diff options
| author | hcpp <hcpp@ydb.tech> | 2023-04-27 16:57:02 +0300 |
|---|---|---|
| committer | hcpp <hcpp@ydb.tech> | 2023-04-27 16:57:02 +0300 |
| commit | a6c6d24ddb399eef5a4ba41531e884115a11d8dc (patch) | |
| tree | 2ea2dbf2a72f1f4c1ce4e7e7009b5940e468d44e | |
| parent | 52e7b4925a98dfa47839635e14b083d83d53ea1d (diff) | |
| download | ydb-a6c6d24ddb399eef5a4ba41531e884115a11d8dc.tar.gz | |
subject type has been supported
20 files changed, 526 insertions, 80 deletions
diff --git a/ydb/core/fq/libs/audit/events/events.h b/ydb/core/fq/libs/audit/events/events.h index 1a5f5e6d1f9..170a4f6bf65 100644 --- a/ydb/core/fq/libs/audit/events/events.h +++ b/ydb/core/fq/libs/audit/events/events.h @@ -24,6 +24,7 @@ struct TEvAuditService { TString PeerName; TString UserAgent; TString RequestId; + TString SubjectType; }; // Event ids. diff --git a/ydb/core/fq/libs/cloud_audit/yq_cloud_audit_service.cpp b/ydb/core/fq/libs/cloud_audit/yq_cloud_audit_service.cpp index d42807718a8..41bdee8fc28 100644 --- a/ydb/core/fq/libs/cloud_audit/yq_cloud_audit_service.cpp +++ b/ydb/core/fq/libs/cloud_audit/yq_cloud_audit_service.cpp @@ -79,20 +79,6 @@ std::string MapBindingType(const FederatedQuery::BindingSetting::BindingCase& bi } } -// void FillSubjectType(::yandex::cloud::events::Authentication* authentication, TAuthentication::ESubjectType subjectType) { -// switch (subjectType) { -// case TAuthentication::ESubjectType::SERVICE_ACCOUNT: -// authentication->set_subject_type(::yandex::cloud::events::Authentication::SERVICE_ACCOUNT); -// return; -// case TAuthentication::ESubjectType::FEDERATED_USER_ACCOUNT: -// authentication->set_subject_type(::yandex::cloud::events::Authentication::FEDERATED_USER_ACCOUNT); -// return; -// case TAuthentication::ESubjectType::PASSPORT_USER_ACCOUNT: -// authentication->set_subject_type(::yandex::cloud::events::Authentication::YANDEX_PASSPORT_USER_ACCOUNT); -// return; -// } -// } - TString MaybeRemoveSuffix(const TString& token) { const TString suffix = "@as"; return token.EndsWith(suffix) @@ -100,10 +86,19 @@ TString MaybeRemoveSuffix(const TString& token) { : token; } +::yandex::cloud::events::Authentication::SubjectType GetCloudSubjectType(const TString& subjectType) { + static const TMap<TString, ::yandex::cloud::events::Authentication::SubjectType> Types { + {"service_account", ::yandex::cloud::events::Authentication::SERVICE_ACCOUNT}, + {"federated_account", ::yandex::cloud::events::Authentication::FEDERATED_USER_ACCOUNT}, + {"user_account", ::yandex::cloud::events::Authentication::YANDEX_PASSPORT_USER_ACCOUNT}, + }; + return Types.Value(subjectType, ::yandex::cloud::events::Authentication::SUBJECT_TYPE_UNSPECIFIED); +} + void FillAuthentication(::yandex::cloud::events::Authentication& authentication, const NFq::TEvAuditService::TExtraInfo& info) { authentication.set_authenticated(true); authentication.set_subject_id(MaybeRemoveSuffix(info.User)); - authentication.set_subject_type(::yandex::cloud::events::Authentication::FEDERATED_USER_ACCOUNT); // TODO: + authentication.set_subject_type(GetCloudSubjectType(info.SubjectType)); } void FillAuthorization(::yandex::cloud::events::Authorization& authorization, const NYql::TIssues& issues) { diff --git a/ydb/core/fq/libs/config/protos/control_plane_proxy.proto b/ydb/core/fq/libs/config/protos/control_plane_proxy.proto index 666472d48e2..5179005fdcd 100644 --- a/ydb/core/fq/libs/config/protos/control_plane_proxy.proto +++ b/ydb/core/fq/libs/config/protos/control_plane_proxy.proto @@ -6,10 +6,17 @@ option java_package = "ru.yandex.kikimr.proto"; //////////////////////////////////////////////////////////// +message TAccessServiceConfig { + bool Enable = 1; + string Endpoint = 2; + string PathToRootCA = 3; +} + message TControlPlaneProxyConfig { bool Enabled = 1; string RequestTimeout = 2; bool EnablePermissions = 3; string MetricsTtl = 4; string ConfigRetryPeriod = 31; + TAccessServiceConfig AccessService = 32; } diff --git a/ydb/core/fq/libs/control_plane_proxy/CMakeLists.darwin-x86_64.txt b/ydb/core/fq/libs/control_plane_proxy/CMakeLists.darwin-x86_64.txt index f2adb7f7827..1fb66e6dbd0 100644 --- a/ydb/core/fq/libs/control_plane_proxy/CMakeLists.darwin-x86_64.txt +++ b/ydb/core/fq/libs/control_plane_proxy/CMakeLists.darwin-x86_64.txt @@ -27,6 +27,8 @@ target_link_libraries(fq-libs-control_plane_proxy PUBLIC ydb-core-mon ydb-library-folder_service ydb-library-security + library-ycloud-api + library-ycloud-impl ) target_sources(fq-libs-control_plane_proxy PRIVATE ${CMAKE_SOURCE_DIR}/ydb/core/fq/libs/control_plane_proxy/config.cpp diff --git a/ydb/core/fq/libs/control_plane_proxy/CMakeLists.linux-aarch64.txt b/ydb/core/fq/libs/control_plane_proxy/CMakeLists.linux-aarch64.txt index e5338827048..8ac43676221 100644 --- a/ydb/core/fq/libs/control_plane_proxy/CMakeLists.linux-aarch64.txt +++ b/ydb/core/fq/libs/control_plane_proxy/CMakeLists.linux-aarch64.txt @@ -28,6 +28,8 @@ target_link_libraries(fq-libs-control_plane_proxy PUBLIC ydb-core-mon ydb-library-folder_service ydb-library-security + library-ycloud-api + library-ycloud-impl ) target_sources(fq-libs-control_plane_proxy PRIVATE ${CMAKE_SOURCE_DIR}/ydb/core/fq/libs/control_plane_proxy/config.cpp diff --git a/ydb/core/fq/libs/control_plane_proxy/CMakeLists.linux-x86_64.txt b/ydb/core/fq/libs/control_plane_proxy/CMakeLists.linux-x86_64.txt index e5338827048..8ac43676221 100644 --- a/ydb/core/fq/libs/control_plane_proxy/CMakeLists.linux-x86_64.txt +++ b/ydb/core/fq/libs/control_plane_proxy/CMakeLists.linux-x86_64.txt @@ -28,6 +28,8 @@ target_link_libraries(fq-libs-control_plane_proxy PUBLIC ydb-core-mon ydb-library-folder_service ydb-library-security + library-ycloud-api + library-ycloud-impl ) target_sources(fq-libs-control_plane_proxy PRIVATE ${CMAKE_SOURCE_DIR}/ydb/core/fq/libs/control_plane_proxy/config.cpp diff --git a/ydb/core/fq/libs/control_plane_proxy/CMakeLists.windows-x86_64.txt b/ydb/core/fq/libs/control_plane_proxy/CMakeLists.windows-x86_64.txt index f2adb7f7827..1fb66e6dbd0 100644 --- a/ydb/core/fq/libs/control_plane_proxy/CMakeLists.windows-x86_64.txt +++ b/ydb/core/fq/libs/control_plane_proxy/CMakeLists.windows-x86_64.txt @@ -27,6 +27,8 @@ target_link_libraries(fq-libs-control_plane_proxy PUBLIC ydb-core-mon ydb-library-folder_service ydb-library-security + library-ycloud-api + library-ycloud-impl ) target_sources(fq-libs-control_plane_proxy PRIVATE ${CMAKE_SOURCE_DIR}/ydb/core/fq/libs/control_plane_proxy/config.cpp diff --git a/ydb/core/fq/libs/control_plane_proxy/control_plane_proxy.cpp b/ydb/core/fq/libs/control_plane_proxy/control_plane_proxy.cpp index dc48b0c2b70..d071c748058 100644 --- a/ydb/core/fq/libs/control_plane_proxy/control_plane_proxy.cpp +++ b/ydb/core/fq/libs/control_plane_proxy/control_plane_proxy.cpp @@ -26,6 +26,9 @@ #include <ydb/core/base/kikimr_issue.h> #include <ydb/public/sdk/cpp/client/ydb_scheme/scheme.h> +#include <ydb/library/ycloud/api/access_service.h> +#include <ydb/library/ycloud/impl/access_service.h> +#include <ydb/library/ycloud/impl/mock_access_service.h> #include <ydb/library/yql/public/issue/yql_issue_message.h> #include <util/generic/maybe.h> @@ -229,6 +232,139 @@ public: }; template<class TEventRequest, class TResponseProxy> +class TResolveSubjectTypeActor : public NActors::TActorBootstrapped<TResolveSubjectTypeActor<TEventRequest, TResponseProxy>> { + using TBase = NActors::TActorBootstrapped<TResolveSubjectTypeActor<TEventRequest, TResponseProxy>>; + using TBase::SelfId; + using TBase::Send; + using TBase::PassAway; + using TBase::Become; + using TBase::Register; + using IRetryPolicy = IRetryPolicy<NCloud::TEvAccessService::TEvAuthenticateResponse::TPtr&>; + + ::NFq::TControlPlaneProxyConfig Config; + TActorId Sender; + TRequestCommonCountersPtr Counters; + TString Token; + std::function<void(const TDuration&, bool, bool)> Probe; + TEventRequest Event; + ui32 Cookie; + TInstant StartTime; + IRetryPolicy::IRetryState::TPtr RetryState; + const TActorId AccessService; + +public: + TResolveSubjectTypeActor(const TRequestCommonCountersPtr& counters, + TActorId sender, const ::NFq::TControlPlaneProxyConfig& config, + const TString& token, + const std::function<void(const TDuration&, bool, bool)>& probe, + TEventRequest event, + ui32 cookie, const TActorId& accessService) + : Config(config) + , Sender(sender) + , Counters(counters) + , Token(token) + , Probe(probe) + , Event(event) + , Cookie(cookie) + , StartTime(TInstant::Now()) + , RetryState(GetRetryPolicy()->CreateRetryState()) + , AccessService(accessService) + {} + + static constexpr char ActorName[] = "YQ_CONTROL_PLANE_PROXY_RESOLVE_SUBJECT_TYPE"; + + void Bootstrap() { + CPP_LOG_T("Resolve subject type bootstrap. Token: " << MaskTicket(Token) << " Actor id: " << SelfId()); + Become(&TResolveSubjectTypeActor::StateFunc, Config.RequestTimeout, new NActors::TEvents::TEvWakeup()); + Counters->InFly->Inc(); + Send(AccessService, CreateRequest().release(), 0, 0); + } + + std::unique_ptr<NCloud::TEvAccessService::TEvAuthenticateRequest> CreateRequest() { + auto request = std::make_unique<NCloud::TEvAccessService::TEvAuthenticateRequest>(); + request->Request.set_iam_token(Token); + return request; + } + + STRICT_STFUNC(StateFunc, + cFunc(NActors::TEvents::TSystem::Wakeup, HandleTimeout); + hFunc(NCloud::TEvAccessService::TEvAuthenticateResponse, Handle); + ) + + void HandleTimeout() { + CPP_LOG_D("Resolve subject type timeout. Token: " << MaskTicket(Token) << " Actor id: " << SelfId()); + NYql::TIssues issues; + NYql::TIssue issue = MakeErrorIssue(TIssuesIds::TIMEOUT, "Request (resolve subject type) timeout. Try repeating the request later"); + issues.AddIssue(issue); + Counters->Error->Inc(); + Counters->Timeout->Inc(); + const TDuration delta = TInstant::Now() - StartTime; + Probe(delta, false, true); + Send(Sender, new TResponseProxy(issues, {}), 0, Cookie); + PassAway(); + } + + void Handle(NCloud::TEvAccessService::TEvAuthenticateResponse::TPtr& ev) { + Counters->InFly->Dec(); + Counters->LatencyMs->Collect((TInstant::Now() - StartTime).MilliSeconds()); + const auto& response = ev->Get()->Response; + const auto& status = ev->Get()->Status; + if (!status.Ok() || !response.has_subject()) { + TString errorMessage = "Msg: " + status.Msg + " Details: " + status.Details + " Code: " + ToString(status.GRpcStatusCode) + " InternalError: " + ToString(status.InternalError); + auto delay = RetryState->GetNextRetryDelay(ev); + if (delay) { + Counters->Retry->Inc(); + CPP_LOG_E("Resolve subject type error. Retry with delay " << *delay << ", " << errorMessage); + TActivationContext::Schedule(*delay, new IEventHandle(AccessService, static_cast<const TActorId&>(SelfId()), CreateRequest().release())); + return; + } + Counters->Error->Inc(); + CPP_LOG_E(errorMessage); + NYql::TIssues issues; + NYql::TIssue issue = MakeErrorIssue(TIssuesIds::INTERNAL_ERROR, "Resolve subject type error: "); + issues.AddIssue(issue); + Counters->Error->Inc(); + const TDuration delta = TInstant::Now() - StartTime; + Probe(delta, false, false); + Send(Sender, new TResponseProxy(issues, {}), 0, Cookie); + PassAway(); + return; + } + + Counters->Ok->Inc(); + TString subjectType = GetSubjectType(response.subject()); + Event->Get()->SubjectType = subjectType; + CPP_LOG_T("Subject Type: " << subjectType << " Token: " << MaskTicket(Token)); + + TActivationContext::Send(Event->Forward(ControlPlaneProxyActorId())); + PassAway(); + } + + +private: + static TString GetSubjectType(const yandex::cloud::priv::servicecontrol::v1::Subject& subject) { + switch (subject.type_case()) { + case yandex::cloud::priv::servicecontrol::v1::Subject::TYPE_NOT_SET: + case yandex::cloud::priv::servicecontrol::v1::Subject::kAnonymousAccount: + return "unknown"; + case yandex::cloud::priv::servicecontrol::v1::Subject::kUserAccount: + return subject.user_account().federation_id() ? "federated_account" : "user_account"; + case yandex::cloud::priv::servicecontrol::v1::Subject::kServiceAccount: + return "service_account"; + } + } + + static const IRetryPolicy::TPtr& GetRetryPolicy() { + static IRetryPolicy::TPtr policy = IRetryPolicy::GetExponentialBackoffPolicy([](NCloud::TEvAccessService::TEvAuthenticateResponse::TPtr& ev) { + const auto& response = ev->Get()->Response; + const auto& status = ev->Get()->Status; + return !status.Ok() || !response.has_subject() ? ERetryErrorClass::ShortRetry : ERetryErrorClass::NoRetry; + }, TDuration::MilliSeconds(10), TDuration::MilliSeconds(200), TDuration::Seconds(30), 5); + return policy; + } +}; + +template<class TEventRequest, class TResponseProxy> class TResolveFolderActor : public NActors::TActorBootstrapped<TResolveFolderActor<TEventRequest, TResponseProxy>> { using TBase = NActors::TActorBootstrapped<TResolveFolderActor<TEventRequest, TResponseProxy>>; using TBase::SelfId; @@ -301,7 +437,7 @@ public: Counters->Timeout->Inc(); const TDuration delta = TInstant::Now() - StartTime; Probe(delta, false, true); - Send(Sender, new TResponseProxy(issues), 0, Cookie); + Send(Sender, new TResponseProxy(issues, {}), 0, Cookie); PassAway(); } @@ -327,7 +463,7 @@ public: Counters->Error->Inc(); const TDuration delta = TInstant::Now() - StartTime; Probe(delta, false, false); - Send(Sender, new TResponseProxy(issues), 0, Cookie); + Send(Sender, new TResponseProxy(issues, {}), 0, Cookie); PassAway(); return; } @@ -380,6 +516,7 @@ protected: std::function<void(const TDuration&, bool /* isSuccess */, bool /* isTimeout */)> Probe; TPermissions Permissions; TString CloudId; + TString SubjectType; const TMaybe<TQuotaMap> Quotas; TTenantInfo::TPtr TenantInfo; ui32 RetryCount = 0; @@ -394,7 +531,7 @@ public: const TRequestCounters& counters, const std::function<void(const TDuration&, bool, bool)>& probe, TPermissions permissions, - const TString& cloudId, TMaybe<TQuotaMap>&& quotas = Nothing()) + const TString& cloudId, const TString& subjectType, TMaybe<TQuotaMap>&& quotas = Nothing()) : Config(config) , RequestProto(std::forward<TRequestProto>(requestProto)) , Scope(scope) @@ -409,6 +546,7 @@ public: , Probe(probe) , Permissions(permissions) , CloudId(cloudId) + , SubjectType(subjectType) , Quotas(std::move(quotas)) { Counters.IncInFly(); @@ -482,7 +620,7 @@ public: const TDuration delta = TInstant::Now() - StartTime; Counters.IncError(); Probe(delta, false, isTimeout); - Send(Sender, new TResponseProxy(issues), 0, Cookie); + Send(Sender, new TResponseProxy(issues, SubjectType), 0, Cookie); PassAway(); } @@ -491,7 +629,7 @@ public: const TDuration delta = TInstant::Now() - StartTime; Counters.IncOk(); Probe(delta, true, false); - Send(Sender, new TResponseProxy(std::forward<TArgs>(args)...), 0, Cookie); + Send(Sender, new TResponseProxy(std::forward<TArgs>(args)..., SubjectType), 0, Cookie); PassAway(); } @@ -625,6 +763,7 @@ class TControlPlaneProxyActor : public NActors::TActorBootstrapped<TControlPlane RTC_DESCRIBE_BINDING, RTC_MODIFY_BINDING, RTC_DELETE_BINDING, + RTC_RESOLVE_SUBJECT_TYPE, RTC_MAX, }; @@ -671,6 +810,7 @@ class TControlPlaneProxyActor : public NActors::TActorBootstrapped<TControlPlane { MakeIntrusive<TRequestCommonCounters>("DescribeBinding") }, { MakeIntrusive<TRequestCommonCounters>("ModifyBinding") }, { MakeIntrusive<TRequestCommonCounters>("DeleteBinding") }, + { MakeIntrusive<TRequestCommonCounters>("ResolveSubjectType") }, }); TTtlCache<TMetricsScope, TScopeCountersPtr, TMap> ScopeCounters{TTtlCacheSettings{}.SetTtl(TDuration::Days(1))}; @@ -741,6 +881,7 @@ class TControlPlaneProxyActor : public NActors::TActorBootstrapped<TControlPlane TCounters Counters; const ::NFq::TControlPlaneProxyConfig Config; const bool QuotaManagerEnabled; + TActorId AccessService; public: TControlPlaneProxyActor(const NConfig::TControlPlaneProxyConfig& config, const ::NMonitoring::TDynamicCounterPtr& counters, bool quotaManagerEnabled) @@ -764,6 +905,18 @@ public: TlsActivationContext->ExecutorThread.ActorSystem, SelfId()); } + const auto& accessServiceProto = Config.Proto.GetAccessService(); + if (accessServiceProto.GetEnable()) { + NCloud::TAccessServiceSettings asSettings; + asSettings.Endpoint = accessServiceProto.GetEndpoint(); + if (accessServiceProto.GetPathToRootCA()) { + asSettings.CertificateRootCA = TUnbufferedFileInput(accessServiceProto.GetPathToRootCA()).ReadAll(); + } + AccessService = Register(NCloud::CreateAccessServiceWithCache(asSettings)); + } else { + AccessService = Register(NCloud::CreateMockAccessServiceWithCache()); + } + Become(&TControlPlaneProxyActor::StateFunc); } @@ -841,6 +994,7 @@ private: CPP_LOG_T("CreateQueryRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; const TString folderId = ev->Get()->FolderId; + const TString subjectType = ev->Get()->SubjectType; const TString scope = "yandexcloud://" + folderId; TString user = ev->Get()->User; TString token = ev->Get()->Token; @@ -865,7 +1019,7 @@ private: NYql::TIssues issues = ValidatePermissions(ev, {"yq.queries.create@as"}); if (issues) { CPS_LOG_E("CreateQueryRequest, validation failed: " << scope << " " << user << " " << NKikimr::MaskTicket(token) << " " << request.DebugString() << " error: " << issues.ToString()); - Send(ev->Sender, new TEvControlPlaneProxy::TEvCreateQueryResponse(issues), 0, ev->Cookie); + Send(ev->Sender, new TEvControlPlaneProxy::TEvCreateQueryResponse(issues, subjectType), 0, ev->Cookie); requestCounters.IncError(); TDuration delta = TInstant::Now() - startTime; requestCounters.Common->LatencyMs->Collect(delta.MilliSeconds()); @@ -873,6 +1027,15 @@ private: return; } + if (!subjectType) { + Register(new TResolveSubjectTypeActor<TEvControlPlaneProxy::TEvCreateQueryRequest::TPtr, + TEvControlPlaneProxy::TEvCreateQueryResponse> + (Counters.GetCommonCounters(RTC_RESOLVE_SUBJECT_TYPE), sender, + Config, token, + probe, ev, cookie, AccessService)); + return; + } + static const TPermissions availablePermissions { TPermissions::TPermission::QUERY_INVOKE | TPermissions::TPermission::CONNECTIONS_USE @@ -885,7 +1048,7 @@ private: std::move(request), std::move(user), std::move(token), ControlPlaneStorageServiceActorId(), requestCounters, - probe, ExtractPermissions(ev, availablePermissions), cloudId, std::move(ev->Get()->Quotas))); + probe, ExtractPermissions(ev, availablePermissions), cloudId, subjectType, std::move(ev->Get()->Quotas))); } void Handle(TEvControlPlaneProxy::TEvListQueriesRequest::TPtr& ev) { @@ -894,6 +1057,7 @@ private: CPP_LOG_T("ListQueriesRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; const TString folderId = ev->Get()->FolderId; + const TString subjectType = ev->Get()->SubjectType; const TString scope = "yandexcloud://" + folderId; TString user = ev->Get()->User; TString token = ev->Get()->Token; @@ -918,7 +1082,7 @@ private: NYql::TIssues issues = ValidatePermissions(ev, {"yq.queries.get@as"}); if (issues) { CPS_LOG_E("ListQueriesRequest, validation failed: " << scope << " " << user << " " << NKikimr::MaskTicket(token) << " " << request.DebugString() << " error: " << issues.ToString()); - Send(ev->Sender, new TEvControlPlaneProxy::TEvListQueriesResponse(issues), 0, ev->Cookie); + Send(ev->Sender, new TEvControlPlaneProxy::TEvListQueriesResponse(issues, subjectType), 0, ev->Cookie); requestCounters.IncError(); TDuration delta = TInstant::Now() - startTime; requestCounters.Common->LatencyMs->Collect(delta.MilliSeconds()); @@ -926,6 +1090,15 @@ private: return; } + if (!subjectType) { + Register(new TResolveSubjectTypeActor<TEvControlPlaneProxy::TEvListQueriesRequest::TPtr, + TEvControlPlaneProxy::TEvListQueriesResponse> + (Counters.GetCommonCounters(RTC_RESOLVE_SUBJECT_TYPE), sender, + Config, token, + probe, ev, cookie, AccessService)); + return; + } + static const TPermissions availablePermissions { TPermissions::TPermission::VIEW_PUBLIC | TPermissions::TPermission::VIEW_PRIVATE @@ -940,7 +1113,7 @@ private: ControlPlaneStorageServiceActorId(), requestCounters, probe, - ExtractPermissions(ev, availablePermissions), cloudId)); + ExtractPermissions(ev, availablePermissions), cloudId, subjectType)); } void Handle(TEvControlPlaneProxy::TEvDescribeQueryRequest::TPtr& ev) { @@ -949,6 +1122,7 @@ private: CPP_LOG_T("DescribeQueryRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; const TString folderId = ev->Get()->FolderId; + const TString subjectType = ev->Get()->SubjectType; const TString scope = "yandexcloud://" + folderId; TString user = ev->Get()->User; TString token = ev->Get()->Token; @@ -974,7 +1148,7 @@ private: NYql::TIssues issues = ValidatePermissions(ev, {"yq.queries.get@as"}); if (issues) { CPS_LOG_E("DescribeQueryRequest, validation failed: " << scope << " " << user << " " << NKikimr::MaskTicket(token) << " " << request.DebugString() << " error: " << issues.ToString()); - Send(ev->Sender, new TEvControlPlaneProxy::TEvDescribeQueryResponse(issues), 0, ev->Cookie); + Send(ev->Sender, new TEvControlPlaneProxy::TEvDescribeQueryResponse(issues, subjectType), 0, ev->Cookie); requestCounters.IncError(); TDuration delta = TInstant::Now() - startTime; requestCounters.Common->LatencyMs->Collect(delta.MilliSeconds()); @@ -982,6 +1156,15 @@ private: return; } + if (!subjectType) { + Register(new TResolveSubjectTypeActor<TEvControlPlaneProxy::TEvDescribeQueryRequest::TPtr, + TEvControlPlaneProxy::TEvDescribeQueryResponse> + (Counters.GetCommonCounters(RTC_RESOLVE_SUBJECT_TYPE), sender, + Config, token, + probe, ev, cookie, AccessService)); + return; + } + static const TPermissions availablePermissions { TPermissions::TPermission::VIEW_AST | TPermissions::TPermission::VIEW_PUBLIC @@ -998,7 +1181,7 @@ private: ControlPlaneStorageServiceActorId(), requestCounters, probe, - ExtractPermissions(ev, availablePermissions), cloudId)); + ExtractPermissions(ev, availablePermissions), cloudId, subjectType)); } void Handle(TEvControlPlaneProxy::TEvGetQueryStatusRequest::TPtr& ev) { @@ -1007,6 +1190,7 @@ private: CPP_LOG_T("GetStatusRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; const TString folderId = ev->Get()->FolderId; + const TString subjectType = ev->Get()->SubjectType; const TString scope = "yandexcloud://" + folderId; TString user = ev->Get()->User; TString token = ev->Get()->Token; @@ -1032,7 +1216,7 @@ private: NYql::TIssues issues = ValidatePermissions(ev, {"yq.queries.getStatus@as"}); if (issues) { CPS_LOG_E("GetQueryStatusRequest, validation failed: " << scope << " " << user << " " << NKikimr::MaskTicket(token) << " " << request.DebugString() << " error: " << issues.ToString()); - Send(ev->Sender, new TEvControlPlaneProxy::TEvGetQueryStatusResponse(issues), 0, ev->Cookie); + Send(ev->Sender, new TEvControlPlaneProxy::TEvGetQueryStatusResponse(issues, subjectType), 0, ev->Cookie); requestCounters.IncError(); TDuration delta = TInstant::Now() - startTime; requestCounters.Common->LatencyMs->Collect(delta.MilliSeconds()); @@ -1040,6 +1224,15 @@ private: return; } + if (!subjectType) { + Register(new TResolveSubjectTypeActor<TEvControlPlaneProxy::TEvGetQueryStatusRequest::TPtr, + TEvControlPlaneProxy::TEvGetQueryStatusResponse> + (Counters.GetCommonCounters(RTC_RESOLVE_SUBJECT_TYPE), sender, + Config, token, + probe, ev, cookie, AccessService)); + return; + } + static const TPermissions availablePermissions { TPermissions::TPermission::VIEW_PUBLIC | TPermissions::TPermission::VIEW_PRIVATE @@ -1054,7 +1247,7 @@ private: ControlPlaneStorageServiceActorId(), requestCounters, probe, - ExtractPermissions(ev, availablePermissions), cloudId)); + ExtractPermissions(ev, availablePermissions), cloudId, subjectType)); } void Handle(TEvControlPlaneProxy::TEvModifyQueryRequest::TPtr& ev) { @@ -1063,6 +1256,7 @@ private: CPP_LOG_T("ModifyQueryRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; const TString folderId = ev->Get()->FolderId; + const TString subjectType = ev->Get()->SubjectType; const TString scope = "yandexcloud://" + folderId; TString user = ev->Get()->User; TString token = ev->Get()->Token; @@ -1088,7 +1282,7 @@ private: NYql::TIssues issues = ValidatePermissions(ev, {"yq.queries.update@as"}); if (issues) { CPS_LOG_E("ModifyQueryRequest, validation failed: " << scope << " " << user << " " << NKikimr::MaskTicket(token) << " " << request.DebugString() << " error: " << issues.ToString()); - Send(ev->Sender, new TEvControlPlaneProxy::TEvModifyQueryResponse(issues), 0, ev->Cookie); + Send(ev->Sender, new TEvControlPlaneProxy::TEvModifyQueryResponse(issues, subjectType), 0, ev->Cookie); requestCounters.IncError(); TDuration delta = TInstant::Now() - startTime; requestCounters.Common->LatencyMs->Collect(delta.MilliSeconds()); @@ -1096,6 +1290,15 @@ private: return; } + if (!subjectType) { + Register(new TResolveSubjectTypeActor<TEvControlPlaneProxy::TEvModifyQueryRequest::TPtr, + TEvControlPlaneProxy::TEvModifyQueryResponse> + (Counters.GetCommonCounters(RTC_RESOLVE_SUBJECT_TYPE), sender, + Config, token, + probe, ev, cookie, AccessService)); + return; + } + static const TPermissions availablePermissions { TPermissions::TPermission::QUERY_INVOKE | TPermissions::TPermission::CONNECTIONS_USE @@ -1113,7 +1316,7 @@ private: ControlPlaneStorageServiceActorId(), requestCounters, probe, - ExtractPermissions(ev, availablePermissions), cloudId)); + ExtractPermissions(ev, availablePermissions), cloudId, subjectType)); } void Handle(TEvControlPlaneProxy::TEvDeleteQueryRequest::TPtr& ev) { @@ -1122,6 +1325,7 @@ private: CPP_LOG_T("DeleteQueryRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; const TString folderId = ev->Get()->FolderId; + const TString subjectType = ev->Get()->SubjectType; const TString scope = "yandexcloud://" + folderId; TString user = ev->Get()->User; TString token = ev->Get()->Token; @@ -1147,7 +1351,7 @@ private: NYql::TIssues issues = ValidatePermissions(ev, {"yq.queries.delete@as"}); if (issues) { CPS_LOG_E("DeleteQueryRequest, validation failed: " << scope << " " << user << " " << NKikimr::MaskTicket(token) << " " << request.DebugString() << " error: " << issues.ToString()); - Send(ev->Sender, new TEvControlPlaneProxy::TEvDeleteQueryResponse(issues), 0, ev->Cookie); + Send(ev->Sender, new TEvControlPlaneProxy::TEvDeleteQueryResponse(issues, subjectType), 0, ev->Cookie); requestCounters.IncError(); TDuration delta = TInstant::Now() - startTime; requestCounters.Common->LatencyMs->Collect(delta.MilliSeconds()); @@ -1155,6 +1359,15 @@ private: return; } + if (!subjectType) { + Register(new TResolveSubjectTypeActor<TEvControlPlaneProxy::TEvDeleteQueryRequest::TPtr, + TEvControlPlaneProxy::TEvDeleteQueryResponse> + (Counters.GetCommonCounters(RTC_RESOLVE_SUBJECT_TYPE), sender, + Config, token, + probe, ev, cookie, AccessService)); + return; + } + static const TPermissions availablePermissions { TPermissions::TPermission::MANAGE_PUBLIC | TPermissions::TPermission::MANAGE_PRIVATE @@ -1169,7 +1382,7 @@ private: ControlPlaneStorageServiceActorId(), requestCounters, probe, - ExtractPermissions(ev, availablePermissions), cloudId)); + ExtractPermissions(ev, availablePermissions), cloudId, subjectType)); } void Handle(TEvControlPlaneProxy::TEvControlQueryRequest::TPtr& ev) { @@ -1178,6 +1391,7 @@ private: CPP_LOG_T("ControlQueryRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; const TString folderId = ev->Get()->FolderId; + const TString subjectType = ev->Get()->SubjectType; const TString scope = "yandexcloud://" + folderId; TString user = ev->Get()->User; TString token = ev->Get()->Token; @@ -1203,7 +1417,7 @@ private: NYql::TIssues issues = ValidatePermissions(ev, {"yq.queries.control@as"}); if (issues) { CPS_LOG_E("ControlQueryRequest, validation failed: " << scope << " " << user << " " << NKikimr::MaskTicket(token) << " " << request.DebugString() << " error: " << issues.ToString()); - Send(ev->Sender, new TEvControlPlaneProxy::TEvControlQueryResponse(issues), 0, ev->Cookie); + Send(ev->Sender, new TEvControlPlaneProxy::TEvControlQueryResponse(issues, subjectType), 0, ev->Cookie); requestCounters.IncError(); TDuration delta = TInstant::Now() - startTime; requestCounters.Common->LatencyMs->Collect(delta.MilliSeconds()); @@ -1211,6 +1425,15 @@ private: return; } + if (!subjectType) { + Register(new TResolveSubjectTypeActor<TEvControlPlaneProxy::TEvControlQueryRequest::TPtr, + TEvControlPlaneProxy::TEvControlQueryResponse> + (Counters.GetCommonCounters(RTC_RESOLVE_SUBJECT_TYPE), sender, + Config, token, + probe, ev, cookie, AccessService)); + return; + } + static const TPermissions availablePermissions { TPermissions::TPermission::MANAGE_PUBLIC | TPermissions::TPermission::MANAGE_PRIVATE @@ -1225,7 +1448,7 @@ private: ControlPlaneStorageServiceActorId(), requestCounters, probe, - ExtractPermissions(ev, availablePermissions), cloudId)); + ExtractPermissions(ev, availablePermissions), cloudId, subjectType)); } void Handle(TEvControlPlaneProxy::TEvGetResultDataRequest::TPtr& ev) { @@ -1234,6 +1457,7 @@ private: CPP_LOG_T("GetResultDataRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; const TString folderId = ev->Get()->FolderId; + const TString subjectType = ev->Get()->SubjectType; const TString scope = "yandexcloud://" + folderId; TString user = ev->Get()->User; TString token = ev->Get()->Token; @@ -1262,7 +1486,7 @@ private: NYql::TIssues issues = ValidatePermissions(ev, {"yq.queries.getData@as"}); if (issues) { CPS_LOG_E("GetResultDataRequest, validation failed: " << scope << " " << user << " " << NKikimr::MaskTicket(token) << " " << request.DebugString() << " error: " << issues.ToString()); - Send(ev->Sender, new TEvControlPlaneProxy::TEvGetResultDataResponse(issues), 0, ev->Cookie); + Send(ev->Sender, new TEvControlPlaneProxy::TEvGetResultDataResponse(issues, subjectType), 0, ev->Cookie); requestCounters.IncError(); TDuration delta = TInstant::Now() - startTime; requestCounters.Common->LatencyMs->Collect(delta.MilliSeconds()); @@ -1270,6 +1494,15 @@ private: return; } + if (!subjectType) { + Register(new TResolveSubjectTypeActor<TEvControlPlaneProxy::TEvGetResultDataRequest::TPtr, + TEvControlPlaneProxy::TEvGetResultDataResponse> + (Counters.GetCommonCounters(RTC_RESOLVE_SUBJECT_TYPE), sender, + Config, token, + probe, ev, cookie, AccessService)); + return; + } + static const TPermissions availablePermissions { TPermissions::TPermission::VIEW_PUBLIC | TPermissions::TPermission::VIEW_PRIVATE @@ -1284,7 +1517,7 @@ private: ControlPlaneStorageServiceActorId(), requestCounters, probe, - ExtractPermissions(ev, availablePermissions), cloudId)); + ExtractPermissions(ev, availablePermissions), cloudId, subjectType)); } void Handle(TEvControlPlaneProxy::TEvListJobsRequest::TPtr& ev) { @@ -1293,6 +1526,7 @@ private: CPP_LOG_T("ListJobsRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; const TString folderId = ev->Get()->FolderId; + const TString subjectType = ev->Get()->SubjectType; const TString scope = "yandexcloud://" + folderId; TString user = ev->Get()->User; TString token = ev->Get()->Token; @@ -1318,7 +1552,7 @@ private: NYql::TIssues issues = ValidatePermissions(ev, {"yq.jobs.get@as"}); if (issues) { CPS_LOG_E("ListJobsRequest, validation failed: " << scope << " " << user << " " << NKikimr::MaskTicket(token) << " " << request.DebugString() << " error: " << issues.ToString()); - Send(ev->Sender, new TEvControlPlaneProxy::TEvListJobsResponse(issues), 0, ev->Cookie); + Send(ev->Sender, new TEvControlPlaneProxy::TEvListJobsResponse(issues, subjectType), 0, ev->Cookie); requestCounters.IncError(); TDuration delta = TInstant::Now() - startTime; requestCounters.Common->LatencyMs->Collect(delta.MilliSeconds()); @@ -1326,6 +1560,15 @@ private: return; } + if (!subjectType) { + Register(new TResolveSubjectTypeActor<TEvControlPlaneProxy::TEvListJobsRequest::TPtr, + TEvControlPlaneProxy::TEvListJobsResponse> + (Counters.GetCommonCounters(RTC_RESOLVE_SUBJECT_TYPE), sender, + Config, token, + probe, ev, cookie, AccessService)); + return; + } + static const TPermissions availablePermissions { TPermissions::TPermission::VIEW_PUBLIC | TPermissions::TPermission::VIEW_PRIVATE @@ -1340,7 +1583,7 @@ private: ControlPlaneStorageServiceActorId(), requestCounters, probe, - ExtractPermissions(ev, availablePermissions), cloudId)); + ExtractPermissions(ev, availablePermissions), cloudId, subjectType)); } void Handle(TEvControlPlaneProxy::TEvDescribeJobRequest::TPtr& ev) { @@ -1349,6 +1592,7 @@ private: CPP_LOG_T("DescribeJobRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; const TString folderId = ev->Get()->FolderId; + const TString subjectType = ev->Get()->SubjectType; const TString scope = "yandexcloud://" + folderId; TString user = ev->Get()->User; TString token = ev->Get()->Token; @@ -1374,7 +1618,7 @@ private: NYql::TIssues issues = ValidatePermissions(ev, {"yq.jobs.get@as"}); if (issues) { CPS_LOG_E("DescribeJobRequest, validation failed: " << scope << " " << user << " " << NKikimr::MaskTicket(token) << " " << request.DebugString() << " error: " << issues.ToString()); - Send(ev->Sender, new TEvControlPlaneProxy::TEvDescribeJobResponse(issues), 0, ev->Cookie); + Send(ev->Sender, new TEvControlPlaneProxy::TEvDescribeJobResponse(issues, subjectType), 0, ev->Cookie); requestCounters.IncError(); TDuration delta = TInstant::Now() - startTime; requestCounters.Common->LatencyMs->Collect(delta.MilliSeconds()); @@ -1382,6 +1626,15 @@ private: return; } + if (!subjectType) { + Register(new TResolveSubjectTypeActor<TEvControlPlaneProxy::TEvDescribeJobRequest::TPtr, + TEvControlPlaneProxy::TEvDescribeJobResponse> + (Counters.GetCommonCounters(RTC_RESOLVE_SUBJECT_TYPE), sender, + Config, token, + probe, ev, cookie, AccessService)); + return; + } + static const TPermissions availablePermissions { TPermissions::TPermission::VIEW_PUBLIC | TPermissions::TPermission::VIEW_PRIVATE @@ -1398,7 +1651,7 @@ private: ControlPlaneStorageServiceActorId(), requestCounters, probe, - ExtractPermissions(ev, availablePermissions), cloudId)); + ExtractPermissions(ev, availablePermissions), cloudId, subjectType)); } void Handle(TEvControlPlaneProxy::TEvCreateConnectionRequest::TPtr& ev) { @@ -1407,6 +1660,7 @@ private: CPP_LOG_T("CreateConnectionRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; const TString folderId = ev->Get()->FolderId; + const TString subjectType = ev->Get()->SubjectType; const TString scope = "yandexcloud://" + folderId; TString user = ev->Get()->User; TString token = ev->Get()->Token; @@ -1436,7 +1690,7 @@ private: NYql::TIssues issues = ValidatePermissions(ev, requiredPermissions); if (issues) { CPS_LOG_E("CreateConnectionRequest, validation failed: " << scope << " " << user << " " << NKikimr::MaskTicket(token) << " " << request.DebugString() << " error: " << issues.ToString()); - Send(ev->Sender, new TEvControlPlaneProxy::TEvCreateConnectionResponse(issues), 0, ev->Cookie); + Send(ev->Sender, new TEvControlPlaneProxy::TEvCreateConnectionResponse(issues, subjectType), 0, ev->Cookie); requestCounters.IncError(); TDuration delta = TInstant::Now() - startTime; requestCounters.Common->LatencyMs->Collect(delta.MilliSeconds()); @@ -1444,6 +1698,15 @@ private: return; } + if (!subjectType) { + Register(new TResolveSubjectTypeActor<TEvControlPlaneProxy::TEvCreateConnectionRequest::TPtr, + TEvControlPlaneProxy::TEvCreateConnectionResponse> + (Counters.GetCommonCounters(RTC_RESOLVE_SUBJECT_TYPE), sender, + Config, token, + probe, ev, cookie, AccessService)); + return; + } + static const TPermissions availablePermissions { TPermissions::TPermission::MANAGE_PUBLIC }; @@ -1456,7 +1719,7 @@ private: std::move(request), std::move(user), std::move(token), ControlPlaneStorageServiceActorId(), requestCounters, - probe, ExtractPermissions(ev, availablePermissions), cloudId)); + probe, ExtractPermissions(ev, availablePermissions), cloudId, subjectType)); } void Handle(TEvControlPlaneProxy::TEvListConnectionsRequest::TPtr& ev) { @@ -1465,6 +1728,7 @@ private: CPP_LOG_T("ListConnectionsRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; const TString folderId = ev->Get()->FolderId; + const TString subjectType = ev->Get()->SubjectType; const TString scope = "yandexcloud://" + folderId; TString user = ev->Get()->User; TString token = ev->Get()->Token; @@ -1489,7 +1753,7 @@ private: NYql::TIssues issues = ValidatePermissions(ev, {"yq.connections.get@as"}); if (issues) { CPS_LOG_E("ListConnectionsRequest, validation failed: " << scope << " " << user << " " << NKikimr::MaskTicket(token) << " " << request.DebugString() << " error: " << issues.ToString()); - Send(ev->Sender, new TEvControlPlaneProxy::TEvListConnectionsResponse(issues), 0, ev->Cookie); + Send(ev->Sender, new TEvControlPlaneProxy::TEvListConnectionsResponse(issues, subjectType), 0, ev->Cookie); requestCounters.IncError(); TDuration delta = TInstant::Now() - startTime; requestCounters.Common->LatencyMs->Collect(delta.MilliSeconds()); @@ -1497,6 +1761,15 @@ private: return; } + if (!subjectType) { + Register(new TResolveSubjectTypeActor<TEvControlPlaneProxy::TEvListConnectionsRequest::TPtr, + TEvControlPlaneProxy::TEvListConnectionsResponse> + (Counters.GetCommonCounters(RTC_RESOLVE_SUBJECT_TYPE), sender, + Config, token, + probe, ev, cookie, AccessService)); + return; + } + static const TPermissions availablePermissions { TPermissions::TPermission::VIEW_PUBLIC | TPermissions::TPermission::VIEW_PRIVATE @@ -1511,7 +1784,7 @@ private: ControlPlaneStorageServiceActorId(), requestCounters, probe, - ExtractPermissions(ev, availablePermissions), cloudId)); + ExtractPermissions(ev, availablePermissions), cloudId, subjectType)); } void Handle(TEvControlPlaneProxy::TEvDescribeConnectionRequest::TPtr& ev) { @@ -1520,6 +1793,7 @@ private: CPP_LOG_T("DescribeConnectionRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; const TString folderId = ev->Get()->FolderId; + const TString subjectType = ev->Get()->SubjectType; const TString scope = "yandexcloud://" + folderId; TString user = ev->Get()->User; TString token = ev->Get()->Token; @@ -1545,7 +1819,7 @@ private: NYql::TIssues issues = ValidatePermissions(ev, {"yq.connections.get@as"}); if (issues) { CPS_LOG_E("DescribeConnectionRequest, validation failed: " << scope << " " << user << " " << NKikimr::MaskTicket(token) << " " << request.DebugString() << " error: " << issues.ToString()); - Send(ev->Sender, new TEvControlPlaneProxy::TEvDescribeConnectionResponse(issues), 0, ev->Cookie); + Send(ev->Sender, new TEvControlPlaneProxy::TEvDescribeConnectionResponse(issues, subjectType), 0, ev->Cookie); requestCounters.IncError(); TDuration delta = TInstant::Now() - startTime; requestCounters.Common->LatencyMs->Collect(delta.MilliSeconds()); @@ -1553,6 +1827,15 @@ private: return; } + if (!subjectType) { + Register(new TResolveSubjectTypeActor<TEvControlPlaneProxy::TEvDescribeConnectionRequest::TPtr, + TEvControlPlaneProxy::TEvDescribeConnectionResponse> + (Counters.GetCommonCounters(RTC_RESOLVE_SUBJECT_TYPE), sender, + Config, token, + probe, ev, cookie, AccessService)); + return; + } + static const TPermissions availablePermissions { TPermissions::TPermission::VIEW_PUBLIC | TPermissions::TPermission::VIEW_PRIVATE @@ -1567,7 +1850,7 @@ private: ControlPlaneStorageServiceActorId(), requestCounters, probe, - ExtractPermissions(ev, availablePermissions), cloudId)); + ExtractPermissions(ev, availablePermissions), cloudId, subjectType)); } void Handle(TEvControlPlaneProxy::TEvModifyConnectionRequest::TPtr& ev) { @@ -1576,6 +1859,7 @@ private: CPP_LOG_T("ModifyConnectionRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; const TString folderId = ev->Get()->FolderId; + const TString subjectType = ev->Get()->SubjectType; const TString scope = "yandexcloud://" + folderId; TString user = ev->Get()->User; TString token = ev->Get()->Token; @@ -1606,7 +1890,7 @@ private: NYql::TIssues issues = ValidatePermissions(ev, requiredPermissions); if (issues) { CPS_LOG_E("ModifyConnectionRequest, validation failed: " << scope << " " << user << " " << NKikimr::MaskTicket(token) << " " << request.DebugString() << " error: " << issues.ToString()); - Send(ev->Sender, new TEvControlPlaneProxy::TEvModifyConnectionResponse(issues), 0, ev->Cookie); + Send(ev->Sender, new TEvControlPlaneProxy::TEvModifyConnectionResponse(issues, subjectType), 0, ev->Cookie); requestCounters.IncError(); TDuration delta = TInstant::Now() - startTime; requestCounters.Common->LatencyMs->Collect(delta.MilliSeconds()); @@ -1614,6 +1898,15 @@ private: return; } + if (!subjectType) { + Register(new TResolveSubjectTypeActor<TEvControlPlaneProxy::TEvModifyConnectionRequest::TPtr, + TEvControlPlaneProxy::TEvModifyConnectionResponse> + (Counters.GetCommonCounters(RTC_RESOLVE_SUBJECT_TYPE), sender, + Config, token, + probe, ev, cookie, AccessService)); + return; + } + static const TPermissions availablePermissions { TPermissions::TPermission::MANAGE_PUBLIC | TPermissions::TPermission::MANAGE_PRIVATE @@ -1628,7 +1921,7 @@ private: ControlPlaneStorageServiceActorId(), requestCounters, probe, - ExtractPermissions(ev, availablePermissions), cloudId)); + ExtractPermissions(ev, availablePermissions), cloudId, subjectType)); } void Handle(TEvControlPlaneProxy::TEvDeleteConnectionRequest::TPtr& ev) { @@ -1637,6 +1930,7 @@ private: CPP_LOG_T("DeleteConnectionRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; const TString folderId = ev->Get()->FolderId; + const TString subjectType = ev->Get()->SubjectType; const TString scope = "yandexcloud://" + folderId; TString user = ev->Get()->User; TString token = ev->Get()->Token; @@ -1662,7 +1956,7 @@ private: NYql::TIssues issues = ValidatePermissions(ev, {"yq.connections.delete@as"}); if (issues) { CPS_LOG_E("DeleteConnectionRequest, validation failed: " << scope << " " << user << " " << NKikimr::MaskTicket(token) << " " << request.DebugString() << " error: " << issues.ToString()); - Send(ev->Sender, new TEvControlPlaneProxy::TEvDeleteConnectionResponse(issues), 0, ev->Cookie); + Send(ev->Sender, new TEvControlPlaneProxy::TEvDeleteConnectionResponse(issues, subjectType), 0, ev->Cookie); requestCounters.IncError(); TDuration delta = TInstant::Now() - startTime; requestCounters.Common->LatencyMs->Collect(delta.MilliSeconds()); @@ -1670,6 +1964,15 @@ private: return; } + if (!subjectType) { + Register(new TResolveSubjectTypeActor<TEvControlPlaneProxy::TEvDeleteConnectionRequest::TPtr, + TEvControlPlaneProxy::TEvDeleteConnectionResponse> + (Counters.GetCommonCounters(RTC_RESOLVE_SUBJECT_TYPE), sender, + Config, token, + probe, ev, cookie, AccessService)); + return; + } + static const TPermissions availablePermissions { TPermissions::TPermission::MANAGE_PUBLIC | TPermissions::TPermission::MANAGE_PRIVATE @@ -1684,7 +1987,7 @@ private: ControlPlaneStorageServiceActorId(), requestCounters, probe, - ExtractPermissions(ev, availablePermissions), cloudId)); + ExtractPermissions(ev, availablePermissions), cloudId, subjectType)); } void Handle(TEvControlPlaneProxy::TEvTestConnectionRequest::TPtr& ev) { @@ -1693,6 +1996,7 @@ private: CPP_LOG_T("TestConnectionRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; const TString folderId = ev->Get()->FolderId; + const TString subjectType = ev->Get()->SubjectType; const TString scope = "yandexcloud://" + folderId; TString user = ev->Get()->User; TString token = ev->Get()->Token; @@ -1722,7 +2026,7 @@ private: NYql::TIssues issues = ValidatePermissions(ev, requiredPermissions); if (issues) { CPS_LOG_E("TestConnectionRequest, validation failed: " << scope << " " << user << " " << NKikimr::MaskTicket(token) << " " << request.DebugString() << " error: " << issues.ToString()); - Send(ev->Sender, new TEvControlPlaneProxy::TEvTestConnectionResponse(issues), 0, ev->Cookie); + Send(ev->Sender, new TEvControlPlaneProxy::TEvTestConnectionResponse(issues, subjectType), 0, ev->Cookie); requestCounters.IncError(); TDuration delta = TInstant::Now() - startTime; requestCounters.Common->LatencyMs->Collect(delta.MilliSeconds()); @@ -1730,6 +2034,15 @@ private: return; } + if (!subjectType) { + Register(new TResolveSubjectTypeActor<TEvControlPlaneProxy::TEvTestConnectionRequest::TPtr, + TEvControlPlaneProxy::TEvTestConnectionResponse> + (Counters.GetCommonCounters(RTC_RESOLVE_SUBJECT_TYPE), sender, + Config, token, + probe, ev, cookie, AccessService)); + return; + } + Register(new TRequestActor<FederatedQuery::TestConnectionRequest, TEvTestConnection::TEvTestConnectionRequest, TEvTestConnection::TEvTestConnectionResponse, @@ -1738,7 +2051,7 @@ private: std::move(request), std::move(user), std::move(token), TestConnectionActorId(), requestCounters, - probe, ExtractPermissions(ev, {}), cloudId)); + probe, ExtractPermissions(ev, {}), cloudId, subjectType)); } void Handle(TEvControlPlaneProxy::TEvCreateBindingRequest::TPtr& ev) { @@ -1747,6 +2060,7 @@ private: CPP_LOG_T("CreateBindingRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; const TString folderId = ev->Get()->FolderId; + const TString subjectType = ev->Get()->SubjectType; const TString scope = "yandexcloud://" + folderId; TString user = ev->Get()->User; TString token = ev->Get()->Token; @@ -1771,7 +2085,7 @@ private: NYql::TIssues issues = ValidatePermissions(ev, {"yq.bindings.create@as"}); if (issues) { CPS_LOG_E("CreateBindingRequest, validation failed: " << scope << " " << user << " " << NKikimr::MaskTicket(token) << " " << request.DebugString() << " error: " << issues.ToString()); - Send(ev->Sender, new TEvControlPlaneProxy::TEvCreateBindingResponse(issues), 0, ev->Cookie); + Send(ev->Sender, new TEvControlPlaneProxy::TEvCreateBindingResponse(issues, subjectType), 0, ev->Cookie); requestCounters.IncError(); TDuration delta = TInstant::Now() - startTime; requestCounters.Common->LatencyMs->Collect(delta.MilliSeconds()); @@ -1779,6 +2093,15 @@ private: return; } + if (!subjectType) { + Register(new TResolveSubjectTypeActor<TEvControlPlaneProxy::TEvCreateBindingRequest::TPtr, + TEvControlPlaneProxy::TEvCreateBindingResponse> + (Counters.GetCommonCounters(RTC_RESOLVE_SUBJECT_TYPE), sender, + Config, token, + probe, ev, cookie, AccessService)); + return; + } + static const TPermissions availablePermissions { TPermissions::TPermission::MANAGE_PUBLIC }; @@ -1791,7 +2114,7 @@ private: std::move(request), std::move(user), std::move(token), ControlPlaneStorageServiceActorId(), requestCounters, - probe, ExtractPermissions(ev, availablePermissions), cloudId)); + probe, ExtractPermissions(ev, availablePermissions), cloudId, subjectType)); } void Handle(TEvControlPlaneProxy::TEvListBindingsRequest::TPtr& ev) { @@ -1800,6 +2123,7 @@ private: CPP_LOG_T("ListBindingsRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; const TString folderId = ev->Get()->FolderId; + const TString subjectType = ev->Get()->SubjectType; const TString scope = "yandexcloud://" + folderId; TString user = ev->Get()->User; TString token = ev->Get()->Token; @@ -1824,7 +2148,7 @@ private: NYql::TIssues issues = ValidatePermissions(ev, {"yq.bindings.get@as"}); if (issues) { CPS_LOG_E("ListBindingsRequest, validation failed: " << scope << " " << user << " " << NKikimr::MaskTicket(token) << " " << request.DebugString() << " error: " << issues.ToString()); - Send(ev->Sender, new TEvControlPlaneProxy::TEvListBindingsResponse(issues), 0, ev->Cookie); + Send(ev->Sender, new TEvControlPlaneProxy::TEvListBindingsResponse(issues, subjectType), 0, ev->Cookie); requestCounters.IncError(); TDuration delta = TInstant::Now() - startTime; requestCounters.Common->LatencyMs->Collect(delta.MilliSeconds()); @@ -1832,6 +2156,15 @@ private: return; } + if (!subjectType) { + Register(new TResolveSubjectTypeActor<TEvControlPlaneProxy::TEvListBindingsRequest::TPtr, + TEvControlPlaneProxy::TEvListBindingsResponse> + (Counters.GetCommonCounters(RTC_RESOLVE_SUBJECT_TYPE), sender, + Config, token, + probe, ev, cookie, AccessService)); + return; + } + static const TPermissions availablePermissions { TPermissions::TPermission::VIEW_PUBLIC | TPermissions::TPermission::VIEW_PRIVATE @@ -1846,7 +2179,7 @@ private: ControlPlaneStorageServiceActorId(), requestCounters, probe, - ExtractPermissions(ev, availablePermissions), cloudId)); + ExtractPermissions(ev, availablePermissions), cloudId, subjectType)); } void Handle(TEvControlPlaneProxy::TEvDescribeBindingRequest::TPtr& ev) { @@ -1855,6 +2188,7 @@ private: CPP_LOG_T("DescribeBindingRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; const TString folderId = ev->Get()->FolderId; + const TString subjectType = ev->Get()->SubjectType; const TString scope = "yandexcloud://" + folderId; TString user = ev->Get()->User; TString token = ev->Get()->Token; @@ -1880,7 +2214,7 @@ private: NYql::TIssues issues = ValidatePermissions(ev, {"yq.bindings.get@as"}); if (issues) { CPS_LOG_E("DescribeBindingRequest, validation failed: " << scope << " " << user << " " << NKikimr::MaskTicket(token) << " " << request.DebugString() << " error: " << issues.ToString()); - Send(ev->Sender, new TEvControlPlaneProxy::TEvDescribeBindingResponse(issues), 0, ev->Cookie); + Send(ev->Sender, new TEvControlPlaneProxy::TEvDescribeBindingResponse(issues, subjectType), 0, ev->Cookie); requestCounters.IncError(); TDuration delta = TInstant::Now() - startTime; requestCounters.Common->LatencyMs->Collect(delta.MilliSeconds()); @@ -1888,6 +2222,15 @@ private: return; } + if (!subjectType) { + Register(new TResolveSubjectTypeActor<TEvControlPlaneProxy::TEvDescribeBindingRequest::TPtr, + TEvControlPlaneProxy::TEvDescribeBindingResponse> + (Counters.GetCommonCounters(RTC_RESOLVE_SUBJECT_TYPE), sender, + Config, token, + probe, ev, cookie, AccessService)); + return; + } + static const TPermissions availablePermissions { TPermissions::TPermission::VIEW_PUBLIC | TPermissions::TPermission::VIEW_PRIVATE @@ -1902,7 +2245,7 @@ private: ControlPlaneStorageServiceActorId(), requestCounters, probe, - ExtractPermissions(ev, availablePermissions), cloudId)); + ExtractPermissions(ev, availablePermissions), cloudId, subjectType)); } void Handle(TEvControlPlaneProxy::TEvModifyBindingRequest::TPtr& ev) { @@ -1911,6 +2254,7 @@ private: CPP_LOG_T("ModifyBindingRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; const TString folderId = ev->Get()->FolderId; + const TString subjectType = ev->Get()->SubjectType; const TString scope = "yandexcloud://" + folderId; TString user = ev->Get()->User; TString token = ev->Get()->Token; @@ -1936,7 +2280,7 @@ private: NYql::TIssues issues = ValidatePermissions(ev, {"yq.bindings.update@as"}); if (issues) { CPS_LOG_E("ModifyBindingRequest, validation failed: " << scope << " " << user << " " << NKikimr::MaskTicket(token) << " " << request.DebugString() << " error: " << issues.ToString()); - Send(ev->Sender, new TEvControlPlaneProxy::TEvModifyBindingResponse(issues), 0, ev->Cookie); + Send(ev->Sender, new TEvControlPlaneProxy::TEvModifyBindingResponse(issues, subjectType), 0, ev->Cookie); requestCounters.IncError(); TDuration delta = TInstant::Now() - startTime; requestCounters.Common->LatencyMs->Collect(delta.MilliSeconds()); @@ -1944,6 +2288,15 @@ private: return; } + if (!subjectType) { + Register(new TResolveSubjectTypeActor<TEvControlPlaneProxy::TEvModifyBindingRequest::TPtr, + TEvControlPlaneProxy::TEvModifyBindingResponse> + (Counters.GetCommonCounters(RTC_RESOLVE_SUBJECT_TYPE), sender, + Config, token, + probe, ev, cookie, AccessService)); + return; + } + static const TPermissions availablePermissions { TPermissions::TPermission::MANAGE_PUBLIC | TPermissions::TPermission::MANAGE_PRIVATE @@ -1958,7 +2311,7 @@ private: ControlPlaneStorageServiceActorId(), requestCounters, probe, - ExtractPermissions(ev, availablePermissions), cloudId)); + ExtractPermissions(ev, availablePermissions), cloudId, subjectType)); } void Handle(TEvControlPlaneProxy::TEvDeleteBindingRequest::TPtr& ev) { @@ -1967,6 +2320,7 @@ private: CPP_LOG_T("DeleteBindingRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; const TString folderId = ev->Get()->FolderId; + const TString subjectType = ev->Get()->SubjectType; const TString scope = "yandexcloud://" + folderId; TString user = ev->Get()->User; TString token = ev->Get()->Token; @@ -1992,7 +2346,7 @@ private: NYql::TIssues issues = ValidatePermissions(ev, {"yq.bindings.delete@as"}); if (issues) { CPS_LOG_E("DeleteBindingRequest, validation failed: " << scope << " " << user << " " << NKikimr::MaskTicket(token) << " " << request.DebugString() << " error: " << issues.ToString()); - Send(ev->Sender, new TEvControlPlaneProxy::TEvDeleteBindingResponse(issues), 0, ev->Cookie); + Send(ev->Sender, new TEvControlPlaneProxy::TEvDeleteBindingResponse(issues, subjectType), 0, ev->Cookie); requestCounters.IncError(); TDuration delta = TInstant::Now() - startTime; requestCounters.Common->LatencyMs->Collect(delta.MilliSeconds()); @@ -2000,6 +2354,15 @@ private: return; } + if (!subjectType) { + Register(new TResolveSubjectTypeActor<TEvControlPlaneProxy::TEvDeleteBindingRequest::TPtr, + TEvControlPlaneProxy::TEvDeleteBindingResponse> + (Counters.GetCommonCounters(RTC_RESOLVE_SUBJECT_TYPE), sender, + Config, token, + probe, ev, cookie, AccessService)); + return; + } + static const TPermissions availablePermissions { TPermissions::TPermission::MANAGE_PUBLIC | TPermissions::TPermission::MANAGE_PRIVATE @@ -2014,7 +2377,7 @@ private: ControlPlaneStorageServiceActorId(), requestCounters, probe, - ExtractPermissions(ev, availablePermissions), cloudId)); + ExtractPermissions(ev, availablePermissions), cloudId, subjectType)); } void Handle(NMon::TEvHttpInfo::TPtr& ev) { diff --git a/ydb/core/fq/libs/control_plane_proxy/events/events.h b/ydb/core/fq/libs/control_plane_proxy/events/events.h index 2f7df3ad185..3cface33cd6 100644 --- a/ydb/core/fq/libs/control_plane_proxy/events/events.h +++ b/ydb/core/fq/libs/control_plane_proxy/events/events.h @@ -65,13 +65,13 @@ struct TEvControlPlaneProxy { template<typename ProtoMessage, ui32 EventType> struct TControlPlaneRequest : NActors::TEventLocal<TControlPlaneRequest<ProtoMessage, EventType>, EventType> { - explicit TControlPlaneRequest(const TString& folderId, - const ProtoMessage& request, - const TString& user, - const TString& token, - const TVector<TString>& permissions, - TMaybe<TQuotaMap> quotas = Nothing(), - TTenantInfo::TPtr tenantInfo = nullptr) + TControlPlaneRequest(const TString& folderId, + const ProtoMessage& request, + const TString& user, + const TString& token, + const TVector<TString>& permissions, + TMaybe<TQuotaMap> quotas = Nothing(), + TTenantInfo::TPtr tenantInfo = nullptr) : FolderId(folderId) , Request(request) , User(user) @@ -90,48 +90,53 @@ struct TEvControlPlaneProxy { TVector<TString> Permissions; TMaybe<TQuotaMap> Quotas; TTenantInfo::TPtr TenantInfo; + TString SubjectType; }; template<typename TDerived, typename ProtoMessage, ui32 EventType> struct TControlPlaneResponse : NActors::TEventLocal<TDerived, EventType> { - explicit TControlPlaneResponse(const ProtoMessage& result) + TControlPlaneResponse(const ProtoMessage& result, const TString& subjectType) : Result(result) + , SubjectType(subjectType) { } - explicit TControlPlaneResponse(const NYql::TIssues& issues) + TControlPlaneResponse(const NYql::TIssues& issues, const TString& subjectType) : Issues(issues) + , SubjectType(subjectType) { } ProtoMessage Result; NYql::TIssues Issues; + TString SubjectType; }; template<typename ProtoMessage, ui32 EventType> struct TControlPlaneNonAuditableResponse : TControlPlaneResponse<TControlPlaneNonAuditableResponse<ProtoMessage, EventType>, ProtoMessage, EventType> { - explicit TControlPlaneNonAuditableResponse(const ProtoMessage& result) - : TControlPlaneResponse<TControlPlaneNonAuditableResponse<ProtoMessage, EventType>, ProtoMessage, EventType>(result) + TControlPlaneNonAuditableResponse(const ProtoMessage& result, const TString& subjectType) + : TControlPlaneResponse<TControlPlaneNonAuditableResponse<ProtoMessage, EventType>, ProtoMessage, EventType>(result, subjectType) { } - explicit TControlPlaneNonAuditableResponse(const NYql::TIssues& issues) - : TControlPlaneResponse<TControlPlaneNonAuditableResponse<ProtoMessage, EventType>, ProtoMessage, EventType>(issues) + TControlPlaneNonAuditableResponse(const NYql::TIssues& issues, const TString& subjectType) + : TControlPlaneResponse<TControlPlaneNonAuditableResponse<ProtoMessage, EventType>, ProtoMessage, EventType>(issues, subjectType) { } }; template<typename ProtoMessage, typename AuditMessage, ui32 EventType> struct TControlPlaneAuditableResponse : TControlPlaneResponse<TControlPlaneAuditableResponse<ProtoMessage, AuditMessage, EventType>, ProtoMessage, EventType> { - explicit TControlPlaneAuditableResponse(const ProtoMessage& result, - const TAuditDetails<AuditMessage>& auditDetails) - : TControlPlaneResponse<TControlPlaneAuditableResponse<ProtoMessage, AuditMessage, EventType>, ProtoMessage, EventType>(result) + TControlPlaneAuditableResponse(const ProtoMessage& result, + const TAuditDetails<AuditMessage>& auditDetails, + const TString& subjectType) + : TControlPlaneResponse<TControlPlaneAuditableResponse<ProtoMessage, AuditMessage, EventType>, ProtoMessage, EventType>(result, subjectType) , AuditDetails(auditDetails) { } - explicit TControlPlaneAuditableResponse(const NYql::TIssues& issues) - : TControlPlaneResponse<TControlPlaneAuditableResponse<ProtoMessage, AuditMessage, EventType>, ProtoMessage, EventType>(issues) + TControlPlaneAuditableResponse(const NYql::TIssues& issues, const TString& subjectType) + : TControlPlaneResponse<TControlPlaneAuditableResponse<ProtoMessage, AuditMessage, EventType>, ProtoMessage, EventType>(issues, subjectType) { } diff --git a/ydb/core/grpc_services/rpc_fq.cpp b/ydb/core/grpc_services/rpc_fq.cpp index a222b87c6d4..63dbe332774 100644 --- a/ydb/core/grpc_services/rpc_fq.cpp +++ b/ydb/core/grpc_services/rpc_fq.cpp @@ -156,8 +156,10 @@ protected: .PeerName = PeerName, .UserAgent = UserAgent, .RequestId = RequestId, + .SubjectType = response.SubjectType }; + Send(NFq::YqAuditServiceActorId(), NFq::TEvAuditService::MakeAuditEvent( std::move(extraInfo), *GetProtoRequest(), diff --git a/ydb/core/http_proxy/CMakeLists.darwin-x86_64.txt b/ydb/core/http_proxy/CMakeLists.darwin-x86_64.txt index 8a70b7e5ed3..3be3d9f298b 100644 --- a/ydb/core/http_proxy/CMakeLists.darwin-x86_64.txt +++ b/ydb/core/http_proxy/CMakeLists.darwin-x86_64.txt @@ -33,6 +33,7 @@ target_link_libraries(ydb-core-http_proxy PUBLIC cpp-client-iam_private ydb-services-datastreams services-persqueue_v1-actors + api-grpc api-protos ) target_sources(ydb-core-http_proxy PRIVATE diff --git a/ydb/core/http_proxy/CMakeLists.linux-aarch64.txt b/ydb/core/http_proxy/CMakeLists.linux-aarch64.txt index d70963e423e..ca22afad07a 100644 --- a/ydb/core/http_proxy/CMakeLists.linux-aarch64.txt +++ b/ydb/core/http_proxy/CMakeLists.linux-aarch64.txt @@ -34,6 +34,7 @@ target_link_libraries(ydb-core-http_proxy PUBLIC cpp-client-iam_private ydb-services-datastreams services-persqueue_v1-actors + api-grpc api-protos ) target_sources(ydb-core-http_proxy PRIVATE diff --git a/ydb/core/http_proxy/CMakeLists.linux-x86_64.txt b/ydb/core/http_proxy/CMakeLists.linux-x86_64.txt index d70963e423e..ca22afad07a 100644 --- a/ydb/core/http_proxy/CMakeLists.linux-x86_64.txt +++ b/ydb/core/http_proxy/CMakeLists.linux-x86_64.txt @@ -34,6 +34,7 @@ target_link_libraries(ydb-core-http_proxy PUBLIC cpp-client-iam_private ydb-services-datastreams services-persqueue_v1-actors + api-grpc api-protos ) target_sources(ydb-core-http_proxy PRIVATE diff --git a/ydb/core/http_proxy/CMakeLists.windows-x86_64.txt b/ydb/core/http_proxy/CMakeLists.windows-x86_64.txt index 8a70b7e5ed3..3be3d9f298b 100644 --- a/ydb/core/http_proxy/CMakeLists.windows-x86_64.txt +++ b/ydb/core/http_proxy/CMakeLists.windows-x86_64.txt @@ -33,6 +33,7 @@ target_link_libraries(ydb-core-http_proxy PUBLIC cpp-client-iam_private ydb-services-datastreams services-persqueue_v1-actors + api-grpc api-protos ) target_sources(ydb-core-http_proxy PRIVATE diff --git a/ydb/library/ycloud/impl/CMakeLists.darwin-x86_64.txt b/ydb/library/ycloud/impl/CMakeLists.darwin-x86_64.txt index 930273011ab..ca5612d8029 100644 --- a/ydb/library/ycloud/impl/CMakeLists.darwin-x86_64.txt +++ b/ydb/library/ycloud/impl/CMakeLists.darwin-x86_64.txt @@ -26,6 +26,7 @@ target_sources(library-ycloud-impl PRIVATE ${CMAKE_SOURCE_DIR}/ydb/library/ycloud/impl/folder_service.cpp ${CMAKE_SOURCE_DIR}/ydb/library/ycloud/impl/folder_service_adapter.cpp ${CMAKE_SOURCE_DIR}/ydb/library/ycloud/impl/iam_token_service.cpp + ${CMAKE_SOURCE_DIR}/ydb/library/ycloud/impl/mock_access_service.cpp ${CMAKE_SOURCE_DIR}/ydb/library/ycloud/impl/service_account_service.cpp ${CMAKE_SOURCE_DIR}/ydb/library/ycloud/impl/user_account_service.cpp ) diff --git a/ydb/library/ycloud/impl/CMakeLists.linux-aarch64.txt b/ydb/library/ycloud/impl/CMakeLists.linux-aarch64.txt index d3c4ab6ba62..51d18cfe544 100644 --- a/ydb/library/ycloud/impl/CMakeLists.linux-aarch64.txt +++ b/ydb/library/ycloud/impl/CMakeLists.linux-aarch64.txt @@ -27,6 +27,7 @@ target_sources(library-ycloud-impl PRIVATE ${CMAKE_SOURCE_DIR}/ydb/library/ycloud/impl/folder_service.cpp ${CMAKE_SOURCE_DIR}/ydb/library/ycloud/impl/folder_service_adapter.cpp ${CMAKE_SOURCE_DIR}/ydb/library/ycloud/impl/iam_token_service.cpp + ${CMAKE_SOURCE_DIR}/ydb/library/ycloud/impl/mock_access_service.cpp ${CMAKE_SOURCE_DIR}/ydb/library/ycloud/impl/service_account_service.cpp ${CMAKE_SOURCE_DIR}/ydb/library/ycloud/impl/user_account_service.cpp ) diff --git a/ydb/library/ycloud/impl/CMakeLists.linux-x86_64.txt b/ydb/library/ycloud/impl/CMakeLists.linux-x86_64.txt index d3c4ab6ba62..51d18cfe544 100644 --- a/ydb/library/ycloud/impl/CMakeLists.linux-x86_64.txt +++ b/ydb/library/ycloud/impl/CMakeLists.linux-x86_64.txt @@ -27,6 +27,7 @@ target_sources(library-ycloud-impl PRIVATE ${CMAKE_SOURCE_DIR}/ydb/library/ycloud/impl/folder_service.cpp ${CMAKE_SOURCE_DIR}/ydb/library/ycloud/impl/folder_service_adapter.cpp ${CMAKE_SOURCE_DIR}/ydb/library/ycloud/impl/iam_token_service.cpp + ${CMAKE_SOURCE_DIR}/ydb/library/ycloud/impl/mock_access_service.cpp ${CMAKE_SOURCE_DIR}/ydb/library/ycloud/impl/service_account_service.cpp ${CMAKE_SOURCE_DIR}/ydb/library/ycloud/impl/user_account_service.cpp ) diff --git a/ydb/library/ycloud/impl/CMakeLists.windows-x86_64.txt b/ydb/library/ycloud/impl/CMakeLists.windows-x86_64.txt index 930273011ab..ca5612d8029 100644 --- a/ydb/library/ycloud/impl/CMakeLists.windows-x86_64.txt +++ b/ydb/library/ycloud/impl/CMakeLists.windows-x86_64.txt @@ -26,6 +26,7 @@ target_sources(library-ycloud-impl PRIVATE ${CMAKE_SOURCE_DIR}/ydb/library/ycloud/impl/folder_service.cpp ${CMAKE_SOURCE_DIR}/ydb/library/ycloud/impl/folder_service_adapter.cpp ${CMAKE_SOURCE_DIR}/ydb/library/ycloud/impl/iam_token_service.cpp + ${CMAKE_SOURCE_DIR}/ydb/library/ycloud/impl/mock_access_service.cpp ${CMAKE_SOURCE_DIR}/ydb/library/ycloud/impl/service_account_service.cpp ${CMAKE_SOURCE_DIR}/ydb/library/ycloud/impl/user_account_service.cpp ) diff --git a/ydb/library/ycloud/impl/mock_access_service.cpp b/ydb/library/ycloud/impl/mock_access_service.cpp new file mode 100644 index 00000000000..434fcbf3e7e --- /dev/null +++ b/ydb/library/ycloud/impl/mock_access_service.cpp @@ -0,0 +1,49 @@ +#include <library/cpp/actors/core/actorsystem.h> +#include <library/cpp/actors/core/actor.h> +#include <library/cpp/json/json_value.h> +#include <ydb/public/api/client/yc_private/servicecontrol/access_service.grpc.pb.h> +#include "access_service.h" +#include "grpc_service_client.h" +#include "grpc_service_cache.h" + +namespace NCloud { + +using namespace NKikimr; + +class TAccessServiceMock + : public NActors::TActor<TAccessServiceMock> { + using TThis = TAccessServiceMock; + using TBase = NActors::TActor<TAccessServiceMock>; + +public: + TAccessServiceMock() + : TBase(&TThis::StateWork) { + } + + void Handle(TEvAccessService::TEvAuthenticateRequest::TPtr& ev) { + auto result = std::make_unique<TEvAccessService::TEvAuthenticateResponse>(); + result->Response.mutable_subject()->mutable_user_account()->set_federation_id("mock"); + result->Status.Ok(); + Send(ev->Sender, result.release()); + } + + void Handle(TEvAccessService::TEvAuthorizeRequest::TPtr& ev) { + auto result = std::make_unique<TEvAccessService::TEvAuthorizeResponse>(); + result->Status = NGrpc::TGrpcStatus("Unimplemented", 1, true); + Send(ev->Sender, result.release()); + } + + STATEFN(StateWork) { + switch (ev->GetTypeRewrite()) { + hFunc(TEvAccessService::TEvAuthenticateRequest, Handle) + hFunc(TEvAccessService::TEvAuthorizeRequest, Handle) + cFunc(NActors::TEvents::TEvPoisonPill::EventType, PassAway) + } + } +}; + +IActor* CreateMockAccessServiceWithCache() { + return new TAccessServiceMock(); +} + +} diff --git a/ydb/library/ycloud/impl/mock_access_service.h b/ydb/library/ycloud/impl/mock_access_service.h new file mode 100644 index 00000000000..f009629602f --- /dev/null +++ b/ydb/library/ycloud/impl/mock_access_service.h @@ -0,0 +1,8 @@ +#pragma once +#include <library/cpp/actors/core/actor.h> + +namespace NCloud { + +NActors::IActor* CreateMockAccessServiceWithCache(); // for compatibility with older code + +} |