sql: block DROP TENANT based on a session var #99607
Merged
Commits on Mar 28, 2023
-
sql: block DROP TENANT based on a session var
In clusters where we will promote tenant management operations, we would like to ensure there is one extra step needed for administrators to drop a tenant (and thus irremedially lose data). Given that `sql_safe_updates` is not set automatically when users open their SQL session using their own client, we need another mechanism. This change introduces the new (hidden) session var, `disable_drop_tenant`. When set, tenant deletion fails with the following error message: ``` demo@127.0.0.1:26257/movr> drop tenant foo; ERROR: rejected (via sql_safe_updates or disable_drop_tenant): DROP TENANT causes irreversible data loss SQLSTATE: 01000 ``` (The session var `sql_safe_updates` is _also_ included as a blocker in the mechanism so that folk using `cockroach sql` get double protection). The default value of this session var is `false` in single-tenant clusters (set via a cluster setting `sql.drop_tenant.enabled`), for compatibility with CC Serverless. The default will be set to `true` via a config profile when suitable. Release note: None
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.