Merge d7fa9cb into 0f64840

dorooleg · web-flow · commit b0b6acb09079 · 2024-08-02T10:59:50.000Z
diff --git a/ydb/core/fq/libs/compute/ydb/synchronization_service/synchronization_service.cpp b/ydb/core/fq/libs/compute/ydb/synchronization_service/synchronization_service.cpp
@@ -436,6 +436,7 @@ class TSynchronizeScopeActor : public NActors::TActorBootstrapped<TSynchronizeSc
 
             request.Get()->Get()->YDBClient = Client;
             request.Get()->Get()->ComputeDatabase = ComputeDatabase;
+            request.Get()->Get()->Scope = Scope;
 
             Register(NFq::NPrivate::MakeCreateConnectionActor(
                 SelfId(),
@@ -465,6 +466,7 @@ class TSynchronizeScopeActor : public NActors::TActorBootstrapped<TSynchronizeSc
 
             request.Get()->Get()->YDBClient = Client;
             request.Get()->Get()->ComputeDatabase = ComputeDatabase;
+            request.Get()->Get()->Scope = Scope;
 
             auto it = Connections.find(binding.second.content().connection_id());
             if (it == Connections.end()) {
diff --git a/ydb/core/fq/libs/control_plane_proxy/actors/query_utils.cpp b/ydb/core/fq/libs/control_plane_proxy/actors/query_utils.cpp
@@ -7,6 +7,7 @@
 #include <ydb/core/fq/libs/result_formatter/result_formatter.h>
 #include <ydb/core/kqp/provider/yql_kikimr_results.h>
 #include <ydb/public/api/protos/draft/fq.pb.h>
+#include <ydb/public/lib/fq/scope.h>
 
 namespace NFq {
 namespace NPrivate {
@@ -94,7 +95,9 @@ TString SignAccountId(const TString& id, const TSigner::TPtr& signer) {
 
 TMaybe<TString> CreateSecretObjectQuery(const FederatedQuery::ConnectionSetting& setting,
                                 const TString& name,
-                                const TSigner::TPtr& signer) {
+                                const TSigner::TPtr& signer,
+                                const TString& scope) {
+    const TString folderId = NYdb::NFq::TScope{scope}.ParseFolder();
     using namespace fmt::literals;
     TString secretObjects;
     auto serviceAccountId = ExtractServiceAccountId(setting);
@@ -103,7 +106,7 @@ TMaybe<TString> CreateSecretObjectQuery(const FederatedQuery::ConnectionSetting&
             R"(
                     UPSERT OBJECT {sa_secret_name} (TYPE SECRET) WITH value={signature};
                 )",
-            "sa_secret_name"_a = EncloseAndEscapeString("k1" + name, '`'),
+            "sa_secret_name"_a = EncloseAndEscapeString(TStringBuilder{} << "f1_" << folderId << name, '`'),
             "signature"_a       = EncloseSecret(EncloseAndEscapeString(SignAccountId(serviceAccountId, signer), '"'))) : std::string{};
     }
 
@@ -113,7 +116,7 @@ TMaybe<TString> CreateSecretObjectQuery(const FederatedQuery::ConnectionSetting&
                 R"(
                     UPSERT OBJECT {password_secret_name} (TYPE SECRET) WITH value={password};
                 )",
-            "password_secret_name"_a = EncloseAndEscapeString("k2" + name, '`'),
+            "password_secret_name"_a = EncloseAndEscapeString(TStringBuilder{} << "f2_" << folderId << name, '`'),
             "password"_a = EncloseSecret(EncloseAndEscapeString(*password, '"')));
     }
 
@@ -281,17 +284,22 @@ TString MakeCreateExternalDataSourceQuery(
                                   signer));
 }
 
-TMaybe<TString> DropSecretObjectQuery(const TString& name) {
+TMaybe<TString> DropSecretObjectQuery(const TString& name, const TString& scope) {
+    const TString folderId = NYdb::NFq::TScope{scope}.ParseFolder();
     using namespace fmt::literals;
     return fmt::format(
             R"(
                 DROP OBJECT {secret_name1} (TYPE SECRET);
                 DROP OBJECT {secret_name2} (TYPE SECRET);
                 DROP OBJECT {secret_name3} (TYPE SECRET); -- for backward compatibility
+                DROP OBJECT {secret_name4} (TYPE SECRET); -- for backward compatibility
+                DROP OBJECT {secret_name5} (TYPE SECRET); -- for backward compatibility
             )",
-        "secret_name1"_a = EncloseAndEscapeString("k1" + name, '`'),
-        "secret_name2"_a = EncloseAndEscapeString("k2" + name, '`'),
-        "secret_name3"_a = EncloseAndEscapeString(name, '`'));
+        "secret_name1"_a = EncloseAndEscapeString(TStringBuilder{} << "f1_" << folderId << name, '`'),
+        "secret_name2"_a = EncloseAndEscapeString(TStringBuilder{} << "f2_" << folderId << name, '`'),
+        "secret_name3"_a = EncloseAndEscapeString(TStringBuilder{} << "k1" << name, '`'),
+        "secret_name4"_a = EncloseAndEscapeString(TStringBuilder{} << "k2" << name, '`'),
+        "secret_name5"_a = EncloseAndEscapeString(name, '`'));
 }
 
 TString MakeDeleteExternalDataTableQuery(const TString& tableName) {
diff --git a/ydb/core/fq/libs/control_plane_proxy/actors/query_utils.h b/ydb/core/fq/libs/control_plane_proxy/actors/query_utils.h
@@ -10,9 +10,10 @@ namespace NPrivate {
 
 TMaybe<TString> CreateSecretObjectQuery(const FederatedQuery::ConnectionSetting& setting,
                                         const TString& name,
-                                        const TSigner::TPtr& signer);
+                                        const TSigner::TPtr& signer,
+                                        const TString& scope);
 
-TMaybe<TString> DropSecretObjectQuery(const TString& name);
+TMaybe<TString> DropSecretObjectQuery(const TString& name, const TString& scope);
 
 TString MakeCreateExternalDataSourceQuery(
     const FederatedQuery::ConnectionContent& connectionContent,
diff --git a/ydb/core/fq/libs/control_plane_proxy/actors/ydb_schema_query_actor.cpp b/ydb/core/fq/libs/control_plane_proxy/actors/ydb_schema_query_actor.cpp
@@ -557,10 +557,12 @@ IActor* MakeCreateConnectionActor(
          computeConfig](const TEvControlPlaneProxy::TEvCreateConnectionRequest::TPtr& req)
         -> std::vector<TSchemaQueryTask> {
         auto& connectionContent = req->Get()->Request.content();
+        const auto& scope = req->Get()->Scope;
 
         auto createSecretStatement = CreateSecretObjectQuery(connectionContent.setting(),
                                                              connectionContent.name(),
-                                                             signer);
+                                                             signer,
+                                                             scope);
 
         std::vector<TSchemaQueryTask> statements;
         if (createSecretStatement) {
@@ -659,21 +661,23 @@ IActor* MakeModifyConnectionActor(
         auto& oldConnectionContent = (*request->Get()->OldConnectionContent);
         auto& oldBindings          = request->Get()->OldBindingContents;
         auto& newConnectionContent = request->Get()->Request.content();
+        const auto& scope = request->Get()->Scope;
 
         auto dropOldSecret =
-            DropSecretObjectQuery(oldConnectionContent.name());
+            DropSecretObjectQuery(oldConnectionContent.name(), scope);
         auto createNewSecret =
             CreateSecretObjectQuery(newConnectionContent.setting(),
                                     newConnectionContent.name(),
-                                    signer);
+                                    signer,
+                                    scope);
 
         bool replaceSupported = computeConfig.IsReplaceIfExistsSyntaxSupported();
         if (replaceSupported &&
             oldConnectionContent.name() == newConnectionContent.name()) {
             // CREATE OR REPLACE
             auto createSecretStatement =
                 CreateSecretObjectQuery(newConnectionContent.setting(),
-                                        newConnectionContent.name(), signer);
+                                        newConnectionContent.name(), signer, scope);
 
             std::vector<TSchemaQueryTask> statements;
             if (createSecretStatement) {
@@ -720,13 +724,13 @@ IActor* MakeModifyConnectionActor(
                 .SQL         = *dropOldSecret,
                 .RollbackSQL = CreateSecretObjectQuery(oldConnectionContent.setting(),
                                                        oldConnectionContent.name(),
-                                                       signer),
+                                                       signer, scope),
                 .ShouldSkipStepOnError = IsPathDoesNotExistIssue});
         }
         if (createNewSecret) {
             statements.push_back(TSchemaQueryTask{.SQL         = *createNewSecret,
                                                   .RollbackSQL = DropSecretObjectQuery(
-                                                      newConnectionContent.name())});
+                                                      newConnectionContent.name(), scope)});
         }
 
         statements.push_back(
@@ -787,9 +791,10 @@ IActor* MakeDeleteConnectionActor(
             const TEvControlPlaneProxy::TEvDeleteConnectionRequest::TPtr& request)
         -> std::vector<TSchemaQueryTask> {
         auto& connectionContent = *request->Get()->ConnectionContent;
+        const auto& scope = request->Get()->Scope;
 
         auto dropSecret =
-            DropSecretObjectQuery(connectionContent.name());
+            DropSecretObjectQuery(connectionContent.name(), scope);
 
         std::vector statements = {
             TSchemaQueryTask{.SQL = TString{MakeDeleteExternalDataSourceQuery(
@@ -803,7 +808,7 @@ IActor* MakeDeleteConnectionActor(
                                  .RollbackSQL =
                                      CreateSecretObjectQuery(connectionContent.setting(),
                                                              connectionContent.name(),
-                                                             signer),
+                                                             signer, scope),
                                  .ShouldSkipStepOnError = IsPathDoesNotExistIssue});
         }
         return statements;
