risingwave_frontend/handler/
drop_secret.rs

1// Copyright 2024 RisingWave Labs
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15use std::sync::Arc;
16
17use pgwire::pg_response::StatementType;
18use risingwave_common::license::Feature;
19use risingwave_sqlparser::ast::ObjectName;
20
21use crate::Binder;
22use crate::catalog::root_catalog::SchemaPath;
23use crate::catalog::secret_catalog::SecretCatalog;
24use crate::catalog::{DatabaseId, SchemaId};
25use crate::error::Result;
26use crate::handler::{HandlerArgs, RwPgResponse};
27use crate::session::SessionImpl;
28
29pub async fn handle_drop_secret(
30    handler_args: HandlerArgs,
31    secret_name: ObjectName,
32    if_exists: bool,
33    cascade: bool,
34) -> Result<RwPgResponse> {
35    Feature::SecretManagement.check_available()?;
36
37    let session = handler_args.session;
38
39    if let Some((secret_catalog, _, _)) =
40        fetch_secret_catalog_with_db_schema_id(&session, &secret_name, if_exists)?
41    {
42        let catalog_writer = session.catalog_writer()?;
43        catalog_writer
44            .drop_secret(secret_catalog.id, cascade)
45            .await?;
46
47        Ok(RwPgResponse::empty_result(StatementType::DROP_SECRET))
48    } else {
49        Ok(RwPgResponse::builder(StatementType::DROP_SECRET)
50            .notice(format!(
51                "secret \"{}\" does not exist, skipping",
52                secret_name
53            ))
54            .into())
55    }
56}
57
58/// Fetch the secret catalog and the `database/schema_id` of the source.
59pub fn fetch_secret_catalog_with_db_schema_id(
60    session: &SessionImpl,
61    secret_name: &ObjectName,
62    if_exists: bool,
63) -> Result<Option<(Arc<SecretCatalog>, DatabaseId, SchemaId)>> {
64    let db_name = &session.database();
65    let (schema_name, secret_name) = Binder::resolve_schema_qualified_name(db_name, secret_name)?;
66    let search_path = session.config().search_path();
67    let user_name = &session.user_name();
68
69    let schema_path = SchemaPath::new(schema_name.as_deref(), &search_path, user_name);
70
71    let reader = session.env().catalog_reader().read_guard();
72    match reader.get_secret_by_name(db_name, schema_path, &secret_name) {
73        Ok((catalog, schema_name)) => {
74            session.check_privilege_for_drop_alter(schema_name, &**catalog)?;
75
76            let db = reader.get_database_by_name(db_name)?;
77            let schema = db.get_schema_by_name(schema_name).unwrap();
78
79            Ok(Some((Arc::clone(catalog), db.id(), schema.id())))
80        }
81        Err(e) => {
82            if if_exists {
83                Ok(None)
84            } else {
85                Err(e.into())
86            }
87        }
88    }
89}