Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: create secret catalog #16288

Merged
merged 50 commits into from
May 28, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
50 commits
Select commit Hold shift + click to select a range
6906021
init
tabVersion Apr 12, 2024
bc25a9e
Merge remote-tracking branch 'origin' into tab/create-secret
tabVersion Apr 15, 2024
d2a171a
stage
tabVersion Apr 16, 2024
612eb4a
Merge remote-tracking branch 'origin' into tab/create-secret
tabVersion Apr 22, 2024
1e3961e
stash
tabVersion Apr 24, 2024
49eefc0
stash
tabVersion Apr 24, 2024
e3e7795
stash
tabVersion Apr 24, 2024
1dfe129
stash
tabVersion Apr 26, 2024
94f0993
stash
tabVersion Apr 26, 2024
ec8f375
support create secret.
tabVersion Apr 28, 2024
53d7d6c
support drop secret
tabVersion Apr 28, 2024
961fde4
Merge remote-tracking branch 'origin' into tab/create-secret
tabVersion Apr 28, 2024
b2de4da
fix
tabVersion Apr 28, 2024
b64288b
fix meta snapshot
tabVersion Apr 28, 2024
15bfd02
fix license
tabVersion Apr 28, 2024
bf11ee2
encrypt
tabVersion Apr 28, 2024
8e4637f
Merge branch 'main' into tab/create-secret
tabVersion May 2, 2024
157f156
create secret with backend
tabVersion May 2, 2024
1a75e35
Merge branch 'main' into tab/create-secret
tabVersion May 6, 2024
fa15399
Merge remote-tracking branch 'origin' into tab/create-secret
tabVersion May 14, 2024
8240a0e
fix
tabVersion May 14, 2024
dd5e7e6
minor
tabVersion May 14, 2024
384fb85
minor
tabVersion May 14, 2024
c6ddbab
minor
tabVersion May 14, 2024
800b919
handle update secret
tabVersion May 14, 2024
c52ef86
add support for show secret
tabVersion May 14, 2024
cfe4f97
fix comment style
tabVersion May 15, 2024
72cf752
fix
tabVersion May 15, 2024
3620456
make sink work again
tabVersion May 16, 2024
7f4c9bc
resolve
tabVersion May 21, 2024
5ffce3a
Merge remote-tracking branch 'origin' into tab/create-secret
tabVersion May 21, 2024
06f6718
merge main
tabVersion May 21, 2024
e1ef232
update
tabVersion May 21, 2024
02f3941
proto format
tabVersion May 21, 2024
eca94ab
fix config test
tabVersion May 23, 2024
1a4dc62
Merge remote-tracking branch 'origin' into tab/create-secret
tabVersion May 25, 2024
12d4182
resolve
tabVersion May 25, 2024
1180cac
rename migration
tabVersion May 25, 2024
7720f33
remove comment
tabVersion May 25, 2024
2015899
fix
tabVersion May 25, 2024
78027b1
add sql logic test
tabVersion May 25, 2024
a1280fb
fix meta-backend
tabVersion May 25, 2024
0c00675
fix: use dedicated `secret_ref_count` instead of `relation_ref_count`…
tabVersion May 27, 2024
62eba9c
Update lib.rs
tabVersion May 27, 2024
6e04612
Merge branch 'main' into tab/create-secret
tabVersion May 28, 2024
f475dbc
fix
tabVersion May 28, 2024
af892fa
impl aes-siv
tabVersion May 28, 2024
cef7115
fix dylint
tabVersion May 28, 2024
bb9a4c9
Update src/meta/Cargo.toml
tabVersion May 28, 2024
9ac8c60
fix cargo lock
tabVersion May 28, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 39 additions & 1 deletion Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

23 changes: 23 additions & 0 deletions e2e_test/ddl/secret.slt
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
statement error secret backend "fake-backend" is not supported
create secret secret_1 with (
backend = 'fake-backend'
) as 'demo_secret';

statement ok
create secret secret_1 with (
backend = 'meta'
) as 'demo_secret';

# wait for support for hashicorp_vault backend
# statement ok
# create secret secret_2 with (
# backend = 'hashicorp_vault'
# );

query T
show secrets;
tabVersion marked this conversation as resolved.
Show resolved Hide resolved
----
secret_1

statement ok
drop secret secret_1;
58 changes: 42 additions & 16 deletions proto/catalog.proto
Original file line number Diff line number Diff line change
Expand Up @@ -62,10 +62,12 @@ message StreamSourceInfo {
SchemaRegistryNameStrategy name_strategy = 10;
optional string key_message_name = 11;
plan_common.ExternalTableDesc external_table = 12;
// **This field should now be called `is_shared`.** Not renamed for backwards compatibility.
// **This field should now be called `is_shared`.** Not renamed for backwards
// compatibility.
//
// Whether the stream source is a shared source (it has a streaming job).
// This is related with [RFC: Reusable Source Executor](https://github.com/risingwavelabs/rfcs/pull/72).
// This is related with [RFC: Reusable Source
// Executor](https://github.com/risingwavelabs/rfcs/pull/72).
//
// Currently, the following sources can be shared:
//
Expand All @@ -80,6 +82,9 @@ message StreamSourceInfo {
bool is_distributed = 15;
// Options specified by user in the FORMAT ENCODE clause.
map<string, string> format_encode_options = 14;

// Handle the source relies on any sceret. The key is the propertity name and the value is the secret id.
map<string, uint32> secret_ref = 16;
}

message Source {
Expand Down Expand Up @@ -174,6 +179,9 @@ message Sink {

// Whether it should use background ddl or block until backfill finishes.
CreateType create_type = 24;

// Handle the sink relies on any sceret. The key is the propertity name and the value is the secret id.
map<string, uint32> secret_ref = 25;
}

message Subscription {
Expand Down Expand Up @@ -239,7 +247,8 @@ message Index {
optional uint64 created_at_epoch = 11;
StreamJobStatus stream_job_status = 12;

// Use to record the prefix len of the index_item to reconstruct index columns provided by users.
// Use to record the prefix len of the index_item to reconstruct index columns
// provided by users.
uint32 index_columns_len = 13;
// Cluster version (tracked by git commit) when initialized/created
optional string initialized_at_cluster_version = 14;
Expand Down Expand Up @@ -319,8 +328,8 @@ message Table {
// an optional column index which is the vnode of each row computed by the
// table's consistent hash distribution
optional uint32 vnode_col_index = 18;
// An optional column index of row id. If the primary key is specified by users,
// this will be `None`.
// An optional column index of row id. If the primary key is specified by
// users, this will be `None`.
optional uint32 row_id_index = 19;
// The column indices which are stored in the state store's value with
// row-encoding. Currently is not supported yet and expected to be
Expand All @@ -329,23 +338,26 @@ message Table {
string definition = 21;
// Used to control whether handling pk conflict for incoming data.
HandleConflictBehavior handle_pk_conflict_behavior = 22;
// Anticipated read prefix pattern (number of fields) for the table, which can be utilized
// for implementing the table's bloom filter or other storage optimization techniques.
// Anticipated read prefix pattern (number of fields) for the table, which can
// be utilized for implementing the table's bloom filter or other storage
// optimization techniques.
uint32 read_prefix_len_hint = 23;
repeated int32 watermark_indices = 24;
repeated int32 dist_key_in_pk = 25;
// A dml fragment id corresponds to the table, used to decide where the dml statement is executed.
// A dml fragment id corresponds to the table, used to decide where the dml
// statement is executed.
optional uint32 dml_fragment_id = 26;
// The range of row count of the table.
// This field is not always present due to backward compatibility. Use `Cardinality::unknown` in this case.
// This field is not always present due to backward compatibility. Use
// `Cardinality::unknown` in this case.
plan_common.Cardinality cardinality = 27;

optional uint64 initialized_at_epoch = 28;
optional uint64 created_at_epoch = 29;

// This field is introduced in v1.2.0. It is used to indicate whether the table should use
// watermark_cache to avoid state cleaning as a performance optimization.
// In older versions we can just initialize without it.
// This field is introduced in v1.2.0. It is used to indicate whether the
// table should use watermark_cache to avoid state cleaning as a performance
// optimization. In older versions we can just initialize without it.
bool cleaned_by_watermark = 30;

// Used to filter created / creating tables in meta.
Expand All @@ -363,14 +375,18 @@ message Table {
optional string initialized_at_cluster_version = 35;
optional string created_at_cluster_version = 36;

// TTL of the record in the table, to ensure the consistency with other tables in the streaming plan, it only applies to append-only tables.
// TTL of the record in the table, to ensure the consistency with other tables
// in the streaming plan, it only applies to append-only tables.
optional uint32 retention_seconds = 37;

// This field specifies the index of the column set in the "with version column" within all the columns. It is used for filtering during "on conflict" operations.
// This field specifies the index of the column set in the "with version
// column" within all the columns. It is used for filtering during "on
// conflict" operations.
optional uint32 version_column_index = 38;

// Per-table catalog version, used by schema change. `None` for internal tables and tests.
// Not to be confused with the global catalog version for notification service.
// Per-table catalog version, used by schema change. `None` for internal
// tables and tests. Not to be confused with the global catalog version for
// notification service.
TableVersion version = 100;
}

Expand Down Expand Up @@ -415,3 +431,13 @@ message Comment {
optional uint32 column_index = 4;
optional string description = 5;
}

message Secret {
uint32 id = 1;
string name = 2;
uint32 database_id = 3;
// The secret here is encrypted to bytes.
bytes value = 4;
uint32 owner = 5;
uint32 schema_id = 6;
}
22 changes: 22 additions & 0 deletions proto/ddl_service.proto
Original file line number Diff line number Diff line change
Expand Up @@ -357,6 +357,26 @@ message GetDdlProgressResponse {
repeated DdlProgress ddl_progress = 1;
}

message CreateSecretRequest {
string name = 1;
bytes value = 2;
uint32 database_id = 3;
uint32 schema_id = 4;
uint32 owner_id = 5;
}

message CreateSecretResponse {
uint64 version = 1;
}

message DropSecretRequest {
uint32 secret_id = 1;
}

message DropSecretResponse {
uint64 version = 1;
}

message CreateConnectionRequest {
message PrivateLink {
catalog.Connection.PrivateLinkService.PrivateLinkProvider provider = 1;
Expand Down Expand Up @@ -427,6 +447,8 @@ service DdlService {
rpc CreateMaterializedView(CreateMaterializedViewRequest) returns (CreateMaterializedViewResponse);
rpc DropMaterializedView(DropMaterializedViewRequest) returns (DropMaterializedViewResponse);
rpc CreateTable(CreateTableRequest) returns (CreateTableResponse);
rpc CreateSecret(CreateSecretRequest) returns (CreateSecretResponse);
rpc DropSecret(DropSecretRequest) returns (DropSecretResponse);
rpc AlterName(AlterNameRequest) returns (AlterNameResponse);
rpc AlterSource(AlterSourceRequest) returns (AlterSourceResponse);
rpc AlterOwner(AlterOwnerRequest) returns (AlterOwnerResponse);
Expand Down
2 changes: 2 additions & 0 deletions proto/meta.proto
Original file line number Diff line number Diff line change
Expand Up @@ -407,6 +407,7 @@ message MetaSnapshot {
reserved 9;
reserved "parallel_unit_mappings";
GetSessionParamsResponse session_params = 20;
repeated catalog.Secret secrets = 23;
repeated common.WorkerNode nodes = 10;
hummock.HummockSnapshot hummock_snapshot = 11;
hummock.HummockVersion hummock_version = 12;
Expand Down Expand Up @@ -469,6 +470,7 @@ message SubscribeResponse {
Recovery recovery = 25;
FragmentWorkerSlotMapping streaming_worker_slot_mapping = 27;
FragmentWorkerSlotMappings serving_worker_slot_mappings = 28;
catalog.Secret secret = 29;
}
reserved 12;
reserved "parallel_unit_mapping";
Expand Down
20 changes: 20 additions & 0 deletions proto/secret.proto
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
syntax = "proto3";

package secret;

message SecretMetaBackend {
bytes value = 1;
}

message SecretHashicropValutBackend {
string host = 1;
string vault_token = 2;
}

message Secret {
// the message is stored in meta as encrypted bytes and is interpreted as bytes by catalog
oneof secret_backend {
SecretMetaBackend meta = 1;
SecretHashicropValutBackend hashicorp_vault = 2;
}
}
6 changes: 6 additions & 0 deletions src/common/common_service/src/observer_manager.rs
Original file line number Diff line number Diff line change
Expand Up @@ -27,27 +27,31 @@ pub trait SubscribeTypeEnum {
}

pub struct SubscribeFrontend {}

impl SubscribeTypeEnum for SubscribeFrontend {
fn subscribe_type() -> SubscribeType {
SubscribeType::Frontend
}
}

pub struct SubscribeHummock {}

impl SubscribeTypeEnum for SubscribeHummock {
fn subscribe_type() -> SubscribeType {
SubscribeType::Hummock
}
}

pub struct SubscribeCompactor {}

impl SubscribeTypeEnum for SubscribeCompactor {
fn subscribe_type() -> SubscribeType {
SubscribeType::Compactor
}
}

pub struct SubscribeCompute {}

impl SubscribeTypeEnum for SubscribeCompute {
fn subscribe_type() -> SubscribeType {
SubscribeType::Compute
Expand Down Expand Up @@ -142,6 +146,7 @@ where
| Info::RelationGroup(_)
| Info::User(_)
| Info::Connection(_)
| Info::Secret(_)
| Info::Function(_) => {
notification.version > info.version.as_ref().unwrap().catalog_version
}
Expand Down Expand Up @@ -231,6 +236,7 @@ where
}
}
}

const RE_SUBSCRIBE_RETRY_INTERVAL: Duration = Duration::from_millis(100);

#[async_trait::async_trait]
Expand Down
35 changes: 35 additions & 0 deletions src/common/src/catalog/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -451,6 +451,41 @@ impl From<ConnectionId> for u32 {
}
}

#[derive(Clone, Copy, Debug, Display, Default, Hash, PartialOrd, PartialEq, Eq, Ord)]
pub struct SecretId(pub u32);

impl SecretId {
pub const fn new(id: u32) -> Self {
SecretId(id)
}

pub const fn placeholder() -> Self {
SecretId(OBJECT_ID_PLACEHOLDER)
}

pub fn secret_id(&self) -> u32 {
self.0
}
}

impl From<u32> for SecretId {
fn from(id: u32) -> Self {
Self::new(id)
}
}

impl From<&u32> for SecretId {
fn from(id: &u32) -> Self {
Self::new(*id)
}
}

impl From<SecretId> for u32 {
fn from(id: SecretId) -> Self {
id.0
}
}

#[derive(Default, Debug, Clone, Copy, PartialEq, Eq, Hash)]
pub enum ConflictBehavior {
#[default]
Expand Down
Loading
Loading