Skip to content

Commit d153f02

Browse files
committed
refactor(query): normalize role mgr api boundaries
- RoleApi returns MetaError/MetaTxnError plus ExistError/UnknownError - Make get_role return Option instead of raising ErrorCode - Simplify update_role_with to internal read-modify-write by seq - Map ExistError/UnknownError to ErrorCode in role_ident - Update callers to convert meta errors via meta_service_error
1 parent 022c639 commit d153f02

File tree

13 files changed

+264
-315
lines changed

13 files changed

+264
-315
lines changed

src/meta/app/src/principal/role_ident.rs

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -36,10 +36,13 @@ impl RoleIdentRaw {
3636

3737
mod kvapi_impl {
3838

39+
use databend_common_exception::ErrorCode;
3940
use databend_meta_kvapi::kvapi;
4041

4142
use crate::principal::RoleIdent;
4243
use crate::principal::RoleInfo;
44+
use crate::tenant_key::errors::ExistError;
45+
use crate::tenant_key::errors::UnknownError;
4346
use crate::tenant_key::resource::TenantResource;
4447

4548
pub struct Resource;
@@ -58,9 +61,17 @@ mod kvapi_impl {
5861
}
5962
}
6063

61-
// // Use these error types to replace usage of ErrorCode if possible.
62-
// impl From<ExistError<Resource>> for ErrorCode {
63-
// impl From<UnknownError<Resource>> for ErrorCode {
64+
impl From<ExistError<Resource>> for ErrorCode {
65+
fn from(err: ExistError<Resource>) -> Self {
66+
ErrorCode::RoleAlreadyExists(err.to_string())
67+
}
68+
}
69+
70+
impl From<UnknownError<Resource>> for ErrorCode {
71+
fn from(err: UnknownError<Resource>) -> Self {
72+
ErrorCode::UnknownRole(err.to_string())
73+
}
74+
}
6475
}
6576

6677
#[cfg(test)]

src/query/management/src/role/role_api.rs

Lines changed: 38 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -12,57 +12,60 @@
1212
// See the License for the specific language governing permissions and
1313
// limitations under the License.
1414

15-
use databend_common_exception::Result;
15+
use databend_common_meta_api::meta_txn_error::MetaTxnError;
1616
use databend_common_meta_app::principal::OwnershipInfo;
1717
use databend_common_meta_app::principal::OwnershipObject;
1818
use databend_common_meta_app::principal::RoleInfo;
1919
use databend_common_meta_app::principal::role_ident;
2020
use databend_common_meta_app::tenant_key::errors::ExistError;
21+
use databend_common_meta_app::tenant_key::errors::UnknownError;
2122
use databend_meta_kvapi::kvapi::ListKVReply;
22-
use databend_meta_types::MatchSeq;
2323
use databend_meta_types::MetaError;
2424
use databend_meta_types::SeqV;
2525

2626
#[async_trait::async_trait]
2727
pub trait RoleApi: Sync + Send {
28-
async fn add_role(
28+
async fn create_role(
2929
&self,
3030
role_info: RoleInfo,
3131
can_replace: bool,
32-
) -> std::result::Result<std::result::Result<(), ExistError<role_ident::Resource>>, MetaError>;
32+
) -> Result<Result<(), ExistError<role_ident::Resource>>, MetaError>;
3333

34-
#[allow(clippy::ptr_arg)]
35-
async fn get_role(&self, role: &str, seq: MatchSeq) -> Result<SeqV<RoleInfo>>;
34+
async fn get_role(&self, role: &str) -> Result<Option<SeqV<RoleInfo>>, MetaError>;
3635

3736
/// get all roles that store in meta
38-
async fn get_meta_roles(&self) -> Result<Vec<SeqV<RoleInfo>>>;
37+
async fn get_meta_roles(&self) -> Result<Vec<SeqV<RoleInfo>>, MetaError>;
3938

40-
async fn get_raw_meta_roles(&self) -> Result<ListKVReply>;
39+
async fn get_raw_meta_roles(&self) -> Result<ListKVReply, MetaError>;
4140

42-
async fn list_ownerships(&self) -> Result<Vec<SeqV<OwnershipInfo>>>;
41+
async fn list_ownerships(&self) -> Result<Vec<SeqV<OwnershipInfo>>, MetaError>;
4342

44-
async fn list_udf_ownerships(&self) -> Result<Vec<OwnershipInfo>>;
45-
async fn list_stage_ownerships(&self) -> Result<Vec<OwnershipInfo>>;
46-
async fn list_seq_ownerships(&self) -> Result<Vec<OwnershipInfo>>;
47-
async fn list_procedure_ownerships(&self) -> Result<Vec<OwnershipInfo>>;
48-
async fn list_connection_ownerships(&self) -> Result<Vec<OwnershipInfo>>;
49-
async fn list_warehouse_ownerships(&self) -> Result<Vec<OwnershipInfo>>;
43+
async fn list_udf_ownerships(&self) -> Result<Vec<OwnershipInfo>, MetaError>;
44+
async fn list_stage_ownerships(&self) -> Result<Vec<OwnershipInfo>, MetaError>;
45+
async fn list_seq_ownerships(&self) -> Result<Vec<OwnershipInfo>, MetaError>;
46+
async fn list_procedure_ownerships(&self) -> Result<Vec<OwnershipInfo>, MetaError>;
47+
async fn list_connection_ownerships(&self) -> Result<Vec<OwnershipInfo>, MetaError>;
48+
async fn list_warehouse_ownerships(&self) -> Result<Vec<OwnershipInfo>, MetaError>;
5049

5150
/// General role update.
5251
///
53-
/// It fetches the role that matches the specified seq number, update it in place, then write it back with the seq it sees.
52+
/// It fetches the role, updates it in place, then writes it back with the seq it sees.
5453
///
5554
/// Seq number ensures there is no other write happens between get and set.
56-
#[allow(clippy::ptr_arg)]
57-
async fn update_role_with<F>(&self, role: &str, seq: MatchSeq, f: F) -> Result<Option<u64>>
58-
where F: FnOnce(&mut RoleInfo) + Send;
55+
async fn update_role_with<F>(
56+
&self,
57+
role: &str,
58+
f: F,
59+
) -> Result<Result<u64, UnknownError<role_ident::Resource>>, MetaError>
60+
where
61+
F: FnOnce(&mut RoleInfo) + Send;
5962

6063
/// Only drop role will call transfer.
6164
///
6265
/// If a role is dropped, but the owner object is exists,
6366
///
6467
/// The owner role need to update to account_admin.
65-
async fn transfer_ownership_to_admin(&self, role: &str) -> Result<()>;
68+
async fn transfer_ownership_to_admin(&self, role: &str) -> Result<(), MetaTxnError>;
6669

6770
/// Grant ownership would transfer ownership of a object from one role to another role
6871
///
@@ -83,24 +86,34 @@ pub trait RoleApi: Sync + Send {
8386
/// 3. kv api upsert new owner object key.
8487
/// Note: if role/old_role is `account_admin` or `public` no need to revoke/grant ownership privilege
8588
#[allow(clippy::ptr_arg)]
86-
async fn grant_ownership(&self, object: &OwnershipObject, role: &str) -> Result<()>;
89+
async fn grant_ownership(
90+
&self,
91+
object: &OwnershipObject,
92+
role: &str,
93+
) -> Result<(), MetaTxnError>;
8794

8895
/// Remember to call this method when you dropped a OwnerObject like table/database/stage/udf.
8996
/// Revoke ownership used when drop old object, contains two step:
9097
/// 1. revoke ownership privilege obj to new role,
9198
/// 2. kv api delete old owner object key.
9299
///
93100
/// Note: if role is `account_admin` or None no need to revoke
94-
async fn revoke_ownership(&self, object: &OwnershipObject) -> Result<()>;
101+
async fn revoke_ownership(&self, object: &OwnershipObject) -> Result<(), MetaTxnError>;
95102

96103
/// Get the ownership info by object. If it's not granted to any role, return PUBLIC
97-
async fn get_ownership(&self, object: &OwnershipObject) -> Result<Option<OwnershipInfo>>;
104+
async fn get_ownership(
105+
&self,
106+
object: &OwnershipObject,
107+
) -> Result<Option<OwnershipInfo>, MetaError>;
98108

99109
/// Get multiple ownership info by objects in batch.
100110
async fn mget_ownerships(
101111
&self,
102112
objects: &[OwnershipObject],
103-
) -> Result<Vec<Option<OwnershipInfo>>>;
113+
) -> Result<Vec<Option<OwnershipInfo>>, MetaError>;
104114

105-
async fn drop_role(&self, role: String, seq: MatchSeq) -> Result<()>;
115+
async fn drop_role(
116+
&self,
117+
role: &str,
118+
) -> Result<Result<(), UnknownError<role_ident::Resource>>, MetaError>;
106119
}

0 commit comments

Comments
 (0)