feat: add explicit FLUSH PRIVILEGES to refresh role cache for query node (#19066)

* feat: add explicit FLUSH PRIVILEGES to refresh role cache for query node

* - SystemPlan is only produced by the SQL binder and that binder always runs in a QueryContext whose tenant is fixed to GlobalConfig::instance().query.tenant_id unless the server
    is in management mode. When management mode is enabled, ManagementModeAccess blocks Plan::System altogether so no user query can ever build a system
    action with a different tenant. As a result, the tenant field inside SystemPlan was guaranteed to equal the global config tenant and provided no extra routing information anywhere else in the stack.
- All flight actions (system_action, kill_query, set_priority, truncate_table) run inside a query server whose GlobalConfig already defines a single tenant. There is no supported deployment where a single query process serves
    multiple tenants concurrently over flight RPC. Therefore, the create_session helper in src/query/service/src/servers/flight/v1/actions/mod.rs can safely derive the tenant from GlobalConfig every time; the optional parameter was
    never used to switch context to another tenant.
- Because both ends (planner and flight handler) collapse to the same static tenant, the tenant field in SystemPlan and the Option<Tenant> parameter to create_session were redundant wiring that couldn't change behavior. Removing
    them simplifies the code without affecting any observable semantics and makes it clear that system/flight actions always run under the server's configured tenant.

---------

Co-authored-by: TCeason <tai_chong@foxmail.com>

Author: camilesing

src/query/ast/src/ast/statements/system_action.rs

@@ -32,6 +32,7 @@ impl Display for SystemStmt {
 #[derive(Debug, Clone, PartialEq, Eq, Drive, DriveMut)]
 pub enum SystemAction {
     Backtrace(bool),
+    FlushPrivileges,
 }
 
 impl Display for SystemAction {
@@ -41,6 +42,7 @@ impl Display for SystemAction {
                 true => write!(f, "ENABLE EXCEPTION_BACKTRACE"),
                 false => write!(f, "DISABLE EXCEPTION_BACKTRACE"),
             },
+            SystemAction::FlushPrivileges => write!(f, "FLUSH PRIVILEGES"),
         }
     }
 }

src/query/ast/src/parser/statement.rs

@@ -5054,15 +5054,21 @@ pub fn priority(i: Input) -> IResult<Priority> {
 }
 
 pub fn action(i: Input) -> IResult<SystemAction> {
-    let mut backtrace = parser_fn(map(
+    let backtrace = parser_fn(map(
         rule! {
              #switch ~ EXCEPTION_BACKTRACE
         },
         |(switch, _)| SystemAction::Backtrace(switch),
     ));
+    let flush_privileges = parser_fn(map(
+        rule! {
+             FLUSH ~ PRIVILEGES
+        },
+        |_| SystemAction::FlushPrivileges,
+    ));
     // add other system action type here
     rule!(
-        #backtrace
+        #backtrace | #flush_privileges
     )
     .parse(i)
 }

src/query/ast/src/parser/token.rs

@@ -683,6 +683,8 @@ pub enum TokenKind {
     FORMAT_NAME,
     #[token("FORMATS", ignore(ascii_case))]
     FORMATS,
+    #[token("FLUSH", ignore(ascii_case))]
+    FLUSH,
     #[token("FRAGMENTS", ignore(ascii_case))]
     FRAGMENTS,
     #[token("FRIDAY", ignore(ascii_case))]

src/query/service/src/interpreters/interpreter_system_action.rs

@@ -20,6 +20,7 @@ use databend_common_exception::set_backtrace;
 use databend_common_exception::Result;
 use databend_common_sql::plans::SystemAction;
 use databend_common_sql::plans::SystemPlan;
+use databend_common_users::RoleCacheManager;
 
 use crate::clusters::ClusterHelper;
 use crate::clusters::FlightParams;
@@ -90,6 +91,10 @@ impl Interpreter for SystemActionInterpreter {
             SystemAction::Backtrace(switch) => {
                 set_backtrace(switch);
             }
+            SystemAction::FlushPrivileges => {
+                let tenant = self.ctx.get_tenant();
+                RoleCacheManager::instance().force_reload(&tenant).await?;
+            }
         }
         Ok(PipelineBuildResult::create())
     }

src/query/service/src/servers/flight/v1/actions/mod.rs

@@ -45,7 +45,8 @@ use crate::sessions::SessionManager;
 
 pub(crate) fn create_session() -> Result<Arc<Session>> {
     let config = GlobalConfig::instance();
-    let settings = Settings::create(config.query.tenant_id.clone());
+    let tenant_id = config.query.tenant_id.clone();
+    let settings = Settings::create(tenant_id);
     match SessionManager::instance().create_with_settings(SessionType::FlightRPC, settings, None) {
         Err(cause) => Err(cause),
         Ok(session) => Ok(Arc::new(session)),

src/query/sql/src/planner/binder/system.rs

@@ -29,6 +29,9 @@ impl Binder {
             AstSystemAction::Backtrace(switch) => Ok(Plan::System(Box::new(SystemPlan {
                 action: SystemAction::Backtrace(*switch),
             }))),
+            AstSystemAction::FlushPrivileges => Ok(Plan::System(Box::new(SystemPlan {
+                action: SystemAction::FlushPrivileges,
+            }))),
         }
     }
 }

src/query/sql/src/planner/plans/system.rs

@@ -23,4 +23,5 @@ pub struct SystemPlan {
 #[derive(Debug, Clone, PartialEq, Eq, Deserialize, Serialize)]
 pub enum SystemAction {
     Backtrace(bool),
+    FlushPrivileges,
 }

tests/nox/java_client/prepare.py

@@ -57,10 +57,7 @@ def create_user():
         "CREATE USER databend IDENTIFIED BY 'databend' with default_role='account_admin'"
     )
     exec("GRANT ROLE account_admin TO USER databend")
-    # need for cluster to sync the GRANT op
-    time.sleep(16)
-    for p in [8001, 8002, 8003]:
-        exec("SHOW GRANTS FOR USER databend", port=p)
+    exec("SYSTEM FLUSH PRIVILEGES")
 
 
 def download_testng():

tests/sqllogictests/suites/base/20+_others/20_0017_system_action.test

@@ -3,3 +3,6 @@ SYSTEM ENABLE EXCEPTION_BACKTRACE;
 
 statement ok
 SYSTEM DISABLE EXCEPTION_BACKTRACE;
+
+statement ok
+SYSTEM FLUSH PRIVILEGES;