refactor: Add RoleGrantee to provide meta-service key for RoleMgr #14752
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
the
pr-refactor
drmingdrmer
force-pushed
the
34-tenant-key
branch
from
fe69530 to
a8c4132
Compare
flaneur2020
reviewed
Feb 27, 2024
drmingdrmer
force-pushed
the
34-tenant-key
branch
from
66ff487 to
e74f3bb
Compare
Encapsulate the logic of encoding/decoding role-grantee key into
`RoleGrantee`. `RoleGrantee` is a standard `kvapi::Key` implementation
so that the export program could rely on the `kvapi::Key` API to
traverse meta-data to fetch all data that belongs to a tenant.
Legacy issue:
- For `OwnershipObject::Database{ catalog_name, db_id }`, `catalog_name`
is not encoded into the key, we have to be compatible with this. The
solution is to encode a `"default"` catalog with
`database-by-id/<db-id>` prefix, and encode a non-default catalog with
`database-by-catalog-id/<catalog>/<db-id>` prefix.
The same for the `OwnershipObject::Table{ catalog_name, ... }`.
- For `OwnershipObject::Table{ catalog_name, db_id, table_id }`, `db_id`
is not encoded into the key. Thus `kvapi::Key::from_str_key()` can not
be implemented because `db_id` is absent.
- In this version, only `"default"` catalog is allowed. Using other
catalog will panic. This restrict will be removed if it is confirmed
there is no other catalog in our meta-data.
---
- Part of databendlabs#14738
drmingdrmer
force-pushed
the
34-tenant-key
branch
from
e74f3bb to
543273e
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I hereby agree to the terms of the CLA available at: https://docs.databend.com/dev/policies/cla/
Summary
refactor: Add RoleGrantee to provide meta-service key for RoleMgr
Encapsulate the logic of encoding/decoding role-grantee key into
RoleGrantee.RoleGranteeis a standardkvapi::Keyimplementationso that the export program could rely on the
kvapi::KeyAPI totraverse meta-data to fetch all data that belongs to a tenant.
Legacy issue:
For
OwnershipObject::Database{ catalog_name, db_id },catalog_nameis not encoded into the key, we have to be compatible with this. The
solution is to encode a
"default"catalog withdatabase-by-id/<db-id>prefix, and encode a non-default catalog withdatabase-by-catalog-id/<catalog>/<db-id>prefix.The same for the
OwnershipObject::Table{ catalog_name, ... }.For
OwnershipObject::Table{ catalog_name, db_id, table_id },db_idis not encoded into the key. Thus
kvapi::Key::from_str_key()can notbe implemented because
db_idis absent.In this version, only
"default"catalog is allowed. Using othercatalog will panic. This restrict will be removed if it is confirmed
there is no other catalog in our meta-data.
kvapi::Key; #14738Changelog
Related Issues
This change is