refactor: split common-users

Cargo.toml

@@ -32,6 +32,7 @@ members = [
     "common/meta/app",
     "common/streams",
     "common/tracing",
+    "common/users",
 
     # Query
     "query",

common/users/Cargo.toml

@@ -0,0 +1,31 @@
+[package]
+name = "common-users"
+version = "0.1.0"
+authors = ["Databend Authors <opensource@datafuselabs.com>"]
+license = "Apache-2.0"
+publish = false
+edition = "2021"
+
+[lib]
+doctest = false
+test = false
+
+[dependencies] # In alphabetical order
+# Workspace dependencies
+common-base = { path = "../base" }
+common-exception = { path = "../exception" }
+common-grpc = { path = "../grpc" }
+common-management = { path = "../management" }
+common-meta-api = { path = "../meta/api" }
+common-meta-store = { path = "../meta/store" }
+common-meta-types = { path = "../meta/types" }
+common-tracing = { path = "../tracing" }
+
+# Github dependencies
+
+# Crates.io dependencies
+jwtk = "0.2.3"
+serde = { version = "1.0.137", features = ["derive"] }
+
+[dev-dependencies]
+pretty_assertions = "1.2.1"

query/src/users/auth/jwt/authenticator.rs → common/users/src/jwt/authenticator.rs

@@ -21,8 +21,6 @@ use jwtk::HeaderAndClaims;
 use serde::Deserialize;
 use serde::Serialize;
 
-use crate::Config;
-
 pub struct JwtAuthenticator {
     //Todo(youngsofun): verify settings, like issuer
     verifier: RemoteJwksVerifier,
@@ -59,12 +57,12 @@ impl CustomClaims {
 }
 
 impl JwtAuthenticator {
-    pub async fn try_create(cfg: Config) -> Result<Option<Self>> {
-        if cfg.query.jwt_key_file.is_empty() {
+    pub async fn try_create(jwt_key_file: String) -> Result<Option<Self>> {
+        if jwt_key_file.is_empty() {
             return Ok(None);
         }
         let mut verifier =
-            RemoteJwksVerifier::new(cfg.query.jwt_key_file, None, Duration::from_secs(15 * 60));
+            RemoteJwksVerifier::new(jwt_key_file, None, Duration::from_secs(15 * 60));
         verifier.set_require_kid(false);
         Ok(Some(JwtAuthenticator { verifier }))
     }

query/src/users/mod.rs → common/users/src/lib.rs

@@ -12,18 +12,17 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+mod jwt;
 mod role_mgr;
 mod user;
 mod user_api;
 mod user_mgr;
 mod user_stage;
 mod user_udf;
 
-pub mod auth;
 pub mod role_cache_mgr;
 
-pub use auth::auth_mgr::AuthMgr;
-pub use auth::auth_mgr::Credential;
+pub use jwt::*;
 pub use role_cache_mgr::RoleCacheMgr;
 pub use user::CertifiedInfo;
 pub use user::User;

query/src/users/role_cache_mgr.rs → common/users/src/role_cache_mgr.rs

@@ -26,7 +26,7 @@ use common_exception::Result;
 use common_meta_types::RoleInfo;
 use common_tracing::tracing;
 
-use crate::users::UserApiProvider;
+use crate::UserApiProvider;
 
 struct CachedRoles {
     roles: HashMap<String, RoleInfo>,

query/src/users/role_mgr.rs → common/users/src/role_mgr.rs

@@ -18,7 +18,7 @@ use common_meta_types::GrantObject;
 use common_meta_types::RoleInfo;
 use common_meta_types::UserPrivilegeSet;
 
-use crate::users::UserApiProvider;
+use crate::UserApiProvider;
 
 impl UserApiProvider {
     // Get one role from by tenant.

query/src/users/user_api.rs → common/users/src/user_api.rs

@@ -15,6 +15,7 @@
 use std::sync::Arc;
 
 use common_exception::Result;
+use common_grpc::RpcClientConf;
 use common_management::QuotaApi;
 use common_management::QuotaMgr;
 use common_management::RoleApi;
@@ -28,17 +29,13 @@ use common_management::UserMgr;
 use common_meta_api::KVApi;
 use common_meta_store::MetaStoreProvider;
 
-use crate::Config;
-
 pub struct UserApiProvider {
     client: Arc<dyn KVApi>,
 }
 
 impl UserApiProvider {
-    pub async fn create_global(conf: Config) -> Result<Arc<UserApiProvider>> {
-        let client = MetaStoreProvider::new(conf.meta.to_meta_grpc_client_conf())
-            .try_get_meta_store()
-            .await?;
+    pub async fn create_global(conf: RpcClientConf) -> Result<Arc<UserApiProvider>> {
+        let client = MetaStoreProvider::new(conf).try_get_meta_store().await?;
         Ok(Arc::new(UserApiProvider {
             client: client.arc(),
         }))

query/src/users/user_mgr.rs → common/users/src/user_mgr.rs

@@ -21,7 +21,7 @@ use common_meta_types::UserInfo;
 use common_meta_types::UserOption;
 use common_meta_types::UserPrivilegeSet;
 
-use crate::users::UserApiProvider;
+use crate::UserApiProvider;
 
 impl UserApiProvider {
     // Get one user from by tenant.

query/src/users/user_stage.rs → common/users/src/user_stage.rs

@@ -17,7 +17,7 @@ use common_exception::Result;
 use common_meta_types::StageFile;
 use common_meta_types::UserStageInfo;
 
-use crate::users::UserApiProvider;
+use crate::UserApiProvider;
 
 /// user stage operations.
 impl UserApiProvider {

query/src/users/user_udf.rs → common/users/src/user_udf.rs

@@ -16,7 +16,7 @@ use common_exception::ErrorCode;
 use common_exception::Result;
 use common_meta_types::UserDefinedFunction;
 
-use crate::users::UserApiProvider;
+use crate::UserApiProvider;
 
 /// UDF operations.
 impl UserApiProvider {

query/tests/it/users/auth/mod.rs → common/users/tests/it/main.rs

@@ -1,4 +1,4 @@
-// Copyright 2022 Datafuse Labs.
+// Copyright 2021 Datafuse Labs.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -12,4 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-mod auth_mgr;
+mod role_cache_mgr;
+mod role_mgr;
+mod user_mgr;
+mod user_udf;

query/tests/it/users/role_cache_mgr.rs → common/users/tests/it/role_cache_mgr.rs

@@ -17,17 +17,19 @@ use std::collections::HashSet;
 
 use common_base::base::tokio;
 use common_exception::Result;
+use common_grpc::RpcClientConf;
 use common_meta_types::GrantObject;
 use common_meta_types::RoleInfo;
 use common_meta_types::UserPrivilegeSet;
-use databend_query::catalogs::CATALOG_DEFAULT;
-use databend_query::users::role_cache_mgr::find_all_related_roles;
-use databend_query::users::RoleCacheMgr;
-use databend_query::users::UserApiProvider;
+use common_users::role_cache_mgr::find_all_related_roles;
+use common_users::RoleCacheMgr;
+use common_users::UserApiProvider;
+
+pub const CATALOG_DEFAULT: &str = "default";
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 1)]
 async fn test_role_cache_mgr() -> Result<()> {
-    let conf = crate::tests::ConfigBuilder::create().config();
+    let conf = RpcClientConf::default();
     let user_api = UserApiProvider::create_global(conf).await?;
 
     let mut role1 = RoleInfo::new("role1");

query/tests/it/users/role_mgr.rs → common/users/tests/it/role_mgr.rs

@@ -15,16 +15,17 @@
 use common_base::base::tokio;
 use common_exception::ErrorCode;
 use common_exception::Result;
+use common_grpc::RpcClientConf;
 use common_meta_types::GrantObject;
 use common_meta_types::RoleInfo;
 use common_meta_types::UserPrivilegeSet;
 use common_meta_types::UserPrivilegeType;
-use databend_query::users::UserApiProvider;
+use common_users::UserApiProvider;
 use pretty_assertions::assert_eq;
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 1)]
 async fn test_role_manager() -> Result<()> {
-    let conf = crate::tests::ConfigBuilder::create().config();
+    let conf = RpcClientConf::default();
 
     let tenant = "tenant1";
     let role_name = "test-role1".to_string();

query/tests/it/users/user_mgr.rs → common/users/tests/it/user_mgr.rs

@@ -15,6 +15,7 @@
 use common_base::base::tokio;
 use common_exception::ErrorCode;
 use common_exception::Result;
+use common_grpc::RpcClientConf;
 use common_meta_types::AuthInfo;
 use common_meta_types::GrantObject;
 use common_meta_types::PasswordHashMethod;
@@ -23,13 +24,13 @@ use common_meta_types::UserIdentity;
 use common_meta_types::UserInfo;
 use common_meta_types::UserPrivilegeSet;
 use common_meta_types::UserPrivilegeType;
-use databend_query::users::User;
-use databend_query::users::UserApiProvider;
+use common_users::User;
+use common_users::UserApiProvider;
 use pretty_assertions::assert_eq;
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 1)]
 async fn test_user_manager() -> Result<()> {
-    let conf = crate::tests::ConfigBuilder::create().config();
+    let conf = RpcClientConf::default();
 
     let tenant = "test";
     let username = "test-user1";
@@ -241,7 +242,7 @@ async fn test_user_manager() -> Result<()> {
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 1)]
 async fn test_user_manager_with_root_user() -> Result<()> {
-    let conf = crate::tests::ConfigBuilder::create().config();
+    let conf = RpcClientConf::default();
 
     let tenant = "test";
     let username1 = "default";

query/tests/it/users/user_udf.rs → common/users/tests/it/user_udf.rs

@@ -14,13 +14,14 @@
 
 use common_base::base::tokio;
 use common_exception::Result;
+use common_grpc::RpcClientConf;
 use common_meta_types::UserDefinedFunction;
-use databend_query::users::UserApiProvider;
+use common_users::UserApiProvider;
 use pretty_assertions::assert_eq;
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 1)]
 async fn test_user_udf() -> Result<()> {
-    let conf = crate::tests::ConfigBuilder::create().config();
+    let conf = RpcClientConf::default();
 
     let tenant = "test";
     let description = "this is a description";

query/Cargo.toml

@@ -56,6 +56,7 @@ common-metrics = { path = "../common/metrics" }
 common-planners = { path = "../common/planners" }
 common-streams = { path = "../common/streams" }
 common-tracing = { path = "../common/tracing" }
+common-users = { path = "../common/users" }
 
 # Github dependencies
 async-trait = { git = "https://github.com/datafuse-extras/async-trait", rev = "f0b0fd5" }
@@ -86,7 +87,6 @@ futures-util = "0.3.21"
 headers = "0.3.7"
 http = "0.2.8"
 itertools = "0.10.3"
-jwtk = "0.2.3"
 lz4 = "1.23.3"
 metrics = "0.19.0"
 naive-cityhash = "0.2.0"

query/src/users/auth/auth_mgr.rs → query/src/auth.rs

@@ -18,10 +18,10 @@ use common_exception::ErrorCode;
 use common_exception::Result;
 use common_meta_types::AuthInfo;
 use common_meta_types::UserInfo;
+use common_users::JwtAuthenticator;
+use common_users::UserApiProvider;
 
 use crate::sessions::QueryContext;
-use crate::users::auth::jwt::JwtAuthenticator;
-use crate::users::UserApiProvider;
 pub use crate::Config;
 
 pub struct AuthMgr {
@@ -45,7 +45,7 @@ impl AuthMgr {
     pub async fn create(cfg: Config, user_mgr: Arc<UserApiProvider>) -> Result<Self> {
         Ok(AuthMgr {
             user_mgr,
-            jwt: JwtAuthenticator::try_create(cfg).await?,
+            jwt: JwtAuthenticator::try_create(cfg.query.jwt_key_file).await?,
         })
     }
 

query/src/lib.rs

@@ -21,6 +21,7 @@
 #![feature(box_patterns)]
 
 pub mod api;
+pub mod auth;
 pub mod catalogs;
 pub mod clusters;
 pub mod common;
@@ -35,7 +36,6 @@ pub mod sessions;
 pub mod sql;
 pub mod storages;
 pub mod table_functions;
-pub mod users;
 
 mod config;
 mod version;

query/src/servers/clickhouse/interactive_worker.rs

@@ -21,11 +21,11 @@ use opensrv_clickhouse::connection::Connection;
 use opensrv_clickhouse::CHContext;
 use opensrv_clickhouse::ClickHouseSession;
 
+use crate::auth::Credential;
 use crate::servers::clickhouse::interactive_worker_base::InteractiveWorkerBase;
 use crate::servers::clickhouse::writers::to_clickhouse_err;
 use crate::servers::clickhouse::writers::QueryWriter;
 use crate::sessions::SessionRef;
-use crate::users::auth::auth_mgr::Credential;
 
 pub struct InteractiveWorker {
     session: SessionRef,

query/src/servers/http/middleware.rs

@@ -30,10 +30,10 @@ use poem::Middleware;
 use poem::Request;
 
 use super::v1::HttpQueryContext;
+use crate::auth::Credential;
 use crate::servers::HttpHandlerKind;
 use crate::sessions::SessionManager;
 use crate::sessions::SessionType;
-use crate::users::auth::auth_mgr::Credential;
 
 pub struct HTTPSessionMiddleware {
     pub kind: HttpHandlerKind,