refactor: move table-policy reference management to drop/undrop table

Move the table-policy reference lifecycle management from drop policy operations
to drop/undrop table operations.  This simplifies the drop policy logic and improves
performance.

Key changes:
- drop_table: delete all table-policy references when marking table as dropped
- undrop_table: verify policies still exist, cleanup stale references, restore valid ones
- drop_policy: simplified from incremental cleanup (N/100+1 txns) to single existence check (1 txn)

All operations are protected by seq conditions for concurrent safety using optimistic
locking pattern.

Author: TCeason

src/meta/api/src/data_mask_api_impl.rs

@@ -147,8 +147,6 @@ impl<KV: kvapi::KVApi<Error = MetaError>> DatamaskApi for KV {
     > {
         debug!(name_ident :? =(name_ident); "DatamaskApi: {}", func_name!());
 
-        const BATCH_SIZE: usize = 100;
-
         let mut trials = txn_backoff(None, func_name!());
         loop {
             trials.next().unwrap()?.await;
@@ -161,86 +159,44 @@ impl<KV: kvapi::KVApi<Error = MetaError>> DatamaskApi for KV {
 
             let policy_id = *seq_id.data;
             let tenant = name_ident.tenant();
-            let binding_prefix = DirName::new(MaskPolicyTableIdIdent::new_generic(
+            let table_policy_ref_prefix = DirName::new(MaskPolicyTableIdIdent::new_generic(
                 tenant.clone(),
                 MaskPolicyIdTableId {
                     policy_id,
                     table_id: 0,
                 },
             ));
 
-            // List all bindings and categorize them
-            let bindings = self.list_pb_vec(&binding_prefix).await?;
-            let total_binding_count = bindings.len() as u64;
-
-            let mut active_bindings = Vec::new();
-            let mut stale_bindings = Vec::new();
-
-            for (binding_key, binding_seqv) in bindings {
-                let table_id = binding_key.name().table_id;
-                let table_key = databend_common_meta_app::schema::TableId::new(table_id);
-
-                match self.get_pb(&table_key).await? {
-                    Some(SeqV { data, .. }) if data.drop_on.is_none() => {
-                        // Active table using this policy
-                        active_bindings.push(table_id);
-                    }
-                    _ => {
-                        // Table dropped or doesn't exist - stale binding
-                        stale_bindings.push((binding_key, binding_seqv.seq));
-                    }
-                }
-            }
+            // List all table-policy references
+            let table_policy_refs = self.list_pb_vec(&table_policy_ref_prefix).await?;
 
             // Policy is in use - cannot drop
-            if !active_bindings.is_empty() {
+            if !table_policy_refs.is_empty() {
                 return Ok(Err(MaskingPolicyError::policy_in_use(
                     tenant.tenant_name().to_string(),
                     name_ident.data_mask_name().to_string(),
                 )));
             }
 
-            // Still have stale bindings - clean up a batch
-            if !stale_bindings.is_empty() {
-                let batch_size = stale_bindings.len().min(BATCH_SIZE);
-                let batch: Vec<_> = stale_bindings.into_iter().take(batch_size).collect();
-
-                let mut txn = TxnRequest::default();
-                txn.condition.push(txn_cond_eq_keys_with_prefix(
-                    &binding_prefix,
-                    total_binding_count,
-                ));
-
-                for (key, seq) in batch {
-                    txn_delete_exact(&mut txn, &key, seq);
-                }
-
-                let (succ, _) = send_txn(self, txn).await?;
-                if succ {
-                    continue; // Loop back to clean next batch or drop policy
-                }
-                // Transaction failed, retry from beginning
-            } else {
-                // All bindings cleaned up - now drop the policy itself
-                let id_ident = seq_id.data.into_t_ident(tenant);
-                let mut txn = TxnRequest::default();
+            // No references - drop the policy
+            let id_ident = seq_id.data.into_t_ident(tenant);
+            let mut txn = TxnRequest::default();
 
-                // Ensure no new bindings were created
-                txn.condition
-                    .push(txn_cond_eq_keys_with_prefix(&binding_prefix, 0));
+            // Ensure no new references were created
+            txn.condition
+                .push(txn_cond_eq_keys_with_prefix(&table_policy_ref_prefix, 0));
 
-                txn_delete_exact(&mut txn, name_ident, seq_id.seq);
-                txn_delete_exact(&mut txn, &id_ident, seq_meta.seq);
+            txn_delete_exact(&mut txn, name_ident, seq_id.seq);
+            txn_delete_exact(&mut txn, &id_ident, seq_meta.seq);
 
-                // TODO: Tentative retention for compatibility. Can be deleted later.
-                clear_table_column_mask_policy(self, name_ident, &mut txn).await?;
+            // TODO: Tentative retention for compatibility. Can be deleted later.
+            clear_table_column_mask_policy(self, name_ident, &mut txn).await?;
 
-                let (succ, _responses) = send_txn(self, txn).await?;
-                if succ {
-                    return Ok(Ok(Some((seq_id, seq_meta))));
-                }
-                // Transaction failed, retry
+            let (succ, _responses) = send_txn(self, txn).await?;
+            if succ {
+                return Ok(Ok(Some((seq_id, seq_meta))));
             }
+            // Transaction failed, retry
         }
     }
 

src/meta/api/src/row_access_policy_api_impl.rs

@@ -134,8 +134,6 @@ impl<KV: kvapi::KVApi<Error = MetaError>> RowAccessPolicyApi for KV {
     > {
         debug!(name_ident :? =(name_ident); "RowAccessPolicyApi: {}", func_name!());
 
-        const BATCH_SIZE: usize = 100;
-
         let mut trials = txn_backoff(None, func_name!());
         loop {
             trials.next().unwrap()?.await;
@@ -148,83 +146,41 @@ impl<KV: kvapi::KVApi<Error = MetaError>> RowAccessPolicyApi for KV {
 
             let policy_id = *seq_id.data;
             let tenant = name_ident.tenant();
-            let binding_prefix = DirName::new(RowAccessPolicyTableIdIdent::new_generic(
+            let table_policy_ref_prefix = DirName::new(RowAccessPolicyTableIdIdent::new_generic(
                 tenant.clone(),
                 RowAccessPolicyIdTableId {
                     policy_id,
                     table_id: 0,
                 },
             ));
 
-            // List all bindings and categorize them
-            let bindings = self.list_pb_vec(&binding_prefix).await?;
-            let total_binding_count = bindings.len() as u64;
-
-            let mut active_bindings = Vec::new();
-            let mut stale_bindings = Vec::new();
-
-            for (binding_key, binding_seqv) in bindings {
-                let table_id = binding_key.name().table_id;
-                let table_key = databend_common_meta_app::schema::TableId::new(table_id);
-
-                match self.get_pb(&table_key).await? {
-                    Some(SeqV { data, .. }) if data.drop_on.is_none() => {
-                        // Active table using this policy
-                        active_bindings.push(table_id);
-                    }
-                    _ => {
-                        // Table dropped or doesn't exist - stale binding
-                        stale_bindings.push((binding_key, binding_seqv.seq));
-                    }
-                }
-            }
+            // List all table-policy references
+            let table_policy_refs = self.list_pb_vec(&table_policy_ref_prefix).await?;
 
             // Policy is in use - cannot drop
-            if !active_bindings.is_empty() {
+            if !table_policy_refs.is_empty() {
                 return Ok(Err(RowAccessPolicyError::policy_in_use(
                     tenant.tenant_name().to_string(),
                     name_ident.row_access_name().to_string(),
                 )));
             }
 
-            // Still have stale bindings - clean up a batch
-            if !stale_bindings.is_empty() {
-                let batch_size = stale_bindings.len().min(BATCH_SIZE);
-                let batch: Vec<_> = stale_bindings.into_iter().take(batch_size).collect();
-
-                let mut txn = TxnRequest::default();
-                txn.condition.push(txn_cond_eq_keys_with_prefix(
-                    &binding_prefix,
-                    total_binding_count,
-                ));
-
-                for (key, seq) in batch {
-                    txn_delete_exact(&mut txn, &key, seq);
-                }
-
-                let (succ, _) = send_txn(self, txn).await?;
-                if succ {
-                    continue; // Loop back to clean next batch or drop policy
-                }
-                // Transaction failed, retry from beginning
-            } else {
-                // All bindings cleaned up - now drop the policy itself
-                let id_ident = seq_id.data.into_t_ident(tenant);
-                let mut txn = TxnRequest::default();
+            // No references - drop the policy
+            let id_ident = seq_id.data.into_t_ident(tenant);
+            let mut txn = TxnRequest::default();
 
-                // Ensure no new bindings were created
-                txn.condition
-                    .push(txn_cond_eq_keys_with_prefix(&binding_prefix, 0));
+            // Ensure no new references were created
+            txn.condition
+                .push(txn_cond_eq_keys_with_prefix(&table_policy_ref_prefix, 0));
 
-                txn_delete_exact(&mut txn, name_ident, seq_id.seq);
-                txn_delete_exact(&mut txn, &id_ident, seq_meta.seq);
+            txn_delete_exact(&mut txn, name_ident, seq_id.seq);
+            txn_delete_exact(&mut txn, &id_ident, seq_meta.seq);
 
-                let (succ, _responses) = send_txn(self, txn).await?;
-                if succ {
-                    return Ok(Ok(Some((seq_id, seq_meta))));
-                }
-                // Transaction failed, retry
+            let (succ, _responses) = send_txn(self, txn).await?;
+            if succ {
+                return Ok(Ok(Some((seq_id, seq_meta))));
             }
+            // Transaction failed, retry
         }
     }