Skip to content

feat(server): adapt Hubble 2.0 frontend APIs and implement default graph/role management#3008

Open
Yeaury wants to merge 30 commits into
apache:masterfrom
Yeaury:feat/hubble-api-compatibility
Open

feat(server): adapt Hubble 2.0 frontend APIs and implement default graph/role management#3008
Yeaury wants to merge 30 commits into
apache:masterfrom
Yeaury:feat/hubble-api-compatibility

Conversation

@Yeaury

@Yeaury Yeaury commented Apr 24, 2026

Copy link
Copy Markdown

Purpose of the PR

Adapt the Server APIs needed by Hubble 2.0 so the community Server can support
Hubble's graph, GraphSpace, default graph, default role, schema template, and
manager flows.

Hubble2 should use the canonical APIs listed below. The legacy
GET /default and GET /undefault mutation aliases that still exist in this
PR are compatibility-only and should not be treated as a Hubble2 dependency.

Toolchain/Hubble reference: apache/hugegraph-toolchain#632

Main Changes

1. Graph management (GraphsAPI.java)

  • GET /graphspaces/{graphspace}/graphs/profile lists graph profiles with
    default-graph-first sorting and config metadata such as nickname and
    create time.
  • GET /graphspaces/{graphspace}/graphs/default returns the current user's
    default graph list.
  • POST /graphspaces/{graphspace}/graphs/{name}/default sets a graph as
    default.
  • DELETE /graphspaces/{graphspace}/graphs/{name}/default unsets a graph as
    default.
  • GET /graphspaces/{graphspace}/graphs/{name}/default and
    GET /graphspaces/{graphspace}/graphs/{name}/undefault currently remain as
    compatibility aliases, but Hubble2 should not depend on them.
  • POST /graphspaces/{graphspace}/graphs/{name} with
    Content-Type: application/json creates a graph. The graph name is a path
    resource, and graph config stays in the JSON body.
  • POST /graphspaces/{graphspace}/graphs/{name} with Content-Type: text/plain
    remains for hugegraph-client compatibility.
  • PUT /graphspaces/{graphspace}/graphs/{name} updates graph metadata such as
    nickname.
  • Graph creation auto-fills HStore/PD defaults in distributed mode, RocksDB
    defaults in standalone mode, and maps the frontend schema field to
    schema.init_template.

2. GraphSpace and default-role APIs (GraphSpaceAPI.java)

  • GET /graphspaces and GET /graphspaces/{graphspace} are PD-mode APIs.
  • POST /graphspaces/{graphspace}/role creates a default role.
  • GET /graphspaces/{graphspace}/role checks a default role.
  • DELETE /graphspaces/{graphspace}/role deletes a default role.
  • Default-role create/check/delete validates GraphSpace, user/group, role, and
    graph parameters, and protects SPACE role operations with admin/space
    permission checks.

3. GraphSpace managers (ManagerAPI.java)

  • Base path: graphspaces/{graphspace}/auth/managers.
  • Manager create/delete/list/check APIs are PD-mode APIs.
  • GET /graphspaces/{graphspace}/auth/managers/default checks whether the
    current user has a default role in the GraphSpace.

4. Schema templates (SchemaTemplateAPI.java)

  • GET /graphspaces/{graphspace}/schematemplates
  • GET /graphspaces/{graphspace}/schematemplates/{name}
  • POST /graphspaces/{graphspace}/schematemplates
  • PUT /graphspaces/{graphspace}/schematemplates/{name}
  • DELETE /graphspaces/{graphspace}/schematemplates/{name}
  • Schema template APIs are PD-mode APIs. Update/delete are limited to the
    template creator or a GraphSpace manager.

5. Authentication and graph metadata support

  • Adds default graph and default role methods to AuthManager and the standard
    auth manager implementations.
  • Adds auth proxy delegation for these new methods.
  • Adds graph metadata helpers in GraphManager and config serialization support
    used by graph profile responses.

Integration Boundaries

  • Hubble2 uses canonical graph create/default APIs:
    • POST /graphspaces/{graphspace}/graphs/{name}
    • POST /graphspaces/{graphspace}/graphs/{name}/default
    • DELETE /graphspaces/{graphspace}/graphs/{name}/default
  • Server should not need to preserve Hubble legacy form-urlencoded graph
    creation or GET mutation aliases for Hubble2.
  • GraphSpace lifecycle, default role, schema template, and manager APIs are
    PD-mode APIs. Standalone/non-PD Hubble should hide or degrade these flows
    instead of requiring Server to emulate the full PD GraphSpace model.
  • Hubble2 non-PD flows should continue to use DEFAULT GraphSpace and graph
    operations that are meaningful in standalone mode.

Known Integration Follow-ups

  • Current PD smoke found GET /graphspaces/DEFAULT/graphs returning an empty
    list while direct GET /graphspaces/DEFAULT/graphs/hugegraph succeeds.
  • Hubble Gremlin overview can still show max counts when Server-side Gremlin
    execution does not provide the expected g alias.
  • Default-role checks still need a full Hubble PD workflow smoke after the API
    boundary is finalized.

Verifying these changes

  • Server unit coverage for the master check and default-role permission
    boundaries.
  • Hubble2 non-PD smoke for graph management, default graph APIs, and
    canonical graph create path.
  • Hubble2 packaged loader/auth smoke with current toolchain loader/client.
  • Hubble2 PD minimal API smoke for versions, GraphSpace list/get, direct
    graph get, schema template list, and Gremlin schema/data read-write.
  • Hubble2 PD graph list/lifecycle smoke.
  • Hubble2 PD default-role/account/role smoke.
  • Hubble2 PD loader peers, algorithms, and async task smoke.

Does this PR potentially affect the following parts?

  • Dependencies (add/update license info & regenerate_known_dependencies.sh)
  • Modify configurations
  • The public API
  • Other affects (typed here)
  • Nope

Documentation Status

  • Doc - TODO
  • Doc - Done
  • Doc - No Need

Yeaury added 5 commits April 24, 2026 10:53
- Add listProfile endpoint with default graph sorting and prefix filtering
- Add setDefault/unsetDefault/getDefault endpoints for default graph management
- Add manage(PUT) endpoint for graph nickname update
- Add createByForm for form-urlencoded graph creation compatibility
- Auto-fill HStore/PD defaults (backend/serializer/store) during graph creation
- Add setDefaultRole/checkDefaultRole/deleteDefaultRole in GraphSpaceAPI
- Add checkDefaultRole endpoint in ManagerAPI
- Add default role interfaces in AuthManager
- Implement default role CRUD in StandardAuthManager and StandardAuthManagerV2
- Add stub proxy methods in HugeGraphAuthProxy
- Add new SchemaTemplateAPI with list/get/create/update/delete operations
- Fix package path from api.profile to api.space
- Use HugeGraphAuthProxy.username() instead of authManager.username()

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds/extends HugeGraph Server REST endpoints and auth-layer capabilities needed by the Hubble 2.0 frontend, focusing on graph profile listing, default graph selection, default role management, and schema template CRUD within graphspaces.

Changes:

  • Added graph profile listing + default-graph set/unset/query APIs, plus graph create compatibility tweaks.
  • Implemented default-graph/default-role persistence methods in the AuthManager interface and its implementations/proxies.
  • Introduced schema template CRUD API and corresponding GraphManager helpers.

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 16 comments.

Show a summary per file
File Description
hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/util/ConfigUtil.java Adds config-to-string helper used by graph profile listing.
hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/AuthManager.java Extends auth interface for default graph/role operations.
hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java Implements new default graph/role methods (non-PD auth manager).
hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManagerV2.java Implements new default graph/role methods (PD-mode auth manager).
hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java Proxies/delegates new AuthManager methods.
hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/core/GraphManager.java Adds schema template management helpers.
hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/GraphsAPI.java Adds graph profile listing, default graph APIs, manage/update behavior, and create defaults.
hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/space/GraphSpaceAPI.java Adds default role management endpoints and JSON tolerance.
hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/auth/ManagerAPI.java Adds endpoint to query whether current user has a default role.
hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/space/SchemaTemplateAPI.java New schema template CRUD endpoint implementation.
Comments suppressed due to low confidence (1)

hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/GraphsAPI.java:443

  • configs is only validated as non-null when clone_graph_name is empty. If clone_graph_name is provided and the request body is omitted/empty, configs can be null and convConfig(configs) will throw a NullPointerException in the clone branch. Consider defaulting configs to an empty map (or making convConfig() null-safe) before using it for cloning.
        // Check required parameters for creating graph
        if (StringUtils.isEmpty(clone)) {
            // Only check required parameters when creating new graph, not when cloning
            E.checkArgument(configs != null, "Config parameters cannot be null");
            // Auto-fill defaults for PD/HStore mode when not provided
            configs.putIfAbsent("backend", "hstore");
            configs.putIfAbsent("serializer", "binary");
            configs.putIfAbsent("store", name);
            // Map frontend 'schema' field to backend config key
            Object schema = configs.remove("schema");
            if (schema != null && !schema.toString().isEmpty()) {
                configs.put("schema.init_template", schema.toString());
            }
        }

        String creator = HugeGraphAuthProxy.username();

        if (StringUtils.isNotEmpty(clone)) {
            // Clone from existing graph
            LOG.debug("Clone graph '{}' to '{}' in graph space '{}'", clone, name, graphSpace);
            graph = manager.cloneGraph(graphSpace, clone, name, convConfig(configs));
        } else {
            // Create new graph
            graph = manager.createGraph(graphSpace, name, creator,
                                        convConfig(configs), true);
        }

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

…#3008)

- fix: use @POST/@delete for setDefault/unsetDefault (REST semantics)
- fix: add null/empty validation before role field access in GraphSpaceAPI
  to prevent NPE in setDefaultRole/checkDefaultRole/deleteDefaultRole
- fix: change isPrefix to private static and guard nickname null in
  GraphSpaceAPI and GraphsAPI
- fix: ConfigUtil.writeConfigToString always returns JSON regardless
  of whether config was loaded from file, fixing listProfile endpoint
- fix: add @RolesAllowed annotations to SchemaTemplateAPI endpoints
- fix: use ForbiddenException (403) instead of HugeException (400)
  for authorization failures in SchemaTemplateAPI and GraphSpaceAPI
- fix: correct LOG placeholder count in SchemaTemplateAPI.delete
- fix: use HugeException ('%s') format instead of SLF4J '{}' format
- fix: replace com.alipay StringUtils with commons-lang3 in ManagerAPI
- fix: add @consumes and checkUpdate() validation to SchemaTemplate.update
- fix: add ensurePdModeEnabled guard to ManagerAPI.checkDefaultRole
- fix: guard configs null access in GraphsAPI.create clone branch
@imbajin

imbajin commented Apr 25, 2026

Copy link
Copy Markdown
Member

新增 API 单机版(非 PD)兼容性对照

目标:社区默认的 RocksDB 单机版通过 graphspace=DEFAULT 使用 GraphsAPI,应支持图的增删改查和基础权限管理。GraphSpaceAPI、ManagerAPI、SchemaTemplateAPI 属于 PD 专属功能,不需要兼容。

需要兼容单机版的端点(GraphsAPI)

API 端点 当前状态 问题说明 需要的改动
GET .../graphs/profile ⚠️ ConfigUtil.writeConfigToString 序列化全部配置项,可能泄露 password/token 等敏感字段 白名单过滤或排除敏感 key
PUT .../graphs/{name} (manage/update nickname) 1. isExistedGraphNickname() 调用 metaManager.graphConfigs() — 非 PD 下 MetaManager 未初始化,NPE;2. exist.nickname() 只改内存,缺少持久化调用 1. 加 isPDEnabled() 分支,非 PD 下用内存图列表做去重;2. 补充持久化调用
POST .../graphs (create JSON) 无条件执行 configs.putIfAbsent("backend", "hstore"),单机版默认 RocksDB 会被覆盖为 hstore 导致创建失败 if (manager.isPDEnabled()) 包裹 hstore/binary 默认值填充
POST .../graphs/{name} (createByText) 委托 create() 方法,同上 同上(修复 create 即可)
POST .../graphs/{name}/default (设置默认图) StandardAuthManager 已实现
DELETE .../graphs/{name}/default (取消默认图) StandardAuthManager 已实现
GET .../graphs/default (查询默认图) StandardAuthManager 已实现

PD 专属端点(无需兼容单机版)

API 端点 归属 说明
POST/GET/DELETE .../graphspaces/{gs}/role GraphSpaceAPI 图空间级角色管理,PD-only by design
GET /auth/manager/default ManagerAPI 已有 ensurePdModeEnabled() 门禁
GET/POST/PUT/DELETE .../schematemplates[/{name}] SchemaTemplateAPI 全部走 metaManager,PD-only

总结:7 个 GraphsAPI 端点需要兼容单机版。其中 3 个需要代码改动(manage 需加 isPDEnabled() 分支 + 持久化修复,create/createByText 需条件化 hstore 默认值),1 个需过滤敏感配置,3 个已可正常工作。

Yeaury added 2 commits April 26, 2026 16:16
… mode

## Background

Hubble 2.0 previously relied exclusively on PD mode (distributed HStore
backend). This PR makes the server-side APIs fully compatible with the
community default: single-node RocksDB without PD/HStore, so that Hubble
remains functional out of the box for all deployment modes.

## Core bug fixes

### GraphsAPI
- Fix `create()`: `backend=hstore` / `serializer=binary` defaults are now
  only injected when `manager.isPDEnabled()` is true, preventing graph
  creation failures on standalone RocksDB deployments.
- Fix `manage()`: replace `exist.nickname(nickname)` (in-memory only) with
  `manager.updateGraphNickname()`, which persists the change to PD meta
  storage in distributed mode and gracefully falls back to in-memory update
  in standalone mode.
- Fix `manage()`: relax `actionMap.size() == 2` validation to
  `containsKey(GRAPH_ACTION)`, so extra fields from the frontend no longer
  cause spurious 400 errors.
- Guard `getDefaultGraph()`, `setDefault()`, `unsetDefault()`, and
  `getDefault()` with `isPDEnabled()` checks; return empty results in
  standalone mode instead of throwing NPE.
- Fix `listProfile()`: guard `getDefaultGraph()` call with `isPDEnabled()`;
  add null-safe fallback for `gs.nickname()` in non-PD mode.

### GraphManager
- `isExistedGraphNickname()`: add non-PD branch that scans in-memory graphs
  instead of accessing the uninitialized `metaManager`, preventing NPE in
  standalone mode.
- New `updateGraphNickname()`: updates in-memory graph instance first, then
  persists nickname to `metaManager` only in PD mode.

### ConfigUtil
- `writeConfigToString()`: always serializes config to JSON (previously
  could emit raw properties format), fixing `listProfile` deserialization.
- New `isSensitiveKey()`: filters keys containing `password`, `secret`,
  `token`, `credential`, `private_key`, or `auth.key` from the serialized
  output to prevent credential leakage through the API.

### ManagerAPI
- Add `ensurePdModeEnabled()` guard to all PD-specific endpoints
  (`createManager`, `deleteManager`, `list`, `checkRole`, `getRolesInGs`,
  `checkDefaultRole`).
- Wrap `HugeDefaultRole.valueOf()` in try-catch to return HTTP 400 instead
  of HTTP 500 when an invalid role string is supplied.

### SchemaTemplateAPI
- Fix incorrect `HugeException` import; replace with `ForbiddenException`
  for proper HTTP 403 semantics.
- Add missing `@RolesAllowed` annotations and implement `checkUpdate()`
  validation.

### StandardAuthManager
- Implement `setDefaultGraph` / `getDefaultGraph` / `unsetDefaultGraph`
  using marker-group pattern (HugeGroup + HugeBelong) for persistence.
- Implement `createDefaultRole` / `createSpaceDefaultRole` /
  `isDefaultRole` / `deleteDefaultRole` with the same marker-group
  mechanism.
- Add detailed design-note Javadoc explaining the workaround, its
  limitations, and the non-PD degradation path.

## Code quality improvements

- Extract shared `isPrefix(Map, String)` helper and `DATE_FORMATTER`
  constant into the `API` base class, eliminating ~30 lines of duplicated
  code across `GraphsAPI` and `GraphSpaceAPI`.
- Replace non-thread-safe `SimpleDateFormat` (constructed per-request) with
  a single static `DateTimeFormatter` (immutable, thread-safe).
- Fix 12-hour clock format `hh` → 24-hour `HH` in `GraphSpaceAPI`.
@Yeaury Yeaury marked this pull request as ready for review April 26, 2026 09:47
@dosubot dosubot Bot added the size:XXL This PR changes 1000+ lines, ignoring generated files. label Apr 26, 2026
StandardAuthManager (standalone RocksDB) fully implements setDefaultGraph/
unsetDefaultGraph/getDefaultGraph via HugeGroup+HugeBelong mechanism and
does not require PD. The non-PD early-return guards in setDefault, unsetDefault,
getDefault and listProfile were silently discarding user preferences, making
the API a no-op in standalone mode.

Remove the isPDEnabled() short-circuits and route all default graph operations
directly through authManager, which dispatches correctly to either
StandardAuthManager or StandardAuthManagerV2 depending on the deployment mode.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 13 out of 15 changed files in this pull request and generated 8 comments.


💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Yeaury added 3 commits May 5, 2026 23:54
…nding

- Fix SchemaTemplateAPI logger using wrong class (RestServer -> SchemaTemplateAPI)
- Fix StandardAuthManager fabricated belong ID: replace string-constructed IDs
  with actual graph traversal (findBelongBinding) to correctly detect/delete
  existing HugeBelong edges, making setDefaultGraph/unsetDefaultGraph/
  createDefaultRole idempotent
- Fix HugeUser.initSchemaIfNeeded: add incremental schema upgrade so existing
  deployments get the user_nickname property key without full schema recreation
…rors

Server-side fixes:

- GraphsAPI.setDefault/unsetDefault/getDefault and GraphSpaceAPI role endpoints now handle missing authManager (standalone mode) gracefully instead of throwing unhandled IllegalStateException
- STANDALONE_ERROR made protected in API.java for subclass access

New tests (29 total, all passing on rocksdb):

- GraphsApiStandaloneTest: profile, default graph, nickname update
- SchemaTemplateApiTest: all CRUD endpoints standalone error tests
- DefaultRoleApiStandaloneTest: role endpoints standalone error tests
@codecov

codecov Bot commented May 21, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 7.34072% with 669 lines in your changes missing coverage. Please review.
✅ Project coverage is 38.08%. Comparing base (9126c80) to head (2c51f7f).
⚠️ Report is 41 commits behind head on master.

Files with missing lines Patch % Lines
...va/org/apache/hugegraph/api/profile/GraphsAPI.java 0.00% 157 Missing ⚠️
...g/apache/hugegraph/auth/StandardAuthManagerV2.java 4.09% 116 Missing and 1 partial ⚠️
.../org/apache/hugegraph/api/space/GraphSpaceAPI.java 0.00% 97 Missing ⚠️
...org/apache/hugegraph/auth/StandardAuthManager.java 0.00% 79 Missing ⚠️
.../apache/hugegraph/api/space/SchemaTemplateAPI.java 0.00% 58 Missing ⚠️
...n/java/org/apache/hugegraph/core/GraphManager.java 0.00% 54 Missing ⚠️
...ava/org/apache/hugegraph/dist/HugeGraphServer.java 50.00% 20 Missing ⚠️
...ain/java/org/apache/hugegraph/util/ConfigUtil.java 0.00% 18 Missing ⚠️
...java/org/apache/hugegraph/api/auth/ManagerAPI.java 0.00% 17 Missing ⚠️
.../org/apache/hugegraph/auth/HugeGraphAuthProxy.java 12.50% 14 Missing ⚠️
... and 5 more
Additional details and impacted files
@@             Coverage Diff              @@
##             master    #3008      +/-   ##
============================================
+ Coverage     35.57%   38.08%   +2.51%     
- Complexity      333      622     +289     
============================================
  Files           801      817      +16     
  Lines         67592    70398    +2806     
  Branches       8790     9338     +548     
============================================
+ Hits          24045    26813    +2768     
+ Misses        40985    40758     -227     
- Partials       2562     2827     +265     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 17 out of 19 changed files in this pull request and generated 7 comments.

Comment on lines +230 to +278
@POST
@Timed
@Path("{name}/default")
@Produces(APPLICATION_JSON_WITH_CHARSET)
@RolesAllowed({"space_member", "$owner=$name"})
public Map<String, Object> setDefault(@Context GraphManager manager,
@Parameter(description = "The graph space name")
@PathParam("graphspace") String graphSpace,
@Parameter(description = "The graph name")
@PathParam("name") String name) {
LOG.debug("Set default graph '{}' in graph space '{}'", name, graphSpace);
E.checkArgument(manager.graph(graphSpace, name) != null,
"Graph '%s/%s' does not exist", graphSpace, name);
String user = HugeGraphAuthProxy.username();
AuthManager authManager;
try {
authManager = manager.authManager();
} catch (IllegalStateException e) {
throw new HugeException(STANDALONE_ERROR);
}
authManager.setDefaultGraph(graphSpace, name, user);
Map<String, Date> defaults = authManager.getDefaultGraph(graphSpace, user);
return ImmutableMap.of("default_graph", defaults.keySet());
}

@DELETE
@Timed
@Path("{name}/default")
@Produces(APPLICATION_JSON_WITH_CHARSET)
@RolesAllowed({"space_member", "$owner=$name"})
public Map<String, Object> unsetDefault(@Context GraphManager manager,
@Parameter(description = "The graph space name")
@PathParam("graphspace") String graphSpace,
@Parameter(description = "The graph name")
@PathParam("name") String name) {
LOG.debug("Unset default graph '{}' in graph space '{}'", name, graphSpace);
E.checkArgument(manager.graph(graphSpace, name) != null,
"Graph '%s/%s' does not exist", graphSpace, name);
String user = HugeGraphAuthProxy.username();
AuthManager authManager;
try {
authManager = manager.authManager();
} catch (IllegalStateException e) {
throw new HugeException(STANDALONE_ERROR);
}
authManager.unsetDefaultGraph(graphSpace, name, user);
Map<String, Date> defaults = authManager.getDefaultGraph(graphSpace, user);
return ImmutableMap.of("default_graph", defaults.keySet());
}
Comment on lines +265 to +303
@GET
@Timed
@Path("default")
@Consumes(APPLICATION_JSON)
public String checkDefaultRole(@Context GraphManager manager,
@PathParam("graphspace") String graphSpace,
@QueryParam("role") String role,
@QueryParam("graph") String graph) {
LOG.debug("check if current user is default role: {} {} {}",
role, graphSpace, graph);
ensurePdModeEnabled(manager);
AuthManager authManager = manager.authManager();
String user = HugeGraphAuthProxy.username();

E.checkArgument(StringUtils.isNotEmpty(role) &&
StringUtils.isNotEmpty(graphSpace),
"Must pass graphspace and role params");

HugeDefaultRole defaultRole;
try {
defaultRole = HugeDefaultRole.valueOf(role.toUpperCase());
} catch (IllegalArgumentException e) {
E.checkArgument(false, "Invalid role value '%s'", role);
defaultRole = null; // unreachable, satisfies compiler
}
boolean hasGraph = defaultRole.equals(HugeDefaultRole.OBSERVER);
E.checkArgument(!hasGraph || StringUtils.isNotEmpty(graph),
"Must set a graph for observer");

boolean result;
if (hasGraph) {
result = authManager.isDefaultRole(graphSpace, graph, user,
defaultRole);
} else {
result = authManager.isDefaultRole(graphSpace, user,
defaultRole);
}
return manager.serializer().writeMap(ImmutableMap.of("check", result));
}

@imbajin imbajin left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Found a few remaining issues that can affect startup cleanup, default-role correctness, and API error semantics. I also added +1 reactions to existing Copilot comments for duplicate findings instead of reposting them.

@imbajin

imbajin commented May 21, 2026

Copy link
Copy Markdown
Member

Follow-up TODOs that are not necessarily blockers for this PR, but are worth tracking separately if they are not handled here:

  1. Consider using one documented marker convention for default graph/default role metadata. V1 uses a reserved ~default_* prefix while V2 uses the _DEFAULT_SETTER_ROLE suffix; the suffix form can collide with user-defined role names that happen to end with that marker.
  2. Consider splitting the default graph/default role storage workaround into a follow-up issue. The marker-group approach is now documented, but it still leaks implementation details into auth entities and may deserve a dedicated storage model later.
  3. Consider replacing role.equals(HugeDefaultRole.OBSERVER) checks with role.isGraphRole() so future graph-scoped default roles do not need to touch all API branches again.
  4. JsonDefaultRole implements Checkable, but checkCreate() and checkUpdate() are empty while validation is inline in the API method. Either move validation into the DTO or drop the interface to avoid a misleading contract.
  5. Rename @PathParam("graphspace") String name to graphSpace in the default-role methods for readability and consistency with the surrounding APIs.
  6. GraphsAPI.listProfile() still calls manager.graphSpace(graphSpace) twice and the diff has a few trailing-whitespace lines. These are low-risk cleanups if another revision is already planned.
  7. The response ordering in GraphsAPI.listProfile() appears to put default profiles first, then other profiles. If the frontend depends on this, please document or explicitly sort the response.

Some broader test gaps are already covered by existing review comments, so I am not repeating them here. If these TODOs are out of scope for this PR, they can be split into separate tracking issues.

@imbajin imbajin left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Follow-up review after the latest update: these are remaining current-PR issues that look small enough to fix directly, while already-covered findings are intentionally not duplicated.

Yeaury and others added 2 commits May 21, 2026 19:19
- Restore SecurityManager and clean up prepared GremlinServer on startup failures
- Resolve default-role owner type detection for group bindings
- Validate graphspace and observer graph ownership in default-role APIs
- Return 4xx for malformed graph manage requests instead of server errors
- Invalidate user cache after default graph/default role mutations
- Make V2 default-role deletion idempotent for repeated requests
- Validate graph create/clone config values and reject null or non-scalar input
- Avoid rolling back local nickname state after successful PD persistence
- Remove misleading @consumes annotations from entity-less default-role endpoints
- Add standalone tests for malformed graph API requests
- Add hstore-gated graph default lifecycle coverage for graphspace graphs

- Add default role lifecycle coverage through the graphspace role API

- Add schema template lifecycle coverage in PD/HStore mode

- Clean trailing whitespace in GraphsAPI
@imbajin

imbajin commented May 21, 2026

Copy link
Copy Markdown
Member

Follow-up TODO for CI coverage:

Add a real distributed-mode CI job that boots PD + Store and runs the hstore-backed graphspace API tests against that environment. The tests added in this PR compile and are gated to backend=hstore, but they still rely on an external PD/Store runtime to prove the full happy path.

Suggested scope for a separate issue:

  1. Start a minimal PD + Store + Server stack in CI.
  2. Run the hstore/PD graphspace API suite, including default graph, default role, and schema template lifecycle coverage.
  3. Keep the existing standalone/RocksDB compatibility tests separate so both modes remain visible.

This is not necessarily a blocker for the current PR, but it is the right follow-up to prevent these Hubble-compatible APIs from only being validated at compile time.

@VGalaxies VGalaxies left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review summary

  • Blocking: yes
  • Summary: The PR introduces a cluster master safety regression and an authorization gap in default-role management.
  • Evidence:
    • git diff origin/master...HEAD
    • mvn -pl hugegraph-server/hugegraph-api -am -DskipTests -Dmaven.javadoc.skip=true compile passed

page = PageInfo.pageInfo(servers);
}
} while (page != null);
} catch (Exception e) {

@VGalaxies VGalaxies Jun 8, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

High: Existing live master detection is swallowed

hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/task/ServerInfoManager.java:139

Evidence

  • The uniqueness check at lines 131-133 throws when another alive master exists, but the new broad catch (Exception e) at line 139 logs and continues to saveServerInfo() at line 149.

Impact

  • A node can register itself as master even after detecting an existing alive master, allowing multiple masters in the same cluster.

Requested fix

  • Do not catch the invariant failure. Only handle the specific schema-mismatch/read error if needed, and rethrow when an existing alive master is found.

imbajin added 2 commits July 4, 2026 23:46
- rethrow duplicate master invariant failures
- restrict default-role mutations to admin/space manager
- add regression tests for master and role boundaries
- move master uniqueness regression into MasterServerInfoManagerTest

- keep UnitTestSuite using normal imports and class references

- avoid conflicting with master ServerInfoManagerTest coverage
@imbajin imbajin force-pushed the feat/hubble-api-compatibility branch from 4f69c52 to 682c2b5 Compare July 4, 2026 16:13
@imbajin

imbajin commented Jul 4, 2026

Copy link
Copy Markdown
Member

Follow-up boundary notes after rechecking the current Hubble2 branch:

  • Hubble2 currently still calls graph creation as form-urlencoded POST /graphspaces/{graphspace}/graphs and default graph through GET aliases such as setdefault/getdefault. I am not adding these extra Server compatibility aliases in this pass. Since Hubble2 is still under development, the cleaner direction is to adjust Hubble2 to the Server API contract unless we explicitly decide to expand the Server public API.
  • The master heartbeat uniqueness concern is tied to the deprecated master-worker scheduling path. I am not adding more code to that path here.
  • The current Server-side patch is limited to issues that remain valid independent of those boundaries: default-role auth cache invalidation, keeping GraphSpace profile PD-only, and making hstore graphspace API tests fail fast instead of hiding API failures as skips.

- clear auth proxy user-role cache after default-role mutations
- keep graphspace profile behind the PD-mode guard
- make hstore graphspace API tests fail fast when unavailable
- add unit coverage for default-role cache invalidation

@imbajin imbajin left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Blocking: yes. Summary: Current head still has a shared-storage server-info regression and a test coverage gap; visible hbase CI is failing. Evidence: final gate saw build-server (hbase, 11) and codecov/patch failures; static review of refs/remotes/pr/3008.

* Re-save ServerInfo to recover automatically.
*/
LOG.warn("ServerInfo is missing: {}, re-saving it now", this.selfNodeId());
serverInfo = this.saveServerInfo(this.selfNodeId(), this.selfNodeRole());

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

heartbeat() now re-saves missing ServerInfo for master nodes too, and the latest hbase job is failing on that path. The log shows ServerInfo is missing: DEFAULT-hugegraph/server-1, re-saving it now, then GremlinApiTest.testClearAndInit hits Already existed master 'DEFAULT-hugegraph/server-1' in current cluster, followed by decreaseLoad() NPEs because self ServerInfo is still missing for DEFAULT-hugegraph/server1. Please make current-node master re-registration idempotent, or skip only the normalized current node in the uniqueness scan, and guard decreaseLoad() when self ServerInfo is unavailable.


boolean result;
if (hasGraph) {
result = authManager.isDefaultRole(graphSpace, graph, user,

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This endpoint checks raw default-role metadata without first validating that the path graphspace exists, and for OBSERVER it only checks that graph is non-empty. A typo or stale graph name can therefore return a metadata result instead of a clear 4xx. Please mirror GraphSpaceAPI: validate the graphspace before the auth lookup, and for observer roles verify that the graph exists in that graphspace before calling isDefaultRole().

GraphSpaceApiTest.class,
GraphSpaceApiStandaloneTest.class,
ManagerApiStandaloneTest.class,
GraphsApiStandaloneTest.class,

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding the backend-specific suites here does not make them run in CI as written. The new standalone and hstore tests gate on System.getProperty("backend"), but run-api-test.sh invokes Maven as mvn ... -P api-test,$BACKEND, and the surefire config does not pass the Maven backend profile property into the test JVM. That leaves backend null, so assumeStandaloneMode() skips the standalone suite and GraphSpaceApiTest skips as non-hstore. Please pass backend into surefire, for example with systemPropertyVariables, or call Maven with -Dbackend=$BACKEND.

imbajin added 2 commits July 6, 2026 09:48
- stop swallowing unexpected master scan failures

- classify server-info startup failures as backend errors

- cover skew, interrupt, and scan failure paths
- reject non-admin SPACE default-role checks

- add unit coverage for admin and manager paths

- keep standalone GraphSpaceAPI behavior unchanged
imbajin added 2 commits July 8, 2026 14:38
- include loaded DEFAULT local config graphs in PD graph lists
- keep system graph hidden from graph list responses
- add unit coverage for local config and SYS_GRAPH filtering
- verify GraphSpaceAPITest and diff whitespace
- include loaded DEFAULT graph registry entries in PD graph listing

- keep non-admin graph list filtering on READ roles

- allow admin managers to list/profile loaded graphs

- add regression coverage for loaded graph registry listing
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

api Changes of API feature New feature size:XXL This PR changes 1000+ lines, ignoring generated files.

Projects

Status: 🏗 In progress

Development

Successfully merging this pull request may close these issues.

4 participants