Add permissions to ydb tools restore (#7247)

Author: pixcc

ydb/library/backup/backup.cpp

@@ -5,9 +5,10 @@
 #include "util.h"
 
 #include <ydb/public/api/protos/ydb_table.pb.h>
+#include <ydb/public/lib/ydb_cli/common/recursive_remove.h>
+#include <ydb/public/lib/ydb_cli/dump/util/util.h>
 #include <ydb/public/lib/yson_value/ydb_yson_value.h>
 #include <ydb/public/sdk/cpp/client/ydb_table/table.h>
-#include <ydb/public/lib/ydb_cli/common/recursive_remove.h>
 
 #include <library/cpp/containers/stack_vector/stack_vec.h>
 #include <library/cpp/string_utils/quote/quote.h>
@@ -432,8 +433,8 @@ Ydb::Table::CreateTableRequest ProtoFromTableDescription(const NTable::TTableDes
 
 NScheme::TSchemeEntry DescribePath(TDriver driver, const TString& fullPath) {
     NScheme::TSchemeClient client(driver);
-
-    auto status = client.DescribePath(fullPath).GetValueSync();
+    
+    auto status = NDump::DescribePath(client, fullPath);
     VerifyStatus(status);
     LOG_DEBUG("Path is described, fullPath: " << fullPath);
 
@@ -596,9 +597,6 @@ void BackupFolderImpl(TDriver driver, const TString& dbPrefix, const TString& ba
                     BackupTable(driver, dbIt.GetTraverseRoot(), backupPrefix, dbIt.GetRelPath(),
                             childFolderPath, schemaOnly, preservePoolKinds, ordered);
                     childFolderPath.Child(INCOMPLETE_FILE_NAME).DeleteIfExists();
-                } else if (dbIt.IsDir()) {
-                    BackupPermissions(driver, dbIt.GetTraverseRoot(), dbIt.GetRelPath(), childFolderPath);
-                    childFolderPath.Child(INCOMPLETE_FILE_NAME).DeleteIfExists();
                 }
             } else if (!avoidCopy) {
                 if (dbIt.IsTable()) {
@@ -632,6 +630,7 @@ void BackupFolderImpl(TDriver driver, const TString& dbPrefix, const TString& ba
                 Y_ENSURE(!childFolderPath.Child(INCOMPLETE_FILE_NAME).Exists());
             } else if (dbIt.IsDir()) {
                 MaybeCreateEmptyFile(childFolderPath);
+                BackupPermissions(driver, dbIt.GetTraverseRoot(), dbIt.GetRelPath(), childFolderPath);
             }
 
             childFolderPath.Child(INCOMPLETE_FILE_NAME).DeleteIfExists();
@@ -670,8 +669,8 @@ void BackupFolderImpl(TDriver driver, const TString& dbPrefix, const TString& ba
                     DropTable(driver, tmpTablePath);
                 }
             } else if (dbIt.IsDir()) {
-                BackupPermissions(driver, dbIt.GetTraverseRoot(), dbIt.GetRelPath(), childFolderPath);
                 MaybeCreateEmptyFile(childFolderPath);
+                BackupPermissions(driver, dbIt.GetTraverseRoot(), dbIt.GetRelPath(), childFolderPath);
                 if (!avoidCopy) {
                     RemoveClusterDirectory(driver, tmpTablePath);
                 }

ydb/library/backup/ya.make

@@ -9,6 +9,7 @@ PEERDIR(
     ydb/public/api/grpc
     ydb/public/api/protos
     ydb/public/lib/ydb_cli/common
+    ydb/public/lib/ydb_cli/dump/util
     ydb/public/lib/yson_value
     ydb/public/sdk/cpp/client/ydb_proto
     ydb/public/sdk/cpp/client/ydb_scheme

ydb/public/lib/ydb_cli/commands/ydb_tools.cpp

@@ -54,7 +54,7 @@ void TCommandDump::Config(TConfig& config) {
     config.Opts->AddLongOption('o', "output", "[Required] Path in a local filesystem to a directory to place dump into."
             " Directory should either not exist or be empty.")
         .StoreResult(&FilePath);
-    config.Opts->AddLongOption("scheme-only", "Dump only scheme")
+    config.Opts->AddLongOption("scheme-only", "Dump only scheme including ACL and owner")
         .StoreTrue(&IsSchemeOnly);
     config.Opts->AddLongOption("avoid-copy", "Avoid copying."
             " By default, YDB makes a copy of a table before dumping it to reduce impact on workload and ensure consistency.\n"
@@ -142,6 +142,9 @@ void TCommandRestore::Config(TConfig& config) {
 
     config.Opts->AddLongOption("restore-indexes", "Whether to restore indexes or not")
         .DefaultValue(defaults.RestoreIndexes_).StoreResult(&RestoreIndexes);
+    
+    config.Opts->AddLongOption("restore-acl", "Whether to restore ACL and owner or not")
+        .DefaultValue(defaults.RestoreACL_).StoreResult(&RestoreACL);
 
     config.Opts->AddLongOption("skip-document-tables", TStringBuilder()
             << "Document API tables cannot be restored for now. "
@@ -197,6 +200,7 @@ int TCommandRestore::Run(TConfig& config) {
         .DryRun(IsDryRun)
         .RestoreData(RestoreData)
         .RestoreIndexes(RestoreIndexes)
+        .RestoreACL(RestoreACL)
         .SkipDocumentTables(SkipDocumentTables)
         .SavePartialResult(SavePartialResult)
         .RowsPerRequest(NYdb::SizeFromString(RowsPerRequest))

ydb/public/lib/ydb_cli/commands/ydb_tools.h

@@ -58,6 +58,7 @@ class TCommandRestore : public TToolsCommand, public TCommandWithPath {
     bool IsDryRun = false;
     bool RestoreData = true;
     bool RestoreIndexes = true;
+    bool RestoreACL = true;
     bool SkipDocumentTables = false;
     bool SavePartialResult = false;
     TString UploadBandwidth;

ydb/public/lib/ydb_cli/dump/dump.cpp

@@ -13,6 +13,7 @@ namespace NYdb {
 namespace NDump {
 
 extern const char SCHEME_FILE_NAME[] = "scheme.pb";
+extern const char PERMISSIONS_FILE_NAME[] = "permissions.pb";
 extern const char INCOMPLETE_FILE_NAME[] = "incomplete";
 extern const char EMPTY_FILE_NAME[] = "empty_dir";
 

ydb/public/lib/ydb_cli/dump/dump.h

@@ -10,6 +10,7 @@ namespace NYdb {
 namespace NDump {
 
 extern const char SCHEME_FILE_NAME[10];
+extern const char PERMISSIONS_FILE_NAME[15];
 extern const char INCOMPLETE_FILE_NAME[11];
 extern const char EMPTY_FILE_NAME[10];
 
@@ -64,6 +65,7 @@ struct TRestoreSettings: public TOperationRequestSettings<TRestoreSettings> {
     FLUENT_SETTING_DEFAULT(bool, DryRun, false);
     FLUENT_SETTING_DEFAULT(bool, RestoreData, true);
     FLUENT_SETTING_DEFAULT(bool, RestoreIndexes, true);
+    FLUENT_SETTING_DEFAULT(bool, RestoreACL, true);
     FLUENT_SETTING_DEFAULT(bool, SkipDocumentTables, false);
     FLUENT_SETTING_DEFAULT(bool, SavePartialResult, false);
 

ydb/public/lib/ydb_cli/dump/restore_impl.cpp

@@ -4,6 +4,7 @@
 
 #include <ydb/public/api/protos/ydb_table.pb.h>
 #include <ydb/public/sdk/cpp/client/ydb_proto/accessor.h>
+#include <ydb/public/lib/ydb_cli/common/recursive_list.h>
 #include <ydb/public/lib/ydb_cli/common/recursive_remove.h>
 #include <ydb/public/lib/ydb_cli/common/retry_func.h>
 #include <ydb/public/lib/ydb_cli/dump/util/util.h>
@@ -19,6 +20,7 @@
 namespace NYdb {
 namespace NDump {
 
+using namespace NConsoleClient;
 using namespace NImport;
 using namespace NOperation;
 using namespace NScheme;
@@ -43,6 +45,12 @@ TTableDescription TableDescriptionFromProto(const Ydb::Table::CreateTableRequest
     return TProtoAccessor::FromProto(proto);
 }
 
+Ydb::Scheme::ModifyPermissionsRequest ReadPermissions(const TString& fsPath) {
+    Ydb::Scheme::ModifyPermissionsRequest proto;
+    Y_ENSURE(google::protobuf::TextFormat::ParseFromString(TFileInput(fsPath).ReadAll(), &proto));
+    return proto;
+}
+
 bool HasRunningIndexBuilds(TOperationClient& client, const TString& dbPath) {
     const ui64 pageSize = 100;
     TString pageToken;
@@ -131,34 +139,34 @@ TRestoreResult TRestoreClient::Restore(const TString& fsPath, const TString& dbP
         dbBasePath = dbBasePath.Parent();
     }
 
-    auto oldDirectoryList = SchemeClient.ListDirectory(dbBasePath).GetValueSync();
-    if (!oldDirectoryList.IsSuccess()) {
+    auto oldDirectoryList = RecursiveList(SchemeClient, dbBasePath);
+    if (!oldDirectoryList.Status.IsSuccess()) {
         return Result<TRestoreResult>(EStatus::SCHEME_ERROR, "Can not list existing directory");
     }
 
     THashSet<TString> oldEntries;
-    for (const auto& entry : oldDirectoryList.GetChildren()) {
+    for (const auto& entry : oldDirectoryList.Entries) {
         oldEntries.insert(entry.Name);
     }
 
     // restore
-    auto restoreResult = RestoreFolder(fsPath, dbPath, settings);
+    auto restoreResult = RestoreFolder(fsPath, dbPath, settings, oldEntries);
     if (restoreResult.IsSuccess() || settings.SavePartialResult_) {
         return restoreResult;
     }
 
     // cleanup
-    auto newDirectoryList = SchemeClient.ListDirectory(dbBasePath).GetValueSync();
-    if (!newDirectoryList.IsSuccess()) {
+    auto newDirectoryList = RecursiveList(SchemeClient, dbBasePath);
+    if (!newDirectoryList.Status.IsSuccess()) {
         return restoreResult;
     }
 
-    for (const auto& entry : newDirectoryList.GetChildren()) {
+    for (const auto& entry : newDirectoryList.Entries) {
         if (oldEntries.contains(entry.Name)) {
             continue;
         }
 
-        auto fullPath = dbBasePath.Child(entry.Name);
+        const auto& fullPath = entry.Name; // RecursiveList returns full path instead of entry's name
 
         switch (entry.Type) {
             case ESchemeEntryType::Directory: {
@@ -185,7 +193,9 @@ TRestoreResult TRestoreClient::Restore(const TString& fsPath, const TString& dbP
     return restoreResult;
 }
 
-TRestoreResult TRestoreClient::RestoreFolder(const TFsPath& fsPath, const TString& dbPath, const TRestoreSettings& settings) {
+TRestoreResult TRestoreClient::RestoreFolder(const TFsPath& fsPath, const TString& dbPath,
+    const TRestoreSettings& settings, const THashSet<TString>& oldEntries)
+{   
     if (!fsPath) {
         return Result<TRestoreResult>(EStatus::BAD_REQUEST, "Folder is not specified");
     }
@@ -206,11 +216,11 @@ TRestoreResult TRestoreClient::RestoreFolder(const TFsPath& fsPath, const TStrin
     }
 
     if (IsFileExists(fsPath.Child(SCHEME_FILE_NAME))) {
-        return RestoreTable(fsPath, Join('/', dbPath, fsPath.GetName()), settings);
+        return RestoreTable(fsPath, Join('/', dbPath, fsPath.GetName()), settings, oldEntries);
     }
 
     if (IsFileExists(fsPath.Child(EMPTY_FILE_NAME))) {
-        return MakeDirectory(SchemeClient, Join('/', dbPath, fsPath.GetName()));
+        return RestoreEmptyDir(fsPath, Join('/', dbPath, fsPath.GetName()), settings, oldEntries);
     }
 
     TMaybe<TRestoreResult> result;
@@ -219,26 +229,24 @@ TRestoreResult TRestoreClient::RestoreFolder(const TFsPath& fsPath, const TStrin
     fsPath.List(children);
     for (const auto& child : children) {
         if (IsFileExists(child.Child(SCHEME_FILE_NAME))) {
-            result = RestoreTable(child, Join('/', dbPath, child.GetName()), settings);
+            result = RestoreTable(child, Join('/', dbPath, child.GetName()), settings, oldEntries);
         } else if (IsFileExists(child.Child(EMPTY_FILE_NAME))) {
-            result = MakeDirectory(SchemeClient, Join('/', dbPath, child.GetName()));
-        } else {
-            result = RestoreFolder(child, Join('/', dbPath, child.GetName()), settings);
+            result = RestoreEmptyDir(child, Join('/', dbPath, child.GetName()), settings, oldEntries);
+        } else if (child.IsDirectory()) {
+            result = RestoreFolder(child, Join('/', dbPath, child.GetName()), settings, oldEntries);
         }
 
-        if (!result->IsSuccess()) {
+        if (result.Defined() && !result->IsSuccess()) {
             return *result;
         }
     }
-
-    if (!result) {
-        return Result<TRestoreResult>();
-    }
-
-    return *result;
+   
+    return RestorePermissions(fsPath, dbPath, settings, oldEntries);
 }
 
-TRestoreResult TRestoreClient::RestoreTable(const TFsPath& fsPath, const TString& dbPath, const TRestoreSettings& settings) {
+TRestoreResult TRestoreClient::RestoreTable(const TFsPath& fsPath, const TString& dbPath,
+    const TRestoreSettings& settings, const THashSet<TString>& oldEntries)
+{
     if (fsPath.Child(INCOMPLETE_FILE_NAME).Exists()) {
         return Result<TRestoreResult>(EStatus::BAD_REQUEST,
             TStringBuilder() << "There is incomplete file in folder: " << fsPath.GetPath());
@@ -268,7 +276,7 @@ TRestoreResult TRestoreClient::RestoreTable(const TFsPath& fsPath, const TString
         }
     }
 
-    return Result<TRestoreResult>();
+    return RestorePermissions(fsPath, dbPath, settings, oldEntries);
 }
 
 TRestoreResult TRestoreClient::CheckSchema(const TString& dbPath, const TTableDescription& desc) {
@@ -444,5 +452,45 @@ TRestoreResult TRestoreClient::RestoreIndexes(const TString& dbPath, const TTabl
     return Result<TRestoreResult>();
 }
 
+TRestoreResult TRestoreClient::RestorePermissions(const TFsPath& fsPath, const TString& dbPath,
+    const TRestoreSettings& settings, const THashSet<TString>& oldEntries)
+{   
+    if (fsPath.Child(INCOMPLETE_FILE_NAME).Exists()) {
+        return Result<TRestoreResult>(EStatus::BAD_REQUEST,
+            TStringBuilder() << "There is incomplete file in folder: " << fsPath.GetPath());
+    }
+
+    if (!settings.RestoreACL_) {
+        return Result<TRestoreResult>();
+    }
+
+    if (oldEntries.contains(dbPath)) {
+        return Result<TRestoreResult>();
+    }
+
+    if (!fsPath.Child(PERMISSIONS_FILE_NAME).Exists()) {
+        return Result<TRestoreResult>();
+    }
+
+    auto permissions = ReadPermissions(fsPath.Child(PERMISSIONS_FILE_NAME));
+    return ModifyPermissions(SchemeClient, dbPath, TModifyPermissionsSettings(permissions));
+}
+
+TRestoreResult TRestoreClient::RestoreEmptyDir(const TFsPath& fsPath, const TString &dbPath,
+    const TRestoreSettings& settings, const THashSet<TString>& oldEntries)
+{
+    if (fsPath.Child(INCOMPLETE_FILE_NAME).Exists()) {
+        return Result<TRestoreResult>(EStatus::BAD_REQUEST,
+            TStringBuilder() << "There is incomplete file in folder: " << fsPath.GetPath());
+    }
+
+    auto result = MakeDirectory(SchemeClient, dbPath);
+    if (!result.IsSuccess()) {
+        return result;
+    }
+
+    return RestorePermissions(fsPath, dbPath, settings, oldEntries);
+}
+
 } // NDump
 } // NYdb

ydb/public/lib/ydb_cli/dump/restore_impl.h

@@ -36,12 +36,14 @@ class IDataWriter {
 } // NPrivate
 
 class TRestoreClient {
-    TRestoreResult RestoreFolder(const TFsPath& fsPath, const TString& dbPath, const TRestoreSettings& settings);
-    TRestoreResult RestoreTable(const TFsPath& fsPath, const TString& dbPath, const TRestoreSettings& settings);
+    TRestoreResult RestoreFolder(const TFsPath& fsPath, const TString& dbPath, const TRestoreSettings& settings, const THashSet<TString>& oldEntries);
+    TRestoreResult RestoreEmptyDir(const TFsPath& fsPath, const TString &dbPath, const TRestoreSettings& settings, const THashSet<TString>& oldEntries);
+    TRestoreResult RestoreTable(const TFsPath& fsPath, const TString& dbPath, const TRestoreSettings& settings, const THashSet<TString>& oldEntries);
 
     TRestoreResult CheckSchema(const TString& dbPath, const NTable::TTableDescription& desc);
     TRestoreResult RestoreData(const TFsPath& fsPath, const TString& dbPath, const TRestoreSettings& settings, const NTable::TTableDescription& desc);
     TRestoreResult RestoreIndexes(const TString& dbPath, const NTable::TTableDescription& desc);
+    TRestoreResult RestorePermissions(const TFsPath& fsPath, const TString& dbPath, const TRestoreSettings& settings, const THashSet<TString>& oldEntries);
 
 public:
     explicit TRestoreClient(

ydb/public/lib/ydb_cli/dump/util/util.cpp

@@ -34,4 +34,10 @@ TStatus MakeDirectory(TSchemeClient& schemeClient, const TString& path, const TM
     });
 }
 
+TStatus ModifyPermissions(TSchemeClient& schemeClient, const TString& path, const TModifyPermissionsSettings& settings) {
+    return NConsoleClient::RetryFunction([&]() -> TStatus {
+        return schemeClient.ModifyPermissions(path, settings).ExtractValueSync();
+    });
+}
+
 }

ydb/public/lib/ydb_cli/dump/util/util.h

@@ -51,4 +51,8 @@ TStatus MakeDirectory(
     const TString& path,
     const NScheme::TMakeDirectorySettings& settings = {});
 
+TStatus ModifyPermissions(
+    NScheme::TSchemeClient& schemeClient,
+    const TString& path,
+    const NScheme::TModifyPermissionsSettings& settings = {});
 }