refactor(user): redesign ALTER USER implementation with improved API consistency (#18804)

TCeason · web-flow · commit 10f16a13ee6b · 2025-09-30T15:23:01.000+08:00
* refactor(user): redesign ALTER USER implementation with improved API consistency

- Add new `alter_user` method to UserApi trait for atomic user updates
- Replace fragmented auth/option updates with unified user modification flow
- Consolidate user validation logic in planner to prevent built-in user alterations
- Update privilege checking to use new user info structure
- Improve test coverage for user alteration edge cases
- Ensure sequence-based consistency for concurrent user modifications

* refactor(user): unify user update operations under single upsert_user_info API
diff --git a/src/query/management/src/user/user_api.rs b/src/query/management/src/user/user_api.rs
@@ -49,5 +49,7 @@ pub trait UserApi: Sync + Send {
     where
         F: FnOnce(&mut UserInfo) + Send;
 
+    async fn upsert_user_info(&self, user: &UserInfo, seq: MatchSeq) -> Result<u64>;
+
     async fn drop_user(&self, user: UserIdentity, seq: MatchSeq) -> Result<()>;
 }
diff --git a/src/query/management/src/user/user_mgr.rs b/src/query/management/src/user/user_mgr.rs
@@ -61,30 +61,6 @@ impl UserMgr {
         let ident = TenantUserIdent::new_user_host(self.tenant.clone(), "dummy", "dummy");
         ident.tenant_prefix()
     }
-
-    #[async_backtrace::framed]
-    async fn upsert_user_info(
-        &self,
-        user_info: &UserInfo,
-        seq: MatchSeq,
-    ) -> databend_common_exception::Result<u64> {
-        let key = self.user_key(&user_info.name, &user_info.hostname);
-
-        let value = serialize_struct(user_info, ErrorCode::IllegalUserInfoFormat, || "")?;
-
-        let kv_api = self.kv_api.clone();
-        let res = kv_api
-            .upsert_kv(UpsertKV::new(&key, seq, Operation::Update(value), None))
-            .await?;
-
-        match res.result {
-            Some(SeqV { seq: s, .. }) => Ok(s),
-            None => Err(ErrorCode::UnknownUser(format!(
-                "User '{}' update failed: User does not exist or invalid request.",
-                user_info.name
-            ))),
-        }
-    }
 }
 
 #[async_trait::async_trait]
@@ -183,6 +159,30 @@ impl UserApi for UserMgr {
         Ok(Some(seq))
     }
 
+    #[async_backtrace::framed]
+    async fn upsert_user_info(
+        &self,
+        user_info: &UserInfo,
+        seq: MatchSeq,
+    ) -> databend_common_exception::Result<u64> {
+        let key = self.user_key(&user_info.name, &user_info.hostname);
+
+        let value = serialize_struct(user_info, ErrorCode::IllegalUserInfoFormat, || "")?;
+
+        let kv_api = self.kv_api.clone();
+        let res = kv_api
+            .upsert_kv(UpsertKV::new(&key, seq, Operation::Update(value), None))
+            .await?;
+
+        match res.result {
+            Some(SeqV { seq: s, .. }) => Ok(s),
+            None => Err(ErrorCode::UnknownUser(format!(
+                "User '{}' update failed: User does not exist or invalid request.",
+                user_info.name
+            ))),
+        }
+    }
+
     #[async_backtrace::framed]
     async fn drop_user(&self, user: UserIdentity, seq: MatchSeq) -> Result<()> {
         let key = self.user_key(&user.username, &user.hostname);
diff --git a/src/query/service/src/interpreters/access/privilege_access.rs b/src/query/service/src/interpreters/access/privilege_access.rs
@@ -901,7 +901,7 @@ impl AccessChecker for PrivilegeAccess {
         let user = self.ctx.get_current_user()?;
         if let Plan::AlterUser(plan) = plan {
             // Alter current user's password do not need to check privileges.
-            if plan.user.username == user.name && plan.user_option.is_none() {
+            if plan.user_info.name == user.name && !plan.change_user_option {
                 return Ok(());
             }
         }
diff --git a/src/query/service/src/interpreters/interpreter_user_alter.rs b/src/query/service/src/interpreters/interpreter_user_alter.rs
@@ -53,9 +53,9 @@ impl Interpreter for AlterUserInterpreter {
 
         let plan = self.plan.clone();
         let tenant = self.ctx.get_tenant();
-        if plan.auth_info.is_some() || plan.user_option.is_some() {
+        if plan.change_auth || plan.change_user_option {
             UserApiProvider::instance()
-                .update_user(&tenant, plan.user, plan.auth_info, plan.user_option)
+                .alter_user(&tenant, &plan.user_info, plan.seq)
                 .await?;
         }
 
diff --git a/src/query/sql/src/planner/binder/ddl/account.rs b/src/query/sql/src/planner/binder/ddl/account.rs
@@ -37,6 +37,7 @@ use databend_common_meta_app::principal::GrantObject;
 use databend_common_meta_app::principal::PrincipalIdentity;
 use databend_common_meta_app::principal::ProcedureIdentity;
 use databend_common_meta_app::principal::ProcedureNameIdent;
+use databend_common_meta_app::principal::UserIdentity;
 use databend_common_meta_app::principal::UserOption;
 use databend_common_meta_app::principal::UserPrivilegeSet;
 use databend_common_users::UserApiProvider;
@@ -372,14 +373,29 @@ impl Binder {
             auth_option,
             user_options,
         } = stmt;
-        // None means current user
-        let user_info = if user.is_none() {
-            self.ctx.get_current_user()?
+
+        let user_identity = if let Some(user) = user {
+            UserIdentity::from(user.clone())
         } else {
-            UserApiProvider::instance()
-                .get_user(&self.ctx.get_tenant(), user.clone().unwrap().into())
-                .await?
+            // None means current user
+            self.ctx.get_current_user()?.identity()
         };
+        let user_api = UserApiProvider::instance();
+        if user_api
+            .get_configured_user(&user_identity.username)
+            .is_some()
+        {
+            return Err(ErrorCode::IllegalUser(format!(
+                "Can not alter built-in user `{}`",
+                user_identity.username
+            )));
+        }
+
+        let user_info = UserApiProvider::instance()
+            .get_meta_user(&self.ctx.get_tenant(), user_identity)
+            .await?;
+        let seq = user_info.seq;
+        let mut user_info = user_info.data;
 
         // TODO: Only user with OWNERSHIP privilege can change user options.
         let mut user_option = user_info.option.clone();
@@ -434,15 +450,23 @@ impl Binder {
             None
         };
 
-        let new_user_option = if user_option == user_info.option {
-            None
-        } else {
+        let change_auth = new_auth_info.is_some();
+        let change_user_option = user_option != user_info.option;
+        let new_user_option = if change_user_option {
             Some(user_option)
+        } else {
+            None
         };
+
+        user_info.update_auth_option(new_auth_info.clone(), new_user_option);
+        user_info.update_user_time();
+        user_info.update_auth_history(new_auth_info);
+
         let plan = AlterUserPlan {
-            user: user_info.identity(),
-            auth_info: new_auth_info,
-            user_option: new_user_option,
+            seq,
+            user_info,
+            change_auth,
+            change_user_option,
         };
 
         Ok(Plan::AlterUser(Box::new(plan)))
diff --git a/src/query/sql/src/planner/plans/ddl/account.rs b/src/query/sql/src/planner/plans/ddl/account.rs
@@ -24,6 +24,7 @@ use databend_common_meta_app::principal::AuthInfo;
 use databend_common_meta_app::principal::GrantObject;
 use databend_common_meta_app::principal::PrincipalIdentity;
 use databend_common_meta_app::principal::UserIdentity;
+use databend_common_meta_app::principal::UserInfo;
 use databend_common_meta_app::principal::UserOption;
 use databend_common_meta_app::principal::UserPrivilegeSet;
 use databend_common_meta_app::schema::CreateOption;
@@ -40,10 +41,10 @@ pub struct CreateUserPlan {
 
 #[derive(Clone, Debug, PartialEq, Eq)]
 pub struct AlterUserPlan {
-    pub user: UserIdentity,
-    // None means no change to make
-    pub auth_info: Option<AuthInfo>,
-    pub user_option: Option<UserOption>,
+    pub seq: u64,
+    pub user_info: UserInfo,
+    pub change_auth: bool,
+    pub change_user_option: bool,
 }
 
 #[derive(Clone, Debug, PartialEq, Eq)]
diff --git a/src/query/users/src/user_mgr.rs b/src/query/users/src/user_mgr.rs
@@ -21,15 +21,14 @@ use databend_common_config::GlobalConfig;
 use databend_common_exception::ErrorCode;
 use databend_common_exception::Result;
 use databend_common_management::UserApi;
-use databend_common_meta_app::principal::AuthInfo;
 use databend_common_meta_app::principal::GrantObject;
 use databend_common_meta_app::principal::UserIdentity;
 use databend_common_meta_app::principal::UserInfo;
-use databend_common_meta_app::principal::UserOption;
 use databend_common_meta_app::principal::UserPrivilegeSet;
 use databend_common_meta_app::schema::CreateOption;
 use databend_common_meta_app::tenant::Tenant;
 use databend_common_meta_types::MatchSeq;
+use databend_common_meta_types::SeqV;
 
 use crate::role_mgr::BUILTIN_ROLE_ACCOUNT_ADMIN;
 use crate::UserApiProvider;
@@ -54,12 +53,20 @@ impl UserApiProvider {
             user_info.option.set_all_flag();
             Ok(user_info)
         } else {
-            let client = self.user_api(tenant);
-            let get_user = client.get_user(user, MatchSeq::GE(0));
-            Ok(get_user.await?.data)
+            Ok(self.get_meta_user(tenant, user).await?.data)
         }
     }
 
+    pub async fn get_meta_user(
+        &self,
+        tenant: &Tenant,
+        user: UserIdentity,
+    ) -> Result<SeqV<UserInfo>> {
+        let client = self.user_api(tenant);
+        let get_user = client.get_user(user, MatchSeq::GE(0)).await?;
+        Ok(get_user)
+    }
+
     // Get one user and check client ip if has network policy.
     #[async_backtrace::framed]
     pub async fn get_user_with_client_ip(
@@ -330,50 +337,37 @@ impl UserApiProvider {
         }
     }
 
-    // Update an user by name and hostname.
     #[async_backtrace::framed]
-    pub async fn update_user(
+    pub async fn alter_user(
         &self,
         tenant: &Tenant,
-        user: UserIdentity,
-        auth_info: Option<AuthInfo>,
-        user_option: Option<UserOption>,
+        user_info: &UserInfo,
+        seq: u64,
     ) -> Result<Option<u64>> {
-        if let Some(ref user_option) = user_option {
-            if let Some(name) = user_option.network_policy() {
-                if self.get_network_policy(tenant, name).await.is_err() {
-                    return Err(ErrorCode::UnknownNetworkPolicy(format!(
-                        "network policy `{}` is not exist",
-                        name
-                    )));
-                }
-            }
-            if let Some(name) = user_option.password_policy() {
-                if self.get_password_policy(tenant, name).await.is_err() {
-                    return Err(ErrorCode::UnknownPasswordPolicy(format!(
-                        "password policy `{}` is not exist",
-                        name
-                    )));
-                }
+        let user_option = &user_info.option;
+        if let Some(name) = user_option.network_policy() {
+            if self.get_network_policy(tenant, name).await.is_err() {
+                return Err(ErrorCode::UnknownNetworkPolicy(format!(
+                    "network policy `{}` is not exist",
+                    name
+                )));
             }
         }
-        if self.get_configured_user(&user.username).is_some() {
-            return Err(ErrorCode::UserAlreadyExists(format!(
-                "Built-in user `{}` cannot be updated",
-                user.username
-            )));
+        if let Some(name) = user_option.password_policy() {
+            if self.get_password_policy(tenant, name).await.is_err() {
+                return Err(ErrorCode::UnknownPasswordPolicy(format!(
+                    "password policy `{}` is not exist",
+                    name
+                )));
+            }
         }
+
         let client = self.user_api(tenant);
-        let update_user = client
-            .update_user_with(user, MatchSeq::GE(1), |ui: &mut UserInfo| {
-                ui.update_auth_option(auth_info.clone(), user_option);
-                ui.update_user_time();
-                ui.update_auth_history(auth_info)
-            })
+        let seq = client
+            .upsert_user_info(user_info, MatchSeq::Exact(seq))
             .await;
-
-        match update_user {
-            Ok(res) => Ok(res),
+        match seq {
+            Ok(s) => Ok(Some(s)),
             Err(e) => Err(e.add_message_back("(while alter user).")),
         }
     }
@@ -386,10 +380,20 @@ impl UserApiProvider {
         user: UserIdentity,
         default_role: Option<String>,
     ) -> Result<Option<u64>> {
-        let mut user_info = self.get_user(tenant, user.clone()).await?;
+        let user = self.get_meta_user(tenant, user.clone()).await?;
+        let seq = user.seq;
+        let mut user_info = user.data;
         user_info.option.set_default_role(default_role);
-        self.update_user(tenant, user, None, Some(user_info.option))
-            .await
+        user_info.update_user_time();
+
+        let client = self.user_api(tenant);
+        let seq = client
+            .upsert_user_info(&user_info, MatchSeq::Exact(seq))
+            .await;
+        match seq {
+            Ok(s) => Ok(Some(s)),
+            Err(e) => Err(e.add_message_back("(while alter user).")),
+        }
     }
 
     #[async_backtrace::framed]
diff --git a/src/query/users/tests/it/user_mgr.rs b/src/query/users/tests/it/user_mgr.rs
@@ -198,7 +198,11 @@ async fn test_user_manager() -> Result<()> {
             .add_user(&tenant, user_info.clone(), &CreateOption::Create)
             .await?;
 
-        let old_user = user_mgr.get_user(&tenant, user_info.identity()).await?;
+        let old_user = user_mgr
+            .get_meta_user(&tenant, user_info.identity())
+            .await?;
+        let seq = old_user.seq;
+        let mut old_user = old_user.data;
         assert_eq!(old_user.auth_info.get_password().unwrap(), Vec::from(pwd));
 
         // alter both password & password_type
@@ -208,10 +212,15 @@ async fn test_user_manager() -> Result<()> {
             hash_method: PasswordHashMethod::Sha256,
             need_change: false,
         };
-        user_mgr
-            .update_user(&tenant, user_info.identity(), Some(auth_info), None)
+        old_user.update_auth_option(Some(auth_info.clone()), None);
+        old_user.update_user_time();
+        old_user.update_auth_history(Some(auth_info));
+        user_mgr.alter_user(&tenant, &old_user, seq).await?;
+        let new_user = user_mgr
+            .get_meta_user(&tenant, user_info.identity())
             .await?;
-        let new_user = user_mgr.get_user(&tenant, user_info.identity()).await?;
+        let seq = new_user.seq;
+        let mut new_user = new_user.data;
         assert_eq!(
             new_user.auth_info.get_password().unwrap(),
             Vec::from(new_pwd)
@@ -228,22 +237,22 @@ async fn test_user_manager() -> Result<()> {
             hash_method: PasswordHashMethod::Sha256,
             need_change: false,
         };
-        user_mgr
-            .update_user(&tenant, user_info.identity(), Some(auth_info.clone()), None)
+
+        new_user.update_auth_option(Some(auth_info.clone()), None);
+        new_user.update_user_time();
+        new_user.update_auth_history(Some(auth_info.clone()));
+        user_mgr.alter_user(&tenant, &new_user, seq).await?;
+        let new_new_user = user_mgr
+            .get_meta_user(&tenant, user_info.identity())
             .await?;
-        let new_new_user = user_mgr.get_user(&tenant, user_info.identity()).await?;
+        let new_new_user = new_new_user.data;
         assert_eq!(
             new_new_user.auth_info.get_password().unwrap(),
             Vec::from(new_new_pwd)
         );
 
         let not_exist = user_mgr
-            .update_user(
-                &tenant,
-                UserIdentity::new("user", hostname),
-                Some(auth_info.clone()),
-                None,
-            )
+            .alter_user(&tenant, &UserInfo::new("user", hostname, auth_info), 1)
             .await;
         // ErrorCode::UnknownUser
         assert_eq!(not_exist.err().unwrap().code(), 2201)

Original file line number	Diff line number	Diff line change
`@@ -49,5 +49,7 @@ pub trait UserApi: Sync + Send {`
`49`	`49`	`where`
`50`	`50`	`F: FnOnce(&mut UserInfo) + Send;`
`51`	`51`
	`52`	`+ async fn upsert_user_info(&self, user: &UserInfo, seq: MatchSeq) -> Result<u64>;`
	`53`	`+`
`52`	`54`	`async fn drop_user(&self, user: UserIdentity, seq: MatchSeq) -> Result<()>;`
`53`	`55`	`}`
Original file line number	Diff line number	Diff line change
`@@ -901,7 +901,7 @@ impl AccessChecker for PrivilegeAccess {`
`901`	`901`	`let user = self.ctx.get_current_user()?;`
`902`	`902`	`if let Plan::AlterUser(plan) = plan {`
`903`	`903`	`// Alter current user's password do not need to check privileges.`
`904`		`- if plan.user.username == user.name && plan.user_option.is_none() {`
	`904`	`+ if plan.user_info.name == user.name && !plan.change_user_option {`
`905`	`905`	`return Ok(());`
`906`	`906`	`}`
`907`	`907`	`}`