rm: add RM metadata handler with redirector scaffold

[okJiang]

What problem does this PR solve?

Issue Number: ref #9737

Tracking issue: #9737
Discussion baseline: #9737 (comment)

This PR removes metadata handler logic drift between PD redirector fallback and
RM service APIs. Before this change, both sides handled the same
/resource-manager/api/v1/config/** metadata operations with duplicated
implementations and gradually diverging status-code semantics.

What is changed and how does it work?

• Add shared package pkg/mcs/resourcemanager/metadataapi.
• Add ConfigService as the single metadata business-logic implementation.
• Add Store interface and ManagerStore adapter over *rmserver.Manager.
• Redirector side (pkg/mcs/resourcemanager/redirector/pd_metadata_handler.go) is now a thin route shell delegating to ConfigService.
• RM API side (pkg/mcs/resourcemanager/server/apis/v1/api.go) keeps existing route definitions and swagger-commented wrapper methods, but wrappers now delegate to ConfigService.
• Keep redirect behavior unchanged:
  • shouldHandlePDMetadataLocally remains false.
  • Metadata APIs are still redirected to RM primary.
  • Local fallback is still blocked when request carries X-Forbidden-Forward-To-Microservice: true.

Unified HTTP semantics in this PR:

• 400 Bad Request
  • JSON bind failure
  • invalid controller field/type
  • service_limit < 0
• 404 Not Found
  • resource group not found (GET/PUT/DELETE)
  • keyspace not found (/config/keyspace/service-limit*)
  • keyspace manager not found (service-limit GET)
• 403 Forbidden
  • metadata write disabled (IsMetadataWriteDisabledError)
• 500 Internal Server Error
  • other internal/runtime/storage errors

Keyspace resolution rule in service-limit APIs:

• path param :keyspace_name first
• fallback to query keyspace_name when path param is empty

In scope:

• merge metadata handler logic into one shared service
• normalize metadata HTTP error-code mapping
• keep redirector wiring consistent with current non-cutover strategy

Out of scope:

• enabling PD-local metadata cutover
• changing redirector global forwarding strategy
• gRPC write-path cutover
• client routing split

Behavior changes:

• /config/keyspace/service-limit*: keyspace-not-found now returns 404 (was partly 400 before)
• PUT /config/group: non-existing resource group now returns 404

Risk:

• Main risk is compatibility for callers depending on old error codes.
• Request routing/cutover behavior itself is unchanged.

rm: unify metadata handlers via shared service

Introduce shared metadataapi.ConfigService and delegate both redirector fallback
and RM apis/v1 handlers to the same implementation. Keep metadata redirect
strategy unchanged, and normalize metadata HTTP error-code semantics.

Check List

Tests

• Unit test
  • go test ./pkg/mcs/resourcemanager/metadataapi ./pkg/mcs/resourcemanager/redirector ./pkg/mcs/resourcemanager/server/apis/v1 -count=1
• Integration test
  • make failpoint-enable && (cd tests/integrations && go test ./mcs/resourcemanager -run 'TestResourceManagerAPI|TestResourceManagerRedirector' -count=1); rc=$?; make failpoint-disable; exit $rc
• Manual test (add detailed scripts or steps below)
  • Not run in this PR
• No code
  • N/A

Code changes

• Has the configuration change
  • No
• Has HTTP API interfaces changed (Don't forget to add the declarative for the new API)
  • Yes (status-code behavior only; no path added/removed)
• Has persistent data change
  • No

Side effects

• Possible performance regression
  • No expected runtime-path regression
• Increased code complexity
  • Yes (new shared package and adapters)
• Breaking backward compatibility
  • Possibly, for clients depending on previous 400 responses in changed cases

Related changes

• PR to update pingcap/docs/pingcap/docs-cn: N/A
• PR to update pingcap/tiup: N/A
• Need to cherry-pick to the release branch: No

Release note

Resource Manager: unify metadata handler logic shared by PD redirector fallback and RM APIs, and normalize metadata API error codes (including keyspace-not-found and PUT non-existing group to 404).

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Introduces a PD metadata HTTP API handler in the redirector package for managing resource groups, controller configuration, and keyspace service limits. Includes public interfaces, adapter types, HTTP handlers with routing logic, and comprehensive test coverage with an in-memory test store.

Changes

Cohort / File(s)	Summary
PD Metadata Handler Implementation pkg/mcs/resourcemanager/redirector/pd_metadata_handler.go	Adds public interface pdMetadataStore with CRUD operations for resource groups, controller config updates, and keyspace service limits. Implements pdMetadataManagerAdapter wrapping Manager to expose lookup methods. Adds pdMetadataHandler struct with HTTP routing and ServeHTTP method supporting endpoints for resource groups (POST/PUT/GET/DELETE), controller config (GET/SET), and keyspace service limits, with error mapping for NotFound and Internal errors.
PD Metadata Handler Tests pkg/mcs/resourcemanager/redirector/pd_metadata_handler_test.go	Introduces comprehensive test suite with testPDMetadataStore for in-memory state management, mockManagerProvider for test setup, and HTTP request utilities (doJSONRequest, doRawRequest). Covers end-to-end CRUD operations, error scenarios, and service limit endpoints with support for simulated failures.
Redirector Integration pkg/mcs/resourcemanager/redirector/redirector.go	Adds pdMetadataManagerProvider type implementing GetResourceGroupWriteRole method. Reworks NewHandler to instantiate PD metadata manager and handler, integrating with redirector routing via shouldHandlePDMetadataLocally hook for local handling versus redirection decisions.

Sequence Diagram

sequenceDiagram
    participant Client
    participant pdMetadataHandler
    participant pdMetadataStore
    participant Manager

    Client->>pdMetadataHandler: HTTP POST /resource_groups
    pdMetadataHandler->>pdMetadataHandler: ServeHTTP, parse request
    pdMetadataHandler->>pdMetadataStore: AddResourceGroup(group)
    pdMetadataStore->>Manager: Update internal state
    Manager-->>pdMetadataStore: Success
    pdMetadataStore-->>pdMetadataHandler: nil error
    pdMetadataHandler-->>Client: HTTP 200 OK

    Client->>pdMetadataHandler: HTTP GET /resource_groups/:id
    pdMetadataHandler->>pdMetadataHandler: ServeHTTP, parse request
    pdMetadataHandler->>pdMetadataStore: GetResourceGroup(id)
    pdMetadataStore->>Manager: Lookup group
    Manager-->>pdMetadataStore: ResourceGroup
    pdMetadataStore-->>pdMetadataHandler: group, nil error
    pdMetadataHandler-->>Client: HTTP 200 + JSON body

    Client->>pdMetadataHandler: HTTP GET /service_limits/:keyspace_id
    pdMetadataHandler->>pdMetadataHandler: ServeHTTP, parse request
    pdMetadataHandler->>pdMetadataStore: lookupKeyspaceServiceLimit(id)
    pdMetadataStore->>Manager: Lookup service limit
    Manager-->>pdMetadataStore: limit, exists
    pdMetadataStore-->>pdMetadataHandler: limit, true
    pdMetadataHandler-->>Client: HTTP 200 + limit

Loading

Estimated Code Review Effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 A handler hops into view, with routes all new,
PD metadata flows through, from GET to PUT too,
Resource groups dance, limits take their stance,
The redirector's keen eye decides the chance—
Local or remote, the PDM shall gloat! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 6.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Merge Conflict Detection	⚠️ Warning	❌ Merge conflicts detected (4 files): ⚔️ pkg/mcs/resourcemanager/redirector/redirector.go (content) ⚔️ pkg/mcs/resourcemanager/server/resource_group.go (content) ⚔️ pkg/mcs/resourcemanager/server/resource_group_test.go (content) ⚔️ pkg/mcs/resourcemanager/server/token_buckets.go (content) These conflicts must be resolved before merging into master.	Resolve conflicts locally and push changes to this branch.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description check	✅ Passed	PR description is comprehensive and well-structured, covering problem statement, implementation details, test coverage, behavior changes, and release notes.
Title check	✅ Passed	The title 'rm: add RM metadata handler with redirector scaffold' accurately reflects the main change: introducing a new PD metadata HTTP handler and updating the redirector routing to handle metadata locally.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@pkg/mcs/resourcemanager/redirector/pd_metadata_handler.go`:
- Around line 218-238: setKeyspaceServiceLimit currently returns
http.StatusBadRequest for every error; change it to return 400 for
client/validation errors (e.g., invalid JSON from c.ShouldBindJSON, negative
req.ServiceLimit, or getKeyspaceIDByName failures that indicate bad input) but
return http.StatusInternalServerError (500) when h.store.SetKeyspaceServiceLimit
fails (indicating an internal/store error). Locate setKeyspaceServiceLimit and
replace the c.String(http.StatusBadRequest, err.Error()) after
h.store.SetKeyspaceServiceLimit(...) with
c.String(http.StatusInternalServerError, err.Error()), keeping other 400
responses as-is; ensure the error text is returned so callers see the failure
reason.
- Around line 198-216: The handler setControllerConfig currently applies updates
as it iterates the incoming map which can leave partial changes if one
UpdateControllerConfigItem fails; first validate all keys by iterating conf and
calling
reflectutil.FindJSONFullTagByChildTag(reflect.TypeOf(rmserver.ControllerConfig{}),
k) for every key and return 400 if any key is invalid, then in a second pass
apply h.store.UpdateControllerConfigItem for each validated key (or collect all
failures and abort before applying) so updates are atomic from the API's
perspective; reference setControllerConfig,
reflectutil.FindJSONFullTagByChildTag, rmserver.ControllerConfig, and
h.store.UpdateControllerConfigItem when making the change.

🧹 Nitpick comments (4)

pkg/mcs/resourcemanager/redirector/pd_metadata_handler.go (2)

106-117: Consider using errcode + errorResp instead of c.String() for error responses.

The coding guidelines state HTTP handlers should use errcode + errorResp rather than plain string responses (which is essentially http.Error). All handlers in this file (postResourceGroup, putResourceGroup, getResourceGroup, etc.) use c.String(statusCode, err.Error()) for error paths. Since the handler isn't wired into routing yet, this can be aligned later, but it's worth tracking.

As per coding guidelines: "HTTP handlers should use errcode + errorResp instead of http.Error".

---

132-154: Redundant nil check after error-based not-found.

GetResourceGroup on the store interface returns an error when the group doesn't exist (the test store returns ErrResourceGroupNotExists). The nil check at Line 149 would only trigger if a store implementation returns (nil, nil) — an ambiguous contract. If the interface contract is that not-found returns an error, the nil guard is dead code; if it's intentional defensive coding, consider documenting the contract on the interface.

pkg/mcs/resourcemanager/redirector/pd_metadata_handler_test.go (2)

81-125: Consider adding a test for the negative service_limit validation path.

The handler at Line 229–231 rejects negative service_limit values with 400. This validation branch isn't exercised by any test. A small addition would improve confidence:

resp = doJSONRequest(re, handler, http.MethodPost,
    "/resource-manager/api/v1/config/keyspace/service-limit/path_keyspace",
    map[string]float64{"service_limit": -1})
re.Equal(http.StatusBadRequest, resp.Code)

---

185-187: GetResourceGroupList always returns empty — consider exercising it.

The test store stub returns an empty slice regardless of input, and the handler's getResourceGroupList endpoint isn't tested. If this is intentionally deferred, that's fine, but it leaves the list endpoint and its error-mapping logic uncovered.

[codecov]

Codecov Report

❌ Patch coverage is 78.54545% with 59 lines in your changes missing coverage. Please review.
✅ Project coverage is 78.90%. Comparing base (0059e6f) to head (635b370).
⚠️ Report is 16 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #10246      +/-   ##
==========================================
+ Coverage   78.88%   78.90%   +0.02%     
==========================================
  Files         527      529       +2     
  Lines       70920    71097     +177     
==========================================
+ Hits        55944    56101     +157     
- Misses      10978    10988      +10     
- Partials     3998     4008      +10     

Flag	Coverage Δ
unittests	78.90% <78.54%> (+0.02%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@pkg/mcs/resourcemanager/redirector/pd_metadata_handler_test.go`:
- Around line 128-132: The test currently injects an error via
store.setServiceLimitErr and asserts http.StatusBadRequest; after fixing
setKeyspaceServiceLimit to return 500 on internal store errors, update the test
in pd_metadata_handler_test.go to expect http.StatusInternalServerError instead
of http.StatusBadRequest (locate the block that calls doJSONRequest with POST to
"/resource-manager/api/v1/config/keyspace/service-limit/path_keyspace" and using
store.setServiceLimitErr). Ensure the assertion compares resp.Code to
http.StatusInternalServerError and adjust any related test setup or comments if
present.

In `@pkg/mcs/resourcemanager/redirector/pd_metadata_handler.go`:
- Around line 119-130: The putResourceGroup handler currently returns 500 for
all ModifyResourceGroup errors; update putResourceGroup to check if
h.store.ModifyResourceGroup(&group) returns the sentinel
ErrResourceGroupNotExists and respond with c.String(http.StatusNotFound,
err.Error()) (matching getResourceGroup/deleteResourceGroup behavior), otherwise
keep returning 500 for other errors and 200 on success; reference the
ModifyResourceGroup call in putResourceGroup and the ErrResourceGroupNotExists
error constant to implement the conditional check.

🧹 Nitpick comments (2)

pkg/mcs/resourcemanager/redirector/pd_metadata_handler.go (1)

76-84: Consider setting gin.SetMode(gin.ReleaseMode) to suppress debug output.

gin.New() in default mode emits debug-level route registration logs to stdout. In production this is noisy. Most PD handlers set release mode or use a custom logger.

 func newPDMetadataHandlerWithStore(store pdMetadataStore) http.Handler {
+	gin.SetMode(gin.ReleaseMode)
 	handler := &pdMetadataHandler{
 		store:  store,
 		engine: gin.New(),
 	}

pkg/mcs/resourcemanager/redirector/pd_metadata_handler_test.go (1)

135-142: TestNewPDMetadataHandler only checks NotNil — consider a smoke request.

The test verifies construction but doesn't exercise routing through the real adapter. A single GET to /config/groups would confirm wiring end-to-end.

[okJiang]

/retest

[rleungx]

Why we need it?

[okJiang]

When deploying RM microservices, PD uses a redirector for forwarding. Implementing a simple handler in the redirector is more lightweight than directly reusing the entire ResourceManager service.

[okJiang]

pdMetadataHandler is used to handle write operations in PD side

[bufferflies]

Why support this query? And I think this function can be merged into the getKeyspaceIDByName.

[bufferflies]

If the keyspace name does not exist, getKeyspaceIDByName will return an error. I don't think this is a bad request; it should return 404.

[rleungx]

The file name should also be changed.

[okJiang]

Fixed in cb775ac. The redirector file pair has been renamed to metadata_handler.go and metadata_handler_test.go, so the old pd_metadata_handler* naming is fully removed now.

[rleungx]

Is there a better name than store?

[okJiang]

Fixed in cb775ac. I renamed the generic Store interface in metadataapi to ConfigStore, and updated the corresponding field/parameter names (configStore) to make the scope clearer while keeping ManagerStore unchanged.

[rleungx]

@coderabbitai Is there a better name?

[coderabbitai]

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Look at the full interface definition and surrounding context
rg -n "interface|func\s" pkg/mcs/resourcemanager/metadataapi/config_service.go | head -60

echo "---"
# See the full file
cat pkg/mcs/resourcemanager/metadataapi/config_service.go

Length of output: 13135

---

@rleungx, looking at the full interface, ConfigStore has three distinct concerns: resource group CRUD, controller config read/write, and keyspace service limits. The "Config" prefix undersells its scope, and "Store" implies a persistence layer rather than a manager-wrapping abstraction.

A few options, in order of preference:

1. ResourceManagerStore — most accurate to what the interface actually covers (all resource manager metadata), and unambiguous for callers (metadataapi.ResourceManagerStore). The one downside is a slight asymmetry with the concrete ManagerStore.

2. Backend / ManagerBackend — idiomatic Go pattern for dependency-injection interfaces. Rename the concrete type to ManagerBackend too for consistency:

   // Interface
   type Backend interface { ... }
   // Concrete adapter
   type ManagerBackend struct { ... }
   func NewManagerBackend(manager *rmserver.Manager) *ManagerBackend { ... }

   This pairing is clean and self-documenting.

3. MetadataStore — fits the package theme, but metadataapi.MetadataStore is somewhat redundant.

My recommendation is Backend (with ManagerBackend for the concrete type) as it follows the common Go idiom for abstracting dependencies, gives a clean interface/impl pair, and avoids conflating persistence semantics with what is really a manager delegation layer.

[okJiang]

/retest

[okJiang]

/retest

[okJiang]

/retest

[okJiang]

/ok-to-retest

[ti-chi-bot]

[LGTM Timeline notifier]

Timeline:

• 2026-03-06 06:56:11.990970977 +0000 UTC m=+514016.569050170: ☑️ agreed by bufferflies.
• 2026-03-13 09:46:59.632412331 +0000 UTC m=+602651.144469982: ☑️ agreed by rleungx.

[okJiang]

/retest

[okJiang]

/retest

[okJiang]

/retest

[okJiang]

/retest

[okJiang]

/retest

[okJiang]

/retest

[ti-chi-bot]

@niubell: adding LGTM is restricted to approvers and reviewers in OWNERS files.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[ti-chi-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bufferflies, niubell, rleungx

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [bufferflies,rleungx]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[okJiang]

/retest