Merge branch 'main' into main

JackTan25 · Jul 17, 2023 · a661382 · a661382
2 parents 2b58381 + fb97bf2
commit a661382
Show file tree

Hide file tree

Showing 47 changed files with 1,639 additions and 6 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/src/common/exception/src/exception_code.rs b/src/common/exception/src/exception_code.rs
@@ -211,6 +211,9 @@ build_exceptions! {
  IllegalUserInfoFormat(2203),
  UnknownRole(2204),
  InvalidRole(2206),
+ UnknownNetworkPolicy(2207),
+ NetworkPolicyAlreadyExists(2208),
+ IllegalNetworkPolicy(2209),
 
  // Meta api error codes.
  DatabaseAlreadyExists(2301),

diff --git a/src/meta/app/src/principal/mod.rs b/src/meta/app/src/principal/mod.rs
@@ -15,6 +15,7 @@
 //! Principal is a user or role that accesses an entity.
 
 mod file_format;
+mod network_policy;
 mod principal_identity;
 mod role_info;
 mod user_auth;
@@ -29,6 +30,7 @@ mod user_setting;
 mod user_stage;
 
 pub use file_format::*;
+pub use network_policy::NetworkPolicy;
 pub use principal_identity::PrincipalIdentity;
 pub use role_info::RoleInfo;
 pub use role_info::RoleInfoSerdeError;

diff --git a/src/meta/app/src/principal/network_policy.rs b/src/meta/app/src/principal/network_policy.rs
@@ -0,0 +1,26 @@
+// Copyright 2021 Datafuse Labs
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use chrono::DateTime;
+use chrono::Utc;
+
+#[derive(serde::Serialize, serde::Deserialize, Clone, Debug, Eq, PartialEq, Default)]
+pub struct NetworkPolicy {
+ pub name: String,
+ pub allowed_ip_list: Vec<String>,
+ pub blocked_ip_list: Vec<String>,
+ pub comment: String,
+ pub create_on: DateTime<Utc>,
+ pub update_on: Option<DateTime<Utc>>,
+}
diff --git a/src/meta/proto-conv/src/user_from_to_protobuf_impl.rs b/src/meta/proto-conv/src/user_from_to_protobuf_impl.rs
@@ -18,6 +18,8 @@
 use std::collections::BTreeMap;
 use std::collections::HashSet;
 
+use chrono::DateTime;
+use chrono::Utc;
 use common_meta_app as mt;
 use common_protos::pb;
 use enumflags2::BitFlags;
@@ -333,3 +335,41 @@ impl FromToProto for mt::principal::UserIdentity {
  })
  }
 }
+
+impl FromToProto for mt::principal::NetworkPolicy {
+ type PB = pb::NetworkPolicy;
+ fn get_pb_ver(p: &Self::PB) -> u64 {
+ p.ver
+ }
+ fn from_pb(p: pb::NetworkPolicy) -> Result<Self, Incompatible>
+ where Self: Sized {
+ reader_check_msg(p.ver, p.min_reader_ver)?;
+ Ok(mt::principal::NetworkPolicy {
+ name: p.name.clone(),
+ allowed_ip_list: p.allowed_ip_list.clone(),
+ blocked_ip_list: p.blocked_ip_list.clone(),
+ comment: p.comment,
+ create_on: DateTime::<Utc>::from_pb(p.create_on)?,
+ update_on: match p.update_on {
+ Some(t) => Some(DateTime::<Utc>::from_pb(t)?),
+ None => None,
+ },
+ })
+ }
+
+ fn to_pb(&self) -> Result<pb::NetworkPolicy, Incompatible> {
+ Ok(pb::NetworkPolicy {
+ ver: VER,
+ min_reader_ver: MIN_READER_VER,
+ name: self.name.clone(),
+ allowed_ip_list: self.allowed_ip_list.clone(),
+ blocked_ip_list: self.blocked_ip_list.clone(),
+ comment: self.comment.clone(),
+ create_on: self.create_on.to_pb()?,
+ update_on: match &self.update_on {
+ Some(t) => Some(t.to_pb()?),
+ None => None,
+ },
+ })
+ }
+}
diff --git a/src/meta/proto-conv/src/util.rs b/src/meta/proto-conv/src/util.rs
@@ -77,7 +77,8 @@ const META_CHANGE_LOG: &[(u64, &str)] = &[
  (45, "2023-06-06: Add: background_tasks.proto and background_jobs.proto", ),
  (46, "2023-06-28: Add: index.proto/IndexMeta::updated_on", ),
  (47, "2023-07-03: Add: catalog.proto/CatalogMeta",),
- (48, "2023-07-04: Add: ManualTriggerParams on background_job", )
+ (48, "2023-07-04: Add: ManualTriggerParams on background_job", ),
+ (49, "2023-07-14: Add: user.proto/NetworkPolicy", )
  // Dear developer:
  // If you're gonna add a new metadata version, you'll have to add a test for it.
  // You could just copy an existing test file(e.g., `../tests/it/v024_table_meta.rs`)

diff --git a/src/meta/proto-conv/tests/it/main.rs b/src/meta/proto-conv/tests/it/main.rs
@@ -53,3 +53,4 @@ mod v045_background;
 mod v046_index_meta;
 mod v047_catalog_meta;
 mod v048_background;
+mod v049_network_policy;
diff --git a/src/meta/proto-conv/tests/it/v049_network_policy.rs b/src/meta/proto-conv/tests/it/v049_network_policy.rs
@@ -0,0 +1,52 @@
+// Copyright 2023 Datafuse Labs.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use chrono::TimeZone;
+use chrono::Utc;
+
+use crate::common;
+
+// These bytes are built when a new version in introduced,
+// and are kept for backward compatibility test.
+//
+// *************************************************************
+// * These messages should never be updated, *
+// * only be added when a new version is added, *
+// * or be removed when an old version is no longer supported. *
+// *************************************************************
+//
+// The message bytes are built from the output of `test_build_pb_buf()`
+#[test]
+fn test_decode_v49_network_policy() -> anyhow::Result<()> {
+ let bytes: Vec<u8> = vec![
+ 10, 11, 116, 101, 115, 116, 112, 111, 108, 105, 99, 121, 49, 18, 14, 49, 57, 50, 46, 49,
+ 54, 56, 46, 49, 46, 48, 47, 50, 52, 26, 12, 49, 57, 50, 46, 49, 54, 56, 46, 49, 46, 49, 48,
+ 34, 12, 115, 111, 109, 101, 32, 99, 111, 109, 109, 101, 110, 116, 42, 23, 50, 48, 49, 52,
+ 45, 49, 49, 45, 50, 56, 32, 49, 50, 58, 48, 48, 58, 48, 57, 32, 85, 84, 67, 50, 23, 50, 48,
+ 49, 52, 45, 49, 49, 45, 50, 56, 32, 49, 50, 58, 48, 48, 58, 48, 57, 32, 85, 84, 67, 160, 6,
+ 49, 168, 6, 24,
+ ];
+
+ let want = || common_meta_app::principal::NetworkPolicy {
+ name: "testpolicy1".to_string(),
+ allowed_ip_list: vec!["192.168.1.0/24".to_string()],
+ blocked_ip_list: vec!["192.168.1.10".to_string()],
+ comment: "some comment".to_string(),
+ create_on: Utc.with_ymd_and_hms(2014, 11, 28, 12, 0, 9).unwrap(),
+ update_on: Some(Utc.with_ymd_and_hms(2014, 11, 28, 12, 0, 9).unwrap()),
+ };
+
+ common::test_pb_from_to(func_name!(), want())?;
+ common::test_load_old(func_name!(), bytes.as_slice(), 49, want())
+}
diff --git a/src/meta/protos/proto/user.proto b/src/meta/protos/proto/user.proto
@@ -116,3 +116,15 @@ message UserIdentity {
  string username = 1;
  string hostname = 2;
 }
+
+message NetworkPolicy {
+ uint64 ver = 100;
+ uint64 min_reader_ver = 101;
+
+ string name = 1;
+ repeated string allowed_ip_list = 2;
+ repeated string blocked_ip_list = 3;
+ string comment = 4;
+ string create_on = 5;
+ optional string update_on = 6;
+}
diff --git a/src/query/ast/src/ast/format/ast_format.rs b/src/query/ast/src/ast/format/ast_format.rs
@@ -2279,6 +2279,52 @@ impl<'ast> Visitor<'ast> for AstFormatVisitor {
  self.children.push(node);
  }
 
+ fn visit_create_network_policy(&mut self, stmt: &'ast CreateNetworkPolicyStmt) {
+ let ctx = AstFormatContext::new(format!("NetworkPolicyName {}", stmt.name));
+ let child = FormatTreeNode::new(ctx);
+
+ let name = "CreateNetworkPolicy".to_string();
+ let format_ctx = AstFormatContext::with_children(name, 1);
+ let node = FormatTreeNode::with_children(format_ctx, vec![child]);
+ self.children.push(node);
+ }
+
+ fn visit_alter_network_policy(&mut self, stmt: &'ast AlterNetworkPolicyStmt) {
+ let ctx = AstFormatContext::new(format!("NetworkPolicyName {}", stmt.name));
+ let child = FormatTreeNode::new(ctx);
+
+ let name = "AlterNetworkPolicy".to_string();
+ let format_ctx = AstFormatContext::with_children(name, 1);
+ let node = FormatTreeNode::with_children(format_ctx, vec![child]);
+ self.children.push(node);
+ }
+
+ fn visit_drop_network_policy(&mut self, stmt: &'ast DropNetworkPolicyStmt) {
+ let ctx = AstFormatContext::new(format!("NetworkPolicyName {}", stmt.name));
+ let child = FormatTreeNode::new(ctx);
+
+ let name = "DropNetworkPolicy".to_string();
+ let format_ctx = AstFormatContext::with_children(name, 1);
+ let node = FormatTreeNode::with_children(format_ctx, vec![child]);
+ self.children.push(node);
+ }
+
+ fn visit_desc_network_policy(&mut self, stmt: &'ast DescNetworkPolicyStmt) {
+ let ctx = AstFormatContext::new(format!("NetworkPolicyName {}", stmt.name));
+ let child = FormatTreeNode::new(ctx);
+
+ let name = "DescNetworkPolicy".to_string();
+ let format_ctx = AstFormatContext::with_children(name, 1);
+ let node = FormatTreeNode::with_children(format_ctx, vec![child]);
+ self.children.push(node);
+ }
+
+ fn visit_show_network_policies(&mut self) {
+ let ctx = AstFormatContext::new("ShowNetworkPolicies".to_string());
+ let node = FormatTreeNode::new(ctx);
+ self.children.push(node);
+ }
+
  fn visit_with(&mut self, with: &'ast With) {
  let mut children = Vec::with_capacity(with.ctes.len());
  for cte in with.ctes.iter() {

diff --git a/src/query/ast/src/ast/statements/mod.rs b/src/query/ast/src/ast/statements/mod.rs
@@ -23,6 +23,7 @@ mod hint;
 mod index;
 mod insert;
 mod kill;
+mod network_policy;
 mod presign;
 mod replace;
 mod share;
@@ -47,6 +48,7 @@ pub use hint::*;
 pub use index::*;
 pub use insert::*;
 pub use kill::*;
+pub use network_policy::*;
 pub use presign::*;
 pub use replace::*;
 pub use share::*;