Skip to content

Catalog: add migration for mock_authentication_nonce setting #33691

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 25, 2025
Merged

Catalog: add migration for mock_authentication_nonce setting #33691

merged 1 commit into from
Sep 25, 2025

Conversation

@DAlperin
Copy link
Member

@DAlperin DAlperin commented Sep 23, 2025
edited
Loading

The
SASL/SCRAM
PR introduces the need for some stable, cluster wide, cryptographically
random key material. We use this material to be able to present
deterministic challenges for even users that don't exist to guard
against enumeration attacks.

However that PR made a bad assumption that the initialize step of
catalog opening would always add this new key. But old versions that
have already been initialized wouldn't have it! This PR add code to
generate it for old versions

Motivation

Fixes https://github.com/MaterializeInc/database-issues/issues/9724

Tips for reviewer

Checklist

  • This PR has adequate test coverage / QA involvement has been duly considered. (trigger-ci for additional test/nightly runs)
  • This PR has an associated up-to-date design doc, is a design doc (template), or is sufficiently small to not require a design.
  • If this PR evolves an existing $T ⇔ Proto$T mapping (possibly in a backwards-incompatible way), then it is tagged with a T-proto label.
  • If this PR will require changes to cloud orchestration or tests, there is a companion cloud PR to account for those changes that is tagged with the release-blocker label (example).
  • If this PR includes major user-facing behavior changes, I have pinged the relevant PM to schedule a changelog post.

@DAlperin DAlperin requested a review from a team as a code owner September 23, 2025 14:45
@DAlperin DAlperin requested a review from SangJunBak September 23, 2025 14:45
@DAlperin DAlperin force-pushed the dov/migrate-mock-nonce branch 3 times, most recently from db4d6c3 to 78d1f22 Compare September 23, 2025 16:58
SangJunBak
SangJunBak requested changes Sep 23, 2025
View reviewed changes
@teskje teskje mentioned this pull request Sep 24, 2025
Merged
5 tasks
@DAlperin
Catalog: add migration for mock_authentication_nonce setting
fc09ad9 
The
[SASL/SCRAM](MaterializeInc#33468)
PR introduces the need for some stable, cluster wide, cryptographically
random key material. We use this material to be able to present
deterministic challenges for even users that don't exist to guard
against enumeration attacks. 

However that PR made a bad assumption that the initialize step of
catalog opening would always add this new key. But old versions that
have already been initialized wouldn't have it! This PR add code to
generate it for old versions
@DAlperin DAlperin force-pushed the dov/migrate-mock-nonce branch from 78d1f22 to fc09ad9 Compare September 24, 2025 16:34
@DAlperin
Copy link
Member Author

DAlperin commented Sep 25, 2025

TYFTR!

@DAlperin DAlperin merged commit e936553 into MaterializeInc:main Sep 25, 2025
182 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SangJunBak SangJunBak SangJunBak approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@DAlperin @SangJunBak