Skip to content

Commit

Permalink
server: use actual TenantID for multi-tenant KV admission control
Browse files Browse the repository at this point in the history 
Informs cockroachdb#65954

Release note (ops change): Enabling admission.kv.enabled may provide
better inter-tenant isolation for multi-tenant KV nodes.
  • Loading branch information
@sumeerbhola
sumeerbhola committed Jul 13, 2021
1 parent b3b850e commit 34c1ba9
Showing 1 changed file with 12 additions and 5 deletions.
17 changes: 12 additions & 5 deletions pkg/server/node.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -916,12 +916,19 @@ func (n *Node) Batch(
var callAdmittedWorkDone bool
var tenantID roachpb.TenantID
if n.admissionQ != nil {
var ok bool
tenantID, ok = roachpb.TenantFromContext(ctx)
if !ok {
tenantID = roachpb.SystemTenantID
}
bypassAdmission := args.IsAdmin()
// TODO(sumeer): properly initialize tenant ID. If non-SystemTenantID sends
// a request with source other than AdmissionHeader_FROM_SQL, change it to
// FROM_SQL.
tenantID = roachpb.SystemTenantID
if args.AdmissionHeader.Source == roachpb.AdmissionHeader_OTHER {
source := args.AdmissionHeader.Source
if !roachpb.IsSystemTenantID(tenantID.ToUint64()) {
// Request is from a SQL node.
bypassAdmission = false
source = roachpb.AdmissionHeader_FROM_SQL
}
if source == roachpb.AdmissionHeader_OTHER {
bypassAdmission = true
}
createTime := args.AdmissionHeader.CreateTime
Expand Down

0 comments on commit 34c1ba9

Please sign in to comment.