Add permissions to ydb tools dump (#6833)

Author: pixcc

ydb/library/backup/backup.cpp

@@ -30,6 +30,7 @@ namespace NYdb::NBackup {
 
 
 static constexpr const char *SCHEME_FILE_NAME = "scheme.pb";
+static constexpr const char *PERMISSIONS_FILE_NAME = "permissions.pb";
 static constexpr const char *INCOMPLETE_DATA_FILE_NAME = "incomplete.csv";
 static constexpr const char *INCOMPLETE_FILE_NAME = "incomplete";
 static constexpr const char *EMPTY_FILE_NAME = "empty_dir";
@@ -429,6 +430,16 @@ Ydb::Table::CreateTableRequest ProtoFromTableDescription(const NTable::TTableDes
     return proto;
 }
 
+NScheme::TSchemeEntry DescribePath(TDriver driver, const TString& fullPath) {
+    NScheme::TSchemeClient client(driver);
+
+    auto status = client.DescribePath(fullPath).GetValueSync();
+    VerifyStatus(status);
+    LOG_DEBUG("Path is described, fullPath: " << fullPath);
+
+    return status.GetEntry();
+}
+
 TAsyncStatus CopyTableAsyncStart(TDriver driver, const TString& src, const TString& dst) {
     NTable::TTableClient client(driver);
 
@@ -480,6 +491,19 @@ void DropTable(TDriver driver, const TString& path) {
     LOG_DEBUG("Table is dropped, path: " << path.Quote());
 }
 
+void BackupPermissions(TDriver driver, const TString& dbPrefix, const TString& path, const TFsPath& folderPath) {
+    auto entry = DescribePath(driver, JoinDatabasePath(dbPrefix, path));
+    Ydb::Scheme::ModifyPermissionsRequest proto;
+    entry.SerializeTo(proto);
+
+    TString permissionsStr;
+    google::protobuf::TextFormat::PrintToString(proto, &permissionsStr);
+    LOG_DEBUG("ModifyPermissionsRequest.proto: " << permissionsStr);
+
+    TFile outFile(folderPath.Child(PERMISSIONS_FILE_NAME), CreateAlways | WrOnly);
+    outFile.Write(permissionsStr.data(), permissionsStr.size());
+}
+
 void BackupTable(TDriver driver, const TString& dbPrefix, const TString& backupPrefix, const TString& path,
         const TFsPath& folderPath, bool schemaOnly, bool preservePoolKinds, bool ordered) {
     Y_ENSURE(!path.empty());
@@ -497,6 +521,8 @@ void BackupTable(TDriver driver, const TString& dbPrefix, const TString& backupP
     TFile outFile(folderPath.Child(SCHEME_FILE_NAME), CreateAlways | WrOnly);
     outFile.Write(schemaStr.data(), schemaStr.size());
 
+    BackupPermissions(driver, dbPrefix, path, folderPath);
+
     if (!schemaOnly) {
         const TString pathToTemporal = JoinDatabasePath(backupPrefix, path);
         ReadTable(driver, desc, pathToTemporal, folderPath, ordered);
@@ -535,6 +561,14 @@ static bool IsExcluded(const TString& path, const TVector<TRegExMatch>& exclusio
     return false;
 }
 
+static void MaybeCreateEmptyFile(const TFsPath& folderPath) {
+    TVector<TString> children;
+    folderPath.ListNames(children);
+    if (children.empty() || (children.size() == 1 && children[0] == INCOMPLETE_FILE_NAME)) {
+        TFile(folderPath.Child(EMPTY_FILE_NAME), CreateAlways);
+    }
+}
+
 void BackupFolderImpl(TDriver driver, const TString& dbPrefix, const TString& backupPrefix, TString path,
         const TFsPath folderPath, const TVector<TRegExMatch>& exclusionPatterns,
         bool schemaOnly, bool useConsistentCopyTable, bool avoidCopy, bool preservePoolKinds, bool ordered) {
@@ -562,6 +596,9 @@ void BackupFolderImpl(TDriver driver, const TString& dbPrefix, const TString& ba
                     BackupTable(driver, dbIt.GetTraverseRoot(), backupPrefix, dbIt.GetRelPath(),
                             childFolderPath, schemaOnly, preservePoolKinds, ordered);
                     childFolderPath.Child(INCOMPLETE_FILE_NAME).DeleteIfExists();
+                } else if (dbIt.IsDir()) {
+                    BackupPermissions(driver, dbIt.GetTraverseRoot(), dbIt.GetRelPath(), childFolderPath);
+                    childFolderPath.Child(INCOMPLETE_FILE_NAME).DeleteIfExists();
                 }
             } else if (!avoidCopy) {
                 if (dbIt.IsTable()) {
@@ -594,13 +631,7 @@ void BackupFolderImpl(TDriver driver, const TString& dbPrefix, const TString& ba
                 // so control flow can't reach this line. Check it just to be sure
                 Y_ENSURE(!childFolderPath.Child(INCOMPLETE_FILE_NAME).Exists());
             } else if (dbIt.IsDir()) {
-                childFolderPath.Child(INCOMPLETE_FILE_NAME).DeleteIfExists();
-
-                TVector<TString> children;
-                childFolderPath.ListNames(children);
-                if (children.empty()) {
-                    TFile(childFolderPath.Child(EMPTY_FILE_NAME), CreateAlways);
-                }
+                MaybeCreateEmptyFile(childFolderPath);
             }
 
             childFolderPath.Child(INCOMPLETE_FILE_NAME).DeleteIfExists();
@@ -639,14 +670,8 @@ void BackupFolderImpl(TDriver driver, const TString& dbPrefix, const TString& ba
                     DropTable(driver, tmpTablePath);
                 }
             } else if (dbIt.IsDir()) {
-                childFolderPath.Child(INCOMPLETE_FILE_NAME).DeleteIfExists();
-
-                TVector<TString> children;
-                childFolderPath.ListNames(children);
-                if (children.empty()) {
-                    TFile(childFolderPath.Child(EMPTY_FILE_NAME), CreateAlways);
-                }
-
+                BackupPermissions(driver, dbIt.GetTraverseRoot(), dbIt.GetRelPath(), childFolderPath);
+                MaybeCreateEmptyFile(childFolderPath);
                 if (!avoidCopy) {
                     RemoveClusterDirectory(driver, tmpTablePath);
                 }

ydb/public/sdk/cpp/client/ydb_scheme/scheme.cpp

@@ -17,6 +17,13 @@ namespace NScheme {
 using namespace NThreading;
 using namespace Ydb::Scheme;
 
+void TPermissions::SerializeTo(::Ydb::Scheme::Permissions& proto) const {
+    proto.set_subject(Subject);
+    for (const auto& name : PermissionNames) {
+        *proto.mutable_permission_names()->Add() = name;
+    }
+}
+
 TVirtualTimestamp::TVirtualTimestamp(ui64 planStep, ui64 txId)
     : PlanStep(planStep)
     , TxId(txId)
@@ -120,6 +127,13 @@ void TSchemeEntry::Out(IOutputStream& out) const {
         << " }";
 }
 
+void TSchemeEntry::SerializeTo(::Ydb::Scheme::ModifyPermissionsRequest& request) const {
+    request.mutable_actions()->Add()->set_change_owner(Owner);
+    for (const auto& permission : Permissions) {
+        permission.SerializeTo(*request.mutable_actions()->Add()->mutable_set());
+    }
+}
+
 class TSchemeClient::TImpl : public TClientImplCommon<TSchemeClient::TImpl> {
 public:
     TImpl(std::shared_ptr<TGRpcConnectionsImpl>&& connections, const TCommonClientSettings& settings)

ydb/public/sdk/cpp/client/ydb_scheme/scheme.h

@@ -6,6 +6,8 @@ namespace Ydb {
     class VirtualTimestamp;
     namespace Scheme {
         class Entry;
+        class ModifyPermissionsRequest;
+        class Permissions;
     }
 }
 
@@ -24,6 +26,8 @@ struct TPermissions {
     {}
     TString Subject;
     TVector<TString> PermissionNames;
+
+    void SerializeTo(::Ydb::Scheme::Permissions& proto) const;
 };
 
 enum class ESchemeEntryType : i32 {
@@ -77,6 +81,9 @@ struct TSchemeEntry {
     TSchemeEntry(const ::Ydb::Scheme::Entry& proto);
 
     void Out(IOutputStream& out) const;
+
+    // Fills ModifyPermissionsRequest proto from this entry
+    void SerializeTo(::Ydb::Scheme::ModifyPermissionsRequest& request) const;
 };
 
 ////////////////////////////////////////////////////////////////////////////////

ydb/tests/functional/ydb_cli/test_ydb_backup.py

@@ -4,7 +4,7 @@
 from ydb.tests.library.harness.kikimr_cluster import kikimr_cluster_factory
 from ydb.tests.oss.ydb_sdk_import import ydb
 
-from hamcrest import assert_that, is_, is_not, contains_inanyorder, has_item, has_items
+from hamcrest import assert_that, is_, is_not, contains_inanyorder, has_items
 import os
 import logging
 import pytest
@@ -192,12 +192,12 @@ def create_backup(cls, path, expected_dirs, check_data, additional_args=[]):
             if check_data:
                 assert_that(
                     os.listdir(backup_files_dir + "/" + _dir),
-                    contains_inanyorder("data_00.csv", "scheme.pb")
+                    contains_inanyorder("data_00.csv", "scheme.pb", "permissions.pb")
                 )
             else:
                 assert_that(
                     os.listdir(backup_files_dir + "/" + _dir),
-                    has_item("scheme.pb")
+                    has_items("scheme.pb", "permissions.pb")
                 )