KIKIMR-20081: add grant/revoke permissions to query service (#522)

* add grant/revore permissions to query service

* fix rebase

* fix issues

Author: VPolka

ydb/core/kqp/executer_actor/kqp_scheme_executer.cpp

@@ -166,31 +166,37 @@ class TKqpSchemeExecuter : public TActorBootstrapped<TKqpSchemeExecuter> {
             }
 
             case NKqpProto::TKqpSchemeOperation::kCreateGroup: {
-                auto modifyScheme = schemeOp.GetCreateGroup();
+                const auto& modifyScheme = schemeOp.GetCreateGroup();
                 ev->Record.MutableTransaction()->MutableModifyScheme()->CopyFrom(modifyScheme);
                 break;
             }
 
             case NKqpProto::TKqpSchemeOperation::kAddGroupMembership: {
-                auto modifyScheme = schemeOp.GetAddGroupMembership();
+                const auto& modifyScheme = schemeOp.GetAddGroupMembership();
                 ev->Record.MutableTransaction()->MutableModifyScheme()->CopyFrom(modifyScheme);
                 break;
             }
 
             case NKqpProto::TKqpSchemeOperation::kRemoveGroupMembership: {
-                auto modifyScheme = schemeOp.GetRemoveGroupMembership();
+                const auto& modifyScheme = schemeOp.GetRemoveGroupMembership();
                 ev->Record.MutableTransaction()->MutableModifyScheme()->CopyFrom(modifyScheme);
                 break;
             }
 
             case NKqpProto::TKqpSchemeOperation::kRenameGroup: {
-                auto modifyScheme = schemeOp.GetRenameGroup();
+                const auto& modifyScheme = schemeOp.GetRenameGroup();
                 ev->Record.MutableTransaction()->MutableModifyScheme()->CopyFrom(modifyScheme);
                 break;
             }
 
             case NKqpProto::TKqpSchemeOperation::kDropGroup: {
-                auto modifyScheme = schemeOp.GetDropGroup();
+                const auto& modifyScheme = schemeOp.GetDropGroup();
+                ev->Record.MutableTransaction()->MutableModifyScheme()->CopyFrom(modifyScheme);
+                break;
+            }
+
+            case NKqpProto::TKqpSchemeOperation::kModifyPermissions: {
+                const auto& modifyScheme = schemeOp.GetModifyPermissions();
                 ev->Record.MutableTransaction()->MutableModifyScheme()->CopyFrom(modifyScheme);
                 break;
             }

ydb/core/kqp/gateway/kqp_ic_gateway.cpp

@@ -688,8 +688,8 @@ namespace {
     };
 
     struct TModifyPermissionsWrapper : public TThrRefBase {
-        using TMethod = std::function<void(NYql::TModifyPermissionsSettings::EAction action, THashSet<TString>&& permissions, THashSet<TString>&& roles, TVector<TString>&& pathes)>;
-        TMethod ModifyPermissionsForPathes;
+        using TMethod = std::function<void(NYql::TModifyPermissionsSettings::EAction action, THashSet<TString>&& permissions, THashSet<TString>&& roles, TVector<TString>&& paths)>;
+        TMethod ModifyPermissionsForPaths;
     };
 }
 
@@ -1275,18 +1275,18 @@ class TKikimrIcGateway : public IKqpGateway {
                 return MakeFuture(ResultFromError<TGenericResult>("No permissions names for modify permissions"));
             }
 
-            if (settings.Pathes.empty()) {
-                return MakeFuture(ResultFromError<TGenericResult>("No pathes for modify permissions"));
+            if (settings.Paths.empty()) {
+                return MakeFuture(ResultFromError<TGenericResult>("No paths for modify permissions"));
             }
 
             if (settings.Roles.empty()) {
                 return MakeFuture(ResultFromError<TGenericResult>("No roles for modify permissions"));
             }
 
             TVector<TPromise<TGenericResult>> promises;
-            promises.reserve(settings.Pathes.size());
+            promises.reserve(settings.Paths.size());
             TVector<TFuture<TGenericResult>> futures;
-            futures.reserve(settings.Pathes.size());
+            futures.reserve(settings.Paths.size());
 
             NACLib::TDiffACL acl;
             switch (settings.Action) {
@@ -1322,9 +1322,9 @@ class TKikimrIcGateway : public IKqpGateway {
             const auto serializedDiffAcl = acl.SerializeAsString();
 
             TVector<std::pair<const TString*, std::pair<TString, TString>>> pathPairs;
-            pathPairs.reserve(settings.Pathes.size());
-            for (const auto& path : settings.Pathes) {
-                pathPairs.push_back(std::make_pair(&path, SplitPathByDirAndBaseNames(path)));
+            pathPairs.reserve(settings.Paths.size());
+            for (const auto& path : settings.Paths) {
+                pathPairs.push_back(std::make_pair(&path, NSchemeHelpers::SplitPathByDirAndBaseNames(path)));
             }
 
             for (const auto& path : pathPairs) {
@@ -2311,14 +2311,6 @@ class TKikimrIcGateway : public IKqpGateway {
     }
 
 private:
-    static std::pair<TString, TString> SplitPathByDirAndBaseNames(const TString& path) {
-        auto splitPos = path.find_last_of('/');
-        if (splitPos == path.npos || splitPos + 1 == path.size()) {
-            ythrow yexception() << "wrong path format '" << path << "'" ;
-        }
-        return {path.substr(0, splitPos), path.substr(splitPos + 1)};
-    }
-
     static TListPathResult GetListPathResult(const TPathDescription& pathDesc, const TString& path) {
         if (pathDesc.GetSelf().GetPathType() != EPathTypeDir) {
             return ResultFromError<TListPathResult>(TString("Directory not found: ") + path);

ydb/core/kqp/gateway/utils/scheme_helpers.cpp

@@ -86,4 +86,12 @@ void FillCreateExternalTableColumnDesc(NKikimrSchemeOp::TExternalTableDescriptio
     externalTableDesc.SetContent(general.SerializeAsString());
 }
 
+std::pair<TString, TString> SplitPathByDirAndBaseNames(const TString& path) {
+    auto splitPos = path.find_last_of('/');
+    if (splitPos == path.npos || splitPos + 1 == path.size()) {
+        ythrow yexception() << "wrong path format '" << path << "'";
+    }
+    return {path.substr(0, splitPos), path.substr(splitPos + 1)};
+}
+
 } // namespace NKikimr::NKqp::NSchemeHelpers

ydb/core/kqp/gateway/utils/scheme_helpers.h

@@ -31,4 +31,6 @@ void FillCreateExternalTableColumnDesc(NKikimrSchemeOp::TExternalTableDescriptio
                                        const TString& name,
                                        const NYql::TCreateExternalTableSettings& settings);
 
+std::pair<TString, TString> SplitPathByDirAndBaseNames(const TString& path);
+
 } // namespace NKikimr::NKqp::NSchemeHelpers