risingwave_frontend/catalog/system_catalog/rw_catalog/
rw_secrets.rs

1// Copyright 2025 RisingWave Labs
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15use risingwave_common::types::Fields;
16use risingwave_frontend_macro::system_catalog;
17use risingwave_pb::user::grant_privilege::Object as GrantObject;
18
19use crate::catalog::system_catalog::{SysCatalogReaderImpl, get_acl_items};
20use crate::error::Result;
21
22#[derive(Fields)]
23struct RwSecret {
24    #[primary_key]
25    id: i32,
26    schema_id: i32,
27    name: String,
28    owner: i32,
29    acl: Vec<String>,
30}
31
32#[system_catalog(table, "rw_catalog.rw_secrets")]
33fn read_rw_secret_info(reader: &SysCatalogReaderImpl) -> Result<Vec<RwSecret>> {
34    let catalog_reader = reader.catalog_reader.read_guard();
35    let schemas = catalog_reader.iter_schemas(&reader.auth_context.database)?;
36    let user_reader = reader.user_info_reader.read_guard();
37    let users = user_reader.get_all_users();
38    let current_user = user_reader
39        .get_user_by_name(&reader.auth_context.user_name)
40        .expect("user not found");
41    let username_map = user_reader.get_user_name_map();
42
43    Ok(schemas
44        .flat_map(|schema| {
45            schema
46                .iter_secret_with_acl(current_user)
47                .map(|secret| RwSecret {
48                    id: secret.id.secret_id() as i32,
49                    schema_id: secret.schema_id as i32,
50                    name: secret.name.clone(),
51                    owner: secret.owner as i32,
52                    acl: get_acl_items(
53                        &GrantObject::SecretId(secret.id.secret_id()),
54                        false,
55                        &users,
56                        username_map,
57                    ),
58                })
59        })
60        .collect())
61}