// TestAuthentication tests authentication for the KV endpoint.
func TestAuthentication(t *testing.T) {
defer leaktest.AfterTest(t)()
s, _, _ := serverutils.StartServer(t, base.TestServerArgs{})
defer s.Stopper().Stop()
var b1 client.Batch
b1.Put("a", "b")
// Create a node user client and call Run() on it which lets us build our own
// request, specifying the user.
db1 := createTestClientForUser(t, s.Stopper(), s.ServingAddr(), security.NodeUser)
if err := db1.Run(&b1); err != nil {
t.Fatal(err)
}
var b2 client.Batch
b2.Put("c", "d")
// Try again, but this time with certs for a non-node user (even the root
// user has no KV permissions).
db2 := createTestClientForUser(t, s.Stopper(), s.ServingAddr(), security.RootUser)
if err := db2.Run(&b2); !testutils.IsError(err, "is not allowed") {
t.Fatal(err)
}
}
// RenameDatabase renames the database.
// Privileges: security.RootUser user.
// Notes: postgres requires superuser, db owner, or "CREATEDB".
// mysql >= 5.1.23 does not allow database renames.
func (p *planner) RenameDatabase(n *parser.RenameDatabase) (planNode, error) {
if n.Name == "" || n.NewName == "" {
return nil, errEmptyDatabaseName
}
if p.session.User != security.RootUser {
return nil, fmt.Errorf("only %s is allowed to rename databases", security.RootUser)
}
dbDesc, err := p.getDatabaseDesc(string(n.Name))
if err != nil {
return nil, err
}
if dbDesc == nil {
return nil, sqlbase.NewUndefinedDatabaseError(string(n.Name))
}
if n.Name == n.NewName {
// Noop.
return &emptyNode{}, nil
}
// Now update the nameMetadataKey and the descriptor.
descKey := sqlbase.MakeDescMetadataKey(dbDesc.GetID())
dbDesc.SetName(string(n.NewName))
if err := dbDesc.Validate(); err != nil {
return nil, err
}
newKey := databaseKey{string(n.NewName)}.Key()
oldKey := databaseKey{string(n.Name)}.Key()
descID := dbDesc.GetID()
descDesc := sqlbase.WrapDescriptor(dbDesc)
b := client.Batch{}
b.CPut(newKey, descID, nil)
b.Put(descKey, descDesc)
b.Del(oldKey)
if err := p.txn.Run(&b); err != nil {
if _, ok := err.(*roachpb.ConditionFailedError); ok {
return nil, fmt.Errorf("the new database name %q already exists", string(n.NewName))
}
return nil, err
}
p.setTestingVerifyMetadata(func(systemConfig config.SystemConfig) error {
if err := expectDescriptorID(systemConfig, newKey, descID); err != nil {
return err
}
if err := expectDescriptor(systemConfig, descKey, descDesc); err != nil {
return err
}
return expectDeleted(systemConfig, oldKey)
})
return &emptyNode{}, nil
}
// flush writes all dirty nodes and the tree to the transaction.
func (tc *treeContext) flush(b *client.Batch) {
if tc.dirty {
b.Put(keys.RangeTreeRoot, tc.tree)
}
for key, cachedNode := range tc.nodes {
if cachedNode.dirty {
if cachedNode.node == nil {
b.Del(keys.RangeTreeNodeKey(roachpb.RKey(key)))
} else {
b.Put(keys.RangeTreeNodeKey(roachpb.RKey(key)), cachedNode.node)
}
}
}
}
func runPut(cmd *cobra.Command, args []string) {
if len(args) == 0 || len(args)%2 == 1 {
mustUsage(cmd)
return
}
var b client.Batch
for i := 0; i < len(args); i += 2 {
b.Put(
unquoteArg(args[i], true /* disallow system keys */),
unquoteArg(args[i+1], false),
)
}
kvDB, stopper := makeDBClient()
defer stopper.Stop()
if err := kvDB.Run(&b); err != nil {
panicf("put failed: %s", err)
}
}
func putMeta(b *client.Batch, key roachpb.Key, desc *roachpb.RangeDescriptor) {
b.Put(key, desc)
}
// updateRow adds to the batch the kv operations necessary to update a table row
// with the given values.
//
// The row corresponding to oldValues is updated with the ones in updateValues.
// Note that updateValues only contains the ones that are changing.
//
// The return value is only good until the next call to UpdateRow.
func (ru *rowUpdater) updateRow(
b *client.Batch,
oldValues []parser.Datum,
updateValues []parser.Datum,
) ([]parser.Datum, error) {
if len(oldValues) != len(ru.fetchCols) {
return nil, errors.Errorf("got %d values but expected %d", len(oldValues), len(ru.fetchCols))
}
if len(updateValues) != len(ru.updateCols) {
return nil, errors.Errorf("got %d values but expected %d", len(updateValues), len(ru.updateCols))
}
primaryIndexKey, secondaryIndexEntries, err := ru.helper.encodeIndexes(ru.fetchColIDtoRowIndex, oldValues)
if err != nil {
return nil, err
}
// The secondary index entries returned by rowHelper.encodeIndexes are only
// valid until the next call to encodeIndexes. We need to copy them so that
// we can compare against the new secondary index entries.
secondaryIndexEntries = append(ru.indexEntriesBuf[:0], secondaryIndexEntries...)
ru.indexEntriesBuf = secondaryIndexEntries
// Check that the new value types match the column types. This needs to
// happen before index encoding because certain datum types (i.e. tuple)
// cannot be used as index values.
for i, val := range updateValues {
if ru.marshalled[i], err = sqlbase.MarshalColumnValue(ru.updateCols[i], val); err != nil {
return nil, err
}
}
// Update the row values.
copy(ru.newValues, oldValues)
for i, updateCol := range ru.updateCols {
ru.newValues[ru.fetchColIDtoRowIndex[updateCol.ID]] = updateValues[i]
}
rowPrimaryKeyChanged := false
var newSecondaryIndexEntries []sqlbase.IndexEntry
if ru.primaryKeyColChange {
var newPrimaryIndexKey []byte
newPrimaryIndexKey, newSecondaryIndexEntries, err =
ru.helper.encodeIndexes(ru.fetchColIDtoRowIndex, ru.newValues)
if err != nil {
return nil, err
}
rowPrimaryKeyChanged = !bytes.Equal(primaryIndexKey, newPrimaryIndexKey)
} else {
newSecondaryIndexEntries, err =
ru.helper.encodeSecondaryIndexes(ru.fetchColIDtoRowIndex, ru.newValues)
if err != nil {
return nil, err
}
}
if rowPrimaryKeyChanged {
if err := ru.fks.checkIdx(ru.helper.tableDesc.PrimaryIndex.ID, oldValues, ru.newValues); err != nil {
return nil, err
}
for i := range newSecondaryIndexEntries {
if !bytes.Equal(newSecondaryIndexEntries[i].Key, secondaryIndexEntries[i].Key) {
if err := ru.fks.checkIdx(ru.helper.indexes[i].ID, oldValues, ru.newValues); err != nil {
return nil, err
}
}
}
if err := ru.rd.deleteRow(b, oldValues); err != nil {
return nil, err
}
if err := ru.ri.insertRow(b, ru.newValues, false); err != nil {
return nil, err
}
return ru.newValues, nil
}
// Add the new values.
// TODO(dan): This has gotten very similar to the loop in insertRow, see if
// they can be DRY'd. Ideally, this would also work for
// truncateAndBackfillColumnsChunk, which is currently abusing rowUdpdater.
for i, family := range ru.helper.tableDesc.Families {
update := false
for _, colID := range family.ColumnIDs {
if _, ok := ru.updateColIDtoRowIndex[colID]; ok {
update = true
break
}
}
if !update {
continue
}
if i > 0 {
// HACK: MakeFamilyKey appends to its argument, so on every loop iteration
// after the first, trim primaryIndexKey so nothing gets overwritten.
// TODO(dan): Instead of this, use something like engine.ChunkAllocator.
primaryIndexKey = primaryIndexKey[:len(primaryIndexKey):len(primaryIndexKey)]
}
if len(family.ColumnIDs) == 1 && family.ColumnIDs[0] == family.DefaultColumnID {
// Storage optimization to store DefaultColumnID directly as a value. Also
// backwards compatible with the original BaseFormatVersion.
idx, ok := ru.updateColIDtoRowIndex[family.DefaultColumnID]
if !ok {
continue
}
ru.key = keys.MakeFamilyKey(primaryIndexKey, uint32(family.ID))
if log.V(2) {
log.Infof("Put %s -> %v", ru.key, ru.marshalled[idx].PrettyPrint())
}
b.Put(&ru.key, &ru.marshalled[idx])
ru.key = nil
continue
}
ru.key = keys.MakeFamilyKey(primaryIndexKey, uint32(family.ID))
ru.valueBuf = ru.valueBuf[:0]
var lastColID sqlbase.ColumnID
familySortedColumnIDs, ok := ru.helper.sortedColumnFamily(family.ID)
if !ok {
panic("invalid family sorted column id map")
}
for _, colID := range familySortedColumnIDs {
if ru.helper.columnInPK(colID) {
if family.ID != 0 {
return nil, errors.Errorf("primary index column %d must be in family 0, was %d", colID, family.ID)
}
// Skip primary key columns as their values are encoded in the key of
// each family. Family 0 is guaranteed to exist and acts as a sentinel.
continue
}
idx, ok := ru.fetchColIDtoRowIndex[colID]
if !ok {
return nil, errors.Errorf("column %d was expected to be fetched, but wasn't", colID)
}
col := ru.fetchCols[idx]
if ru.newValues[idx].Compare(parser.DNull) == 0 {
continue
}
if lastColID > col.ID {
panic(fmt.Errorf("cannot write column id %d after %d", col.ID, lastColID))
}
colIDDiff := col.ID - lastColID
lastColID = col.ID
ru.valueBuf, err = sqlbase.EncodeTableValue(ru.valueBuf, colIDDiff, ru.newValues[idx])
if err != nil {
return nil, err
}
}
if family.ID != 0 && len(ru.valueBuf) == 0 {
// The family might have already existed but every column in it is being
// set to NULL, so delete it.
if log.V(2) {
log.Infof("Del %s", ru.key)
}
b.Del(&ru.key)
} else {
ru.value.SetTuple(ru.valueBuf)
if log.V(2) {
log.Infof("Put %s -> %v", ru.key, ru.value.PrettyPrint())
}
b.Put(&ru.key, &ru.value)
}
ru.key = nil
}
// Update secondary indexes.
for i, newSecondaryIndexEntry := range newSecondaryIndexEntries {
secondaryIndexEntry := secondaryIndexEntries[i]
secondaryKeyChanged := !bytes.Equal(newSecondaryIndexEntry.Key, secondaryIndexEntry.Key)
if secondaryKeyChanged {
if err := ru.fks.checkIdx(ru.helper.indexes[i].ID, oldValues, ru.newValues); err != nil {
return nil, err
}
if log.V(2) {
log.Infof("Del %s", secondaryIndexEntry.Key)
}
b.Del(secondaryIndexEntry.Key)
// Do not update Indexes in the DELETE_ONLY state.
if _, ok := ru.deleteOnlyIndex[i]; !ok {
if log.V(2) {
log.Infof("CPut %s -> %v", newSecondaryIndexEntry.Key, newSecondaryIndexEntry.Value.PrettyPrint())
}
b.CPut(newSecondaryIndexEntry.Key, &newSecondaryIndexEntry.Value, nil)
}
}
}
return ru.newValues, nil
}
// insertPutFn is used by insertRow when conflicts should be ignored.
// logValue is used for pretty printing.
func insertPutFn(b *client.Batch, key *roachpb.Key, value *roachpb.Value) {
if log.V(2) {
log.InfofDepth(1, "Put %s -> %s", *key, value.PrettyPrint())
}
b.Put(key, value)
}
// RenameTable renames the table.
// Privileges: DROP on source table, CREATE on destination database.
// Notes: postgres requires the table owner.
// mysql requires ALTER, DROP on the original table, and CREATE, INSERT
// on the new table (and does not copy privileges over).
func (p *planner) RenameTable(n *parser.RenameTable) (planNode, error) {
if err := n.NewName.NormalizeTableName(p.session.Database); err != nil {
return nil, err
}
if n.NewName.Table() == "" {
return nil, errEmptyTableName
}
if err := n.Name.NormalizeTableName(p.session.Database); err != nil {
return nil, err
}
dbDesc, err := p.getDatabaseDesc(n.Name.Database())
if err != nil {
return nil, err
}
if dbDesc == nil {
return nil, sqlbase.NewUndefinedDatabaseError(n.Name.Database())
}
tbKey := tableKey{dbDesc.ID, n.Name.Table()}.Key()
// Check if table exists.
gr, err := p.txn.Get(tbKey)
if err != nil {
return nil, err
}
if !gr.Exists() {
if n.IfExists {
// Noop.
return &emptyNode{}, nil
}
// Key does not exist, but we want it to: error out.
return nil, fmt.Errorf("table %q does not exist", n.Name.Table())
}
targetDbDesc, err := p.getDatabaseDesc(n.NewName.Database())
if err != nil {
return nil, err
}
if targetDbDesc == nil {
return nil, sqlbase.NewUndefinedDatabaseError(n.NewName.Database())
}
if err := p.checkPrivilege(targetDbDesc, privilege.CREATE); err != nil {
return nil, err
}
if n.Name.Database() == n.NewName.Database() && n.Name.Table() == n.NewName.Table() {
// Noop.
return &emptyNode{}, nil
}
tableDesc, err := p.getTableDesc(n.Name)
if err != nil {
return nil, err
}
if tableDesc == nil || tableDesc.State != sqlbase.TableDescriptor_PUBLIC {
return nil, sqlbase.NewUndefinedTableError(n.Name.String())
}
if err := p.checkPrivilege(tableDesc, privilege.DROP); err != nil {
return nil, err
}
tableDesc.SetName(n.NewName.Table())
tableDesc.ParentID = targetDbDesc.ID
descKey := sqlbase.MakeDescMetadataKey(tableDesc.GetID())
newTbKey := tableKey{targetDbDesc.ID, n.NewName.Table()}.Key()
if err := tableDesc.Validate(); err != nil {
return nil, err
}
descID := tableDesc.GetID()
descDesc := sqlbase.WrapDescriptor(tableDesc)
if err := tableDesc.SetUpVersion(); err != nil {
return nil, err
}
renameDetails := sqlbase.TableDescriptor_RenameInfo{
OldParentID: uint32(dbDesc.ID),
OldName: n.Name.Table()}
tableDesc.Renames = append(tableDesc.Renames, renameDetails)
if err := p.writeTableDesc(tableDesc); err != nil {
return nil, err
}
// We update the descriptor to the new name, but also leave the mapping of the
// old name to the id, so that the name is not reused until the schema changer
// has made sure it's not in use any more.
b := client.Batch{}
b.Put(descKey, descDesc)
b.CPut(newTbKey, descID, nil)
if err := p.txn.Run(&b); err != nil {
if _, ok := err.(*roachpb.ConditionFailedError); ok {
return nil, fmt.Errorf("table name %q already exists", n.NewName.Table())
}
return nil, err
}
p.notifySchemaChange(tableDesc.ID, sqlbase.InvalidMutationID)
p.setTestingVerifyMetadata(func(systemConfig config.SystemConfig) error {
if err := expectDescriptorID(systemConfig, newTbKey, descID); err != nil {
return err
}
if err := expectDescriptor(systemConfig, descKey, descDesc); err != nil {
return err
}
return nil
})
return &emptyNode{}, nil
}