Add option 'HASH' into CREATE USER

Need for: <https://github.com/ydb-platform/ydb-rfc/blob/main/backup_fstek.md>

```
CREATE USER my_user HASH '
	{"hash": "p4ffeMugohqyBwyckYCK1TjJfz3LIHbKiGL+t+oEhzw=",
	 "salt": "U+tzBtgo06EBQCjlARA6Jg==",
	 "type": "argon2id"
	}'
```
commit_hash:a0c695c2e2f7f794e5c4db978fe33a7bfea59e2c

1 files changed, 87 insertions, 36 deletions

diff --git a/yql/essentials/sql/v1/sql_translation.cpp b/yql/essentials/sql/v1/sql_translation.cpp
index a4c55cad71..1c60897886 100644
--- a/yql/essentials/sql/v1/sql_translation.cpp
+++ b/yql/essentials/sql/v1/sql_translation.cpp
@@ -3818,64 +3818,113 @@ bool TSqlTranslation::RoleNameClause(const TRule_role_name& node, TDeferredAtom&
     return true;
 }
 
-bool TSqlTranslation::RoleParameters(const std::vector<TRule_create_user_option>& optionsList, TRoleParameters& result) {
-    enum class ECreateUserOption {
+bool TSqlTranslation::PasswordParameter(const TRule_password_option& passwordOption, TUserParameters& result) {
+    // password_option: ENCRYPTED? PASSWORD expr;
+    TSqlExpression expr(Ctx, Mode);
+    TNodePtr password = expr.Build(passwordOption.GetRule_expr3());
+    if (!password) {
+        Error() << "Couldn't parse the password";
+        return false;
+    }
+
+    result.IsPasswordEncrypted = passwordOption.HasBlock1();
+    if (!password->IsNull()) {
+        result.Password = MakeAtomFromExpression(Ctx.Pos(), Ctx, password);
+    }
+
+    return true;
+}
+
+bool TSqlTranslation::HashParameter(const TRule_hash_option& hashOption, TUserParameters& result) {
+    // hash_option: HASH expr;
+    TSqlExpression expr(Ctx, Mode);
+    TNodePtr hash = expr.Build(hashOption.GetRule_expr2());
+
+    if (!hash) {
+        Error() << "Couldn't parse the hash of password";
+        return false;
+    }
+
+    if (!hash->IsNull()) {
+        result.Hash = MakeAtomFromExpression(Ctx.Pos(), Ctx, hash);
+    }
+
+    return true;
+}
+
+void TSqlTranslation::LoginParameter(const TRule_login_option& loginOption, std::optional<bool>& canLogin) {
+    // login_option: LOGIN | NOLOGIN;
+
+    auto token = loginOption.GetToken1().GetId();
+    if (IS_TOKEN(token, LOGIN)) {
+        canLogin = true;
+    } else if (IS_TOKEN(token, NOLOGIN)) {
+        canLogin = false;
+    } else {
+        Y_ABORT("You should change implementation according to grammar changes");
+    }
+}
+
+bool TSqlTranslation::UserParameters(const std::vector<TRule_user_option>& optionsList, TUserParameters& result, bool isCreateUser) {
+    enum class EUserOption {
         Login,
-        Password
+        Authentication
     };
 
-    std::set<ECreateUserOption> used = {};
+    std::set<EUserOption> used;
 
-    auto ParseCreateUserOption = [&used, this](const TRule_create_user_option& option, TRoleParameters& result) -> bool {
-        // create_user_option: password_option | login_option;
-        // password_option: ENCRYPTED? PASSWORD expr;
-        // login_option: LOGIN | NOLOGIN;
+    auto ParseUserOption = [&used, this](const TRule_user_option& option, TUserParameters& result) -> bool {
+        // user_option: authentication_option | login_option;
+        //      authentication_option: password_option | hash_option;
 
         switch (option.Alt_case()) {
-            case TRule_create_user_option::kAltCreateUserOption1:
+            case TRule_user_option::kAltUserOption1:
             {
-                TSqlExpression expr(Ctx, Mode);
-                TNodePtr password = expr.Build(option.GetAlt_create_user_option1().GetRule_password_option1().GetRule_expr3());
-                if (!password) {
-                    Error() << "Couldn't parse the password";
+                if (used.contains(EUserOption::Authentication)) {
+                    Error() << "Conflicting or redundant options";
                     return false;
                 }
 
-                result.IsPasswordEncrypted = option.GetAlt_create_user_option1().GetRule_password_option1().HasBlock1();
-                if (!password->IsNull()) {
-                    result.Password = MakeAtomFromExpression(Ctx.Pos(), Ctx, password);
-                }
+                used.insert(EUserOption::Authentication);
 
-                if (used.contains(ECreateUserOption::Password)) {
-                    Error() << "Conflicting or redundant options";
-                    return false;
-                }
+                const auto& authenticationOption = option.GetAlt_user_option1().GetRule_authentication_option1();
+
+                switch (authenticationOption.Alt_case()) {
+                    case TRule_authentication_option::kAltAuthenticationOption1: {
+                        if (!PasswordParameter(authenticationOption.GetAlt_authentication_option1().GetRule_password_option1(), result)){
+                            return false;
+                        }
 
-                used.insert(ECreateUserOption::Password);
+                        break;
+                    }
+                    case TRule_authentication_option::kAltAuthenticationOption2: {
+                        if (!HashParameter(authenticationOption.GetAlt_authentication_option2().GetRule_hash_option1(), result)){
+                            return false;
+                        }
+
+                        break;
+                    }
+                    case TRule_authentication_option::ALT_NOT_SET: {
+                        Y_ABORT("You should change implementation according to grammar changes");
+                    }
+                }
 
                 break;
             }
-            case TRule_create_user_option::kAltCreateUserOption2:
+            case TRule_user_option::kAltUserOption2:
             {
-                if (used.contains(ECreateUserOption::Login)) {
+                if (used.contains(EUserOption::Login)) {
                     Error() << "Conflicting or redundant options";
                     return false;
                 }
 
-                used.insert(ECreateUserOption::Login);
+                used.insert(EUserOption::Login);
 
-                const auto token = option.GetAlt_create_user_option2().GetRule_login_option1().GetToken1().GetId();
-                if (IS_TOKEN(token, LOGIN)) {
-                    result.CanLogin = TRoleParameters::ETypeOfLogin::Login;
-                } else if (IS_TOKEN(token, NOLOGIN)) {
-                    result.CanLogin = TRoleParameters::ETypeOfLogin::NoLogin;
-                } else {
-                    Y_ABORT("You should change implementation according to grammar changes");
-                }
+                LoginParameter(option.GetAlt_user_option2().GetRule_login_option1(), result.CanLogin);
 
                 break;
             }
-            case TRule_create_user_option::ALT_NOT_SET:
+            case TRule_user_option::ALT_NOT_SET:
             {
                 Y_ABORT("You should change implementation according to grammar changes");
             }
@@ -3884,10 +3933,12 @@ bool TSqlTranslation::RoleParameters(const std::vector<TRule_create_user_option>
         return true;
     };
 
-    result = TRoleParameters{};
+    if (isCreateUser) {
+        result.CanLogin = true;
+    }
 
     for (const auto& option : optionsList) {
-        if (!ParseCreateUserOption(option, result)) {
+        if (!ParseUserOption(option, result)) {
             return false;
         }
     }