cockroach-teamcity
commented
2 years ago This change is 
Closed rimadeodhar closed 2 years ago
cockroach-teamcity
commented
2 years ago This change is
rimadeodhar
commented
2 years ago Also, once this is merged, what do I need to do to update the version? I presume I need to do a git tag along the lines of this https://go.dev/doc/modules/publishing? This is a non breaking change so just updating minor version should be sufficient.
rafiss
commented
2 years ago a test could be added to https://github.com/cockroachdb/cockroach-go/blob/master/testserver/testserver_test.go in TestRunServer. what do you think?
rafiss
commented
2 years ago ah, yup you're right! the SecureTenant*NonStable tests should cover this.
This PR adds tenant scoping to the client certs created for accessing tenant servers. Tenant scopes were added as a way to restrict the ability of client certs to validate with a specific set of tenants in v22.2. Without tenant scoping, the client certs created for tenant servers will not be able to connect to non system tenant servers. This PR fixes this problem by updating the client cert generation command to specify the tenant scope argument while creating client certs for tenant servers.