Merge #51987

51987: util/log: new logging channels SQL_SCHEMA, USER_ADMIN and PRIVILEGES r=itsbilal a=knz Release note (cli change): Notable events that pertain to SQL schema, user and privilege changes are now sent on the new SQL_SCHEMA, USER_ADMIN and PRIVILEGES channels. These can now be redirected to different sinks from the other log entries. **SQL_SCHEMA** The SQL_SCHEMA channel is used to report changes to the SQL logical schema, excluding privilege and ownership changes (which are reported on the separate channel PRIVILEGES) and zone config changes (which go to OPS). This includes: - database/schema/table/sequence/view/type creation - adding/removing/changing table columns - changing sequence parameters etc., more generally changes to the schema that affect the functional behavior of client apps using stored objects. **USER_ADMIN** The USER_ADMIN channel is the channel used to report changes in users and roles, including: - users added/dropped. - changes to authentication credentials, incl passwords, validity etc. - role grants/revocations. - role option grants/revocations. This is typically configured in "audit" mode, with event numbering and synchronous writes. **PRIVILEGES** The PRIVILEGES channel is the channel used to report data authorization changes, including: - privilege grants/revocations on database, objects etc. - object ownership changes. This is typically configured in "audit" mode, with event numbering and synchronous writes. Co-authored-by: Raphael 'kena' Poss <knz@thaumogen.net>
cockroachdb · Dec 15, 2020 · 99b9b21 · 99b9b21
2 parents d300362 + b046f5b
commit 99b9b21
Show file tree

Hide file tree

Showing 16 changed files with 2,896 additions and 1,443 deletions.
diff --git a/docs/generated/eventlog.md b/docs/generated/eventlog.md
@@ -140,30 +140,8 @@ They are relative to a particular SQL tenant.
 In a multi-tenant setup, copies of DDL-related events are preserved
 in each tenant's own system.eventlog table.
 
-Events in this category are logged to channel DEV.
-
+Events in this category are logged to channel SQL_SCHEMA.
 
-## `alter_database_owner`
-
-An event of type `alter_database_owner` is recorded when a database's owner is changed.
-
-
-| Field | Description |
-|--|--|
-| `DatabaseName` | The name of the database being affected. |
-| `Owner` | The name of the new owner. |
-
-
-### Common fields
-
-| Field | Description |
-|--|--|
-| `Timestamp` | The timestamp of the event. |
-| `EventType` | The type of the event. |
-| `Statement` | A normalized copy of the SQL statement that triggered the event. |
-| `User` | The user account that triggered the event. |
-| `InstanceID` | The instance ID (not tenant ID) of the SQL server where the event was originated. |
-| `DescriptorID` | The primary object descriptor affected by the operation. Set to zero for operations that don't affect descriptors. |
 
 ## `alter_index`
 
@@ -177,28 +155,6 @@ An event of type `alter_index` is recorded when an index is altered.
 | `MutationID` | The mutation ID for the asynchronous job that is processing the index update. |
 
 
-### Common fields
-
-| Field | Description |
-|--|--|
-| `Timestamp` | The timestamp of the event. |
-| `EventType` | The type of the event. |
-| `Statement` | A normalized copy of the SQL statement that triggered the event. |
-| `User` | The user account that triggered the event. |
-| `InstanceID` | The instance ID (not tenant ID) of the SQL server where the event was originated. |
-| `DescriptorID` | The primary object descriptor affected by the operation. Set to zero for operations that don't affect descriptors. |
-
-## `alter_schema_owner`
-
-An event of type `alter_schema_owner` is recorded when a schema's owner is changed.
-
-
-| Field | Description |
-|--|--|
-| `SchemaName` | The name of the affected schema. |
-| `Owner` | The name of the new owner. |
-
-
 ### Common fields
 
 | Field | Description |
@@ -264,28 +220,6 @@ EventAlterType is recorded when a user-defined type is altered.
 | `TypeName` | The name of the affected type. |
 
 
-### Common fields
-
-| Field | Description |
-|--|--|
-| `Timestamp` | The timestamp of the event. |
-| `EventType` | The type of the event. |
-| `Statement` | A normalized copy of the SQL statement that triggered the event. |
-| `User` | The user account that triggered the event. |
-| `InstanceID` | The instance ID (not tenant ID) of the SQL server where the event was originated. |
-| `DescriptorID` | The primary object descriptor affected by the operation. Set to zero for operations that don't affect descriptors. |
-
-## `alter_type_owner`
-
-An event of type `alter_type_owner` is recorded when the owner of a user-defiend type is changed.
-
-
-| Field | Description |
-|--|--|
-| `TypeName` | The name of the affected type. |
-| `Owner` | The name of the new owner. |
-
-
 ### Common fields
 
 | Field | Description |
@@ -1079,9 +1013,75 @@ They are relative to a particular SQL tenant.
 In a multi-tenant setup, copies of DDL-related events are preserved
 in each tenant's own system.eventlog table.
 
-Events in this category are logged to channel DEV.
+Events in this category are logged to channel PRIVILEGES.
 
 
+## `alter_database_owner`
+
+An event of type `alter_database_owner` is recorded when a database's owner is changed.
+
+
+| Field | Description |
+|--|--|
+| `DatabaseName` | The name of the database being affected. |
+| `Owner` | The name of the new owner. |
+
+
+### Common fields
+
+| Field | Description |
+|--|--|
+| `Timestamp` | The timestamp of the event. |
+| `EventType` | The type of the event. |
+| `Statement` | A normalized copy of the SQL statement that triggered the event. |
+| `User` | The user account that triggered the event. |
+| `InstanceID` | The instance ID (not tenant ID) of the SQL server where the event was originated. |
+| `DescriptorID` | The primary object descriptor affected by the operation. Set to zero for operations that don't affect descriptors. |
+
+## `alter_schema_owner`
+
+An event of type `alter_schema_owner` is recorded when a schema's owner is changed.
+
+
+| Field | Description |
+|--|--|
+| `SchemaName` | The name of the affected schema. |
+| `Owner` | The name of the new owner. |
+
+
+### Common fields
+
+| Field | Description |
+|--|--|
+| `Timestamp` | The timestamp of the event. |
+| `EventType` | The type of the event. |
+| `Statement` | A normalized copy of the SQL statement that triggered the event. |
+| `User` | The user account that triggered the event. |
+| `InstanceID` | The instance ID (not tenant ID) of the SQL server where the event was originated. |
+| `DescriptorID` | The primary object descriptor affected by the operation. Set to zero for operations that don't affect descriptors. |
+
+## `alter_type_owner`
+
+An event of type `alter_type_owner` is recorded when the owner of a user-defiend type is changed.
+
+
+| Field | Description |
+|--|--|
+| `TypeName` | The name of the affected type. |
+| `Owner` | The name of the new owner. |
+
+
+### Common fields
+
+| Field | Description |
+|--|--|
+| `Timestamp` | The timestamp of the event. |
+| `EventType` | The type of the event. |
+| `Statement` | A normalized copy of the SQL statement that triggered the event. |
+| `User` | The user account that triggered the event. |
+| `InstanceID` | The instance ID (not tenant ID) of the SQL server where the event was originated. |
+| `DescriptorID` | The primary object descriptor affected by the operation. Set to zero for operations that don't affect descriptors. |
+
 ## `change_database_privilege`
 
 An event of type `change_database_privilege` is recorded when privileges are
@@ -1191,7 +1191,7 @@ They are relative to a particular SQL tenant.
 In a multi-tenant setup, copies of DDL-related events are preserved
 in each tenant's own system.eventlog table.
 
-Events in this category are logged to channel DEV.
+Events in this category are logged to channel USER_ADMIN.
 
 
 ## `alter_role`

diff --git a/docs/generated/logging.md b/docs/generated/logging.md
@@ -54,6 +54,46 @@ The SESSIONS channel is the channel used to report client network activity:
 This is typically configured in "audit" mode, with event
 numbering and synchronous writes.
 
+## SQL_SCHEMA
+
+The SQL_SCHEMA channel is the channel used to report changes to the
+SQL logical schema, excluding privilege and ownership changes
+(which are reported on the separate channel PRIVILEGES) and
+zone config changes (which go to OPS).
+
+This includes:
+
+- database/schema/table/sequence/view/type creation
+- adding/removing/changing table columns
+- changing sequence parameters
+
+etc., more generally changes to the schema that affect the
+functional behavior of client apps using stored objects.
+
+## USER_ADMIN
+
+The USER_ADMIN channel is the channel used to report changes
+in users and roles, including:
+
+- users added/dropped.
+- changes to authentication credentials, incl passwords, validity etc.
+- role grants/revocations.
+- role option grants/revocations.
+
+This is typically configured in "audit" mode, with event
+numbering and synchronous writes.
+
+## PRIVILEGES
+
+The PRIVILEGES channel is the channel used to report data
+authorization changes, including:
+
+- privilege grants/revocations on database, objects etc.
+- object ownership changes.
+
+This is typically configured in "audit" mode, with event
+numbering and synchronous writes.
+
 ## SENSITIVE_ACCESS
 
 The SENSITIVE_ACCESS channel is the channel used to report SQL

diff --git a/pkg/cli/testdata/logflags b/pkg/cli/testdata/logflags
@@ -13,7 +13,7 @@ run
 start
 ----
 config: {<stdFileDefaults(<defaultLogDir>)>,
-sinks: {file-groups: {default: <fileCfg([DEV],<defaultLogDir>,false,crdb-v1)>,
+sinks: {file-groups: {default: <fileCfg(['DEV,SQL_SCHEMA,USER_ADMIN,PRIVILEGES'],<defaultLogDir>,false,crdb-v1)>,
 pebble: <fileCfg([STORAGE],<defaultLogDir>,false,crdb-v1)>,
 sql-audit: <fileCfg([SENSITIVE_ACCESS],<defaultLogDir>,true,crdb-v1-count)>,
 sql-auth: <fileCfg([SESSIONS],<defaultLogDir>,true,crdb-v1-count)>,
@@ -28,7 +28,7 @@ run
 start-single-node
 ----
 config: {<stdFileDefaults(<defaultLogDir>)>,
-sinks: {file-groups: {default: <fileCfg([DEV],<defaultLogDir>,false,crdb-v1)>,
+sinks: {file-groups: {default: <fileCfg(['DEV,SQL_SCHEMA,USER_ADMIN,PRIVILEGES'],<defaultLogDir>,false,crdb-v1)>,
 pebble: <fileCfg([STORAGE],<defaultLogDir>,false,crdb-v1)>,
 sql-audit: <fileCfg([SENSITIVE_ACCESS],<defaultLogDir>,true,crdb-v1-count)>,
 sql-auth: <fileCfg([SESSIONS],<defaultLogDir>,true,crdb-v1-count)>,
@@ -98,7 +98,7 @@ start
 --store=path=/pathB
 ----
 config: {<stdFileDefaults(/pathA/logs)>,
-sinks: {file-groups: {default: <fileCfg([DEV],/pathA/logs,false,crdb-v1)>,
+sinks: {file-groups: {default: <fileCfg(['DEV,SQL_SCHEMA,USER_ADMIN,PRIVILEGES'],/pathA/logs,false,crdb-v1)>,
 pebble: <fileCfg([STORAGE],/pathA/logs,false,crdb-v1)>,
 sql-audit: <fileCfg([SENSITIVE_ACCESS],/pathA/logs,true,crdb-v1-count)>,
 sql-auth: <fileCfg([SESSIONS],/pathA/logs,true,crdb-v1-count)>,
@@ -115,7 +115,7 @@ start
 --log=file-defaults: {dir: /mypath}
 ----
 config: {<stdFileDefaults(/mypath)>,
-sinks: {file-groups: {default: <fileCfg([DEV],/mypath,false,crdb-v1)>,
+sinks: {file-groups: {default: <fileCfg(['DEV,SQL_SCHEMA,USER_ADMIN,PRIVILEGES'],/mypath,false,crdb-v1)>,
 pebble: <fileCfg([STORAGE],/mypath,false,crdb-v1)>,
 sql-audit: <fileCfg([SENSITIVE_ACCESS],/mypath,true,crdb-v1-count)>,
 sql-auth: <fileCfg([SESSIONS],/mypath,true,crdb-v1-count)>,
@@ -133,7 +133,7 @@ start
 --log=file-defaults: {dir: /pathA/logs}
 ----
 config: {<stdFileDefaults(/pathA/logs)>,
-sinks: {file-groups: {default: <fileCfg([DEV],/pathA/logs,false,crdb-v1)>,
+sinks: {file-groups: {default: <fileCfg(['DEV,SQL_SCHEMA,USER_ADMIN,PRIVILEGES'],/pathA/logs,false,crdb-v1)>,
 pebble: <fileCfg([STORAGE],/pathA/logs,false,crdb-v1)>,
 sql-audit: <fileCfg([SENSITIVE_ACCESS],/pathA/logs,true,crdb-v1-count)>,
 sql-auth: <fileCfg([SESSIONS],/pathA/logs,true,crdb-v1-count)>,
@@ -156,7 +156,7 @@ start
 --log=file-defaults: {dir: /mypath}
 ----
 config: {<stdFileDefaults(/mypath)>,
-sinks: {file-groups: {default: <fileCfg([DEV],/mypath,false,crdb-v1)>,
+sinks: {file-groups: {default: <fileCfg(['DEV,SQL_SCHEMA,USER_ADMIN,PRIVILEGES'],/mypath,false,crdb-v1)>,
 pebble: <fileCfg([STORAGE],/mypath,false,crdb-v1)>,
 sql-audit: <fileCfg([SENSITIVE_ACCESS],/mypath,true,crdb-v1-count)>,
 sql-auth: <fileCfg([SESSIONS],/mypath,true,crdb-v1-count)>,
@@ -172,7 +172,7 @@ start
 --log=sinks: {stderr: {filter: ERROR}}
 ----
 config: {<stdFileDefaults(<defaultLogDir>)>,
-sinks: {file-groups: {default: <fileCfg([DEV],<defaultLogDir>,false,crdb-v1)>,
+sinks: {file-groups: {default: <fileCfg(['DEV,SQL_SCHEMA,USER_ADMIN,PRIVILEGES'],<defaultLogDir>,false,crdb-v1)>,
 pebble: <fileCfg([STORAGE],<defaultLogDir>,false,crdb-v1)>,
 sql-audit: <fileCfg([SENSITIVE_ACCESS],<defaultLogDir>,true,crdb-v1-count)>,
 sql-auth: <fileCfg([SESSIONS],<defaultLogDir>,true,crdb-v1-count)>,
@@ -189,7 +189,7 @@ start
 --log=capture-stray-errors: {enable: false}
 ----
 config: {<stdFileDefaults(<defaultLogDir>)>,
-sinks: {file-groups: {default: <fileCfg([DEV],<defaultLogDir>,false,crdb-v1)>,
+sinks: {file-groups: {default: <fileCfg(['DEV,SQL_SCHEMA,USER_ADMIN,PRIVILEGES'],<defaultLogDir>,false,crdb-v1)>,
 pebble: <fileCfg([STORAGE],<defaultLogDir>,false,crdb-v1)>,
 sql-audit: <fileCfg([SENSITIVE_ACCESS],<defaultLogDir>,true,crdb-v1-count)>,
 sql-auth: <fileCfg([SESSIONS],<defaultLogDir>,true,crdb-v1-count)>,
@@ -236,7 +236,7 @@ start
 --log-dir=/mypath
 ----
 config: {<stdFileDefaults(/mypath)>,
-sinks: {file-groups: {default: <fileCfg([DEV],/mypath,false,crdb-v1)>,
+sinks: {file-groups: {default: <fileCfg(['DEV,SQL_SCHEMA,USER_ADMIN,PRIVILEGES'],/mypath,false,crdb-v1)>,
 pebble: <fileCfg([STORAGE],/mypath,false,crdb-v1)>,
 sql-audit: <fileCfg([SENSITIVE_ACCESS],/mypath,true,crdb-v1-count)>,
 sql-auth: <fileCfg([SESSIONS],/mypath,true,crdb-v1-count)>,
@@ -254,7 +254,7 @@ start
 --log-dir=/pathA
 ----
 config: {<stdFileDefaults(/pathA)>,
-sinks: {file-groups: {default: <fileCfg([DEV],/pathA,false,crdb-v1)>,
+sinks: {file-groups: {default: <fileCfg(['DEV,SQL_SCHEMA,USER_ADMIN,PRIVILEGES'],/pathA,false,crdb-v1)>,
 pebble: <fileCfg([STORAGE],/pathA,false,crdb-v1)>,
 sql-audit: <fileCfg([SENSITIVE_ACCESS],/pathA,true,crdb-v1-count)>,
 sql-auth: <fileCfg([SESSIONS],/pathA,true,crdb-v1-count)>,
@@ -287,7 +287,7 @@ start
 --logtostderr=INFO
 ----
 config: {<stdFileDefaults(<defaultLogDir>)>,
-sinks: {file-groups: {default: <fileCfg([DEV],<defaultLogDir>,false,crdb-v1)>,
+sinks: {file-groups: {default: <fileCfg(['DEV,SQL_SCHEMA,USER_ADMIN,PRIVILEGES'],<defaultLogDir>,false,crdb-v1)>,
 pebble: <fileCfg([STORAGE],<defaultLogDir>,false,crdb-v1)>,
 sql-audit: <fileCfg([SENSITIVE_ACCESS],<defaultLogDir>,true,crdb-v1-count)>,
 sql-auth: <fileCfg([SESSIONS],<defaultLogDir>,true,crdb-v1-count)>,
@@ -303,7 +303,7 @@ start
 --logtostderr
 ----
 config: {<stdFileDefaults(<defaultLogDir>)>,
-sinks: {file-groups: {default: <fileCfg([DEV],<defaultLogDir>,false,crdb-v1)>,
+sinks: {file-groups: {default: <fileCfg(['DEV,SQL_SCHEMA,USER_ADMIN,PRIVILEGES'],<defaultLogDir>,false,crdb-v1)>,
 pebble: <fileCfg([STORAGE],<defaultLogDir>,false,crdb-v1)>,
 sql-audit: <fileCfg([SENSITIVE_ACCESS],<defaultLogDir>,true,crdb-v1-count)>,
 sql-auth: <fileCfg([SESSIONS],<defaultLogDir>,true,crdb-v1-count)>,

diff --git a/pkg/util/log/channel/channel_generated.go b/pkg/util/log/channel/channel_generated.go