@@ -2928,22 +2928,138 @@ Y_UNIT_TEST_SUITE(KqpScheme) {
2928
2928
}
2929
2929
}
2930
2930
2931
- Y_UNIT_TEST(AlterIndexImplTable) {
2932
- TKikimrRunner kikimr;
2931
+ Y_UNIT_TEST_TWIN(AlterIndexImplTable, VectorIndex) {
2932
+ NKikimrConfig::TFeatureFlags featureFlags;
2933
+ featureFlags.SetEnableAccessToIndexImplTables(true);
2934
+ if (VectorIndex)
2935
+ featureFlags.SetEnableVectorIndex(true);
2936
+ auto settings = TKikimrSettings().SetFeatureFlags(featureFlags);
2937
+ TKikimrRunner kikimr(settings);
2933
2938
auto db = kikimr.GetTableClient();
2934
- auto session = db.CreateSession().GetValueSync().GetSession();
2935
- CreateSampleTablesWithIndex(session);
2939
+ kikimr.GetTestClient().GrantConnect("user@builtin");
2940
+ kikimr.GetTestServer().GetRuntime()->GetAppData().AdministrationAllowedSIDs.emplace_back("root@builtin");
2941
+
2942
+ auto adminSession = kikimr.GetTableClient(NYdb::NTable::TClientSettings()
2943
+ .AuthToken("root@builtin")).CreateSession().GetValueSync().GetSession();
2944
+
2945
+ const char *tablePath, *implTablePath;
2946
+ if (VectorIndex) {
2947
+ CreateTestTableWithVectorIndex(adminSession);
2948
+ tablePath = "/Root/TestTable";
2949
+ implTablePath = "/Root/TestTable/vector_idx/indexImplLevelTable";
2950
+ }
2951
+ else {
2952
+ CreateSampleTablesWithIndex(adminSession);
2953
+ tablePath = "/Root/SecondaryKeys";
2954
+ implTablePath = "/Root/SecondaryKeys/Index/indexImplTable";
2955
+ }
2956
+
2957
+ // a user which does not have any implicit permissions
2958
+ auto userSession = kikimr.GetTableClient(NYdb::NTable::TClientSettings()
2959
+ .AuthToken("user@builtin")).CreateSession().GetValueSync().GetSession();
2936
2960
2937
2961
constexpr int minPartitionsCount = 10;
2962
+ auto setPartitioningQuery = [&]() {
2963
+ return userSession.ExecuteSchemeQuery(Sprintf(R"(
2964
+ ALTER TABLE `%s` SET AUTO_PARTITIONING_MIN_PARTITIONS_COUNT %d;
2965
+ )", implTablePath, minPartitionsCount)).ExtractValueSync();
2966
+ };
2967
+ constexpr int replicasCount = 3;
2968
+ auto setReplicasQuery = [&]() {
2969
+ return userSession.ExecuteSchemeQuery(Sprintf(R"(
2970
+ ALTER TABLE `%s` SET READ_REPLICAS_SETTINGS "PER_AZ:%d";
2971
+ )", implTablePath, replicasCount)).ExtractValueSync();
2972
+ };
2973
+ auto setForbiddenSettingsQuery = [&]() {
2974
+ return userSession.ExecuteSchemeQuery(Sprintf(R"(
2975
+ ALTER TABLE `%s` SET KEY_BLOOM_FILTER ENABLED;
2976
+ )", implTablePath)).ExtractValueSync();
2977
+ };
2978
+ auto addColumnQuery = [&]() {
2979
+ return userSession.ExecuteSchemeQuery(Sprintf(R"(
2980
+ ALTER TABLE `%s` ADD COLUMN column1 Uint64;
2981
+ )", implTablePath)).ExtractValueSync();
2982
+ };
2983
+
2984
+ // try altering indexImplTable without ALTER SCHEMA permission
2938
2985
{
2939
- auto result = session.ExecuteSchemeQuery(Sprintf(R"(
2940
- ALTER TABLE `/Root/SecondaryKeys/Index/indexImplTable` SET AUTO_PARTITIONING_MIN_PARTITIONS_COUNT %d;
2941
- )", minPartitionsCount
2942
- )
2943
- ).ExtractValueSync();
2986
+ auto result = setPartitioningQuery();
2944
2987
UNIT_ASSERT_VALUES_EQUAL_C(result.GetStatus(), EStatus::SCHEME_ERROR, result.GetIssues().ToString());
2945
2988
UNIT_ASSERT_STRING_CONTAINS_C(result.GetIssues().ToString(),
2946
- "Error: Cannot find table 'db.[/Root/SecondaryKeys/Index/indexImplTable]' because it does not exist or you do not have access permissions.",
2989
+ "it does not exist or you do not have access permissions",
2990
+ result.GetIssues().ToString()
2991
+ );
2992
+ }
2993
+ {
2994
+ auto result = setReplicasQuery();
2995
+ UNIT_ASSERT_VALUES_EQUAL_C(result.GetStatus(), EStatus::SCHEME_ERROR, result.GetIssues().ToString());
2996
+ UNIT_ASSERT_STRING_CONTAINS_C(result.GetIssues().ToString(),
2997
+ "it does not exist or you do not have access permissions",
2998
+ result.GetIssues().ToString()
2999
+ );
3000
+ }
3001
+
3002
+ // grant necessary permission
3003
+ Grant(adminSession, "DESCRIBE SCHEMA", tablePath, "user@builtin");
3004
+ Grant(adminSession, "ALTER SCHEMA", tablePath, "user@builtin");
3005
+
3006
+ // alter indexImplTable
3007
+ {
3008
+ auto result = setPartitioningQuery();
3009
+ UNIT_ASSERT_C(result.IsSuccess(), result.GetIssues().ToString());
3010
+ }
3011
+ {
3012
+ auto result = setReplicasQuery();
3013
+ UNIT_ASSERT_C(result.IsSuccess(), result.GetIssues().ToString());
3014
+ }
3015
+ // check result
3016
+ {
3017
+ auto describe = userSession.DescribeTable(implTablePath).ExtractValueSync();
3018
+ UNIT_ASSERT_C(describe.IsSuccess(), describe.GetIssues().ToString());
3019
+ auto tableDesc = describe.GetTableDescription();
3020
+
3021
+ UNIT_ASSERT_VALUES_EQUAL(tableDesc.GetPartitioningSettings().GetMinPartitionsCount(), minPartitionsCount);
3022
+
3023
+ const auto readReplicasSettings = tableDesc.GetReadReplicasSettings();
3024
+ UNIT_ASSERT(readReplicasSettings);
3025
+ UNIT_ASSERT(readReplicasSettings->GetMode() == NYdb::NTable::TReadReplicasSettings::EMode::PerAz);
3026
+ UNIT_ASSERT_VALUES_EQUAL(readReplicasSettings->GetReadReplicasCount(), replicasCount);
3027
+ }
3028
+
3029
+
3030
+ // try altering non-partitioning setting of indexImplTable as non-superuser
3031
+ {
3032
+ auto result = setForbiddenSettingsQuery();
3033
+ UNIT_ASSERT_VALUES_EQUAL_C(result.GetStatus(), EStatus::GENERIC_ERROR, result.GetIssues().ToString());
3034
+ UNIT_ASSERT_STRING_CONTAINS_C(result.GetIssues().ToString(),
3035
+ "path is not a common path",
3036
+ result.GetIssues().ToString()
3037
+ );
3038
+ }
3039
+ // try add column to indexImplTable as non-superuser
3040
+ {
3041
+ auto result = addColumnQuery();
3042
+ UNIT_ASSERT_VALUES_EQUAL_C(result.GetStatus(), EStatus::GENERIC_ERROR, result.GetIssues().ToString());
3043
+ UNIT_ASSERT_STRING_CONTAINS_C(result.GetIssues().ToString(),
3044
+ "path is not a common path",
3045
+ result.GetIssues().ToString()
3046
+ );
3047
+ }
3048
+
3049
+ // become superuser
3050
+ kikimr.GetTestServer().GetRuntime()->GetAppData().AdministrationAllowedSIDs.emplace_back("user@builtin");
3051
+
3052
+ // alter non-partitioning setting of indexImplTable as superuser
3053
+ {
3054
+ auto result = setForbiddenSettingsQuery();
3055
+ UNIT_ASSERT_C(result.IsSuccess(), result.GetIssues().ToString());
3056
+ }
3057
+ // try add column to indexImplTable as superuser
3058
+ {
3059
+ auto result = addColumnQuery();
3060
+ UNIT_ASSERT_VALUES_EQUAL_C(result.GetStatus(), EStatus::BAD_REQUEST, result.GetIssues().ToString());
3061
+ UNIT_ASSERT_STRING_CONTAINS_C(result.GetIssues().ToString(),
3062
+ "Adding or dropping columns in index table is not supported",
2947
3063
result.GetIssues().ToString()
2948
3064
);
2949
3065
}
0 commit comments