Skip to content

feat: add explicit FLUSH PRIVILEGES to refresh role cache for query node #19066

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
zhang2014 merged 2 commits into from
Dec 9, 2025
Merged

feat: add explicit FLUSH PRIVILEGES to refresh role cache for query node #19066

zhang2014 merged 2 commits into from
Dec 9, 2025

Conversation

@camilesing
Copy link
Contributor

@camilesing camilesing commented Dec 4, 2025
edited
Loading

I hereby agree to the terms of the CLA available at: https://docs.databend.com/dev/policies/cla/

Summary

Tests

  • Unit Test
  • Logic Test
  • Benchmark Test
  • No Test - Explain why

Type of change

  • Bug Fix (non-breaking change which fixes an issue)
  • New Feature (non-breaking change which adds functionality)
  • Breaking Change (fix or feature that could cause existing functionality not to work as expected)
  • Documentation Update
  • Refactoring
  • Performance Improvement
  • Other (please describe):

This change is Reviewable

@github-actions github-actions bot added the pr-feature this PR introduces a new feature to the codebase label Dec 4, 2025
@chatgpt-codex-connector
Copy link

chatgpt-codex-connector bot commented Dec 4, 2025

💡 Codex Review

databend/src/query/service/src/servers/flight/v1/actions/kill_query.rs

Lines 26 to 28 in d486a0b

pub async fn kill_query(plan: KillPlan) -> Result<bool> {
let session = create_session(Some(plan.tenant.as_str()))?;
let version = GlobalConfig::version();

P0 Badge Flight action plans reference nonexistent tenant field

The flight handlers now call create_session(Some(plan.tenant.as_str())), but the plan types they accept (KillPlan, SetPriorityPlan, TruncateTablePlan) still do not define a tenant field (see planner/plans/kill.rs, planner/plans/set_priority.rs, planner/plans/ddl/table.rs). This makes the changed lines fail to compile, so the build will break and these flight actions cannot run until the plan structs or calls are corrected.

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

@camilesing camilesing force-pushed the for_issue_19013 branch 8 times, most recently from 4d88077 to 961274b Compare December 6, 2025 13:44
@TCeason TCeason requested a review from zhang2014 December 8, 2025 01:29
@TCeason
Copy link
Collaborator

TCeason commented Dec 8, 2025

why pr type is - [x] Breaking Change (fix or feature that could cause existing functionality not to work as expected)?
image

@camilesing
Copy link
Contributor Author

camilesing commented Dec 8, 2025

@TCeason That was a mistake, fixed it

camilesing and others added 2 commits December 9, 2025 09:59
@camilesing @TCeason
feat: add explicit FLUSH PRIVILEGES to refresh role cache for query node
bf7eb5e
@TCeason
- SystemPlan is only produced by the SQL binder and that binder alway…
198a47e 
…s runs in a QueryContext whose tenant is fixed to GlobalConfig::instance().query.tenant_id unless the server

    is in management mode. When management mode is enabled, ManagementModeAccess blocks Plan::System altogether so no user query can ever build a system
    action with a different tenant. As a result, the tenant field inside SystemPlan was guaranteed to equal the global config tenant and provided no extra routing information anywhere else in the stack.
- All flight actions (system_action, kill_query, set_priority, truncate_table) run inside a query server whose GlobalConfig already defines a single tenant. There is no supported deployment where a single query process serves
    multiple tenants concurrently over flight RPC. Therefore, the create_session helper in src/query/service/src/servers/flight/v1/actions/mod.rs can safely derive the tenant from GlobalConfig every time; the optional parameter was
    never used to switch context to another tenant.
- Because both ends (planner and flight handler) collapse to the same static tenant, the tenant field in SystemPlan and the Option<Tenant> parameter to create_session were redundant wiring that couldn't change behavior. Removing
    them simplifies the code without affecting any observable semantics and makes it clear that system/flight actions always run under the server's configured tenant.
@TCeason TCeason force-pushed the for_issue_19013 branch 2 times, most recently from 6f98822 to 198a47e Compare December 9, 2025 02:10
@zhang2014 zhang2014 merged commit 67548ed into databendlabs:main Dec 9, 2025
87 checks passed
@zhang2014
Copy link
Member

zhang2014 commented Dec 9, 2025

@camilesing Thanks for contributing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zhang2014 zhang2014 zhang2014 approved these changes

Assignees

No one assigned

Labels

pr-feature this PR introduces a new feature to the codebase

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature: Add explicit FLUSH PRIVILEGES-style command to refresh role cache across query nodes

3 participants

@camilesing @TCeason @zhang2014