rabbit_db_user: Use read-only transactions to query user/topic permissions

the-mikedavis · the-mikedavis · commit 8f8170dd01a5 · 2024-06-06T10:49:27.000-04:00
The parent commit favors low-latency queries for read-only transactions,
so marking these read-only transactions as explicitly read-only will
cause them to be run against the local node. This ensures that functions
like `rabbit_auth_backend_internal:list_permissions/0` do not return
`{error, timeout}` when the cluster is in minority, fixing 'bad
generator' errors during definitions export (via
`rabbit_definitions:all_definitions/0`).
diff --git a/deps/rabbit/src/rabbit_db_user.erl b/deps/rabbit/src/rabbit_db_user.erl
@@ -374,14 +374,16 @@ match_user_permissions_in_khepri('_' = _Username, VHostName) ->
           VHostName,
           fun() ->
                   match_user_permissions_in_khepri_tx(?KHEPRI_WILDCARD_STAR, VHostName)
-          end));
+          end),
+        ro);
 match_user_permissions_in_khepri(Username, '_' = _VHostName) ->
     rabbit_khepri:transaction(
         with_fun_in_khepri_tx(
           Username,
           fun() ->
                   match_user_permissions_in_khepri_tx(Username, ?KHEPRI_WILDCARD_STAR)
-          end));
+          end),
+        ro);
 match_user_permissions_in_khepri(Username, VHostName) ->
     rabbit_khepri:transaction(
         with_fun_in_khepri_tx(
@@ -390,7 +392,8 @@ match_user_permissions_in_khepri(Username, VHostName) ->
             VHostName,
             fun() ->
                     match_user_permissions_in_khepri_tx(Username, VHostName)
-            end))).
+            end)),
+        ro).
 
 match_user_permissions_in_khepri_tx(Username, VHostName) ->
     Path = khepri_user_permission_path(Username, VHostName),
@@ -739,15 +742,16 @@ match_topic_permissions_in_khepri('_' = _Username, '_' = _VHostName, ExchangeNam
       fun() ->
               match_topic_permissions_in_khepri_tx(
                 ?KHEPRI_WILDCARD_STAR, ?KHEPRI_WILDCARD_STAR, any(ExchangeName))
-      end);
+      end, ro);
 match_topic_permissions_in_khepri('_' = _Username, VHostName, ExchangeName) ->
     rabbit_khepri:transaction(
         rabbit_db_vhost:with_fun_in_khepri_tx(
           VHostName,
           fun() ->
                   match_topic_permissions_in_khepri_tx(
                     ?KHEPRI_WILDCARD_STAR, VHostName, any(ExchangeName))
-          end));
+          end),
+        ro);
 match_topic_permissions_in_khepri(
   Username, '_' = _VHostName, ExchangeName) ->
     rabbit_khepri:transaction(
@@ -756,7 +760,8 @@ match_topic_permissions_in_khepri(
           fun() ->
                   match_topic_permissions_in_khepri_tx(
                     Username, ?KHEPRI_WILDCARD_STAR, any(ExchangeName))
-          end));
+          end),
+        ro);
 match_topic_permissions_in_khepri(
   Username, VHostName, ExchangeName) ->
     rabbit_khepri:transaction(
@@ -767,7 +772,8 @@ match_topic_permissions_in_khepri(
             fun() ->
                     match_topic_permissions_in_khepri_tx(
                       Username, VHostName, any(ExchangeName))
-            end))).
+            end)),
+        ro).
 
 match_topic_permissions_in_khepri_tx(Username, VHostName, ExchangeName) ->
     Path = khepri_topic_permission_path(Username, VHostName, ExchangeName),
