[ymq] forward cloud subject to action actor

init

5 files changed, 35 insertions, 8 deletions

diff --git a/ydb/core/ymq/actor/action.h b/ydb/core/ymq/actor/action.h
index 4ba50378db7..b0afce5b2cf 100644
--- a/ydb/core/ymq/actor/action.h
+++ b/ydb/core/ymq/actor/action.h
@@ -77,9 +77,10 @@ public:
             return;
         }
 
-        TStringBuf tokenBuf(SecurityToken_);
-        UserName_ = TString(tokenBuf.NextTok(':'));
-        FolderId_ = TString(tokenBuf);
+        auto items = ParseCloudSecurityToken(SecurityToken_);
+        UserName_ = std::get<0>(items);
+        FolderId_ = std::get<1>(items);
+        UserSID_ = std::get<2>(items);
     }
 
     void DoBootstrap() {
diff --git a/ydb/core/ymq/actor/proxy_actor.cpp b/ydb/core/ymq/actor/proxy_actor.cpp
index 70c74d65f1d..f2a23318df9 100644
--- a/ydb/core/ymq/actor/proxy_actor.cpp
+++ b/ydb/core/ymq/actor/proxy_actor.cpp
@@ -59,6 +59,13 @@ TString SecurityPrint(const NKikimrClient::TSqsResponse& resp) {
     Y_VERIFY(false);
 }
 
+std::tuple<TString, TString, TString> ParseCloudSecurityToken(const TString& token) {
+    TStringBuf tokenBuf(token);
+    TString userName = TString(tokenBuf.NextTok(':'));
+    TString folderId = TString(tokenBuf.NextTok(':'));
+    TString userSID = TString(tokenBuf.NextTok(':'));
+    return {userName, folderId, userSID};
+}
 
 void TProxyActor::Bootstrap() {
     this->Become(&TProxyActor::StateFunc);
@@ -74,9 +81,9 @@ void TProxyActor::Bootstrap() {
         securityToken = ExtractSecurityToken<typename std::remove_reference<decltype(request)>::type, TCredentials>(request);
         SQS_SWITCH_REQUEST(Request_, Y_VERIFY(false));
 #undef SQS_REQUEST_CASE
-        TStringBuf tokenBuf(securityToken);
-        UserName_ = TString(tokenBuf.NextTok(':'));
-        FolderId_ = TString(tokenBuf.NextTok(':'));
+        auto items = ParseCloudSecurityToken(securityToken);
+        UserName_ = std::get<0>(items);
+        FolderId_ = std::get<1>(items);
 
         // TODO: handle empty cloud id better
         RLOG_SQS_DEBUG("Proxy actor: used " << UserName_ << " as an account name and " << QueueName_ << " as a queue name");
diff --git a/ydb/core/ymq/actor/proxy_actor.h b/ydb/core/ymq/actor/proxy_actor.h
index 3ae1df0565f..c5397ef7023 100644
--- a/ydb/core/ymq/actor/proxy_actor.h
+++ b/ydb/core/ymq/actor/proxy_actor.h
@@ -13,6 +13,8 @@
 
 namespace NKikimr::NSQS {
 
+std::tuple<TString, TString, TString> ParseCloudSecurityToken(const TString& token);
+
 class TProxyActor
     : public TActorBootstrapped<TProxyActor>
 {
diff --git a/ydb/core/ymq/base/counters.cpp b/ydb/core/ymq/base/counters.cpp
index 8bbdf5613cb..7fe6cdd0ab3 100644
--- a/ydb/core/ymq/base/counters.cpp
+++ b/ydb/core/ymq/base/counters.cpp
@@ -970,6 +970,14 @@ void TCloudAuthCounters::IncCounter(const NCloudAuth::EActionType actionType, co
     ++*CloudAuthCounters[actionType][credentialType][grpcStatus];
 }
 
+void TCloudAuthCounters::IncAuthorizeCounter(const NCloudAuth::ECredentialType credentialType, bool error) {
+    if (error) {
+        ++*AuthorizeError[credentialType];
+    } else {
+        ++*AuthorizeSuccess[credentialType];
+    }
+}
+
 void TCloudAuthCounters::InitCounters(TIntrusivePtr<::NMonitoring::TDynamicCounters> cloudAuthCounters) {
     for (size_t actionType = 0; actionType < NCloudAuth::EActionType::ActionTypesCount; ++actionType) {
         const auto actionTypeStr = ToString(static_cast<NCloudAuth::EActionType>(actionType));
@@ -977,8 +985,14 @@ void TCloudAuthCounters::InitCounters(TIntrusivePtr<::NMonitoring::TDynamicCount
         for (size_t credentialType = 0; credentialType < NCloudAuth::ECredentialType::CredentialTypesCount; ++credentialType) {
             const auto credentialTypeStr = ToString(static_cast<NCloudAuth::ECredentialType>(credentialType));
             const auto actionAndCredentialCounters = actionCounters->GetSubgroup("credential_type", credentialTypeStr);
-            for (size_t grpcStatus = 0; grpcStatus < GRPC_STATUSES_COUNT; ++grpcStatus) {
-                INIT_COUNTER_WITH_NAME(actionAndCredentialCounters, CloudAuthCounters[actionType][credentialType][grpcStatus], StringifyGrpcStatus(grpcStatus), ELifetime::Persistent, EValueType::Derivative, Lazy(*Cfg));
+            
+            if (actionType == NCloudAuth::EActionType::Authorize) {
+                INIT_COUNTER_WITH_NAME(actionAndCredentialCounters, AuthorizeSuccess[credentialType], "success", ELifetime::Persistent, EValueType::Derivative, Lazy(*Cfg));
+                INIT_COUNTER_WITH_NAME(actionAndCredentialCounters, AuthorizeError[credentialType], "error", ELifetime::Persistent, EValueType::Derivative, Lazy(*Cfg));
+            } else {
+                for (size_t grpcStatus = 0; grpcStatus < GRPC_STATUSES_COUNT; ++grpcStatus) {
+                    INIT_COUNTER_WITH_NAME(actionAndCredentialCounters, CloudAuthCounters[actionType][credentialType][grpcStatus], StringifyGrpcStatus(grpcStatus), ELifetime::Persistent, EValueType::Derivative, Lazy(*Cfg));
+                }
             }
         }
     }
diff --git a/ydb/core/ymq/base/counters.h b/ydb/core/ymq/base/counters.h
index d3f98ea31de..7e6668b4746 100644
--- a/ydb/core/ymq/base/counters.h
+++ b/ydb/core/ymq/base/counters.h
@@ -794,6 +794,7 @@ struct TCloudAuthCounters {
     }
 
     void IncCounter(const NCloudAuth::EActionType actionType, const NCloudAuth::ECredentialType credentialType, int grpcStatus);
+    void IncAuthorizeCounter(const NCloudAuth::ECredentialType credentialType, bool error);
 
     static constexpr int GRPC_STATUSES_COUNT = 18;
 
@@ -805,6 +806,8 @@ private:
     TLazyCachedCounter CloudAuthCounters[NCloudAuth::EActionType::ActionTypesCount] // 3 types.
                                         [NCloudAuth::ECredentialType::CredentialTypesCount] // 2 types.
                                         [GRPC_STATUSES_COUNT]; // 18 types.
+    TLazyCachedCounter AuthorizeSuccess[NCloudAuth::ECredentialType::CredentialTypesCount];
+    TLazyCachedCounter AuthorizeError[NCloudAuth::ECredentialType::CredentialTypesCount];
 };
 
 // Metering counters in SQS core subsystem.