Skip to content

Commit

Permalink
KIKIMR-20081: add grant/revoke permissions to query service (#522)
Browse files Browse the repository at this point in the history 
* add grant/revore permissions to query service

* fix rebase

* fix issues
  • Loading branch information
@VPolka
VPolka authored Dec 20, 2023
1 parent 530fde1 commit adc4da7
Show file tree
Hide file tree
Showing 17 changed files with 484 additions and 162 deletions.
16 changes: 11 additions & 5 deletions ydb/core/kqp/executer_actor/kqp_scheme_executer.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -166,31 +166,37 @@ class TKqpSchemeExecuter : public TActorBootstrapped<TKqpSchemeExecuter> {
}

case NKqpProto::TKqpSchemeOperation::kCreateGroup: {
auto modifyScheme = schemeOp.GetCreateGroup();
const auto& modifyScheme = schemeOp.GetCreateGroup();
ev->Record.MutableTransaction()->MutableModifyScheme()->CopyFrom(modifyScheme);
break;
}

case NKqpProto::TKqpSchemeOperation::kAddGroupMembership: {
auto modifyScheme = schemeOp.GetAddGroupMembership();
const auto& modifyScheme = schemeOp.GetAddGroupMembership();
ev->Record.MutableTransaction()->MutableModifyScheme()->CopyFrom(modifyScheme);
break;
}

case NKqpProto::TKqpSchemeOperation::kRemoveGroupMembership: {
auto modifyScheme = schemeOp.GetRemoveGroupMembership();
const auto& modifyScheme = schemeOp.GetRemoveGroupMembership();
ev->Record.MutableTransaction()->MutableModifyScheme()->CopyFrom(modifyScheme);
break;
}

case NKqpProto::TKqpSchemeOperation::kRenameGroup: {
auto modifyScheme = schemeOp.GetRenameGroup();
const auto& modifyScheme = schemeOp.GetRenameGroup();
ev->Record.MutableTransaction()->MutableModifyScheme()->CopyFrom(modifyScheme);
break;
}

case NKqpProto::TKqpSchemeOperation::kDropGroup: {
auto modifyScheme = schemeOp.GetDropGroup();
const auto& modifyScheme = schemeOp.GetDropGroup();
ev->Record.MutableTransaction()->MutableModifyScheme()->CopyFrom(modifyScheme);
break;
}

case NKqpProto::TKqpSchemeOperation::kModifyPermissions: {
const auto& modifyScheme = schemeOp.GetModifyPermissions();
ev->Record.MutableTransaction()->MutableModifyScheme()->CopyFrom(modifyScheme);
break;
}
Expand Down
26 changes: 9 additions & 17 deletions ydb/core/kqp/gateway/kqp_ic_gateway.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -688,8 +688,8 @@ namespace {
};

struct TModifyPermissionsWrapper : public TThrRefBase {
using TMethod = std::function<void(NYql::TModifyPermissionsSettings::EAction action, THashSet<TString>&& permissions, THashSet<TString>&& roles, TVector<TString>&& pathes)>;
TMethod ModifyPermissionsForPathes;
using TMethod = std::function<void(NYql::TModifyPermissionsSettings::EAction action, THashSet<TString>&& permissions, THashSet<TString>&& roles, TVector<TString>&& paths)>;
TMethod ModifyPermissionsForPaths;
};
}

Expand Down Expand Up @@ -1275,18 +1275,18 @@ class TKikimrIcGateway : public IKqpGateway {
return MakeFuture(ResultFromError<TGenericResult>("No permissions names for modify permissions"));
}

if (settings.Pathes.empty()) {
return MakeFuture(ResultFromError<TGenericResult>("No pathes for modify permissions"));
if (settings.Paths.empty()) {
return MakeFuture(ResultFromError<TGenericResult>("No paths for modify permissions"));
}

if (settings.Roles.empty()) {
return MakeFuture(ResultFromError<TGenericResult>("No roles for modify permissions"));
}

TVector<TPromise<TGenericResult>> promises;
promises.reserve(settings.Pathes.size());
promises.reserve(settings.Paths.size());
TVector<TFuture<TGenericResult>> futures;
futures.reserve(settings.Pathes.size());
futures.reserve(settings.Paths.size());

NACLib::TDiffACL acl;
switch (settings.Action) {
Expand Down Expand Up @@ -1322,9 +1322,9 @@ class TKikimrIcGateway : public IKqpGateway {
const auto serializedDiffAcl = acl.SerializeAsString();

TVector<std::pair<const TString*, std::pair<TString, TString>>> pathPairs;
pathPairs.reserve(settings.Pathes.size());
for (const auto& path : settings.Pathes) {
pathPairs.push_back(std::make_pair(&path, SplitPathByDirAndBaseNames(path)));
pathPairs.reserve(settings.Paths.size());
for (const auto& path : settings.Paths) {
pathPairs.push_back(std::make_pair(&path, NSchemeHelpers::SplitPathByDirAndBaseNames(path)));
}

for (const auto& path : pathPairs) {
Expand Down Expand Up @@ -2311,14 +2311,6 @@ class TKikimrIcGateway : public IKqpGateway {
}

private:
static std::pair<TString, TString> SplitPathByDirAndBaseNames(const TString& path) {
auto splitPos = path.find_last_of('/');
if (splitPos == path.npos || splitPos + 1 == path.size()) {
ythrow yexception() << "wrong path format '" << path << "'" ;
}
return {path.substr(0, splitPos), path.substr(splitPos + 1)};
}

static TListPathResult GetListPathResult(const TPathDescription& pathDesc, const TString& path) {
if (pathDesc.GetSelf().GetPathType() != EPathTypeDir) {
return ResultFromError<TListPathResult>(TString("Directory not found: ") + path);
Expand Down
8 changes: 8 additions & 0 deletions ydb/core/kqp/gateway/utils/scheme_helpers.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,4 +86,12 @@ void FillCreateExternalTableColumnDesc(NKikimrSchemeOp::TExternalTableDescriptio
externalTableDesc.SetContent(general.SerializeAsString());
}

std::pair<TString, TString> SplitPathByDirAndBaseNames(const TString& path) {
auto splitPos = path.find_last_of('/');
if (splitPos == path.npos || splitPos + 1 == path.size()) {
ythrow yexception() << "wrong path format '" << path << "'";
}
return {path.substr(0, splitPos), path.substr(splitPos + 1)};
}

} // namespace NKikimr::NKqp::NSchemeHelpers
2 changes: 2 additions & 0 deletions ydb/core/kqp/gateway/utils/scheme_helpers.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,4 +31,6 @@ void FillCreateExternalTableColumnDesc(NKikimrSchemeOp::TExternalTableDescriptio
const TString& name,
const NYql::TCreateExternalTableSettings& settings);

std::pair<TString, TString> SplitPathByDirAndBaseNames(const TString& path);

} // namespace NKikimr::NKqp::NSchemeHelpers
Loading

0 comments on commit adc4da7

Please sign in to comment.