Skip to content

refactor(query): Gracefully handle unknown GrantEntry objects in UserGrantSet::from_pb #18400

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 22, 2025
Merged

refactor(query): Gracefully handle unknown GrantEntry objects in UserGrantSet::from_pb #18400

merged 2 commits into from
Jul 22, 2025
+10 −2

Conversation

TCeason
Copy link
Collaborator

@TCeason TCeason commented Jul 22, 2025
edited by drmingdrmer
Loading

I hereby agree to the terms of the CLA available at: https://docs.databend.com/dev/policies/cla/

Summary

When an older version of the application processes UserGrantSet data that contains GrantEntry objects with newly introduced GrantObject types, the GrantEntry::from_pb conversion can fail for those specific entries.

This commit modifies the UserGrantSet::from_pb function to gracefully handle such scenarios. If GrantEntry::from_pb returns an error (e.g., due to an unknown GrantObject), the error is now logged, and the problematic grant entry is skipped instead of causing the entire conversion to fail.

This ensures that users on older versions can still log in and use their available grants, providing better forward compatibility and robustness against evolving data schemas.
Without this, a user attempting to log in with data containing new GrantObject types would be prevented from logging in on an older client.

Tests

  • Unit Test
  • Logic Test
  • Benchmark Test
  • No Test : keep ci passed

Type of change

  • Bug Fix (non-breaking change which fixes an issue)
  • New Feature (non-breaking change which adds functionality)
  • Breaking Change (fix or feature that could cause existing functionality not to work as expected)
  • Documentation Update
  • Refactoring
  • Performance Improvement
  • Other (please describe):

This change is Reviewable

@github-actions github-actions bot added the pr-refactor this PR changes the code base without new features or bugfix label Jul 22, 2025
TCeason added a commit to TCeason/datafuse that referenced this pull request Jul 22, 2025
@TCeason
forbiden grant privileges on connection to USER
3f1f244 
Because of databendlabs#18400
@TCeason TCeason mentioned this pull request Jul 22, 2025
Merged
11 tasks
TCeason added a commit to TCeason/datafuse that referenced this pull request Jul 22, 2025
@TCeason
forbiden grant privileges on connection to USER
fc688c9 
Because of databendlabs#18400
TCeason added 2 commits July 22, 2025 15:47
@TCeason
fix(query): Gracefully handle unknown GrantEntry objects in UserGrant…
ff21b15 
…Set::from_pb

When an older version of the application processes `UserGrantSet` data that
contains `GrantEntry` objects with newly introduced `GrantObject` types, the
`GrantEntry::from_pb` conversion can fail for those specific entries.

This commit modifies the `UserGrantSet::from_pb` function to gracefully
handle such scenarios. If `GrantEntry::from_pb` returns an error (e.g.,
due to an unknown `GrantObject`), the error is now logged, and the
problematic grant entry is skipped instead of causing the entire
conversion to fail.

This ensures that users on older versions can still log in and use
their available grants, providing better forward compatibility and
robustness against evolving data schemas.
Without this, a user attempting to log in with data containing new
`GrantObject` types would be prevented from logging in on an older client.
@TCeason
make err msg more detial
e7d4d4b
@TCeason TCeason force-pushed the user_grant_object_incompatible branch from 148a64d to e7d4d4b Compare July 22, 2025 07:52
@TCeason TCeason merged commit ef653e7 into databendlabs:main Jul 22, 2025
166 of 168 checks passed
TCeason added a commit that referenced this pull request Jul 23, 2025
@TCeason
feat(rbac): RBAC support connection object (#18382)
9c2c5e1 
* feat(rbac): RBAC support connection object

1.   **New Configuration Parameter:** Introduces `enable_experimental_connection_rbac_check` to toggle RBAC permission verification for connections.   Disabled by default for backward compatibility.
2.   **Global Privileges:** Adds `CREATE CONNECTION` and `ACCESS CONNECTION` global privileges governing connection creation and unrestricted usage rights respectively.
3.   **Ownership Model:** Implements `OWNERSHIP` semantics, allowing privileged users/roles to perform arbitrary DDL operations on connections.
4.   **Show grants on connection <connection_name>.

* modify test result about err msg

* fix conversation

* fix test

* forbiden grant privileges on connection to USER

Because of #18400
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@drmingdrmer drmingdrmer drmingdrmer approved these changes

Assignees
No one assigned
Labels
pr-refactor this PR changes the code base without new features or bugfix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@TCeason @drmingdrmer