From 99d2a25ed928a6278e0f68512a42c25c8a2e4dfc Mon Sep 17 00:00:00 2001 From: Oleg Doronin Date: Wed, 7 Aug 2024 11:43:12 +0000 Subject: [PATCH] fixes --- .../control_plane_proxy/actors/query_utils.cpp | 18 +++++++++++------- .../control_plane_proxy/actors/query_utils.h | 3 ++- .../actors/ydb_schema_query_actor.cpp | 10 +++++----- 3 files changed, 18 insertions(+), 13 deletions(-) diff --git a/ydb/core/fq/libs/control_plane_proxy/actors/query_utils.cpp b/ydb/core/fq/libs/control_plane_proxy/actors/query_utils.cpp index d0da5a926d3c..41edc24eae51 100644 --- a/ydb/core/fq/libs/control_plane_proxy/actors/query_utils.cpp +++ b/ydb/core/fq/libs/control_plane_proxy/actors/query_utils.cpp @@ -125,8 +125,10 @@ TMaybe CreateSecretObjectQuery(const FederatedQuery::ConnectionSetting& TString CreateAuthParamsQuery(const FederatedQuery::ConnectionSetting& setting, const TString& name, - const TSigner::TPtr& signer) { + const TSigner::TPtr& signer, + const TString& scope) { using namespace fmt::literals; + const TString folderId = NYdb::NFq::TScope{scope}.ParseFolder(); auto authMethod = GetYdbComputeAuthMethod(setting); switch (authMethod) { case EYdbComputeAuth::UNKNOWN: @@ -142,7 +144,7 @@ TString CreateAuthParamsQuery(const FederatedQuery::ConnectionSetting& setting, )", "auth_method"_a = ToString(authMethod), "service_account_id"_a = EncloseAndEscapeString(ExtractServiceAccountId(setting), '"'), - "sa_secret_name"_a = EncloseAndEscapeString(signer ? "k1" + name : TString{}, '"')); + "sa_secret_name"_a = EncloseAndEscapeString(signer ? TStringBuilder{} << "f1_" << folderId << name : TString{}, '"')); case EYdbComputeAuth::BASIC: return fmt::format( R"(, @@ -152,7 +154,7 @@ TString CreateAuthParamsQuery(const FederatedQuery::ConnectionSetting& setting, )", "auth_method"_a = ToString(authMethod), "login"_a = EncloseAndEscapeString(GetLogin(setting).GetOrElse({}), '"'), - "password_secret_name"_a = EncloseAndEscapeString("k2" + name, '"')); + "password_secret_name"_a = EncloseAndEscapeString(TStringBuilder{} << "f2_" << folderId << name, '"')); case EYdbComputeAuth::MDB_BASIC: return fmt::format( R"(, @@ -164,9 +166,9 @@ TString CreateAuthParamsQuery(const FederatedQuery::ConnectionSetting& setting, )", "auth_method"_a = ToString(authMethod), "service_account_id"_a = EncloseAndEscapeString(ExtractServiceAccountId(setting), '"'), - "sa_secret_name"_a = EncloseAndEscapeString(signer ? "k1" + name : TString{}, '"'), + "sa_secret_name"_a = EncloseAndEscapeString(signer ? TStringBuilder{} << "f1_" << folderId << name : TString{}, '"'), "login"_a = EncloseAndEscapeString(GetLogin(setting).GetOrElse({}), '"'), - "password_secret_name"_a = EncloseAndEscapeString("k2" + name, '"')); + "password_secret_name"_a = EncloseAndEscapeString(TStringBuilder{} << "f2_" << folderId << name, '"')); } } @@ -174,7 +176,8 @@ TString MakeCreateExternalDataSourceQuery( const FederatedQuery::ConnectionContent& connectionContent, const TSigner::TPtr& signer, const NConfig::TCommonConfig& common, - bool replaceIfExists) { + bool replaceIfExists, + const TString& scope) { using namespace fmt::literals; TString properties; @@ -281,7 +284,8 @@ TString MakeCreateExternalDataSourceQuery( "auth_params"_a = CreateAuthParamsQuery(connectionContent.setting(), connectionContent.name(), - signer)); + signer, + scope)); } TMaybe DropSecretObjectQuery(const TString& name, const TString& scope) { diff --git a/ydb/core/fq/libs/control_plane_proxy/actors/query_utils.h b/ydb/core/fq/libs/control_plane_proxy/actors/query_utils.h index 54b91ef57fe2..cdb8b8612f48 100644 --- a/ydb/core/fq/libs/control_plane_proxy/actors/query_utils.h +++ b/ydb/core/fq/libs/control_plane_proxy/actors/query_utils.h @@ -19,7 +19,8 @@ TString MakeCreateExternalDataSourceQuery( const FederatedQuery::ConnectionContent& connectionContent, const TSigner::TPtr& signer, const NConfig::TCommonConfig& common, - bool replaceIfExists); + bool replaceIfExists, + const TString& scope); TString MakeDeleteExternalDataSourceQuery(const TString& sourceName); diff --git a/ydb/core/fq/libs/control_plane_proxy/actors/ydb_schema_query_actor.cpp b/ydb/core/fq/libs/control_plane_proxy/actors/ydb_schema_query_actor.cpp index 561985923286..e172b186fd11 100644 --- a/ydb/core/fq/libs/control_plane_proxy/actors/ydb_schema_query_actor.cpp +++ b/ydb/core/fq/libs/control_plane_proxy/actors/ydb_schema_query_actor.cpp @@ -605,7 +605,7 @@ IActor* MakeCreateConnectionActor( statements.push_back(TSchemaQueryTask{ .SQL = MakeCreateExternalDataSourceQuery( connectionContent, signer, commonConfig, - computeConfig.IsReplaceIfExistsSyntaxSupported()), + computeConfig.IsReplaceIfExistsSyntaxSupported(), scope), .ScheduleErrorRecoverySQLGeneration = withoutRollback ? NoRecoverySQLGeneration() @@ -687,7 +687,7 @@ IActor* MakeModifyConnectionActor( statements.push_back(TSchemaQueryTask{ .SQL = MakeCreateExternalDataSourceQuery( - newConnectionContent, signer, commonConfig, replaceSupported)}); + newConnectionContent, signer, commonConfig, replaceSupported, scope)}); return statements; } @@ -716,7 +716,7 @@ IActor* MakeModifyConnectionActor( statements.push_back(TSchemaQueryTask{ .SQL = TString{MakeDeleteExternalDataSourceQuery(oldConnectionContent.name())}, .RollbackSQL = TString{MakeCreateExternalDataSourceQuery( - oldConnectionContent, signer, commonConfig, false)}, + oldConnectionContent, signer, commonConfig, false, scope)}, .ShouldSkipStepOnError = IsPathDoesNotExistIssue}); if (dropOldSecret) { @@ -735,7 +735,7 @@ IActor* MakeModifyConnectionActor( statements.push_back( TSchemaQueryTask{.SQL = TString{MakeCreateExternalDataSourceQuery( - newConnectionContent, signer, commonConfig, false)}, + newConnectionContent, signer, commonConfig, false, scope)}, .RollbackSQL = TString{MakeDeleteExternalDataSourceQuery( newConnectionContent.name())}}); @@ -800,7 +800,7 @@ IActor* MakeDeleteConnectionActor( TSchemaQueryTask{.SQL = TString{MakeDeleteExternalDataSourceQuery( connectionContent.name())}, .RollbackSQL = MakeCreateExternalDataSourceQuery( - connectionContent, signer, commonConfig, false), + connectionContent, signer, commonConfig, false, scope), .ShouldSkipStepOnError = IsPathDoesNotExistIssue}}; if (dropSecret) { statements.push_back(