From 0619746abda61977c7ce33468e185490c49fb267 Mon Sep 17 00:00:00 2001 From: Evan Wall Date: Wed, 15 Mar 2023 08:12:24 -0400 Subject: [PATCH] multitenant: make AdminMerge onlySystemTenant Fixes #95138 AdminMerge is currently only called by the system tenant even though it is named similarly to other Admin* functions so it does not need its own capability for now. This changes its required capability from noCapCheckNeeded to onlySystemTenant to prevent secondary tenants from calling it. Release note: None --- .../tenantcapabilitiesauthorizer/authorizer.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/pkg/multitenant/tenantcapabilities/tenantcapabilitiesauthorizer/authorizer.go b/pkg/multitenant/tenantcapabilities/tenantcapabilitiesauthorizer/authorizer.go index f7056f251e1f..329d2e12362e 100644 --- a/pkg/multitenant/tenantcapabilities/tenantcapabilitiesauthorizer/authorizer.go +++ b/pkg/multitenant/tenantcapabilities/tenantcapabilitiesauthorizer/authorizer.go @@ -161,11 +161,9 @@ var reqMethodToCap = map[kvpb.Method]tenantcapabilities.CapabilityID{ kvpb.AdminRelocateRange: tenantcapabilities.CanAdminRelocateRange, kvpb.AdminTransferLease: tenantcapabilities.CanAdminRelocateRange, - // TODO(ecwall): The following should also be authorized via specific capabilities. - kvpb.AdminMerge: noCapCheckNeeded, - // TODO(knz,arul): Verify with the relevant teams whether secondary // tenants have legitimate access to any of those. + kvpb.AdminMerge: onlySystemTenant, kvpb.AdminVerifyProtectedTimestamp: onlySystemTenant, kvpb.CheckConsistency: onlySystemTenant, kvpb.ComputeChecksum: onlySystemTenant,