| return nil, err | ||
| } | ||
| } else if restoreSystemUsers { | ||
| tempSysDBID, err = catalogkv.GenerateUniqueDescID(ctx, p.ExecCfg().DB, p.ExecCfg().Codec) |
There was a problem hiding this comment.
nit: can we add a small comment that we're just using the next available ID for the temp system ID in the case of system users restore.
| systemTables = append(systemTables, desc) | ||
| case systemschema.RoleMembersTable.GetName(): | ||
| systemTables = append(systemTables, desc) | ||
| // TODO(casper): should we handle role_options table? |
There was a problem hiding this comment.
@RichardJCai can we get your take on this. If we only restore users, and role members without role options is that okay? My understanding of what information the role options table contains is very shallow.
There was a problem hiding this comment.
I think ideally we should restore entries for the users we're restoring in the system.role_options table. Role options are scoped per user and in a sense does contain information about a user.
I would add it to the restore and it seems like it wouldn't really be difficult to do so right?
gh-casper
force-pushed
the
fr-system-users
branch
from
4536697
to
1b730e7
Compare
Support a new variant of RESTORE that recreates system users that don't exist in current cluster from a backup that contains system.users and also grant roles for these users. Example invocation: RESTORE SYSTEM USERS FROM 'nodelocal://foo/1'; Similar with full cluster restore, we firstly restore a temp system database which contains system.users and system.role_members into the restoring cluster and insert users and roles into the current system table from the temp system table. Fixes: cockroachdb#45358 Release note (sql change): A special flavor of RESTORE, RESTORE SYSTEM USERS FROM ..., is added to support restoring system users from a backup. When executed, the statement recreates those users which are in a backup of system.users but do not currently exist (ignoring those who do) and re-grant roles for users if the backup contains system.role_members.
gh-casper
force-pushed
the
fr-system-users
branch
from
1b730e7
to
6f695f3
Compare
|
bors r+ |
|
Build failed (retrying...): |
|
Build succeeded: |
Support a new variant of RESTORE that recreates system users that don't exist in current cluster from a backup that contains system.users and also grant roles for these users. Example invocation: RESTORE SYSTEM USERS FROM 'nodelocal://foo/1';
Similar with full cluster restore, we firstly restore a temp system database which contains system.users and system.role_members into the restoring cluster and insert users and roles into the current system table from the temp system table.
Fixes: #45358
Release note (sql change): A special flavor of RESTORE, RESTORE SYSTEM USERS FROM ..., is added to support restoring system users from a backup. When executed, the statement recreates those users which are in a backup of system.users but do not currently exist (ignoring those who do) and re-grant roles for users if the backup contains system.role_members.