Fix message about absent SID in local schemeshard (#14458)

Author: flown4qqqq

ydb/core/tx/schemeshard/schemeshard__operation_modify_acl.cpp

@@ -17,6 +17,7 @@ class TModifyACL: public TSubOperationBase {
 
     THolder<TProposeResponse> Propose(const TString&, TOperationContext& context) override {
         const TTabletId ssId = context.SS->SelfTabletId();
+        const TString databaseName = CanonizePath(context.SS->RootPathElements);
 
         const TString& parentPathStr = Transaction.GetWorkingDir();
         const auto& op = Transaction.GetModifyACL();
@@ -62,7 +63,7 @@ class TModifyACL: public TSubOperationBase {
                 if (static_cast<NACLib::EDiffType>(diffACE.GetDiffType()) == NACLib::EDiffType::Add) {
                     if (!CheckSidExistsOrIsNonYdb(context.SS->LoginProvider.Sids, diffACE.GetACE().GetSID())) {
                         result->SetError(NKikimrScheme::StatusPreconditionFailed,
-                            TStringBuilder() << "SID " << diffACE.GetACE().GetSID() << " not found");
+                            TStringBuilder() << "SID " << diffACE.GetACE().GetSID() << " not found in database `" << databaseName << "`");
                         return result;
                     }
                 } // remove diff type is allowed in any case
@@ -71,7 +72,7 @@ class TModifyACL: public TSubOperationBase {
         if (owner && AppData()->FeatureFlags.GetEnableStrictAclCheck()) {
             if (!CheckSidExistsOrIsNonYdb(context.SS->LoginProvider.Sids, owner)) {
                 result->SetError(NKikimrScheme::StatusPreconditionFailed,
-                    TStringBuilder() << "Owner SID " << owner << " not found");
+                    TStringBuilder() << "Owner SID " << owner << " not found in database `" << databaseName << "`");
                 return result;
             }
         }

ydb/core/tx/schemeshard/ut_login/ut_login.cpp

@@ -451,10 +451,10 @@ Y_UNIT_TEST_SUITE(TSchemeShardLoginTest) {
 
         if (StrictAclCheck) {
             AsyncModifyACL(runtime, ++txId, "/MyRoot", "Dir1", diffACL.SerializeAsString(), "");
-            TestModificationResults(runtime, txId, {{NKikimrScheme::StatusPreconditionFailed, "SID user1 not found"}});
+            TestModificationResults(runtime, txId, {{NKikimrScheme::StatusPreconditionFailed, "SID user1 not found in database `/MyRoot`"}});
 
             AsyncModifyACL(runtime, ++txId, "/MyRoot", "Dir1", NACLib::TDiffACL{}.SerializeAsString(), "user1");
-            TestModificationResults(runtime, txId, {{NKikimrScheme::StatusPreconditionFailed, "Owner SID user1 not found"}});
+            TestModificationResults(runtime, txId, {{NKikimrScheme::StatusPreconditionFailed, "Owner SID user1 not found in database `/MyRoot`"}});
         }
 
         CreateAlterLoginCreateUser(runtime, ++txId, "/MyRoot", "user1", "password1");

ydb/tests/functional/tenants/test_create_users_strict_acl_checks.py

@@ -0,0 +1,29 @@
+# -*- coding: utf-8 -*-
+import logging
+
+from ydb.tests.oss.ydb_sdk_import import ydb
+
+logger = logging.getLogger(__name__)
+
+
+# local configuration for the ydb cluster (fetched by ydb_cluster_configuration fixture)
+CLUSTER_CONFIG = dict(
+    extra_feature_flags=['enable_strict_acl_check']
+)
+
+
+def test_create_user(ydb_client, ydb_root, ydb_database):
+    with ydb_client(ydb_root) as driver:
+        with ydb.QuerySessionPool(driver, size=1) as pool:
+            pool.execute_with_retries("CREATE USER user;")
+
+    with ydb_client(ydb_database) as driver:
+        with ydb.QuerySessionPool(driver, size=1) as pool:
+            finished = False
+            try:
+                pool.execute_with_retries(f"GRANT ALL ON `{ydb_database}` TO user;")
+                finished = True
+            except Exception as e:
+                assert f"SID user not found in database `{ydb_database}`" in str(e)
+
+            assert not finished

ydb/tests/functional/tenants/ya.make

@@ -5,6 +5,7 @@ ENV(YDB_DRIVER_BINARY="ydb/apps/ydbd/ydbd")
 TEST_SRCS(
     conftest.py
     test_create_users.py
+    test_create_users_strict_acl_checks.py
     test_db_counters.py
     test_dynamic_tenants.py
     test_tenants.py