databendlabs
diff --git a/‎src/meta/api/src/data_mask_api_impl.rs
Lines changed: 88 additions & 40 deletions b/‎src/meta/api/src/data_mask_api_impl.rs
Lines changed: 88 additions & 40 deletions
diff --git a/‎src/meta/api/src/schema_api_impl.rs
Lines changed: 7 additions & 0 deletions b/‎src/meta/api/src/schema_api_impl.rs
Lines changed: 7 additions & 0 deletions
diff --git a/‎src/meta/api/src/schema_api_test_suite.rs
Lines changed: 44 additions & 2 deletions b/‎src/meta/api/src/schema_api_test_suite.rs
Lines changed: 44 additions & 2 deletions
diff --git a/‎src/meta/app/src/data_mask/mod.rs
Lines changed: 3 additions & 1 deletion b/‎src/meta/app/src/data_mask/mod.rs
Lines changed: 3 additions & 1 deletion
diff --git a/‎src/query/ast/src/ast/statements/data_mask.rs
Lines changed: 12 additions & 4 deletions b/‎src/query/ast/src/ast/statements/data_mask.rs
Lines changed: 12 additions & 4 deletions
diff --git a/‎src/query/ast/src/parser/statement.rs
Lines changed: 7 additions & 5 deletions b/‎src/query/ast/src/parser/statement.rs
Lines changed: 7 additions & 5 deletions
diff --git a/‎src/query/ast/tests/it/parser.rs
Lines changed: 1 addition & 0 deletions b/‎src/query/ast/tests/it/parser.rs
Lines changed: 1 addition & 0 deletions
@@ -28,6 +28,7 @@ use databend_common_meta_app::data_mask::GetDatamaskReply;
 use databend_common_meta_app::data_mask::GetDatamaskReq;
 use databend_common_meta_app::data_mask::MaskpolicyTableIdList;
 use databend_common_meta_app::data_mask::MaskpolicyTableIdListKey;
+use databend_common_meta_app::schema::CreateOption;
 use databend_common_meta_app::schema::TableId;
 use databend_common_meta_app::schema::TableMeta;
 use databend_common_meta_kvapi::kvapi;
@@ -74,18 +75,34 @@ impl<KV: kvapi::KVApi<Error = MetaError>> DatamaskApi for KV {
             let (seq, id) = get_u64_value(self, name_key).await?;
             debug!(seq = seq, id = id, name_key = as_debug!(name_key); "create_data_mask");
 
+            let mut condition = vec![];
+            let mut if_then = vec![];
+
             if seq > 0 {
-                return if req.if_not_exists {
-                    Ok(CreateDatamaskReply { id })
+                if let CreateOption::CreateIfNotExists(if_not_exists) = req.create_option {
+                    return if if_not_exists {
+                        Ok(CreateDatamaskReply { id })
+                    } else {
+                        Err(KVAppError::AppError(AppError::DatamaskAlreadyExists(
+                            DatamaskAlreadyExists::new(
+                                &name_key.name,
+                                format!("create data mask: {}", req.name),
+                            ),
+                        )))
+                    };
                 } else {
-                    Err(KVAppError::AppError(AppError::DatamaskAlreadyExists(
-                        DatamaskAlreadyExists::new(
-                            &name_key.name,
-                            format!("create data mask: {}", req.name),
-                        ),
-                    )))
-                };
-            }
+                    construct_drop_mask_policy_operations(
+                        self,
+                        name_key,
+                        false,
+                        false,
+                        func_name!(),
+                        &mut condition,
+                        &mut if_then,
+                    )
+                    .await?;
+                }
+            };
 
             // Create data mask by inserting these record:
             // name -> id
@@ -108,12 +125,12 @@ impl<KV: kvapi::KVApi<Error = MetaError>> DatamaskApi for KV {
             {
                 let meta: DatamaskMeta = req.clone().into();
                 let id_list = MaskpolicyTableIdList::default();
-                let condition = vec![txn_cond_seq(name_key, Eq, 0)];
-                let if_then = vec![
+                condition.push(txn_cond_seq(name_key, Eq, seq));
+                if_then.extend( vec![
                     txn_op_put(name_key, serialize_u64(id)?), // name -> db_id
                     txn_op_put(&id_key, serialize_struct(&meta)?), // id -> meta
                     txn_op_put(&id_list_key, serialize_struct(&id_list)?), /* data mask name -> id_list */
-                ];
+                ]);
 
                 let txn_req = TxnRequest {
                     condition,
@@ -148,41 +165,27 @@ impl<KV: kvapi::KVApi<Error = MetaError>> DatamaskApi for KV {
         loop {
             trials.next().unwrap()?.await;
 
-            let result =
-                get_data_mask_or_err(self, name_key, format!("drop_data_mask: {}", name_key)).await;
-
-            let (id_seq, id, data_mask_seq, _) = match result {
-                Ok((id_seq, id, data_mask_seq, meta)) => (id_seq, id, data_mask_seq, meta),
-                Err(err) => {
-                    if let KVAppError::AppError(AppError::UnknownDatamask(_)) = err {
-                        if req.if_exists {
-                            return Ok(DropDatamaskReply {});
-                        }
-                    }
-
-                    return Err(err);
-                }
-            };
-            let id_key = DatamaskId { id };
-            let mut condition = vec![
-                txn_cond_seq(name_key, Eq, id_seq),
-                txn_cond_seq(&id_key, Eq, data_mask_seq),
-            ];
-            let mut if_then = vec![txn_op_del(name_key), txn_op_del(&id_key)];
-
-            clear_table_column_mask_policy(self, name_key, &mut condition, &mut if_then).await?;
-
+            let mut condition = vec![];
+            let mut if_then = vec![];
+
+            construct_drop_mask_policy_operations(
+                self,
+                name_key,
+                req.if_exists,
+                true,
+                func_name!(),
+                &mut condition,
+                &mut if_then,
+            )
+            .await?;
             let txn_req = TxnRequest {
                 condition,
                 if_then,
                 else_then: vec![],
             };
-
             let (succ, _responses) = send_txn(self, txn_req).await?;
 
             debug!(
-                name = as_debug!(name_key),
-                id = as_debug!(&DatamaskId { id }),
                 succ = succ;
                 "drop_data_mask"
             );
@@ -289,3 +292,48 @@ async fn clear_table_column_mask_policy(
 
     Ok(())
 }
+
+async fn construct_drop_mask_policy_operations(
+    kv_api: &(impl kvapi::KVApi<Error = MetaError> + ?Sized),
+    name_key: &DatamaskNameIdent,
+    drop_if_exists: bool,
+    if_delete: bool,
+    ctx: &str,
+    condition: &mut Vec<TxnCondition>,
+    if_then: &mut Vec<TxnOp>,
+) -> Result<(), KVAppError> {
+    let result =
+        get_data_mask_or_err(kv_api, name_key, format!("drop_data_mask: {}", name_key)).await;
+
+    let (id_seq, id, data_mask_seq, _) = match result {
+        Ok((id_seq, id, data_mask_seq, meta)) => (id_seq, id, data_mask_seq, meta),
+        Err(err) => {
+            if let KVAppError::AppError(AppError::UnknownDatamask(_)) = err {
+                if drop_if_exists {
+                    return Ok(());
+                }
+            }
+
+            return Err(err);
+        }
+    };
+    let id_key = DatamaskId { id };
+
+    condition.push(txn_cond_seq(&id_key, Eq, data_mask_seq));
+    if_then.push(txn_op_del(&id_key));
+
+    if if_delete {
+        condition.push(txn_cond_seq(name_key, Eq, id_seq));
+        if_then.push(txn_op_del(name_key));
+        clear_table_column_mask_policy(kv_api, name_key, condition, if_then).await?;
+    }
+
+    debug!(
+        name = as_debug!(name_key),
+        id = as_debug!(&DatamaskId { id }),
+        ctx = ctx;
+        "construct_drop_mask_policy_operations"
+    );
+
+    Ok(())
+}
@@ -1419,6 +1419,12 @@ impl<KV: kvapi::KVApi<Error = MetaError> + ?Sized> SchemaApi for KV {
 
             let (succ, _responses) = send_txn(self, txn_req).await?;
 
+            debug!(
+                "name_ident" = as_debug!(&req.name_ident),
+                succ = succ;
+                "drop_virtual_column"
+            );
+
             if succ {
                 break;
             }
@@ -3790,6 +3796,7 @@ impl<KV: kvapi::KVApi<Error = MetaError> + ?Sized> SchemaApi for KV {
         "SchemaApiImpl".to_string()
     }
 }
+
 async fn construct_drop_virtual_column_txn_operations(
     kv_api: &(impl kvapi::KVApi<Error = MetaError> + ?Sized),
     name_ident: &VirtualColumnNameIdent,
 
@@ -28,6 +28,8 @@ use databend_common_expression::TableDataType;
 use databend_common_expression::TableField;
 use databend_common_expression::TableSchema;
 use databend_common_meta_app::data_mask::CreateDatamaskReq;
+use databend_common_meta_app::data_mask::DatamaskId;
+use databend_common_meta_app::data_mask::DatamaskMeta;
 use databend_common_meta_app::data_mask::DatamaskNameIdent;
 use databend_common_meta_app::data_mask::DropDatamaskReq;
 use databend_common_meta_app::data_mask::MaskpolicyTableIdList;
@@ -2732,7 +2734,7 @@ impl SchemaApiTestSuite {
         info!("--- create mask policy");
         {
             let req = CreateDatamaskReq {
-                if_not_exists: true,
+                create_option: CreateOption::CreateIfNotExists(true),
                 name: DatamaskNameIdent {
                     tenant: tenant.to_string(),
                     name: mask_name_1.to_string(),
@@ -2746,7 +2748,7 @@ impl SchemaApiTestSuite {
             mt.create_data_mask(req).await?;
 
             let req = CreateDatamaskReq {
-                if_not_exists: true,
+                create_option: CreateOption::CreateIfNotExists(true),
                 name: DatamaskNameIdent {
                     tenant: tenant.to_string(),
                     name: mask_name_2.to_string(),
@@ -2979,6 +2981,46 @@ impl SchemaApiTestSuite {
             assert!(id_list.is_err())
         }
 
+        info!("--- create or replace mask policy");
+        {
+            let mask_name = "replace_mask";
+            let name = DatamaskNameIdent {
+                tenant: tenant.to_string(),
+                name: mask_name.to_string(),
+            };
+            let req = CreateDatamaskReq {
+                create_option: CreateOption::CreateIfNotExists(true),
+                name: name.clone(),
+                args: vec![],
+                return_type: "".to_string(),
+                body: "".to_string(),
+                comment: Some("before".to_string()),
+                create_on: created_on,
+            };
+            mt.create_data_mask(req).await?;
+            let old_id: u64 = get_kv_u64_data(mt.as_kv_api(), &name).await?;
+            let id_key = DatamaskId { id: old_id };
+            let meta: DatamaskMeta = get_kv_data(mt.as_kv_api(), &id_key).await?;
+            assert_eq!(meta.comment, Some("before".to_string()));
+
+            let req = CreateDatamaskReq {
+                create_option: CreateOption::CreateOrReplace,
+                name: name.clone(),
+                args: vec![],
+                return_type: "".to_string(),
+                body: "".to_string(),
+                comment: Some("after".to_string()),
+                create_on: created_on,
+            };
+            mt.create_data_mask(req).await?;
+
+            let id: u64 = get_kv_u64_data(mt.as_kv_api(), &name).await?;
+            assert_ne!(old_id, id);
+            let id_key = DatamaskId { id };
+            let meta: DatamaskMeta = get_kv_data(mt.as_kv_api(), &id_key).await?;
+            assert_eq!(meta.comment, Some("after".to_string()));
+        }
+
         Ok(())
     }
 
 
@@ -19,6 +19,8 @@ use std::fmt::Formatter;
 use chrono::DateTime;
 use chrono::Utc;
 
+use crate::schema::CreateOption;
+
 const PREFIX_DATAMASK: &str = "__fd_datamask";
 const PREFIX_DATAMASK_BY_ID: &str = "__fd_datamask_by_id";
 const PREFIX_DATAMASK_ID_LIST: &str = "__fd_datamask_id_list";
@@ -72,7 +74,7 @@ impl From<CreateDatamaskReq> for DatamaskMeta {
 
 #[derive(serde::Serialize, serde::Deserialize, Clone, Debug, PartialEq, Eq)]
 pub struct CreateDatamaskReq {
-    pub if_not_exists: bool,
+    pub create_option: CreateOption,
     pub name: DatamaskNameIdent,
     pub args: Vec<(String, String)>,
     pub return_type: String,
 
@@ -15,6 +15,8 @@
 use std::fmt::Display;
 use std::fmt::Formatter;
 
+use databend_common_meta_app::schema::CreateOption;
+
 use crate::ast::Expr;
 use crate::ast::TypeName;
 
@@ -34,16 +36,22 @@ pub struct DataMaskPolicy {
 
 #[derive(Debug, Clone, PartialEq)]
 pub struct CreateDatamaskPolicyStmt {
-    pub if_not_exists: bool,
+    pub create_option: CreateOption,
     pub name: String,
     pub policy: DataMaskPolicy,
 }
 
 impl Display for CreateDatamaskPolicyStmt {
     fn fmt(&self, f: &mut Formatter) -> std::fmt::Result {
-        write!(f, "CREATE MASKING POLICY ")?;
-        if self.if_not_exists {
-            write!(f, "IF NOT EXISTS ")?;
+        write!(f, "CREATE ")?;
+        if let CreateOption::CreateOrReplace = self.create_option {
+            write!(f, "OR REPLACE ")?;
+        }
+        write!(f, "MASKING POLICY ")?;
+        if let CreateOption::CreateIfNotExists(if_not_exists) = self.create_option {
+            if if_not_exists {
+                write!(f, "IF NOT EXISTS ")?;
+            }
         }
         write!(f, "{} AS (", self.name)?;
         let mut flag = false;
 
@@ -1581,17 +1581,19 @@ pub fn statement(i: Input) -> IResult<StatementWithFormat> {
     let show_file_formats = value(Statement::ShowFileFormats, rule! { SHOW ~ FILE ~ FORMATS });
 
     // data mark policy
-    let create_data_mask_policy = map(
+    let create_data_mask_policy = map_res(
         rule! {
-            CREATE ~ MASKING ~ POLICY ~ ( IF ~ ^NOT ~ ^EXISTS )? ~ #ident ~ #data_mask_policy
+            CREATE ~ (OR ~ REPLACE)? ~ MASKING ~ POLICY ~ ( IF ~ ^NOT ~ ^EXISTS )? ~ #ident ~ #data_mask_policy
         },
-        |(_, _, _, opt_if_not_exists, name, policy)| {
+        |(_, opt_or_replace, _, _, opt_if_not_exists, name, policy)| {
+            let create_option =
+                parse_create_option(opt_or_replace.is_some(), opt_if_not_exists.is_some())?;
             let stmt = CreateDatamaskPolicyStmt {
-                if_not_exists: opt_if_not_exists.is_some(),
+                create_option,
                 name: name.to_string(),
                 policy,
             };
-            Statement::CreateDatamaskPolicy(stmt)
+            Ok(Statement::CreateDatamaskPolicy(stmt))
         },
     );
     let drop_data_mask_policy = map(
 
@@ -510,6 +510,7 @@ fn test_statement() {
         r#"SELECT * FROM t GROUP BY CUBE (a, b, c)"#,
         r#"SELECT * FROM t GROUP BY ROLLUP (a, b, c)"#,
         r#"CREATE MASKING POLICY email_mask AS (val STRING) RETURNS STRING -> CASE WHEN current_role() IN ('ANALYST') THEN VAL ELSE '*********'END comment = 'this is a masking policy'"#,
+        r#"CREATE OR REPLACE MASKING POLICY email_mask AS (val STRING) RETURNS STRING -> CASE WHEN current_role() IN ('ANALYST') THEN VAL ELSE '*********'END comment = 'this is a masking policy'"#,
         r#"DESC MASKING POLICY email_mask"#,
         r#"DROP MASKING POLICY IF EXISTS email_mask"#,
         r#"CREATE VIRTUAL COLUMN (a['k1']['k2'], b[0][1]) FOR t"#,
Original file line number	Diff line number	Diff line change
`@@ -1419,6 +1419,12 @@ impl<KV: kvapi::KVApi<Error = MetaError> + ?Sized> SchemaApi for KV {`
`1419`	`1419`
`1420`	`1420`	`let (succ, _responses) = send_txn(self, txn_req).await?;`
`1421`	`1421`
	`1422`	`+ debug!(`
	`1423`	`+ "name_ident" = as_debug!(&req.name_ident),`
	`1424`	`+ succ = succ;`
	`1425`	`+ "drop_virtual_column"`
	`1426`	`+ );`
	`1427`	`+`
`1422`	`1428`	`if succ {`
`1423`	`1429`	`break;`
`1424`	`1430`	`}`
`@@ -3790,6 +3796,7 @@ impl<KV: kvapi::KVApi<Error = MetaError> + ?Sized> SchemaApi for KV {`
`3790`	`3796`	`"SchemaApiImpl".to_string()`
`3791`	`3797`	`}`
`3792`	`3798`	`}`
	`3799`	`+`
`3793`	`3800`	`async fn construct_drop_virtual_column_txn_operations(`
`3794`	`3801`	`kv_api: &(impl kvapi::KVApi<Error = MetaError> + ?Sized),`
`3795`	`3802`	`name_ident: &VirtualColumnNameIdent,`