Skip to content

refactor(query): prevent masking/row access policy name conflicts #18937

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Nov 13, 2025
Merged

refactor(query): prevent masking/row access policy name conflicts #18937

merged 7 commits into from
Nov 13, 2025
+247 −173

Conversation

@TCeason
Copy link
Collaborator

@TCeason TCeason commented Nov 7, 2025
edited by drmingdrmer
Loading

I hereby agree to the terms of the CLA available at: https://docs.databend.com/dev/policies/cla/

Summary

prevent masking/row access policy name conflicts

Tests

  • Unit Test
  • Logic Test
  • Benchmark Test
  • No Test - Explain why

Type of change

  • Bug Fix (non-breaking change which fixes an issue)
  • New Feature (non-breaking change which adds functionality)
  • Breaking Change (fix or feature that could cause existing functionality not to work as expected)
  • Documentation Update
  • Refactoring
  • Performance Improvement
  • Other (please describe):

This change is Reviewable

@github-actions github-actions bot added the pr-refactor this PR changes the code base without new features or bugfix label Nov 7, 2025
@TCeason TCeason requested a review from drmingdrmer November 7, 2025 12:19
drmingdrmer
drmingdrmer requested changes Nov 8, 2025
View reviewed changes
Copy link
Member

@drmingdrmer drmingdrmer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@drmingdrmer reviewed 2 of 4 files at r1, all commit messages.
Reviewable status: 2 of 4 files reviewed, 2 unresolved discussions

src/meta/api/src/data_mask_api_impl.rs line 105 at r1 (raw file):

                )
                .into());
            }

This function looks strange:

  • fetch_id can be moved out from the transaction-retry-loop
  • it does not need a loop to retry: just one transaction trial would be enough.

Code quote:

            let row_access_name_ident = RowAccessPolicyNameIdent::new(
                name_ident.tenant().clone(),
                name_ident.data_mask_name().to_string(),
            );
            if self.get_pb(&row_access_name_ident).await?.is_some() {
                return Err(AppError::DatamaskAlreadyExists(
                    name_ident.exist_error("name conflicts with an existing row access policy"),
                )
                .into());
            }

src/meta/api/src/data_mask_api_impl.rs line 112 at r1 (raw file):

            // data mask name -> data mask table id list

            let id = fetch_id(self, IdGenerator::data_mask_id()).await?;

fetch_id can be moved out from the transaction-retry-loop.

TCeason
TCeason commented Nov 8, 2025
View reviewed changes
Copy link
Collaborator Author

@TCeason TCeason left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 2 of 4 files reviewed, 2 unresolved discussions (waiting on @drmingdrmer)

src/meta/api/src/data_mask_api_impl.rs line 105 at r1 (raw file):

Previously, drmingdrmer (张炎泼) wrote…

This function looks strange:

  • fetch_id can be moved out from the transaction-retry-loop
  • it does not need a loop to retry: just one transaction trial would be enough.

Done.

src/meta/api/src/data_mask_api_impl.rs line 112 at r1 (raw file):

Previously, drmingdrmer (张炎泼) wrote…

fetch_id can be moved out from the transaction-retry-loop.

Done.

@TCeason TCeason force-pushed the policy_name_check branch 2 times, most recently from 83a09cf to 13f59cd Compare November 10, 2025 01:21
@TCeason TCeason requested a review from drmingdrmer November 10, 2025 01:21
drmingdrmer
drmingdrmer requested changes Nov 10, 2025
View reviewed changes
Copy link
Member

@drmingdrmer drmingdrmer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@drmingdrmer reviewed 2 of 3 files at r3, all commit messages.
Reviewable status: 4 of 5 files reviewed, 4 unresolved discussions

src/meta/api/src/row_access_policy_api_impl.rs line 132 at r3 (raw file):

            Ok(Ok(CreateRowAccessPolicyReply { id: row_access_id }))
        } else {
            Err(MetaTxnError::TxnRetryMaxTimes(TxnRetryMaxTimes::new(

same here

src/meta/api/src/data_mask_api_impl.rs line 149 at r3 (raw file):

            })
        } else {
            Err(KVAppError::from(TxnRetryMaxTimes::new(func_name!(), 1)))

if it fails. the else branch of the txn should try to get the existing record and here it should be a Existing error, not a max-retry txn error.

@TCeason TCeason force-pushed the policy_name_check branch 3 times, most recently from 3e407f2 to f569125 Compare November 10, 2025 09:38
@TCeason TCeason requested a review from drmingdrmer November 10, 2025 09:38
TCeason
TCeason commented Nov 10, 2025
View reviewed changes
Copy link
Collaborator Author

@TCeason TCeason left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 3 of 18 files reviewed, 4 unresolved discussions (waiting on @drmingdrmer)

src/meta/api/src/data_mask_api_impl.rs line 149 at r3 (raw file):

Previously, drmingdrmer (张炎泼) wrote…

if it fails. the else branch of the txn should try to get the existing record and here it should be a Existing error, not a max-retry txn error.

Done.

drmingdrmer
drmingdrmer requested changes Nov 10, 2025
View reviewed changes
Copy link
Member

@drmingdrmer drmingdrmer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@drmingdrmer reviewed 13 of 15 files at r4, all commit messages.
Reviewable status: 16 of 18 files reviewed, 4 unresolved discussions (waiting on @TCeason)

src/meta/api/src/data_mask_api_impl.rs line 72 at r4 (raw file):

            return Ok(Err(
                name_ident.exist_error("name conflicts with an existing masking policy")
            ));

this check before the insert can be removed?

Code quote:

        let row_access_name_ident = RowAccessPolicyNameIdent::new(
            name_ident.tenant().clone(),
            name_ident.data_mask_name().to_string(),
        );
        if self.get_pb(&row_access_name_ident).await?.is_some() {
            return Ok(Err(
                name_ident.exist_error("name conflicts with an existing masking policy")
            ));

src/meta/api/src/row_access_policy_api_impl.rs line 72 at r4 (raw file):

                name_ident.exist_error("name conflicts with an existing masking policy")
            ));
        }

this check before the insert can be removed?

Code quote:

        let mask_name_ident = DataMaskNameIdent::new(
            name_ident.tenant().clone(),
            name_ident.row_access_name().to_string(),
        );
        if self.get_pb(&mask_name_ident).await?.is_some() {
            return Ok(Err(
                name_ident.exist_error("name conflicts with an existing masking policy")
            ));
        }

@TCeason
Copy link
Collaborator Author

TCeason commented Nov 10, 2025

@drmingdrmer reviewed 13 of 15 files at r4, all commit messages.
Reviewable status: 16 of 18 files reviewed, 4 unresolved discussions (waiting on @TCeason)

src/meta/api/src/data_mask_api_impl.rs line 72 at r4 (raw file):

            return Ok(Err(
                name_ident.exist_error("name conflicts with an existing masking policy")
            ));

this check before the insert can be removed?

Code quote:

        let row_access_name_ident = RowAccessPolicyNameIdent::new(
            name_ident.tenant().clone(),
            name_ident.data_mask_name().to_string(),
        );
        if self.get_pb(&row_access_name_ident).await?.is_some() {
            return Ok(Err(
                name_ident.exist_error("name conflicts with an existing masking policy")
            ));

src/meta/api/src/row_access_policy_api_impl.rs line 72 at r4 (raw file):

                name_ident.exist_error("name conflicts with an existing masking policy")
            ));
        }

this check before the insert can be removed?

Code quote:

        let mask_name_ident = DataMaskNameIdent::new(
            name_ident.tenant().clone(),
            name_ident.row_access_name().to_string(),
        );
        if self.get_pb(&mask_name_ident).await?.is_some() {
            return Ok(Err(
                name_ident.exist_error("name conflicts with an existing masking policy")
            ));
        }

Can't remove.

Create row access policy p1;--success
Create masking policy p1 --should failed.

drmingdrmer
drmingdrmer approved these changes Nov 12, 2025
View reviewed changes
Copy link
Member

@drmingdrmer drmingdrmer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@drmingdrmer reviewed 1 of 15 files at r4, 2 of 2 files at r5, 1 of 1 files at r6, all commit messages.
Reviewable status: :shipit: complete! all files reviewed, all discussions resolved (waiting on @TCeason)

@TCeason TCeason merged commit b4f0fd3 into databendlabs:main Nov 13, 2025
168 of 171 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@drmingdrmer drmingdrmer drmingdrmer approved these changes

Assignees

No one assigned

Labels

pr-refactor this PR changes the code base without new features or bugfix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TCeason @drmingdrmer