feat(query): add api for users & roles (#17553)

* feat(query): add api for users & roles

* z

* z

* z

* z

* z

* z

* z

* z

* z

* z

* z

* z

* z

* z

* z

* z

* z

Author: everpcpc

src/query/service/src/servers/http/middleware/session.rs

@@ -94,6 +94,7 @@ pub enum EndpointKind {
     UploadToStage,
     SystemInfo,
     Catalog,
+    Metadata,
 }
 
 impl EndpointKind {
@@ -121,6 +122,7 @@ impl EndpointKind {
             | EndpointKind::SystemInfo
             | EndpointKind::HeartBeat
             | EndpointKind::UploadToStage
+            | EndpointKind::Metadata
             | EndpointKind::Catalog => {
                 if GlobalConfig::instance().query.management_mode {
                     Ok(None)

src/query/service/src/servers/http/v1/catalog/mod.rs

@@ -16,10 +16,12 @@ pub mod get_database_table;
 pub mod list_database_table_fields;
 pub mod list_database_tables;
 pub mod list_databases;
+pub mod search_databases;
 pub mod search_tables;
 
 pub use get_database_table::get_database_table_handler;
 pub use list_database_table_fields::list_database_table_fields_handler;
 pub use list_database_tables::list_database_tables_handler;
 pub use list_databases::list_databases_handler;
+pub use search_databases::search_databases_handler;
 pub use search_tables::search_tables_handler;

src/query/service/src/servers/http/v1/catalog/search_databases.rs

@@ -0,0 +1,84 @@
+// Copyright 2021 Datafuse Labs
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use databend_common_catalog::catalog::CatalogManager;
+use databend_common_exception::Result;
+use poem::error::InternalServerError;
+use poem::error::Result as PoemResult;
+use poem::web::Json;
+use poem::IntoResponse;
+use serde::Deserialize;
+use serde::Serialize;
+
+use crate::servers::http::v1::HttpQueryContext;
+
+#[derive(Deserialize, Clone)]
+struct SearchDatabasesRequest {
+    pub keyword: String,
+}
+
+#[derive(Serialize, Deserialize, Eq, PartialEq, Debug, Default)]
+pub struct SearchDatabasesResponse {
+    pub databases: Vec<DatabaseInfo>,
+    pub warnings: Vec<String>,
+}
+
+#[derive(Serialize, Deserialize, Eq, PartialEq, Debug, Default)]
+pub struct DatabaseInfo {
+    pub name: String,
+}
+
+#[async_backtrace::framed]
+async fn handle(ctx: &HttpQueryContext, keyword: String) -> Result<SearchDatabasesResponse> {
+    let tenant = ctx.session.get_current_tenant();
+    let visibility_checker = ctx.session.get_visibility_checker(false).await?;
+
+    let catalog = CatalogManager::instance().get_default_catalog(Default::default())?;
+
+    let mut databases = vec![];
+    let warnings = vec![];
+
+    for db in catalog.list_databases(&tenant).await? {
+        if !db.name().contains(&keyword) {
+            continue;
+        }
+        if !visibility_checker.check_database_visibility(
+            catalog.name().as_str(),
+            db.name(),
+            db.get_db_info().database_id.db_id,
+        ) {
+            continue;
+        }
+        databases.push(DatabaseInfo {
+            name: db.name().to_string(),
+        });
+    }
+
+    Ok(SearchDatabasesResponse {
+        databases,
+        warnings,
+    })
+}
+
+#[poem::handler]
+#[async_backtrace::framed]
+pub async fn search_databases_handler(
+    ctx: &HttpQueryContext,
+    Json(req): Json<SearchDatabasesRequest>,
+) -> PoemResult<impl IntoResponse> {
+    let resp = handle(ctx, req.keyword)
+        .await
+        .map_err(InternalServerError)?;
+    Ok(Json(resp))
+}

src/query/service/src/servers/http/v1/http_query_handlers.rs

@@ -54,6 +54,7 @@ use crate::servers::http::v1::catalog::get_database_table_handler;
 use crate::servers::http::v1::catalog::list_database_table_fields_handler;
 use crate::servers::http::v1::catalog::list_database_tables_handler;
 use crate::servers::http::v1::catalog::list_databases_handler;
+use crate::servers::http::v1::catalog::search_databases_handler;
 use crate::servers::http::v1::catalog::search_tables_handler;
 use crate::servers::http::v1::discovery_nodes;
 use crate::servers::http::v1::list_suggestions;
@@ -62,7 +63,10 @@ use crate::servers::http::v1::logout_handler;
 use crate::servers::http::v1::query::string_block::StringBlock;
 use crate::servers::http::v1::query::Progresses;
 use crate::servers::http::v1::refresh_handler;
+use crate::servers::http::v1::roles::list_roles_handler;
 use crate::servers::http::v1::upload_to_stage;
+use crate::servers::http::v1::users::create_user_handler;
+use crate::servers::http::v1::users::list_users_handler;
 use crate::servers::http::v1::verify_handler;
 use crate::servers::http::v1::HttpQueryContext;
 use crate::servers::http::v1::HttpQueryManager;
@@ -502,10 +506,21 @@ pub fn query_route() -> Route {
             EndpointKind::Catalog,
         ),
         (
-            "/catalog/tables/search",
+            "/catalog/search/tables",
             post(search_tables_handler),
             EndpointKind::Catalog,
         ),
+        (
+            "/catalog/search/databases",
+            post(search_databases_handler),
+            EndpointKind::Catalog,
+        ),
+        (
+            "/users",
+            get(list_users_handler).post(create_user_handler),
+            EndpointKind::Metadata,
+        ),
+        ("/roles", get(list_roles_handler), EndpointKind::Metadata),
     ];
 
     let mut route = Route::new();
@@ -518,6 +533,7 @@ pub fn query_route() -> Route {
                 .with(CookieJarManager::new()),
         );
     }
+
     route
 }
 

src/query/service/src/servers/http/v1/mod.rs

@@ -16,9 +16,11 @@ pub mod catalog;
 mod discovery;
 mod http_query_handlers;
 mod query;
+pub mod roles;
 mod session;
 mod stage;
 mod suggestions;
+pub mod users;
 mod verify;
 
 pub use discovery::discovery_nodes;
@@ -35,6 +37,7 @@ pub use query::ExpiringState;
 pub use query::HttpQueryContext;
 pub use query::HttpQueryManager;
 pub use query::HttpSessionConf;
+pub use roles::list_roles_handler;
 pub use session::login_handler::login_handler;
 pub use session::login_handler::LoginResponse;
 pub use session::logout_handler::logout_handler;
@@ -47,6 +50,8 @@ pub use stage::upload_to_stage;
 pub use stage::UploadToStageResponse;
 pub use suggestions::list_suggestions;
 pub use suggestions::SuggestionsResponse;
+pub use users::create_user_handler;
+pub use users::list_users_handler;
 pub use verify::verify_handler;
 
 pub use crate::servers::http::clickhouse_handler::clickhouse_router;

src/query/service/src/servers/http/v1/roles.rs

@@ -0,0 +1,73 @@
+// Copyright 2021 Datafuse Labs
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use databend_common_exception::Result;
+use poem::error::InternalServerError;
+use poem::error::Result as PoemResult;
+use poem::web::Json;
+use poem::IntoResponse;
+use serde::Deserialize;
+use serde::Serialize;
+
+use crate::servers::http::v1::HttpQueryContext;
+
+#[derive(Serialize, Deserialize, Debug, Clone)]
+pub struct ListRolesResponse {
+    pub roles: Vec<RoleInfo>,
+}
+
+#[derive(Serialize, Deserialize, Debug, Clone)]
+pub struct RoleInfo {
+    pub name: String,
+    pub is_current: bool,
+    pub is_default: bool,
+}
+
+#[async_backtrace::framed]
+async fn handle(ctx: &HttpQueryContext) -> Result<ListRolesResponse> {
+    let user = ctx.session.get_current_user()?;
+    let current_role = ctx
+        .session
+        .get_current_role()
+        .map_or("public".to_string(), |role| role.name);
+    let default_role = user
+        .option
+        .default_role()
+        .map_or("public".to_string(), |role| role.to_string());
+    let mut roles = vec![];
+    for role in user.grants.roles() {
+        let is_current = role == current_role;
+        let is_default = role == default_role;
+        roles.push(RoleInfo {
+            name: role.clone(),
+            is_current,
+            is_default,
+        });
+    }
+    if roles.is_empty() {
+        roles.push(RoleInfo {
+            name: "public".to_string(),
+            is_current: true,
+            is_default: true,
+        });
+    }
+    Ok(ListRolesResponse { roles })
+}
+
+#[poem::handler]
+#[async_backtrace::framed]
+pub async fn list_roles_handler(ctx: &HttpQueryContext) -> PoemResult<impl IntoResponse> {
+    let resp = handle(ctx).await.map_err(InternalServerError)?;
+    Ok(Json(resp))
+}