cockroach icon indicating copy to clipboard operation
cockroach copied to clipboard
verified publisher icon cockroachdb

release-23.2.6-rc: catalog: add descriptor repair to remove missing roles

Open fqazi opened this issue 1 year ago • 2 comments

Backport 1/1 commits from #122557.

/cc @cockroachdb/release

Previously, we had a bug that could lead to descriptors having privileages to roles that no longer exist. This could lead to certain commands like SHOW GRANTS breaking. To address this, this patch will add descirptor repair logic to automatically clean up oprhaned privileges.

Fixes: #122552

Release note (bug fix): Add automated clean up / validation for dropped roles inside descriptors. Release justification: low risk repair operation that can resolve descriptor corruption and reduce support burden

fqazi avatar May 24 '24 17:05 fqazi

Thanks for opening a backport.

Please check the backport criteria before merging:

  • [ ] Backports should only be created for serious issues or test-only changes.
  • [ ] Backports should not break backwards-compatibility.
  • [ ] Backports should change as little code as possible.
  • [ ] Backports should not change on-disk formats or node communication protocols.
  • [ ] Backports should not add new functionality (except as defined here).
  • [ ] Backports must not add, edit, or otherwise modify cluster versions; or add version gates.
  • [ ] All backports must be reviewed by the owning areas TL and one additional TL. For more information as to how that review should be conducted, please consult the backport policy.
If your backport adds new functionality, please ensure that the following additional criteria are satisfied:
  • [ ] There is a high priority need for the functionality that cannot wait until the next release and is difficult to address in another way.
  • [ ] The new functionality is additive-only and only runs for clusters which have specifically “opted in” to it (e.g. by a cluster setting).
  • [ ] New code is protected by a conditional check that is trivial to verify and ensures that it only runs for opt-in clusters. State changes must be further protected such that nodes running old binaries will not be negatively impacted by the new state (with a mixed version test added).
  • [ ] The PM and TL on the team that owns the changed code have signed off that the change obeys the above rules.
  • [ ] Your backport must be accompanied by a post to the appropriate Slack channel (#db-backports-point-releases or #db-backports-XX-X-release) for awareness and discussion.

Also, please add a brief release justification to the body of your PR to justify this backport.

blathers-crl[bot] avatar May 24 '24 17:05 blathers-crl[bot]

This change is Reviewable

cockroach-teamcity avatar May 24 '24 17:05 cockroach-teamcity

@rafiss @dhartunian TFTR!

fqazi avatar May 30 '24 19:05 fqazi