diff --git a/ydb/core/fq/libs/compute/ydb/synchronization_service/synchronization_service.cpp b/ydb/core/fq/libs/compute/ydb/synchronization_service/synchronization_service.cpp index e8ac5cc5ef31..fe8df83ebd6c 100644 --- a/ydb/core/fq/libs/compute/ydb/synchronization_service/synchronization_service.cpp +++ b/ydb/core/fq/libs/compute/ydb/synchronization_service/synchronization_service.cpp @@ -436,6 +436,7 @@ class TSynchronizeScopeActor : public NActors::TActorBootstrappedGet()->YDBClient = Client; request.Get()->Get()->ComputeDatabase = ComputeDatabase; + request.Get()->Get()->Scope = Scope; Register(NFq::NPrivate::MakeCreateConnectionActor( SelfId(), @@ -465,6 +466,7 @@ class TSynchronizeScopeActor : public NActors::TActorBootstrappedGet()->YDBClient = Client; request.Get()->Get()->ComputeDatabase = ComputeDatabase; + request.Get()->Get()->Scope = Scope; auto it = Connections.find(binding.second.content().connection_id()); if (it == Connections.end()) { diff --git a/ydb/core/fq/libs/control_plane_proxy/actors/query_utils.cpp b/ydb/core/fq/libs/control_plane_proxy/actors/query_utils.cpp index 1a781f374205..d0da5a926d3c 100644 --- a/ydb/core/fq/libs/control_plane_proxy/actors/query_utils.cpp +++ b/ydb/core/fq/libs/control_plane_proxy/actors/query_utils.cpp @@ -7,6 +7,7 @@ #include #include #include +#include namespace NFq { namespace NPrivate { @@ -94,7 +95,9 @@ TString SignAccountId(const TString& id, const TSigner::TPtr& signer) { TMaybe CreateSecretObjectQuery(const FederatedQuery::ConnectionSetting& setting, const TString& name, - const TSigner::TPtr& signer) { + const TSigner::TPtr& signer, + const TString& scope) { + const TString folderId = NYdb::NFq::TScope{scope}.ParseFolder(); using namespace fmt::literals; TString secretObjects; auto serviceAccountId = ExtractServiceAccountId(setting); @@ -103,7 +106,7 @@ TMaybe CreateSecretObjectQuery(const FederatedQuery::ConnectionSetting& R"( UPSERT OBJECT {sa_secret_name} (TYPE SECRET) WITH value={signature}; )", - "sa_secret_name"_a = EncloseAndEscapeString("k1" + name, '`'), + "sa_secret_name"_a = EncloseAndEscapeString(TStringBuilder{} << "f1_" << folderId << name, '`'), "signature"_a = EncloseSecret(EncloseAndEscapeString(SignAccountId(serviceAccountId, signer), '"'))) : std::string{}; } @@ -113,7 +116,7 @@ TMaybe CreateSecretObjectQuery(const FederatedQuery::ConnectionSetting& R"( UPSERT OBJECT {password_secret_name} (TYPE SECRET) WITH value={password}; )", - "password_secret_name"_a = EncloseAndEscapeString("k2" + name, '`'), + "password_secret_name"_a = EncloseAndEscapeString(TStringBuilder{} << "f2_" << folderId << name, '`'), "password"_a = EncloseSecret(EncloseAndEscapeString(*password, '"'))); } @@ -281,17 +284,22 @@ TString MakeCreateExternalDataSourceQuery( signer)); } -TMaybe DropSecretObjectQuery(const TString& name) { +TMaybe DropSecretObjectQuery(const TString& name, const TString& scope) { + const TString folderId = NYdb::NFq::TScope{scope}.ParseFolder(); using namespace fmt::literals; return fmt::format( R"( DROP OBJECT {secret_name1} (TYPE SECRET); DROP OBJECT {secret_name2} (TYPE SECRET); DROP OBJECT {secret_name3} (TYPE SECRET); -- for backward compatibility + DROP OBJECT {secret_name4} (TYPE SECRET); -- for backward compatibility + DROP OBJECT {secret_name5} (TYPE SECRET); -- for backward compatibility )", - "secret_name1"_a = EncloseAndEscapeString("k1" + name, '`'), - "secret_name2"_a = EncloseAndEscapeString("k2" + name, '`'), - "secret_name3"_a = EncloseAndEscapeString(name, '`')); + "secret_name1"_a = EncloseAndEscapeString(TStringBuilder{} << "f1_" << folderId << name, '`'), + "secret_name2"_a = EncloseAndEscapeString(TStringBuilder{} << "f2_" << folderId << name, '`'), + "secret_name3"_a = EncloseAndEscapeString(TStringBuilder{} << "k1" << name, '`'), + "secret_name4"_a = EncloseAndEscapeString(TStringBuilder{} << "k2" << name, '`'), + "secret_name5"_a = EncloseAndEscapeString(name, '`')); } TString MakeDeleteExternalDataTableQuery(const TString& tableName) { diff --git a/ydb/core/fq/libs/control_plane_proxy/actors/query_utils.h b/ydb/core/fq/libs/control_plane_proxy/actors/query_utils.h index ebfe43b5e228..54b91ef57fe2 100644 --- a/ydb/core/fq/libs/control_plane_proxy/actors/query_utils.h +++ b/ydb/core/fq/libs/control_plane_proxy/actors/query_utils.h @@ -10,9 +10,10 @@ namespace NPrivate { TMaybe CreateSecretObjectQuery(const FederatedQuery::ConnectionSetting& setting, const TString& name, - const TSigner::TPtr& signer); + const TSigner::TPtr& signer, + const TString& scope); -TMaybe DropSecretObjectQuery(const TString& name); +TMaybe DropSecretObjectQuery(const TString& name, const TString& scope); TString MakeCreateExternalDataSourceQuery( const FederatedQuery::ConnectionContent& connectionContent, diff --git a/ydb/core/fq/libs/control_plane_proxy/actors/ydb_schema_query_actor.cpp b/ydb/core/fq/libs/control_plane_proxy/actors/ydb_schema_query_actor.cpp index 2854598fabe5..561985923286 100644 --- a/ydb/core/fq/libs/control_plane_proxy/actors/ydb_schema_query_actor.cpp +++ b/ydb/core/fq/libs/control_plane_proxy/actors/ydb_schema_query_actor.cpp @@ -557,10 +557,12 @@ IActor* MakeCreateConnectionActor( computeConfig](const TEvControlPlaneProxy::TEvCreateConnectionRequest::TPtr& req) -> std::vector { auto& connectionContent = req->Get()->Request.content(); + const auto& scope = req->Get()->Scope; auto createSecretStatement = CreateSecretObjectQuery(connectionContent.setting(), connectionContent.name(), - signer); + signer, + scope); std::vector statements; if (createSecretStatement) { @@ -659,13 +661,15 @@ IActor* MakeModifyConnectionActor( auto& oldConnectionContent = (*request->Get()->OldConnectionContent); auto& oldBindings = request->Get()->OldBindingContents; auto& newConnectionContent = request->Get()->Request.content(); + const auto& scope = request->Get()->Scope; auto dropOldSecret = - DropSecretObjectQuery(oldConnectionContent.name()); + DropSecretObjectQuery(oldConnectionContent.name(), scope); auto createNewSecret = CreateSecretObjectQuery(newConnectionContent.setting(), newConnectionContent.name(), - signer); + signer, + scope); bool replaceSupported = computeConfig.IsReplaceIfExistsSyntaxSupported(); if (replaceSupported && @@ -673,7 +677,7 @@ IActor* MakeModifyConnectionActor( // CREATE OR REPLACE auto createSecretStatement = CreateSecretObjectQuery(newConnectionContent.setting(), - newConnectionContent.name(), signer); + newConnectionContent.name(), signer, scope); std::vector statements; if (createSecretStatement) { @@ -720,13 +724,13 @@ IActor* MakeModifyConnectionActor( .SQL = *dropOldSecret, .RollbackSQL = CreateSecretObjectQuery(oldConnectionContent.setting(), oldConnectionContent.name(), - signer), + signer, scope), .ShouldSkipStepOnError = IsPathDoesNotExistIssue}); } if (createNewSecret) { statements.push_back(TSchemaQueryTask{.SQL = *createNewSecret, .RollbackSQL = DropSecretObjectQuery( - newConnectionContent.name())}); + newConnectionContent.name(), scope)}); } statements.push_back( @@ -787,9 +791,10 @@ IActor* MakeDeleteConnectionActor( const TEvControlPlaneProxy::TEvDeleteConnectionRequest::TPtr& request) -> std::vector { auto& connectionContent = *request->Get()->ConnectionContent; + const auto& scope = request->Get()->Scope; auto dropSecret = - DropSecretObjectQuery(connectionContent.name()); + DropSecretObjectQuery(connectionContent.name(), scope); std::vector statements = { TSchemaQueryTask{.SQL = TString{MakeDeleteExternalDataSourceQuery( @@ -803,7 +808,7 @@ IActor* MakeDeleteConnectionActor( .RollbackSQL = CreateSecretObjectQuery(connectionContent.setting(), connectionContent.name(), - signer), + signer, scope), .ShouldSkipStepOnError = IsPathDoesNotExistIssue}); } return statements;