Merge cockroachdb#88304

88304: sql: add eventlog for UDF relevant statements r=chengxiong-ruan a=chengxiong-ruan Backport addresses cockroachdb#86058. Release note: None Release justification: low risk GA blocker Co-authored-by: Chengxiong Ruan <[email protected]>
andrewbaptist · Sep 22, 2022 · 5dc6853 · 5dc6853
2 parents 726cf22 + 9f36dad
commit 5dc6853
Show file tree

Hide file tree

Showing 9 changed files with 506 additions and 9 deletions.
diff --git a/docs/generated/eventlog.md b/docs/generated/eventlog.md
@@ -614,6 +614,30 @@ An event of type `alter_database_survival_goal` is recorded when the survival go
 | `SurvivalGoal` | The new survival goal | yes |
 
 
+#### Common fields
+
+| Field | Description | Sensitive |
+|--|--|--|
+| `Timestamp` | The timestamp of the event. Expressed as nanoseconds since the Unix epoch. | no |
+| `EventType` | The type of the event. | no |
+| `Statement` | A normalized copy of the SQL statement that triggered the event. The statement string contains a mix of sensitive and non-sensitive details (it is redactable). | partially |
+| `Tag` | The statement tag. This is separate from the statement string, since the statement string can contain sensitive information. The tag is guaranteed not to. | no |
+| `User` | The user account that triggered the event. The special usernames `root` and `node` are not considered sensitive. | depends |
+| `DescriptorID` | The primary object descriptor affected by the operation. Set to zero for operations that don't affect descriptors. | no |
+| `ApplicationName` | The application name for the session where the event was emitted. This is included in the event to ease filtering of logging output by application. | no |
+| `PlaceholderValues` | The mapping of SQL placeholders to their values, for prepared statements. | yes |
+
+### `alter_function_options`
+
+An event of type `alter_function_options` is recorded when a user-defined function's options are
+altered.
+
+
+| Field | Description | Sensitive |
+|--|--|--|
+| `FunctionName` | Name of the affected function. | yes |
+
+
 #### Common fields
 
 | Field | Description | Sensitive |
@@ -934,6 +958,30 @@ An event of type `create_database` is recorded when a database is created.
 | `DatabaseName` | The name of the new database. | yes |
 
 
+#### Common fields
+
+| Field | Description | Sensitive |
+|--|--|--|
+| `Timestamp` | The timestamp of the event. Expressed as nanoseconds since the Unix epoch. | no |
+| `EventType` | The type of the event. | no |
+| `Statement` | A normalized copy of the SQL statement that triggered the event. The statement string contains a mix of sensitive and non-sensitive details (it is redactable). | partially |
+| `Tag` | The statement tag. This is separate from the statement string, since the statement string can contain sensitive information. The tag is guaranteed not to. | no |
+| `User` | The user account that triggered the event. The special usernames `root` and `node` are not considered sensitive. | depends |
+| `DescriptorID` | The primary object descriptor affected by the operation. Set to zero for operations that don't affect descriptors. | no |
+| `ApplicationName` | The application name for the session where the event was emitted. This is included in the event to ease filtering of logging output by application. | no |
+| `PlaceholderValues` | The mapping of SQL placeholders to their values, for prepared statements. | yes |
+
+### `create_function`
+
+An event of type `create_function` is recorded when a user-defined function is created.
+
+
+| Field | Description | Sensitive |
+|--|--|--|
+| `FunctionName` | Name of the created function. | yes |
+| `IsReplace` | If the new function is a replace of an existing function. | no |
+
+
 #### Common fields
 
 | Field | Description | Sensitive |
@@ -1131,6 +1179,29 @@ An event of type `drop_database` is recorded when a database is dropped.
 | `DroppedSchemaObjects` | The names of the schemas dropped by a cascade operation. | yes |
 
 
+#### Common fields
+
+| Field | Description | Sensitive |
+|--|--|--|
+| `Timestamp` | The timestamp of the event. Expressed as nanoseconds since the Unix epoch. | no |
+| `EventType` | The type of the event. | no |
+| `Statement` | A normalized copy of the SQL statement that triggered the event. The statement string contains a mix of sensitive and non-sensitive details (it is redactable). | partially |
+| `Tag` | The statement tag. This is separate from the statement string, since the statement string can contain sensitive information. The tag is guaranteed not to. | no |
+| `User` | The user account that triggered the event. The special usernames `root` and `node` are not considered sensitive. | depends |
+| `DescriptorID` | The primary object descriptor affected by the operation. Set to zero for operations that don't affect descriptors. | no |
+| `ApplicationName` | The application name for the session where the event was emitted. This is included in the event to ease filtering of logging output by application. | no |
+| `PlaceholderValues` | The mapping of SQL placeholders to their values, for prepared statements. | yes |
+
+### `drop_function`
+
+An event of type `drop_function` is recorded when a user-defined function is dropped.
+
+
+| Field | Description | Sensitive |
+|--|--|--|
+| `FunctionName` | Name of the created function. | yes |
+
+
 #### Common fields
 
 | Field | Description | Sensitive |
@@ -1356,6 +1427,30 @@ An event of type `rename_database` is recorded when a database is renamed.
 | `NewDatabaseName` | The new name of the affected database. | yes |
 
 
+#### Common fields
+
+| Field | Description | Sensitive |
+|--|--|--|
+| `Timestamp` | The timestamp of the event. Expressed as nanoseconds since the Unix epoch. | no |
+| `EventType` | The type of the event. | no |
+| `Statement` | A normalized copy of the SQL statement that triggered the event. The statement string contains a mix of sensitive and non-sensitive details (it is redactable). | partially |
+| `Tag` | The statement tag. This is separate from the statement string, since the statement string can contain sensitive information. The tag is guaranteed not to. | no |
+| `User` | The user account that triggered the event. The special usernames `root` and `node` are not considered sensitive. | depends |
+| `DescriptorID` | The primary object descriptor affected by the operation. Set to zero for operations that don't affect descriptors. | no |
+| `ApplicationName` | The application name for the session where the event was emitted. This is included in the event to ease filtering of logging output by application. | no |
+| `PlaceholderValues` | The mapping of SQL placeholders to their values, for prepared statements. | yes |
+
+### `rename_function`
+
+An event of type `rename_function` is recorded when a user-defined function is renamed.
+
+
+| Field | Description | Sensitive |
+|--|--|--|
+| `FunctionName` | The old name of the affected function. | yes |
+| `NewFunctionName` | The new name of the affected function. | yes |
+
+
 #### Common fields
 
 | Field | Description | Sensitive |
@@ -1699,6 +1794,30 @@ An event of type `alter_default_privileges` is recorded when default privileges
 | `GrantedPrivileges` | The privileges being granted to the grantee. | no |
 | `RevokedPrivileges` | The privileges being revoked from the grantee. | no |
 
+### `alter_function_owner`
+
+AlterTableOwner is recorded when the owner of a user-defined function is changed.
+
+
+| Field | Description | Sensitive |
+|--|--|--|
+| `FunctionName` | The name of the affected user-defined function. | yes |
+| `Owner` | The name of the new owner. | yes |
+
+
+#### Common fields
+
+| Field | Description | Sensitive |
+|--|--|--|
+| `Timestamp` | The timestamp of the event. Expressed as nanoseconds since the Unix epoch. | no |
+| `EventType` | The type of the event. | no |
+| `Statement` | A normalized copy of the SQL statement that triggered the event. The statement string contains a mix of sensitive and non-sensitive details (it is redactable). | partially |
+| `Tag` | The statement tag. This is separate from the statement string, since the statement string can contain sensitive information. The tag is guaranteed not to. | no |
+| `User` | The user account that triggered the event. The special usernames `root` and `node` are not considered sensitive. | depends |
+| `DescriptorID` | The primary object descriptor affected by the operation. Set to zero for operations that don't affect descriptors. | no |
+| `ApplicationName` | The application name for the session where the event was emitted. This is included in the event to ease filtering of logging output by application. | no |
+| `PlaceholderValues` | The mapping of SQL placeholders to their values, for prepared statements. | yes |
+
 ### `alter_schema_owner`
 
 An event of type `alter_schema_owner` is recorded when a schema's owner is changed.

diff --git a/pkg/sql/alter_function.go b/pkg/sql/alter_function.go
@@ -24,6 +24,7 @@ import (
 	"github.com/cockroachdb/cockroach/pkg/sql/sem/tree"
 	"github.com/cockroachdb/cockroach/pkg/sql/types"
 	"github.com/cockroachdb/cockroach/pkg/util/errorutil/unimplemented"
+	"github.com/cockroachdb/cockroach/pkg/util/log/eventpb"
 )
 
 type alterFunctionOptionsNode struct {
@@ -86,7 +87,18 @@ func (n *alterFunctionOptionsNode) startExec(params runParams) error {
 		return err
 	}
 
-	return params.p.writeFuncSchemaChange(params.ctx, fnDesc)
+	if err := params.p.writeFuncSchemaChange(params.ctx, fnDesc); err != nil {
+		return err
+	}
+
+	fnName, err := params.p.getQualifiedFunctionName(params.ctx, fnDesc)
+	if err != nil {
+		return err
+	}
+	event := eventpb.AlterFunctionOptions{
+		FunctionName: fnName.FQString(),
+	}
+	return params.p.logEvent(params.ctx, fnDesc.GetID(), &event)
 }
 
 func (n *alterFunctionOptionsNode) Next(params runParams) (bool, error) { return false, nil }
@@ -116,6 +128,10 @@ func (n *alterFunctionRenameNode) startExec(params runParams) error {
 	if err != nil {
 		return err
 	}
+	oldFnName, err := params.p.getQualifiedFunctionName(params.ctx, fnDesc)
+	if err != nil {
+		return err
+	}
 
 	scDesc, err := params.p.Descriptors().GetMutableSchemaByID(
 		params.ctx, params.p.txn, fnDesc.GetParentSchemaID(), tree.SchemaLookupFlags{Required: true},
@@ -145,7 +161,19 @@ func (n *alterFunctionRenameNode) startExec(params runParams) error {
 		return err
 	}
 
-	return params.p.writeSchemaDescChange(params.ctx, scDesc, "alter function name")
+	if err := params.p.writeSchemaDescChange(params.ctx, scDesc, "alter function name"); err != nil {
+		return err
+	}
+
+	newFnName, err := params.p.getQualifiedFunctionName(params.ctx, fnDesc)
+	if err != nil {
+		return err
+	}
+	event := eventpb.RenameFunction{
+		FunctionName:    oldFnName.FQString(),
+		NewFunctionName: newFnName.FQString(),
+	}
+	return params.p.logEvent(params.ctx, fnDesc.GetID(), &event)
 }
 
 func (n *alterFunctionRenameNode) Next(params runParams) (bool, error) { return false, nil }
@@ -193,7 +221,19 @@ func (n *alterFunctionSetOwnerNode) startExec(params runParams) error {
 	}
 
 	fnDesc.GetPrivileges().SetOwner(newOwner)
-	return params.p.writeFuncSchemaChange(params.ctx, fnDesc)
+	if err := params.p.writeFuncSchemaChange(params.ctx, fnDesc); err != nil {
+		return err
+	}
+
+	fnName, err := params.p.getQualifiedFunctionName(params.ctx, fnDesc)
+	if err != nil {
+		return err
+	}
+	event := eventpb.AlterFunctionOwner{
+		FunctionName: fnName.FQString(),
+		Owner:        newOwner.Normalized(),
+	}
+	return params.p.logEvent(params.ctx, fnDesc.GetID(), &event)
 }
 
 func (n *alterFunctionSetOwnerNode) Next(params runParams) (bool, error) { return false, nil }
@@ -223,6 +263,10 @@ func (n *alterFunctionSetSchemaNode) startExec(params runParams) error {
 	if err != nil {
 		return err
 	}
+	oldFnName, err := params.p.getQualifiedFunctionName(params.ctx, fnDesc)
+	if err != nil {
+		return err
+	}
 	// Functions cannot be resolved across db, so just use current db name to get
 	// the descriptor.
 	db, err := params.p.Descriptors().GetMutableDatabaseByName(
@@ -298,7 +342,20 @@ func (n *alterFunctionSetSchemaNode) startExec(params runParams) error {
 		return err
 	}
 	fnDesc.SetParentSchemaID(targetSc.GetID())
-	return params.p.writeFuncSchemaChange(params.ctx, fnDesc)
+	if err := params.p.writeFuncSchemaChange(params.ctx, fnDesc); err != nil {
+		return err
+	}
+
+	newFnName, err := params.p.getQualifiedFunctionName(params.ctx, fnDesc)
+	if err != nil {
+		return err
+	}
+	event := eventpb.SetSchema{
+		DescriptorName:    oldFnName.FQString(),
+		NewDescriptorName: newFnName.FQString(),
+		DescriptorType:    string(fnDesc.DescriptorType()),
+	}
+	return params.p.logEvent(params.ctx, fnDesc.GetID(), &event)
 }
 
 func (n *alterFunctionSetSchemaNode) Next(params runParams) (bool, error) { return false, nil }

diff --git a/pkg/sql/create_function.go b/pkg/sql/create_function.go
@@ -30,6 +30,7 @@ import (
 	"github.com/cockroachdb/cockroach/pkg/sql/sem/tree"
 	"github.com/cockroachdb/cockroach/pkg/sql/types"
 	"github.com/cockroachdb/cockroach/pkg/util/errorutil/unimplemented"
+	"github.com/cockroachdb/cockroach/pkg/util/log/eventpb"
 )
 
 type createFunctionNode struct {
@@ -81,10 +82,20 @@ func (n *createFunctionNode) startExec(params runParams) error {
 				return err
 			}
 
+			fnName := tree.MakeQualifiedFunctionName(n.dbDesc.GetName(), n.scDesc.GetName(), n.cf.FuncName.String())
+			event := eventpb.CreateFunction{
+				FunctionName: fnName.FQString(),
+				IsReplace:    !isNew,
+			}
 			if isNew {
-				return n.createNewFunction(udfMutableDesc, mutScDesc, params)
+				err = n.createNewFunction(udfMutableDesc, mutScDesc, params)
+			} else {
+				err = n.replaceFunction(udfMutableDesc, params)
+			}
+			if err != nil {
+				return err
 			}
-			return n.replaceFunction(udfMutableDesc, params)
+			return params.p.logEvent(params.ctx, udfMutableDesc.GetID(), &event)
 		}()
 	})
 

diff --git a/pkg/sql/drop_function.go b/pkg/sql/drop_function.go
@@ -22,6 +22,7 @@ import (
 	"github.com/cockroachdb/cockroach/pkg/sql/sem/tree"
 	"github.com/cockroachdb/cockroach/pkg/util"
 	"github.com/cockroachdb/cockroach/pkg/util/errorutil/unimplemented"
+	"github.com/cockroachdb/cockroach/pkg/util/log/eventpb"
 	"github.com/cockroachdb/errors"
 )
 
@@ -126,8 +127,8 @@ func (p *planner) matchUDF(
 	}
 	if !ol.IsUDF {
 		return nil, errors.Errorf(
-			"cannot drop function %s because it is required by the database system",
-			ol.Signature(true /*Simplify*/),
+			"cannot drop function %s%s because it is required by the database system",
+			fnDef.Name, ol.Signature(true /*Simplify*/),
 		)
 	}
 	return &ol, nil
@@ -229,7 +230,12 @@ func (p *planner) dropFunctionImpl(ctx context.Context, fnMutable *funcdesc.Muta
 
 	// Mark the UDF as dropped.
 	fnMutable.SetDropped()
-	return p.writeFuncSchemaChange(ctx, fnMutable)
+	if err := p.writeFuncSchemaChange(ctx, fnMutable); err != nil {
+		return err
+	}
+	fnName := tree.MakeQualifiedFunctionName(p.CurrentDatabase(), scDesc.GetName(), fnMutable.GetName())
+	event := eventpb.DropFunction{FunctionName: fnName.FQString()}
+	return p.logEvent(ctx, fnMutable.GetID(), &event)
 }
 
 func (p *planner) writeFuncDesc(ctx context.Context, funcDesc *funcdesc.Mutable) error {