diff options
| author | ivanmorozov <ivanmorozov@yandex-team.com> | 2023-04-22 14:23:21 +0300 |
|---|---|---|
| committer | ivanmorozov <ivanmorozov@yandex-team.com> | 2023-04-22 14:23:21 +0300 |
| commit | df5a79c1d79bd43b59083a9890ce0a59c257aa3e (patch) | |
| tree | 3951a0c189090237f94dd7d60e258294bc0e7319 | |
| parent | 36bc783bf7de3742cf39a98b88972294e02ba4a5 (diff) | |
| download | ydb-df5a79c1d79bd43b59083a9890ce0a59c257aa3e.tar.gz | |
Revert commit 37c6e37eb1ac413488ac76a850996a067bc91937
45 files changed, 156 insertions, 1009 deletions
diff --git a/ydb/core/client/server/CMakeLists.darwin-x86_64.txt b/ydb/core/client/server/CMakeLists.darwin-x86_64.txt index b620712f4dd..7a21a804543 100644 --- a/ydb/core/client/server/CMakeLists.darwin-x86_64.txt +++ b/ydb/core/client/server/CMakeLists.darwin-x86_64.txt @@ -31,7 +31,6 @@ target_link_libraries(core-client-server PUBLIC ydb-core-engine core-engine-minikql ydb-core-grpc_services - core-grpc_services-auth_processor core-grpc_services-base ydb-core-keyvalue core-kqp-common @@ -54,6 +53,7 @@ target_link_libraries(core-client-server PUBLIC cpp-deprecated-atomic ) target_sources(core-client-server PRIVATE + ${CMAKE_SOURCE_DIR}/ydb/core/client/server/dynamic_node_auth_processor.cpp ${CMAKE_SOURCE_DIR}/ydb/core/client/server/http_ping.cpp ${CMAKE_SOURCE_DIR}/ydb/core/client/server/msgbus_blobstorage_config.cpp ${CMAKE_SOURCE_DIR}/ydb/core/client/server/msgbus_bsadm.cpp diff --git a/ydb/core/client/server/CMakeLists.linux-aarch64.txt b/ydb/core/client/server/CMakeLists.linux-aarch64.txt index 36a40015b50..19c69222682 100644 --- a/ydb/core/client/server/CMakeLists.linux-aarch64.txt +++ b/ydb/core/client/server/CMakeLists.linux-aarch64.txt @@ -32,7 +32,6 @@ target_link_libraries(core-client-server PUBLIC ydb-core-engine core-engine-minikql ydb-core-grpc_services - core-grpc_services-auth_processor core-grpc_services-base ydb-core-keyvalue core-kqp-common @@ -55,6 +54,7 @@ target_link_libraries(core-client-server PUBLIC cpp-deprecated-atomic ) target_sources(core-client-server PRIVATE + ${CMAKE_SOURCE_DIR}/ydb/core/client/server/dynamic_node_auth_processor.cpp ${CMAKE_SOURCE_DIR}/ydb/core/client/server/http_ping.cpp ${CMAKE_SOURCE_DIR}/ydb/core/client/server/msgbus_blobstorage_config.cpp ${CMAKE_SOURCE_DIR}/ydb/core/client/server/msgbus_bsadm.cpp diff --git a/ydb/core/client/server/CMakeLists.linux-x86_64.txt b/ydb/core/client/server/CMakeLists.linux-x86_64.txt index 36a40015b50..19c69222682 100644 --- a/ydb/core/client/server/CMakeLists.linux-x86_64.txt +++ b/ydb/core/client/server/CMakeLists.linux-x86_64.txt @@ -32,7 +32,6 @@ target_link_libraries(core-client-server PUBLIC ydb-core-engine core-engine-minikql ydb-core-grpc_services - core-grpc_services-auth_processor core-grpc_services-base ydb-core-keyvalue core-kqp-common @@ -55,6 +54,7 @@ target_link_libraries(core-client-server PUBLIC cpp-deprecated-atomic ) target_sources(core-client-server PRIVATE + ${CMAKE_SOURCE_DIR}/ydb/core/client/server/dynamic_node_auth_processor.cpp ${CMAKE_SOURCE_DIR}/ydb/core/client/server/http_ping.cpp ${CMAKE_SOURCE_DIR}/ydb/core/client/server/msgbus_blobstorage_config.cpp ${CMAKE_SOURCE_DIR}/ydb/core/client/server/msgbus_bsadm.cpp diff --git a/ydb/core/client/server/CMakeLists.windows-x86_64.txt b/ydb/core/client/server/CMakeLists.windows-x86_64.txt index b620712f4dd..7a21a804543 100644 --- a/ydb/core/client/server/CMakeLists.windows-x86_64.txt +++ b/ydb/core/client/server/CMakeLists.windows-x86_64.txt @@ -31,7 +31,6 @@ target_link_libraries(core-client-server PUBLIC ydb-core-engine core-engine-minikql ydb-core-grpc_services - core-grpc_services-auth_processor core-grpc_services-base ydb-core-keyvalue core-kqp-common @@ -54,6 +53,7 @@ target_link_libraries(core-client-server PUBLIC cpp-deprecated-atomic ) target_sources(core-client-server PRIVATE + ${CMAKE_SOURCE_DIR}/ydb/core/client/server/dynamic_node_auth_processor.cpp ${CMAKE_SOURCE_DIR}/ydb/core/client/server/http_ping.cpp ${CMAKE_SOURCE_DIR}/ydb/core/client/server/msgbus_blobstorage_config.cpp ${CMAKE_SOURCE_DIR}/ydb/core/client/server/msgbus_bsadm.cpp diff --git a/ydb/core/grpc_services/auth_processor/dynamic_node_auth_processor.cpp b/ydb/core/client/server/dynamic_node_auth_processor.cpp index 394def2f52c..394def2f52c 100644 --- a/ydb/core/grpc_services/auth_processor/dynamic_node_auth_processor.cpp +++ b/ydb/core/client/server/dynamic_node_auth_processor.cpp diff --git a/ydb/core/grpc_services/auth_processor/dynamic_node_auth_processor.h b/ydb/core/client/server/dynamic_node_auth_processor.h index bafd4855b68..bafd4855b68 100644 --- a/ydb/core/grpc_services/auth_processor/dynamic_node_auth_processor.h +++ b/ydb/core/client/server/dynamic_node_auth_processor.h diff --git a/ydb/core/client/server/grpc_server.h b/ydb/core/client/server/grpc_server.h index 267de686f5a..7f1a4b9ea71 100644 --- a/ydb/core/client/server/grpc_server.h +++ b/ydb/core/client/server/grpc_server.h @@ -1,5 +1,5 @@ #pragma once -#include <ydb/core/grpc_services/auth_processor/dynamic_node_auth_processor.h> +#include "dynamic_node_auth_processor.h" #include <ydb/core/protos/grpc.grpc.pb.h> diff --git a/ydb/core/client/server/msgbus_server.h b/ydb/core/client/server/msgbus_server.h index df4ad2da596..0e6da0ecbb3 100644 --- a/ydb/core/client/server/msgbus_server.h +++ b/ydb/core/client/server/msgbus_server.h @@ -1,5 +1,5 @@ #pragma once -#include <ydb/core/grpc_services/auth_processor/dynamic_node_auth_processor.h> +#include "dynamic_node_auth_processor.h" #include <library/cpp/actors/core/actorsystem.h> #include <library/cpp/actors/core/actor_bootstrapped.h> #include <ydb/public/lib/base/defs.h> diff --git a/ydb/core/client/server/msgbus_server_node_registration.cpp b/ydb/core/client/server/msgbus_server_node_registration.cpp index ac87b12bd59..e19f2c0524f 100644 --- a/ydb/core/client/server/msgbus_server_node_registration.cpp +++ b/ydb/core/client/server/msgbus_server_node_registration.cpp @@ -23,7 +23,7 @@ class TNodeRegistrationActor : public TActorBootstrapped<TNodeRegistrationActor> struct TNodeAuthorizationResult { bool IsAuthorized = false; - bool IsCertificateUsed = false; + bool IsCertififateUsed = false; operator bool() const { return IsAuthorized; @@ -88,7 +88,7 @@ public: if (Request.HasPath()) { request->Record.SetPath(Request.GetPath()); } - request->Record.SetAuthorizedByCertificate(nodeAuthorizationResult.IsCertificateUsed); + request->Record.SetAuthorizedByCertificate(nodeAuthorizationResult.IsCertififateUsed); NTabletPipe::SendData(ctx, NodeBrokerPipe, request.Release()); @@ -185,7 +185,7 @@ public: private: TNodeAuthorizationResult IsNodeAuthorized() { - TNodeAuthorizationResult result {.IsAuthorized = false, .IsCertificateUsed = false}; + TNodeAuthorizationResult result {.IsAuthorized = false, .IsCertififateUsed = false}; auto* appdata = AppData(); if (appdata && appdata->FeatureFlags.GetEnableDynamicNodeAuthorization() && DynamicNodeAuthorizationParams) { const auto& nodeAuthValues = FindClientCert(); @@ -212,7 +212,7 @@ private: Response.MutableStatus()->SetReason("Cannot authorize node with host: " + host); return result; } - result.IsCertificateUsed = true; + result.IsCertififateUsed = true; } result.IsAuthorized = true; return result;; diff --git a/ydb/core/driver_lib/cli_utils/CMakeLists.darwin-x86_64.txt b/ydb/core/driver_lib/cli_utils/CMakeLists.darwin-x86_64.txt index 9283d5e78f1..2e8256f0ccd 100644 --- a/ydb/core/driver_lib/cli_utils/CMakeLists.darwin-x86_64.txt +++ b/ydb/core/driver_lib/cli_utils/CMakeLists.darwin-x86_64.txt @@ -37,8 +37,6 @@ target_link_libraries(cli_utils PUBLIC api-grpc-draft lib-deprecated-client common - cpp-client-ydb_discovery - cpp-client-ydb_driver ) target_sources(cli_utils PRIVATE ${CMAKE_SOURCE_DIR}/ydb/core/driver_lib/cli_utils/cli.cpp diff --git a/ydb/core/driver_lib/cli_utils/CMakeLists.linux-aarch64.txt b/ydb/core/driver_lib/cli_utils/CMakeLists.linux-aarch64.txt index 21aefec97bb..e54a367187b 100644 --- a/ydb/core/driver_lib/cli_utils/CMakeLists.linux-aarch64.txt +++ b/ydb/core/driver_lib/cli_utils/CMakeLists.linux-aarch64.txt @@ -38,8 +38,6 @@ target_link_libraries(cli_utils PUBLIC api-grpc-draft lib-deprecated-client common - cpp-client-ydb_discovery - cpp-client-ydb_driver ) target_sources(cli_utils PRIVATE ${CMAKE_SOURCE_DIR}/ydb/core/driver_lib/cli_utils/cli.cpp diff --git a/ydb/core/driver_lib/cli_utils/CMakeLists.linux-x86_64.txt b/ydb/core/driver_lib/cli_utils/CMakeLists.linux-x86_64.txt index 21aefec97bb..e54a367187b 100644 --- a/ydb/core/driver_lib/cli_utils/CMakeLists.linux-x86_64.txt +++ b/ydb/core/driver_lib/cli_utils/CMakeLists.linux-x86_64.txt @@ -38,8 +38,6 @@ target_link_libraries(cli_utils PUBLIC api-grpc-draft lib-deprecated-client common - cpp-client-ydb_discovery - cpp-client-ydb_driver ) target_sources(cli_utils PRIVATE ${CMAKE_SOURCE_DIR}/ydb/core/driver_lib/cli_utils/cli.cpp diff --git a/ydb/core/driver_lib/cli_utils/CMakeLists.windows-x86_64.txt b/ydb/core/driver_lib/cli_utils/CMakeLists.windows-x86_64.txt index 9283d5e78f1..2e8256f0ccd 100644 --- a/ydb/core/driver_lib/cli_utils/CMakeLists.windows-x86_64.txt +++ b/ydb/core/driver_lib/cli_utils/CMakeLists.windows-x86_64.txt @@ -37,8 +37,6 @@ target_link_libraries(cli_utils PUBLIC api-grpc-draft lib-deprecated-client common - cpp-client-ydb_discovery - cpp-client-ydb_driver ) target_sources(cli_utils PRIVATE ${CMAKE_SOURCE_DIR}/ydb/core/driver_lib/cli_utils/cli.cpp diff --git a/ydb/core/driver_lib/cli_utils/cli_cmds_server.cpp b/ydb/core/driver_lib/cli_utils/cli_cmds_server.cpp index 7667fad0015..c04b96b0d66 100644 --- a/ydb/core/driver_lib/cli_utils/cli_cmds_server.cpp +++ b/ydb/core/driver_lib/cli_utils/cli_cmds_server.cpp @@ -14,9 +14,6 @@ #include <util/system/hostname.h> #include <google/protobuf/text_format.h> -#include <ydb/public/sdk/cpp/client/ydb_discovery/discovery.h> -#include <ydb/public/sdk/cpp/client/ydb_driver/driver.h> - extern TAutoPtr<NKikimrConfig::TActorSystemConfig> DummyActorSystemConfig(); extern TAutoPtr<NKikimrConfig::TAllocatorConfig> DummyAllocatorConfig(); @@ -905,65 +902,7 @@ protected: LoadConfigForDynamicNode(); } - NYdb::NDiscovery::TNodeRegistrationSettings GetNodeRegistrationSettings(const TString &domainName, - const TString &nodeHost, - const TString &nodeAddress, - const TString &nodeResolveHost, - const TMaybe<TString>& path) { - NYdb::NDiscovery::TNodeRegistrationSettings settings; - settings.Host(nodeHost); - settings.Port(InterconnectPort); - settings.ResolveHost(nodeResolveHost); - settings.Address(nodeAddress); - settings.DomainPath(domainName); - settings.FixedNodeId(FixedNodeID); - if (path) { - settings.Path(*path); - } - - NYdb::NDiscovery::TNodeLocation location; - location.DataCenterNum = DataCenterFromString(DataCenter); - location.RoomNum = 0; - location.RackNum = RackFromString(Rack); - location.BodyNum = Body; - location.DataCenter = DataCenter; - location.Rack = Rack; - location.Unit = ToString(Body); - - settings.Location(location); - return settings; - } - - NYdb::NDiscovery::TNodeRegistrationResult TryToRegisterDynamicNodeViaDiscoveryService( - const TString &addr, - const TString &domainName, - const TString &nodeHost, - const TString &nodeAddress, - const TString &nodeResolveHost, - const TMaybe<TString>& path) { - TCommandConfig::TServerEndpoint endpoint = TCommandConfig::ParseServerAddress(addr); - NYdb::TDriverConfig config; - if (endpoint.EnableSsl.Defined()) { - if (PathToGrpcCaFile) { - config.UseSecureConnection(ReadFromFile(PathToGrpcCaFile, "CA certificates").c_str()); - } - if (PathToGrpcCertFile && PathToGrpcPrivateKeyFile) { - auto certificate = ReadFromFile(PathToGrpcCertFile, "Client certificates"); - auto privateKey = ReadFromFile(PathToGrpcPrivateKeyFile, "Client certificates key"); - config.UseClientCertificate(certificate.c_str(), privateKey.c_str()); - } - } - config.SetAuthToken(BUILTIN_ACL_ROOT); - config.SetEndpoint(endpoint.Address); - auto connection = NYdb::TDriver(config); - - auto client = NYdb::NDiscovery::TDiscoveryClient(connection); - NYdb::NDiscovery::TNodeRegistrationResult result = client.NodeRegistration(GetNodeRegistrationSettings(domainName, nodeHost, nodeAddress, nodeResolveHost, path)).GetValueSync(); - connection.Stop(true); - return result; - } - - THolder<NClient::TRegistrationResult> TryToRegisterDynamicNodeViaLegacyService( + THolder<NClient::TRegistrationResult> TryToRegisterDynamicNode( const TString &addr, const TString &domainName, const TString &nodeHost, @@ -986,6 +925,8 @@ protected: legacy.SetBodyNum(Body); loc.InheritLegacyValue(TNodeLocation(legacy)); + Cout << "Trying to register at " << addr << Endl; + return MakeHolder<NClient::TRegistrationResult> (registrant.SyncRegisterNode(ToString(domainName), nodeHost, @@ -1028,84 +969,31 @@ protected: return {}; } - NYdb::NDiscovery::TNodeRegistrationResult RegisterDynamicNodeViaDiscoveryService(const TVector<TString>& addrs, const TString& domainName) { - NYdb::NDiscovery::TNodeRegistrationResult result; - const size_t maxNumberRecivedCallUnimplemented = 5; - size_t currentNumberRecivedCallUnimplemented = 0; - while (!result.IsSuccess() && currentNumberRecivedCallUnimplemented < maxNumberRecivedCallUnimplemented) { - for (auto addr : addrs) { - result = TryToRegisterDynamicNodeViaDiscoveryService(addr, domainName, NodeHost, NodeAddress, NodeResolveHost, GetSchemePath()); - if (result.IsSuccess()) { - Cout << "Success. Registered via discovery service as " << result.GetNodeId() << Endl; - break; - } - Cerr << "Registration error: " << static_cast<NYdb::TStatus>(result) << Endl; - } - if (!result.IsSuccess()) { - Sleep(TDuration::Seconds(1)); - if (result.GetStatus() == NYdb::EStatus::CLIENT_CALL_UNIMPLEMENTED) { - currentNumberRecivedCallUnimplemented++; - } - } - } - return result; - } + void RegisterDynamicNode() { + TVector<TString> addrs; + auto &dnConfig = *RunConfig.AppConfig.MutableDynamicNodeConfig(); - void ProcessRegistrationDynamicNodeResult(const NYdb::NDiscovery::TNodeRegistrationResult& result) { - RunConfig.NodeId = result.GetNodeId(); - RunConfig.ScopeId = TKikimrScopeId({result.GetScopeTabletId(), result.GetScopePathId()}); + FillClusterEndpoints(addrs); - auto &nsConfig = *RunConfig.AppConfig.MutableNameserviceConfig(); - nsConfig.ClearNode(); + if (!InterconnectPort) + ythrow yexception() << "Either --node or --ic-port should be specified"; - auto &dnConfig = *RunConfig.AppConfig.MutableDynamicNodeConfig(); - for (auto &node : result.GetNodes()) { - if (node.NodeId == result.GetNodeId()) { - auto confNode = dnConfig.MutableNodeInfo(); - confNode->SetNodeId(node.NodeId); - confNode->SetHost(node.Host); - confNode->SetPort(node.Port); - confNode->SetResolveHost(node.ResolveHost); - confNode->SetAddress(node.Address); - confNode->SetExpire(node.Expire); - auto location = confNode->MutableLocation(); - location->SetDataCenterNum(node.Location.DataCenterNum); - location->SetRoomNum(node.Location.RoomNum); - location->SetRackNum(node.Location.RackNum); - location->SetBodyNum(node.Location.BodyNum); - location->SetBody(node.Location.Body); - location->SetDataCenter(node.Location.DataCenter); - location->SetModule(node.Location.Module); - location->SetRack(node.Location.Rack); - location->SetUnit(node.Location.Unit); - } else { - auto &info = *nsConfig.AddNode(); - info.SetNodeId(node.NodeId); - info.SetAddress(node.Address); - info.SetPort(node.Port); - info.SetHost(node.Host); - info.SetInterconnectHost(node.ResolveHost); - auto location = info.MutableLocation(); - location->SetDataCenterNum(node.Location.DataCenterNum); - location->SetRoomNum(node.Location.RoomNum); - location->SetRackNum(node.Location.RackNum); - location->SetBodyNum(node.Location.BodyNum); - location->SetBody(node.Location.Body); - location->SetDataCenter(node.Location.DataCenter); - location->SetModule(node.Location.Module); - location->SetRack(node.Location.Rack); - location->SetUnit(node.Location.Unit); - } + if (addrs.empty()) { + ythrow yexception() << "List of Node Broker end-points is empty"; } - } - THolder<NClient::TRegistrationResult> RegisterDynamicNodeViaLegacyService(const TVector<TString>& addrs, const TString& domainName) { + TString domainName = DeduceNodeDomain(); + if (!NodeHost) + NodeHost = FQDNHostName(); + if (!NodeResolveHost) + NodeResolveHost = NodeHost; + THolder<NClient::TRegistrationResult> result; while (!result || !result->IsSuccess()) { for (auto addr : addrs) { - result = TryToRegisterDynamicNodeViaLegacyService(addr, domainName, NodeHost, NodeAddress, NodeResolveHost, GetSchemePath()); + result = TryToRegisterDynamicNode(addr, domainName, NodeHost, NodeAddress, NodeResolveHost, GetSchemePath()); if (result->IsSuccess()) { - Cout << "Success. Registered via legacy service as " << result->GetNodeId() << Endl; + Cout << "Success. Registered as " << result->GetNodeId() << Endl; break; } Cerr << "Registration error: " << result->GetErrorMessage() << Endl; @@ -1118,17 +1006,12 @@ protected: if (!result->IsSuccess()) ythrow yexception() << "Cannot register dynamic node: " << result->GetErrorMessage(); - return result; - } - - void ProcessRegistrationDynamicNodeResult(const THolder<NClient::TRegistrationResult>& result) { RunConfig.NodeId = result->GetNodeId(); RunConfig.ScopeId = TKikimrScopeId(result->GetScopeId()); - auto &nsConfig = *RunConfig.AppConfig.MutableNameserviceConfig(); + nsConfig.ClearNode(); - auto &dnConfig = *RunConfig.AppConfig.MutableDynamicNodeConfig(); for (auto &node : result->Record().GetNodes()) { if (node.GetNodeId() == result->GetNodeId()) { dnConfig.MutableNodeInfo()->CopyFrom(node); @@ -1144,33 +1027,6 @@ protected: } } - void RegisterDynamicNode() { - TVector<TString> addrs; - - FillClusterEndpoints(addrs); - - if (!InterconnectPort) - ythrow yexception() << "Either --node or --ic-port should be specified"; - - if (addrs.empty()) { - ythrow yexception() << "List of Node Broker end-points is empty"; - } - - TString domainName = DeduceNodeDomain(); - if (!NodeHost) - NodeHost = FQDNHostName(); - if (!NodeResolveHost) - NodeResolveHost = NodeHost; - - NYdb::NDiscovery::TNodeRegistrationResult result = RegisterDynamicNodeViaDiscoveryService(addrs, domainName); - if (result.IsSuccess()) { - ProcessRegistrationDynamicNodeResult(result); - } else { - THolder<NClient::TRegistrationResult> result = RegisterDynamicNodeViaLegacyService(addrs, domainName); - ProcessRegistrationDynamicNodeResult(result); - } - } - void ApplyConfigForNode(NKikimrConfig::TAppConfig &appConfig) { AppConfig.Swap(&appConfig); // Dynamic node config is defined by options and Node Broker response. diff --git a/ydb/core/driver_lib/run/CMakeLists.darwin-x86_64.txt b/ydb/core/driver_lib/run/CMakeLists.darwin-x86_64.txt index abd366bbc02..cce9e766c78 100644 --- a/ydb/core/driver_lib/run/CMakeLists.darwin-x86_64.txt +++ b/ydb/core/driver_lib/run/CMakeLists.darwin-x86_64.txt @@ -59,7 +59,6 @@ target_link_libraries(run PUBLIC fq-libs-logs ydb-core-grpc_services core-grpc_services-base - core-grpc_services-auth_processor ydb-core-health_check ydb-core-http_proxy core-kesus-proxy diff --git a/ydb/core/driver_lib/run/CMakeLists.linux-aarch64.txt b/ydb/core/driver_lib/run/CMakeLists.linux-aarch64.txt index b91ef81bb0c..6c34ef2660f 100644 --- a/ydb/core/driver_lib/run/CMakeLists.linux-aarch64.txt +++ b/ydb/core/driver_lib/run/CMakeLists.linux-aarch64.txt @@ -60,7 +60,6 @@ target_link_libraries(run PUBLIC fq-libs-logs ydb-core-grpc_services core-grpc_services-base - core-grpc_services-auth_processor ydb-core-health_check ydb-core-http_proxy core-kesus-proxy diff --git a/ydb/core/driver_lib/run/CMakeLists.linux-x86_64.txt b/ydb/core/driver_lib/run/CMakeLists.linux-x86_64.txt index b91ef81bb0c..6c34ef2660f 100644 --- a/ydb/core/driver_lib/run/CMakeLists.linux-x86_64.txt +++ b/ydb/core/driver_lib/run/CMakeLists.linux-x86_64.txt @@ -60,7 +60,6 @@ target_link_libraries(run PUBLIC fq-libs-logs ydb-core-grpc_services core-grpc_services-base - core-grpc_services-auth_processor ydb-core-health_check ydb-core-http_proxy core-kesus-proxy diff --git a/ydb/core/driver_lib/run/CMakeLists.windows-x86_64.txt b/ydb/core/driver_lib/run/CMakeLists.windows-x86_64.txt index abd366bbc02..cce9e766c78 100644 --- a/ydb/core/driver_lib/run/CMakeLists.windows-x86_64.txt +++ b/ydb/core/driver_lib/run/CMakeLists.windows-x86_64.txt @@ -59,7 +59,6 @@ target_link_libraries(run PUBLIC fq-libs-logs ydb-core-grpc_services core-grpc_services-base - core-grpc_services-auth_processor ydb-core-health_check ydb-core-http_proxy core-kesus-proxy diff --git a/ydb/core/driver_lib/run/cert_auth_props.h b/ydb/core/driver_lib/run/cert_auth_props.h index 2b69e6aaff9..9415c229a25 100644 --- a/ydb/core/driver_lib/run/cert_auth_props.h +++ b/ydb/core/driver_lib/run/cert_auth_props.h @@ -1,6 +1,6 @@ #pragma once -#include <ydb/core/grpc_services/auth_processor/dynamic_node_auth_processor.h> +#include <ydb/core/client/server/dynamic_node_auth_processor.h> #include <ydb/core/protos/config.pb.h> #include <util/generic/string.h> diff --git a/ydb/core/driver_lib/run/run.cpp b/ydb/core/driver_lib/run/run.cpp index 8c7fb189c16..ed8e85e3256 100644 --- a/ydb/core/driver_lib/run/run.cpp +++ b/ydb/core/driver_lib/run/run.cpp @@ -816,19 +816,13 @@ void TKikimrRunner::InitializeGRpc(const TKikimrRunConfig& runConfig) { } if (hasDiscovery) { - auto discoveryService = new NGRpcService::TGRpcDiscoveryService(ActorSystem.Get(), Counters,grpcRequestProxies[0], hasDiscovery.IsRlAllowed()); - if (!opts.SslData.Empty()) { - discoveryService->SetDynamicNodeAuthParams(GetDynamicNodeAuthorizationParams(appConfig.GetClientCertificateAuthorization())); - } - server.AddService(discoveryService); + server.AddService(new NGRpcService::TGRpcDiscoveryService(ActorSystem.Get(), Counters, + grpcRequestProxies[0], hasDiscovery.IsRlAllowed())); } if (hasLocalDiscovery) { - auto localDiscoveryService = new NGRpcService::TGRpcLocalDiscoveryService(grpcConfig, ActorSystem.Get(), Counters, grpcRequestProxies[0]); - if (!opts.SslData.Empty()) { - localDiscoveryService->SetDynamicNodeAuthParams(GetDynamicNodeAuthorizationParams(appConfig.GetClientCertificateAuthorization())); - } - server.AddService(localDiscoveryService); + server.AddService(new NGRpcService::TGRpcLocalDiscoveryService(grpcConfig, ActorSystem.Get(), Counters, + grpcRequestProxies[0])); } if (hasRateLimiter) { diff --git a/ydb/core/grpc_services/CMakeLists.darwin-x86_64.txt b/ydb/core/grpc_services/CMakeLists.darwin-x86_64.txt index e3a9e226cd4..1a2b9d919b4 100644 --- a/ydb/core/grpc_services/CMakeLists.darwin-x86_64.txt +++ b/ydb/core/grpc_services/CMakeLists.darwin-x86_64.txt @@ -6,7 +6,6 @@ # original buildsystem will not be accepted. -add_subdirectory(auth_processor) add_subdirectory(base) add_subdirectory(cancelation) add_subdirectory(counters) @@ -35,7 +34,6 @@ target_link_libraries(ydb-core-grpc_services PUBLIC core-grpc_services-counters core-grpc_services-local_rpc core-grpc_services-cancelation - core-grpc_services-auth_processor ydb-core-health_check ydb-core-io_formats core-kesus-tablet @@ -113,7 +111,6 @@ target_sources(ydb-core-grpc_services PRIVATE ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_load_rows.cpp ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_log_store.cpp ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_long_tx.cpp - ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_node_registration.cpp ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_make_directory.cpp ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_modify_permissions.cpp ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_monitoring.cpp diff --git a/ydb/core/grpc_services/CMakeLists.linux-aarch64.txt b/ydb/core/grpc_services/CMakeLists.linux-aarch64.txt index 9505e9b60eb..5ca6b9ce2e5 100644 --- a/ydb/core/grpc_services/CMakeLists.linux-aarch64.txt +++ b/ydb/core/grpc_services/CMakeLists.linux-aarch64.txt @@ -6,7 +6,6 @@ # original buildsystem will not be accepted. -add_subdirectory(auth_processor) add_subdirectory(base) add_subdirectory(cancelation) add_subdirectory(counters) @@ -36,7 +35,6 @@ target_link_libraries(ydb-core-grpc_services PUBLIC core-grpc_services-counters core-grpc_services-local_rpc core-grpc_services-cancelation - core-grpc_services-auth_processor ydb-core-health_check ydb-core-io_formats core-kesus-tablet @@ -114,7 +112,6 @@ target_sources(ydb-core-grpc_services PRIVATE ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_load_rows.cpp ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_log_store.cpp ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_long_tx.cpp - ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_node_registration.cpp ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_make_directory.cpp ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_modify_permissions.cpp ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_monitoring.cpp diff --git a/ydb/core/grpc_services/CMakeLists.linux-x86_64.txt b/ydb/core/grpc_services/CMakeLists.linux-x86_64.txt index 9505e9b60eb..5ca6b9ce2e5 100644 --- a/ydb/core/grpc_services/CMakeLists.linux-x86_64.txt +++ b/ydb/core/grpc_services/CMakeLists.linux-x86_64.txt @@ -6,7 +6,6 @@ # original buildsystem will not be accepted. -add_subdirectory(auth_processor) add_subdirectory(base) add_subdirectory(cancelation) add_subdirectory(counters) @@ -36,7 +35,6 @@ target_link_libraries(ydb-core-grpc_services PUBLIC core-grpc_services-counters core-grpc_services-local_rpc core-grpc_services-cancelation - core-grpc_services-auth_processor ydb-core-health_check ydb-core-io_formats core-kesus-tablet @@ -114,7 +112,6 @@ target_sources(ydb-core-grpc_services PRIVATE ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_load_rows.cpp ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_log_store.cpp ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_long_tx.cpp - ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_node_registration.cpp ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_make_directory.cpp ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_modify_permissions.cpp ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_monitoring.cpp diff --git a/ydb/core/grpc_services/CMakeLists.windows-x86_64.txt b/ydb/core/grpc_services/CMakeLists.windows-x86_64.txt index e3a9e226cd4..1a2b9d919b4 100644 --- a/ydb/core/grpc_services/CMakeLists.windows-x86_64.txt +++ b/ydb/core/grpc_services/CMakeLists.windows-x86_64.txt @@ -6,7 +6,6 @@ # original buildsystem will not be accepted. -add_subdirectory(auth_processor) add_subdirectory(base) add_subdirectory(cancelation) add_subdirectory(counters) @@ -35,7 +34,6 @@ target_link_libraries(ydb-core-grpc_services PUBLIC core-grpc_services-counters core-grpc_services-local_rpc core-grpc_services-cancelation - core-grpc_services-auth_processor ydb-core-health_check ydb-core-io_formats core-kesus-tablet @@ -113,7 +111,6 @@ target_sources(ydb-core-grpc_services PRIVATE ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_load_rows.cpp ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_log_store.cpp ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_long_tx.cpp - ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_node_registration.cpp ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_make_directory.cpp ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_modify_permissions.cpp ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/rpc_monitoring.cpp diff --git a/ydb/core/grpc_services/auth_processor/CMakeLists.darwin-x86_64.txt b/ydb/core/grpc_services/auth_processor/CMakeLists.darwin-x86_64.txt deleted file mode 100644 index 0671197fd03..00000000000 --- a/ydb/core/grpc_services/auth_processor/CMakeLists.darwin-x86_64.txt +++ /dev/null @@ -1,19 +0,0 @@ - -# This file was generated by the build system used internally in the Yandex monorepo. -# Only simple modifications are allowed (adding source-files to targets, adding simple properties -# like target_include_directories). These modifications will be ported to original -# ya.make files by maintainers. Any complex modifications which can't be ported back to the -# original buildsystem will not be accepted. - - -find_package(OpenSSL REQUIRED) - -add_library(core-grpc_services-auth_processor) -target_link_libraries(core-grpc_services-auth_processor PUBLIC - contrib-libs-cxxsupp - yutil - OpenSSL::OpenSSL -) -target_sources(core-grpc_services-auth_processor PRIVATE - ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/auth_processor/dynamic_node_auth_processor.cpp -) diff --git a/ydb/core/grpc_services/auth_processor/CMakeLists.linux-aarch64.txt b/ydb/core/grpc_services/auth_processor/CMakeLists.linux-aarch64.txt deleted file mode 100644 index 2b3e17d3202..00000000000 --- a/ydb/core/grpc_services/auth_processor/CMakeLists.linux-aarch64.txt +++ /dev/null @@ -1,20 +0,0 @@ - -# This file was generated by the build system used internally in the Yandex monorepo. -# Only simple modifications are allowed (adding source-files to targets, adding simple properties -# like target_include_directories). These modifications will be ported to original -# ya.make files by maintainers. Any complex modifications which can't be ported back to the -# original buildsystem will not be accepted. - - -find_package(OpenSSL REQUIRED) - -add_library(core-grpc_services-auth_processor) -target_link_libraries(core-grpc_services-auth_processor PUBLIC - contrib-libs-linux-headers - contrib-libs-cxxsupp - yutil - OpenSSL::OpenSSL -) -target_sources(core-grpc_services-auth_processor PRIVATE - ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/auth_processor/dynamic_node_auth_processor.cpp -) diff --git a/ydb/core/grpc_services/auth_processor/CMakeLists.linux-x86_64.txt b/ydb/core/grpc_services/auth_processor/CMakeLists.linux-x86_64.txt deleted file mode 100644 index 2b3e17d3202..00000000000 --- a/ydb/core/grpc_services/auth_processor/CMakeLists.linux-x86_64.txt +++ /dev/null @@ -1,20 +0,0 @@ - -# This file was generated by the build system used internally in the Yandex monorepo. -# Only simple modifications are allowed (adding source-files to targets, adding simple properties -# like target_include_directories). These modifications will be ported to original -# ya.make files by maintainers. Any complex modifications which can't be ported back to the -# original buildsystem will not be accepted. - - -find_package(OpenSSL REQUIRED) - -add_library(core-grpc_services-auth_processor) -target_link_libraries(core-grpc_services-auth_processor PUBLIC - contrib-libs-linux-headers - contrib-libs-cxxsupp - yutil - OpenSSL::OpenSSL -) -target_sources(core-grpc_services-auth_processor PRIVATE - ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/auth_processor/dynamic_node_auth_processor.cpp -) diff --git a/ydb/core/grpc_services/auth_processor/CMakeLists.txt b/ydb/core/grpc_services/auth_processor/CMakeLists.txt deleted file mode 100644 index f8b31df0c11..00000000000 --- a/ydb/core/grpc_services/auth_processor/CMakeLists.txt +++ /dev/null @@ -1,17 +0,0 @@ - -# This file was generated by the build system used internally in the Yandex monorepo. -# Only simple modifications are allowed (adding source-files to targets, adding simple properties -# like target_include_directories). These modifications will be ported to original -# ya.make files by maintainers. Any complex modifications which can't be ported back to the -# original buildsystem will not be accepted. - - -if (CMAKE_SYSTEM_NAME STREQUAL "Linux" AND CMAKE_SYSTEM_PROCESSOR STREQUAL "aarch64" AND NOT HAVE_CUDA) - include(CMakeLists.linux-aarch64.txt) -elseif (CMAKE_SYSTEM_NAME STREQUAL "Darwin" AND CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64") - include(CMakeLists.darwin-x86_64.txt) -elseif (WIN32 AND CMAKE_SYSTEM_PROCESSOR STREQUAL "AMD64" AND NOT HAVE_CUDA) - include(CMakeLists.windows-x86_64.txt) -elseif (CMAKE_SYSTEM_NAME STREQUAL "Linux" AND CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64" AND NOT HAVE_CUDA) - include(CMakeLists.linux-x86_64.txt) -endif() diff --git a/ydb/core/grpc_services/auth_processor/CMakeLists.windows-x86_64.txt b/ydb/core/grpc_services/auth_processor/CMakeLists.windows-x86_64.txt deleted file mode 100644 index 0671197fd03..00000000000 --- a/ydb/core/grpc_services/auth_processor/CMakeLists.windows-x86_64.txt +++ /dev/null @@ -1,19 +0,0 @@ - -# This file was generated by the build system used internally in the Yandex monorepo. -# Only simple modifications are allowed (adding source-files to targets, adding simple properties -# like target_include_directories). These modifications will be ported to original -# ya.make files by maintainers. Any complex modifications which can't be ported back to the -# original buildsystem will not be accepted. - - -find_package(OpenSSL REQUIRED) - -add_library(core-grpc_services-auth_processor) -target_link_libraries(core-grpc_services-auth_processor PUBLIC - contrib-libs-cxxsupp - yutil - OpenSSL::OpenSSL -) -target_sources(core-grpc_services-auth_processor PRIVATE - ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/auth_processor/dynamic_node_auth_processor.cpp -) diff --git a/ydb/core/grpc_services/rpc_node_registration.cpp b/ydb/core/grpc_services/rpc_node_registration.cpp deleted file mode 100644 index f44cfafd98a..00000000000 --- a/ydb/core/grpc_services/rpc_node_registration.cpp +++ /dev/null @@ -1,276 +0,0 @@ -#include "service_discovery.h" - -#include <ydb/core/grpc_services/base/base.h> -#include <library/cpp/actors/core/actor_bootstrapped.h> -#include <library/cpp/actors/interconnect/interconnect.h> -#include <ydb/core/grpc_services/auth_processor/dynamic_node_auth_processor.h> -#include <ydb/core/base/tablet_pipe.h> -#include <ydb/core/base/appdata.h> -#include <ydb/core/mind/node_broker.h> -#include <ydb/core/protos/node_broker.pb.h> -#include <ydb/public/api/protos/ydb_discovery.pb.h> - -namespace NKikimr { -namespace NGRpcService { - -using namespace NKikimrNodeBroker; -using namespace NNodeBroker; - -using TEvNodeRegistrationRequest = TGrpcRequestOperationCall<Ydb::Discovery::NodeRegistrationRequest, - Ydb::Discovery::NodeRegistrationResponse>; - -class TNodeRegistrationRPC : public TActorBootstrapped<TNodeRegistrationRPC> { - using TActorBase = TActorBootstrapped<TNodeRegistrationRPC>; - - struct TNodeAuthorizationResult { - bool IsAuthorized = false; - bool IsCertificateUsed = false; - - operator bool() const { - return IsAuthorized; - } - }; - -public: - static constexpr NKikimrServices::TActivity::EType ActorActivityType() { - return NKikimrServices::TActivity::GRPC_REQ; - } - - TNodeRegistrationRPC(IRequestOpCtx* request, const TDynamicNodeAuthorizationParams& dynamicNodeAuthorizationParams) - : Request(request), DynamicNodeAuthorizationParams(dynamicNodeAuthorizationParams) - {} - - void Bootstrap(const TActorContext& ctx) { - auto req = dynamic_cast<TEvNodeRegistrationRequest*>(Request.get()); - Y_VERIFY(req, "Unexpected request type for TNodeRegistrationRPC"); - const TNodeAuthorizationResult nodeAuthorizationResult = IsNodeAuthorized(req->FindClientCert()); - if (!nodeAuthorizationResult.IsAuthorized) { - SendReplyAndDie(ctx); - } - - auto dinfo = AppData(ctx)->DomainsInfo; - ui32 group; - auto request = TEvNodeRegistrationRequest::GetProtoRequest(Request); - const TString& domainPath = request->domain_path(); - if (!domainPath.Empty()) { - auto *domain = dinfo->GetDomainByName(domainPath); - if (!domain) { - auto error = Sprintf("Unknown domain %s", domainPath.data()); - ReplyWithErrorAndDie(error, ctx); - return; - } - group = dinfo->GetDefaultStateStorageGroup(domain->DomainUid); - } else { - if (dinfo->Domains.size() > 1) { - auto error = "Ambiguous domain (specify DomainPath in request)"; - ReplyWithErrorAndDie(error, ctx); - return; - } - auto domain = dinfo->Domains.begin()->second; - group = dinfo->GetDefaultStateStorageGroup(domain->DomainUid); - } - - NTabletPipe::TClientConfig pipeConfig; - pipeConfig.RetryPolicy = {.RetryLimitCount = 10}; - auto pipe = NTabletPipe::CreateClient(SelfId(), MakeNodeBrokerID(group), pipeConfig); - NodeBrokerPipe = ctx.RegisterWithSameMailbox(pipe); - - TAutoPtr<TEvNodeBroker::TEvRegistrationRequest> nodeBrokerRequest - = new TEvNodeBroker::TEvRegistrationRequest; - - nodeBrokerRequest->Record.SetHost(request->host()); - nodeBrokerRequest->Record.SetPort(request->port()); - nodeBrokerRequest->Record.SetResolveHost(request->resolve_host()); - nodeBrokerRequest->Record.SetAddress(request->address()); - CopyNodeLocation(request->location(), nodeBrokerRequest->Record.MutableLocation()); - - nodeBrokerRequest->Record.SetFixedNodeId(request->fixed_node_id()); - if (request->Haspath()) { - nodeBrokerRequest->Record.SetPath(request->path()); - } - nodeBrokerRequest->Record.SetAuthorizedByCertificate(nodeAuthorizationResult.IsCertificateUsed); - - NTabletPipe::SendData(ctx, NodeBrokerPipe, nodeBrokerRequest.Release()); - - Become(&TNodeRegistrationRPC::MainState); - } - - void Handle(TEvNodeBroker::TEvRegistrationResponse::TPtr &ev, const TActorContext &ctx) { - auto &rec = ev->Get()->Record; - - if (rec.GetStatus().GetCode() != TStatus::OK) { - ReplyWithErrorAndDie(rec.GetStatus().GetReason(), ctx); - return; - } - - auto request = TEvNodeRegistrationRequest::GetProtoRequest(Request); - Result.set_node_id(rec.GetNode().GetNodeId()); - Result.set_expire(rec.GetNode().GetExpire()); - Result.set_domain_path(request->domain_path()); - auto newNode = Result.add_nodes(); - const auto& createdNode = rec.GetNode(); - newNode->set_node_id(createdNode.GetNodeId()); - newNode->set_host(createdNode.GetHost()); - newNode->set_port(createdNode.GetPort()); - newNode->set_resolve_host(createdNode.GetResolveHost()); - newNode->set_address(createdNode.GetAddress()); - CopyNodeLocation(createdNode.GetLocation(), newNode->mutable_location()); - newNode->set_expire(createdNode.GetExpire()); - - if (rec.HasScopeTabletId()) { - Result.set_scope_tablet_id(rec.GetScopeTabletId()); - } - if (rec.HasScopePathId()) { - Result.set_scope_path_id(rec.GetScopePathId()); - } - - const TActorId nameserviceId = GetNameserviceActorId(); - ctx.Send(nameserviceId, new TEvInterconnect::TEvListNodes()); - } - - void Handle(TEvInterconnect::TEvNodesInfo::TPtr &ev, const TActorContext &ctx) { - auto config = AppData()->DynamicNameserviceConfig; - - for (const auto &node : ev->Get()->Nodes) { - // Copy static nodes only. - if (!config || node.NodeId <= config->MaxStaticNodeId) { - auto &info = *Result.add_nodes(); - info.set_node_id(node.NodeId); - info.set_host(node.Host); - info.set_address(node.Address); - info.set_resolve_host(node.ResolveHost); - info.set_port(node.Port); - CopyNodeLocation(node.Location, info.mutable_location()); - } - } - - Status = Ydb::StatusIds::SUCCESS; - SendReplyAndDie(ctx); - } - - void Undelivered(const TActorContext &ctx) { - ReplyWithErrorAndDie("Node Broker is unavailable", ctx); - } - - void Handle(TEvTabletPipe::TEvClientConnected::TPtr &ev, const TActorContext &ctx) noexcept - { - if (ev->Get()->Status != NKikimrProto::OK) - Undelivered(ctx); - } - - void Die(const TActorContext &ctx) - { - if (NodeBrokerPipe) { - NTabletPipe::CloseClient(ctx, NodeBrokerPipe); - } - TActorBase::Die(ctx); - } - - void SendReplyAndDie(const TActorContext &ctx) - { - Request->SendResult(Result, Status); - Die(ctx); - } - - void ReplyWithErrorAndDie(const TString &error, const TActorContext &ctx) - { - auto issue = NYql::TIssue(error); - Request->RaiseIssue(issue); - Status = Ydb::StatusIds::GENERIC_ERROR; - SendReplyAndDie(ctx); - } - - STFUNC(MainState) { - switch (ev->GetTypeRewrite()) { - CFunc(TEvents::TEvUndelivered::EventType, Undelivered); - HFunc(TEvNodeBroker::TEvRegistrationResponse, Handle); - HFunc(TEvInterconnect::TEvNodesInfo, Handle); - CFunc(TEvTabletPipe::EvClientDestroyed, Undelivered); - HFunc(TEvTabletPipe::TEvClientConnected, Handle); - } - } - -private: - TNodeAuthorizationResult IsNodeAuthorized(const TVector<TStringBuf>& nodeAuthValues) { - TNodeAuthorizationResult result {.IsAuthorized = false, .IsCertificateUsed = false}; - auto* appdata = AppData(); - if (appdata && appdata->FeatureFlags.GetEnableDynamicNodeAuthorization() && DynamicNodeAuthorizationParams) { - if (nodeAuthValues.empty()) { - Request->RaiseIssue(NYql::TIssue("Cannot authorize node. Node has not provided certificate")); - Status = Ydb::StatusIds::UNAUTHORIZED; - return result; - } - const auto& pemCert = nodeAuthValues.front(); - TMap<TString, TString> subjectDescription; - X509CertificateReader::X509Ptr x509cert = X509CertificateReader::ReadCertAsPEM(pemCert); - for(const auto& term: X509CertificateReader::ReadSubjectTerms(x509cert)) { - subjectDescription.insert(term); - } - - if (!DynamicNodeAuthorizationParams.IsSubjectDescriptionMatched(subjectDescription)) { - Status = Ydb::StatusIds::UNAUTHORIZED; - Request->RaiseIssue(NYql::TIssue("Cannot authorize node by certificate")); - return result; - } - auto request = TEvNodeRegistrationRequest::GetProtoRequest(Request); - const auto& host = request->host(); - if (!DynamicNodeAuthorizationParams.IsHostMatchAttributeCN(host)) { - Status = Ydb::StatusIds::UNAUTHORIZED; - Request->RaiseIssue(NYql::TIssue("Cannot authorize node with host: " + host)); - return result; - } - result.IsCertificateUsed = true; - } - result.IsAuthorized = true; - return result;; - } - - static void CopyNodeLocation(const Ydb::Discovery::NodeLocation& src, NActorsInterconnect::TNodeLocation* dst) { - dst->SetDataCenterNum(src.data_center_num()); - dst->SetRoomNum(src.room_num()); - dst->SetRackNum(src.rack_num()); - dst->SetBodyNum(src.body_num()); - dst->SetBody(src.body()); - dst->SetDataCenter(src.data_center()); - dst->SetModule(src.module()); - dst->SetRack(src.rack()); - dst->SetUnit(src.unit()); - } - - static void CopyNodeLocation(const NActorsInterconnect::TNodeLocation& src, Ydb::Discovery::NodeLocation* dst) { - dst->set_data_center_num(src.GetDataCenterNum()); - dst->set_room_num(src.GetRoomNum()); - dst->set_rack_num(src.GetRackNum()); - dst->set_body_num(src.GetBodyNum()); - dst->set_body(src.GetBody()); - dst->set_data_center(src.GetDataCenter()); - dst->set_module(src.GetModule()); - dst->set_rack(src.GetRack()); - dst->set_unit(src.GetUnit()); - } - - static void CopyNodeLocation(const NActors::TNodeLocation& src, Ydb::Discovery::NodeLocation* dst) { - const auto& legacyValues = src.GetLegacyValue(); - dst->set_data_center_num(legacyValues.DataCenter); - dst->set_room_num(legacyValues.Room); - dst->set_rack_num(legacyValues.Rack); - dst->set_body_num(legacyValues.Body); - dst->set_data_center(src.GetDataCenterId()); - dst->set_module(src.GetModuleId()); - dst->set_rack(src.GetRackId()); - dst->set_unit(src.GetUnitId()); - } - - std::unique_ptr<IRequestOpCtx> Request; - Ydb::Discovery::NodeRegistrationResult Result; - Ydb::StatusIds_StatusCode Status = Ydb::StatusIds::SUCCESS; - TActorId NodeBrokerPipe; - const TDynamicNodeAuthorizationParams DynamicNodeAuthorizationParams; -}; - -void DoNodeRegistrationRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& f, const TDynamicNodeAuthorizationParams& dynamicNodeAuthorizationParams) { - f.RegisterActor(new TNodeRegistrationRPC(p.release(), dynamicNodeAuthorizationParams)); -} - -} // namespace NGRpcService -} // namespace NKikimr diff --git a/ydb/core/grpc_services/service_discovery.h b/ydb/core/grpc_services/service_discovery.h index e47ad65c636..871d877f456 100644 --- a/ydb/core/grpc_services/service_discovery.h +++ b/ydb/core/grpc_services/service_discovery.h @@ -3,9 +3,6 @@ #include <memory> namespace NKikimr { - -struct TDynamicNodeAuthorizationParams; - namespace NGRpcService { class IRequestOpCtx; @@ -13,7 +10,6 @@ class IFacilityProvider; void DoListEndpointsRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& f); void DoWhoAmIRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& f); -void DoNodeRegistrationRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& f, const TDynamicNodeAuthorizationParams& dynamicNodeAuthorizationParams); } } diff --git a/ydb/core/testlib/test_client.cpp b/ydb/core/testlib/test_client.cpp index 276bf96ab6a..a9f9b5d54f1 100644 --- a/ydb/core/testlib/test_client.cpp +++ b/ydb/core/testlib/test_client.cpp @@ -364,11 +364,7 @@ namespace Tests { GRpcServer->AddService(new NGRpcService::TGRpcPQClusterDiscoveryService(system, counters, grpcRequestProxies[0])); GRpcServer->AddService(new NKesus::TKesusGRpcService(system, counters, grpcRequestProxies[0], true)); GRpcServer->AddService(new NGRpcService::TGRpcCmsService(system, counters, grpcRequestProxies[0], true)); - auto discoveryService = new NGRpcService::TGRpcDiscoveryService(system, counters, grpcRequestProxies[0], true); - if (!options.SslData.Empty()) { - discoveryService->SetDynamicNodeAuthParams(NKikimr::GetDynamicNodeAuthorizationParams(Settings->AppConfig.GetClientCertificateAuthorization())); - } - GRpcServer->AddService(discoveryService); + GRpcServer->AddService(new NGRpcService::TGRpcDiscoveryService(system, counters, grpcRequestProxies[0], true)); GRpcServer->AddService(new NGRpcService::TGRpcYdbClickhouseInternalService(system, counters, appData.InFlightLimiterRegistry, grpcRequestProxies[0], true)); GRpcServer->AddService(new NQuoter::TRateLimiterGRpcService(system, counters, grpcRequestProxies[0])); GRpcServer->AddService(new NGRpcService::TGRpcYdbLongTxService(system, counters, grpcRequestProxies[0], true)); diff --git a/ydb/public/api/grpc/ydb_discovery_v1.proto b/ydb/public/api/grpc/ydb_discovery_v1.proto index 7005b5b642e..dc06a4f6788 100644 --- a/ydb/public/api/grpc/ydb_discovery_v1.proto +++ b/ydb/public/api/grpc/ydb_discovery_v1.proto @@ -8,5 +8,4 @@ import "ydb/public/api/protos/ydb_discovery.proto"; service DiscoveryService { rpc ListEndpoints(Ydb.Discovery.ListEndpointsRequest) returns (Ydb.Discovery.ListEndpointsResponse); rpc WhoAmI(Ydb.Discovery.WhoAmIRequest) returns (Ydb.Discovery.WhoAmIResponse); - rpc NodeRegistration(Ydb.Discovery.NodeRegistrationRequest) returns (Ydb.Discovery.NodeRegistrationResponse); } diff --git a/ydb/public/api/protos/ydb_discovery.proto b/ydb/public/api/protos/ydb_discovery.proto index 4c94372eb71..5577dafe36d 100644 --- a/ydb/public/api/protos/ydb_discovery.proto +++ b/ydb/public/api/protos/ydb_discovery.proto @@ -49,7 +49,7 @@ message WhoAmIRequest { // Include user groups in response bool include_groups = 1; } - + message WhoAmIResult { // User SID (Security ID) string user = 1; @@ -60,51 +60,3 @@ message WhoAmIResult { message WhoAmIResponse { Ydb.Operations.Operation operation = 1; } - -message NodeLocation { - // compatibility section -- will be removed in future versions - optional uint32 data_center_num = 1 [deprecated=true]; - optional uint32 room_num = 2 [deprecated=true]; - optional uint32 rack_num = 3 [deprecated=true]; - optional uint32 body_num = 4 [deprecated=true]; - optional uint32 body = 100500 [deprecated=true]; // for compatibility with WalleLocation - - optional string data_center = 10; - optional string module = 20; - optional string rack = 30; - optional string unit = 40; -} - -message NodeInfo { - optional uint32 node_id = 1; - optional string host = 2; - optional uint32 port = 3; - optional string resolve_host = 4; - optional string address = 5; - optional NodeLocation location = 6; - optional uint64 expire = 7; -} - -message NodeRegistrationRequest { - optional string host = 1; - optional uint32 port = 2; - optional string resolve_host = 3; - optional string address = 4; - optional NodeLocation location = 5; - optional string domain_path = 6; - optional bool fixed_node_id = 7; - optional string path = 8; -} - -message NodeRegistrationResult { - optional uint32 node_id = 1; - optional string domain_path = 2; - optional uint64 expire = 3; - repeated NodeInfo nodes = 4; - optional uint64 scope_tablet_id = 5; - optional uint64 scope_path_id = 6; -} - -message NodeRegistrationResponse { - Ydb.Operations.Operation operation = 1; -} diff --git a/ydb/public/sdk/cpp/client/ydb_discovery/discovery.cpp b/ydb/public/sdk/cpp/client/ydb_discovery/discovery.cpp index 8b3d8f40967..b502222fc25 100644 --- a/ydb/public/sdk/cpp/client/ydb_discovery/discovery.cpp +++ b/ydb/public/sdk/cpp/client/ydb_discovery/discovery.cpp @@ -57,67 +57,6 @@ const TVector<TString>& TWhoAmIResult::GetGroups() const { return Groups_; } -TNodeLocation::TNodeLocation(const Ydb::Discovery::NodeLocation& location) - : DataCenterNum(location.data_center_num()) - , RoomNum(location.room_num()) - , RackNum(location.rack_num()) - , BodyNum(location.body_num()) - , Body(location.body()) - , DataCenter(location.data_center()) - , Module(location.module()) - , Rack(location.rack()) - , Unit(location.unit()) - {} - -TNodeInfo::TNodeInfo(const Ydb::Discovery::NodeInfo& info) - : NodeId(info.node_id()) - , Host(info.host()) - , Port(info.port()) - , ResolveHost(info.resolve_host()) - , Address(info.address()) - , Location(info.location()) - , Expire(info.expire()) - {} - -TNodeRegistrationResult::TNodeRegistrationResult(TStatus&& status, const Ydb::Discovery::NodeRegistrationResult& proto) - : TStatus(std::move(status)) -{ - NodeId_ = proto.node_id(); - DomainPath_ = proto.domain_path(); - Expire_ = proto.expire(); - ScopeTableId_ = proto.scope_tablet_id(); - ScopePathId_ = proto.scope_path_id(); - const auto& nodes = proto.nodes(); - Nodes_.reserve(nodes.size()); - for (const auto& node : nodes) { - Nodes_.emplace_back(node); - } -} - -const ui32& TNodeRegistrationResult::GetNodeId() const { - return NodeId_; -} - -const TString& TNodeRegistrationResult::GetDomainPath() const { - return DomainPath_; -} - -const ui64& TNodeRegistrationResult::GetExpire() const { - return Expire_; -} - -const ui64& TNodeRegistrationResult::GetScopeTabletId() const { - return ScopeTableId_; -} - -const ui64& TNodeRegistrationResult::GetScopePathId() const { - return ScopePathId_; -} - -const TVector<TNodeInfo>& TNodeRegistrationResult::GetNodes() const { - return Nodes_; -} - class TDiscoveryClient::TImpl : public TClientImplCommon<TDiscoveryClient::TImpl> { public: TImpl(std::shared_ptr<TGRpcConnectionsImpl>&& connections, const TCommonClientSettings& settings) @@ -179,53 +118,6 @@ public: return promise.GetFuture(); } - - TAsyncNodeRegistrationResult NodeRegistration(const TNodeRegistrationSettings& settings) { - Ydb::Discovery::NodeRegistrationRequest request; - request.set_host(settings.Host_); - request.set_port(settings.Port_); - request.set_resolve_host(settings.ResolveHost_); - request.set_address(settings.Address_); - request.set_domain_path(settings.DomainPath_); - request.set_fixed_node_id(settings.FixedNodeId_); - if (!settings.Path_.Empty()) { - request.set_path(settings.Path_); - } - - auto requestLocation = request.mutable_location(); - const auto& location = settings.Location_; - - requestLocation->set_data_center(location.DataCenter); - requestLocation->set_unit(location.Unit); - requestLocation->set_rack(location.Rack); - requestLocation->set_unit(location.Unit); - - requestLocation->set_data_center_num(location.DataCenterNum); - requestLocation->set_room_num(location.RoomNum); - requestLocation->set_rack_num(location.RackNum); - requestLocation->set_body_num(location.BodyNum); - - auto promise = NThreading::NewPromise<TNodeRegistrationResult>(); - - auto extractor = [promise] (google::protobuf::Any* any, TPlainStatus status) mutable { - Ydb::Discovery::NodeRegistrationResult result; - if (any) { - any->UnpackTo(&result); - } - TNodeRegistrationResult val{TStatus(std::move(status)), result}; - promise.SetValue(std::move(val)); - }; - - Connections_->RunDeferred<Ydb::Discovery::V1::DiscoveryService, Ydb::Discovery::NodeRegistrationRequest, Ydb::Discovery::NodeRegistrationResponse>( - std::move(request), - extractor, - &Ydb::Discovery::V1::DiscoveryService::Stub::AsyncNodeRegistration, - DbDriverState_, - INITIAL_DEFERRED_CALL_DELAY, - TRpcRequestSettings::Make(settings)); - - return promise.GetFuture(); - } }; TDiscoveryClient::TDiscoveryClient(const TDriver& driver, const TCommonClientSettings& settings) @@ -240,9 +132,5 @@ TAsyncWhoAmIResult TDiscoveryClient::WhoAmI(const TWhoAmISettings& settings) { return Impl_->WhoAmI(settings); } -TAsyncNodeRegistrationResult TDiscoveryClient::NodeRegistration(const TNodeRegistrationSettings& settings) { - return Impl_->NodeRegistration(settings); -} - } // namespace NDiscovery } // namespace NYdb diff --git a/ydb/public/sdk/cpp/client/ydb_discovery/discovery.h b/ydb/public/sdk/cpp/client/ydb_discovery/discovery.h index ea92c083a22..bd84cdd592e 100644 --- a/ydb/public/sdk/cpp/client/ydb_discovery/discovery.h +++ b/ydb/public/sdk/cpp/client/ydb_discovery/discovery.h @@ -6,9 +6,6 @@ namespace Ydb { namespace Discovery { class ListEndpointsResult; class WhoAmIResult; - class NodeRegistrationResult; - class NodeLocation; - class NodeInfo; } // namespace Discovery } // namespace Ydb @@ -23,33 +20,6 @@ struct TWhoAmISettings : public TSimpleRequestSettings<TWhoAmISettings> { FLUENT_SETTING_DEFAULT(bool, WithGroups, false); }; -struct TNodeLocation { - TNodeLocation() = default; - TNodeLocation(const Ydb::Discovery::NodeLocation& location); - - ui32 DataCenterNum; - ui32 RoomNum; - ui32 RackNum; - ui32 BodyNum; - ui32 Body; - - TString DataCenter; - TString Module; - TString Rack; - TString Unit; -}; - -struct TNodeRegistrationSettings : public TSimpleRequestSettings<TNodeRegistrationSettings> { - FLUENT_SETTING(TString, Host); - FLUENT_SETTING(ui32, Port); - FLUENT_SETTING(TString, ResolveHost); - FLUENT_SETTING(TString, Address); - FLUENT_SETTING(TNodeLocation, Location); - FLUENT_SETTING(TString, DomainPath); - FLUENT_SETTING_DEFAULT(bool, FixedNodeId, false); - FLUENT_SETTING(TString, Path); -}; - struct TEndpointInfo { TString Address; ui32 Port = 0; @@ -85,41 +55,6 @@ private: using TAsyncWhoAmIResult = NThreading::TFuture<TWhoAmIResult>; -struct TNodeInfo { - TNodeInfo() = default; - TNodeInfo(const Ydb::Discovery::NodeInfo& info); - - ui32 NodeId; - TString Host; - ui32 Port; - TString ResolveHost; - TString Address; - TNodeLocation Location; - ui64 Expire; -}; - -class TNodeRegistrationResult : public TStatus { -public: - TNodeRegistrationResult() : TStatus(EStatus::GENERIC_ERROR, NYql::TIssues()) {} - TNodeRegistrationResult(TStatus&& status, const Ydb::Discovery::NodeRegistrationResult& proto); - const ui32& GetNodeId() const; - const TString& GetDomainPath() const; - const ui64& GetExpire() const; - const ui64& GetScopeTabletId() const; - const ui64& GetScopePathId() const; - const TVector<TNodeInfo>& GetNodes() const; - -private: - ui32 NodeId_; - TString DomainPath_; - ui64 Expire_; - ui64 ScopeTableId_; - ui64 ScopePathId_; - TVector<TNodeInfo> Nodes_; -}; - -using TAsyncNodeRegistrationResult = NThreading::TFuture<TNodeRegistrationResult>; - //////////////////////////////////////////////////////////////////////////////// class TDiscoveryClient { @@ -128,7 +63,6 @@ public: TAsyncListEndpointsResult ListEndpoints(const TListEndpointsSettings& settings = TListEndpointsSettings()); TAsyncWhoAmIResult WhoAmI(const TWhoAmISettings& settings = TWhoAmISettings()); - TAsyncNodeRegistrationResult NodeRegistration(const TNodeRegistrationSettings& settings = TNodeRegistrationSettings()); private: class TImpl; diff --git a/ydb/services/discovery/grpc_service.cpp b/ydb/services/discovery/grpc_service.cpp index 3c1e9a0d36a..2ffebc9ff36 100644 --- a/ydb/services/discovery/grpc_service.cpp +++ b/ydb/services/discovery/grpc_service.cpp @@ -16,10 +16,6 @@ static TString GetSdkBuildInfo(NGrpc::IRequestContextBase* reqCtx) { return TString{res[0]}; } -void TGRpcDiscoveryService::SetDynamicNodeAuthParams(const TDynamicNodeAuthorizationParams& dynamicNodeAuthorizationParams) { - DynamicNodeAuthorizationParams = dynamicNodeAuthorizationParams; -} - void TGRpcDiscoveryService::SetupIncomingRequests(NGrpc::TLoggerPtr logger) { auto getCounterBlock = CreateCounterCb(Counters_, ActorSystem_); using namespace Ydb; @@ -33,15 +29,11 @@ void TGRpcDiscoveryService::SetupIncomingRequests(NGrpc::TLoggerPtr logger) { NGRpcService::ReportGrpcReqToMon(*ActorSystem_, ctx->GetPeer(), GetSdkBuildInfo(ctx)); \ ActorSystem_->Send(GRpcRequestProxyId_, \ new TGrpcRequestOperationCall<Discovery::NAME##Request, Discovery::NAME##Response> \ - (ctx, CB, TRequestAuxSettings{RLSWITCH(TRateLimiterMode::Rps), nullptr})); \ + (ctx, &CB, TRequestAuxSettings{RLSWITCH(TRateLimiterMode::Rps), nullptr})); \ }, &Ydb::Discovery::V1::DiscoveryService::AsyncService::Request ## NAME, \ #NAME, logger, getCounterBlock("discovery", #NAME))->Run(); - ADD_REQUEST(WhoAmI, &DoWhoAmIRequest) - NodeRegistrationRequest = [authParams = this->DynamicNodeAuthorizationParams] (std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& f) { - DoNodeRegistrationRequest(std::move(p), f, authParams); - }; - ADD_REQUEST(NodeRegistration, NodeRegistrationRequest) + ADD_REQUEST(WhoAmI, DoWhoAmIRequest) #ifdef ADD_LEGACY_REQUEST #error macro already defined diff --git a/ydb/services/discovery/grpc_service.h b/ydb/services/discovery/grpc_service.h index 1a18e0bcf18..697f6e1c07b 100644 --- a/ydb/services/discovery/grpc_service.h +++ b/ydb/services/discovery/grpc_service.h @@ -7,27 +7,20 @@ #include <library/cpp/grpc/server/grpc_server.h> #include <ydb/core/grpc_services/base/base_service.h> -#include <ydb/core/grpc_services/auth_processor/dynamic_node_auth_processor.h> namespace NKikimr { namespace NGRpcService { - class IRequestOpCtx; - class IFacilityProvider; - class TGRpcDiscoveryService : public TGrpcServiceBase<Ydb::Discovery::V1::DiscoveryService> { public: using TGrpcServiceBase<Ydb::Discovery::V1::DiscoveryService>::TGrpcServiceBase; - void SetDynamicNodeAuthParams(const TDynamicNodeAuthorizationParams& dynamicNodeAuthorizationParams); - private: void SetupIncomingRequests(NGrpc::TLoggerPtr logger); - TDynamicNodeAuthorizationParams DynamicNodeAuthorizationParams = {}; - std::function<void(std::unique_ptr<IRequestOpCtx>, const IFacilityProvider&)> NodeRegistrationRequest; + }; } // namespace NGRpcService diff --git a/ydb/services/local_discovery/grpc_service.cpp b/ydb/services/local_discovery/grpc_service.cpp index 0836cbf34f9..d2c091c3304 100644 --- a/ydb/services/local_discovery/grpc_service.cpp +++ b/ydb/services/local_discovery/grpc_service.cpp @@ -76,10 +76,6 @@ void TGRpcLocalDiscoveryService::DecRequest() { Y_ASSERT(Limiter_->GetCurrentInFlight() >= 0); } -void TGRpcLocalDiscoveryService::SetDynamicNodeAuthParams(const TDynamicNodeAuthorizationParams& dynamicNodeAuthorizationParams) { - DynamicNodeAuthorizationParams = dynamicNodeAuthorizationParams; -} - void TGRpcLocalDiscoveryService::SetupIncomingRequests(NGrpc::TLoggerPtr logger) { auto getCounterBlock = CreateCounterCb(Counters_, ActorSystem_); using namespace Ydb; @@ -94,15 +90,11 @@ void TGRpcLocalDiscoveryService::SetupIncomingRequests(NGrpc::TLoggerPtr logger) NGRpcService::ReportGrpcReqToMon(*ActorSystem_, ctx->GetPeer(), GetSdkBuildInfo(ctx)); \ ActorSystem_->Send(GRpcRequestProxyId_, \ new TGrpcRequestOperationCall<Discovery::NAME##Request, Discovery::NAME##Response> \ - (ctx, CB, TRequestAuxSettings{TRateLimiterMode::Rps, nullptr})); \ + (ctx, &CB, TRequestAuxSettings{TRateLimiterMode::Rps, nullptr})); \ }, &Ydb::Discovery::V1::DiscoveryService::AsyncService::Request ## NAME, \ #NAME, logger, getCounterBlock("discovery", #NAME))->Run(); - ADD_REQUEST(WhoAmI, &DoWhoAmIRequest) - NodeRegistrationRequest = [authParams = this->DynamicNodeAuthorizationParams] (std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& f) { - DoNodeRegistrationRequest(std::move(p), f, authParams); - }; - ADD_REQUEST(NodeRegistration, NodeRegistrationRequest) + ADD_REQUEST(WhoAmI, DoWhoAmIRequest) #undef ADD_REQUEST using namespace std::placeholders; diff --git a/ydb/services/local_discovery/grpc_service.h b/ydb/services/local_discovery/grpc_service.h index b2d6ad601aa..f58e81811c5 100644 --- a/ydb/services/local_discovery/grpc_service.h +++ b/ydb/services/local_discovery/grpc_service.h @@ -7,7 +7,6 @@ #include <library/cpp/grpc/server/grpc_server.h> #include <ydb/core/grpc_services/base/base_service.h> -#include <ydb/core/grpc_services/auth_processor/dynamic_node_auth_processor.h> namespace NKikimr { namespace NGRpcService { @@ -30,8 +29,6 @@ public: bool IncRequest(); void DecRequest(); - void SetDynamicNodeAuthParams(const TDynamicNodeAuthorizationParams& dynamicNodeAuthorizationParams); - private: void SetupIncomingRequests(NGrpc::TLoggerPtr logger); void DoListEndpointsRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& provider); @@ -43,9 +40,6 @@ private: TIntrusivePtr<::NMonitoring::TDynamicCounters> Counters_; NActors::TActorId GRpcRequestProxyId_; NGrpc::TGlobalLimiter* Limiter_ = nullptr; - - TDynamicNodeAuthorizationParams DynamicNodeAuthorizationParams = {}; - std::function<void(std::unique_ptr<IRequestOpCtx>, const IFacilityProvider&)> NodeRegistrationRequest; }; } // namespace NGRpcService diff --git a/ydb/services/ydb/CMakeLists.darwin-x86_64.txt b/ydb/services/ydb/CMakeLists.darwin-x86_64.txt index 76c589603fb..813d577ed81 100644 --- a/ydb/services/ydb/CMakeLists.darwin-x86_64.txt +++ b/ydb/services/ydb/CMakeLists.darwin-x86_64.txt @@ -24,7 +24,6 @@ target_link_libraries(ydb-services-ydb PUBLIC ydb-core-formats ydb-core-grpc_services core-grpc_services-base - core-grpc_services-auth_processor ydb-core-grpc_streaming ydb-core-protos ydb-core-scheme diff --git a/ydb/services/ydb/CMakeLists.linux-aarch64.txt b/ydb/services/ydb/CMakeLists.linux-aarch64.txt index e481961748d..2f77c61e3d3 100644 --- a/ydb/services/ydb/CMakeLists.linux-aarch64.txt +++ b/ydb/services/ydb/CMakeLists.linux-aarch64.txt @@ -25,7 +25,6 @@ target_link_libraries(ydb-services-ydb PUBLIC ydb-core-formats ydb-core-grpc_services core-grpc_services-base - core-grpc_services-auth_processor ydb-core-grpc_streaming ydb-core-protos ydb-core-scheme diff --git a/ydb/services/ydb/CMakeLists.linux-x86_64.txt b/ydb/services/ydb/CMakeLists.linux-x86_64.txt index e481961748d..2f77c61e3d3 100644 --- a/ydb/services/ydb/CMakeLists.linux-x86_64.txt +++ b/ydb/services/ydb/CMakeLists.linux-x86_64.txt @@ -25,7 +25,6 @@ target_link_libraries(ydb-services-ydb PUBLIC ydb-core-formats ydb-core-grpc_services core-grpc_services-base - core-grpc_services-auth_processor ydb-core-grpc_streaming ydb-core-protos ydb-core-scheme diff --git a/ydb/services/ydb/CMakeLists.windows-x86_64.txt b/ydb/services/ydb/CMakeLists.windows-x86_64.txt index 76c589603fb..813d577ed81 100644 --- a/ydb/services/ydb/CMakeLists.windows-x86_64.txt +++ b/ydb/services/ydb/CMakeLists.windows-x86_64.txt @@ -24,7 +24,6 @@ target_link_libraries(ydb-services-ydb PUBLIC ydb-core-formats ydb-core-grpc_services core-grpc_services-base - core-grpc_services-auth_processor ydb-core-grpc_streaming ydb-core-protos ydb-core-scheme diff --git a/ydb/services/ydb/ydb_client_certs_ut.cpp b/ydb/services/ydb/ydb_client_certs_ut.cpp index e82fae12ae2..6fcc7a203a0 100644 --- a/ydb/services/ydb/ydb_client_certs_ut.cpp +++ b/ydb/services/ydb/ydb_client_certs_ut.cpp @@ -10,7 +10,7 @@ #include <ydb/core/scheme/scheme_tablecell.h> #include <ydb/core/testlib/test_client.h> #include <ydb/core/driver_lib/cli_config_base/config_base.h> -#include <ydb/core/grpc_services/auth_processor/dynamic_node_auth_processor.h> +#include <ydb/core/client/server/dynamic_node_auth_processor.h> #include <ydb/public/api/grpc/ydb_scheme_v1.grpc.pb.h> #include <ydb/public/api/grpc/ydb_operation_v1.grpc.pb.h> @@ -30,7 +30,6 @@ #include <ydb/public/sdk/cpp/client/ydb_result/result.h> #include <ydb/public/sdk/cpp/client/ydb_scheme/scheme.h> #include <ydb/public/sdk/cpp/client/ydb_table/table.h> -#include <ydb/public/sdk/cpp/client/ydb_discovery/discovery.h> #include <ydb/public/sdk/cpp/client/resources/ydb_resources.h> #include <ydb/public/lib/deprecated/kicli/kicli.h> @@ -237,153 +236,61 @@ Y_UNIT_TEST(TestClientCertAuthorizationParamsMatch) { } } -NDiscovery::TNodeRegistrationSettings GetNodeRegistrationSettings() { - NDiscovery::TNodeRegistrationSettings settings; - settings.Host("localhost"); - settings.Port(GetRandomPort()); - settings.ResolveHost("localhost"); - settings.Address("localhost"); - settings.DomainPath("Root"); - settings.FixedNodeId(false); - - NYdb::NDiscovery::TNodeLocation loc; - loc.DataCenterNum = DataCenterFromString("DataCenter"); - loc.RoomNum = 0; - loc.RackNum = RackFromString("Rack"); - loc.BodyNum = 2; - loc.DataCenter = "DataCenter"; - loc.Rack = "Rack"; - loc.Unit = "Body"; - - settings.Location(loc); - return settings; -} - -Y_UNIT_TEST(TestRegisterNodeViaDiscovery_ServerWithCertVerification_ClientWithCorrectCerts) { +Y_UNIT_TEST(TestAllCertIsOk) { TKikimrServerWithCertVerification server; ui16 grpc = server.GetPort(); TString location = TStringBuilder() << "localhost:" << grpc; const NTest::TCertAndKey& caCert = TKikimrTestWithServerCert::GetCACertAndKey(); - NTest::TCertAndKey clientServerCert = NTest::GenerateSignedCert(caCert, NTest::TProps::AsClientServer()); - - auto connection = NYdb::TDriver( - TDriverConfig() - .UseSecureConnection(caCert.Certificate.c_str()) - .UseClientCertificate(clientServerCert.Certificate.c_str(),clientServerCert.PrivateKey.c_str()) - .SetEndpoint(location)); - - NYdb::NDiscovery::TDiscoveryClient discoveryClient = NYdb::NDiscovery::TDiscoveryClient(connection); - const auto result = discoveryClient.NodeRegistration(GetNodeRegistrationSettings()).GetValueSync(); - connection.Stop(true); - - UNIT_ASSERT_C(!result.IsTransportError(), result.GetIssues().ToOneLineString()); - UNIT_ASSERT_C(result.IsSuccess(), result.GetIssues().ToOneLineString()); -} - -Y_UNIT_TEST(TestRegisterNodeViaDiscovery_ServerWithCertVerification_ClientProvidesEmptyClientCerts) { - TKikimrServerWithCertVerification server; - ui16 grpc = server.GetPort(); - TString location = TStringBuilder() << "localhost:" << grpc; - - const NTest::TCertAndKey& caCert = TKikimrTestWithServerCert::GetCACertAndKey(); - NTest::TCertAndKey noCert; - - auto connection = NYdb::TDriver( - TDriverConfig() - .UseSecureConnection(caCert.Certificate.c_str()) - .UseClientCertificate(noCert.Certificate.c_str(),noCert.PrivateKey.c_str()) - .SetEndpoint(location)); - - NYdb::NDiscovery::TDiscoveryClient discoveryClient = NYdb::NDiscovery::TDiscoveryClient(connection); - const auto result = discoveryClient.NodeRegistration(GetNodeRegistrationSettings()).GetValueSync(); - connection.Stop(true); - - UNIT_ASSERT_C(!result.IsSuccess(), result.GetIssues().ToOneLineString()); - UNIT_ASSERT_STRINGS_EQUAL(result.GetIssues().ToOneLineString(), "{ <main>: Error: Cannot authorize node. Node has not provided certificate }"); -} - -Y_UNIT_TEST(TestRegisterNodeViaDiscovery_ServerWithoutCertVerification_ClientProvidesCorrectCerts) { - TKikimrServerWithOutCertVerification server; - ui16 grpc = server.GetPort(); - TString location = TStringBuilder() << "localhost:" << grpc; - - const NTest::TCertAndKey& caCert = TKikimrTestWithServerCert::GetCACertAndKey(); - NTest::TCertAndKey clientServerCert = NTest::GenerateSignedCert(caCert, NTest::TProps::AsClientServer()); + const NTest::TCertAndKey& clientServerCert = NTest::GenerateSignedCert(caCert, NTest::TProps::AsClientServer()); auto connection = NYdb::TDriver( TDriverConfig() + .SetAuthToken("test_user@builtin") .UseSecureConnection(caCert.Certificate.c_str()) .UseClientCertificate(clientServerCert.Certificate.c_str(),clientServerCert.PrivateKey.c_str()) .SetEndpoint(location)); - NYdb::NDiscovery::TDiscoveryClient discoveryClient = NYdb::NDiscovery::TDiscoveryClient(connection); - const auto result = discoveryClient.NodeRegistration(GetNodeRegistrationSettings()).GetValueSync(); - connection.Stop(true); - - UNIT_ASSERT_C(result.IsSuccess(), result.GetIssues().ToOneLineString()); -} - -Y_UNIT_TEST(TestRegisterNodeViaDiscovery_ServerWithoutCertVerification_ClientProvidesEmptyClientCerts) { - TKikimrServerWithOutCertVerification server; - ui16 grpc = server.GetPort(); - TString location = TStringBuilder() << "localhost:" << grpc; - - const NTest::TCertAndKey& caCert = TKikimrTestWithServerCert::GetCACertAndKey(); - NTest::TCertAndKey noCert; - - auto connection = NYdb::TDriver( - TDriverConfig() - .UseSecureConnection(caCert.Certificate.c_str()) - .UseClientCertificate(noCert.Certificate.c_str(),noCert.PrivateKey.c_str()) - .SetEndpoint(location)); + auto client = NYdb::NTable::TTableClient(connection); + std::function<void(const TAsyncCreateSessionResult& future)> createSessionHandler = + [client] (const TAsyncCreateSessionResult& future) mutable { + const auto& sessionValue = future.GetValue(); + UNIT_ASSERT_C(!sessionValue.IsTransportError(), sessionValue.GetIssues().ToString()); + UNIT_ASSERT_EQUAL(sessionValue.GetStatus(), EStatus::SUCCESS); + }; - NYdb::NDiscovery::TDiscoveryClient discoveryClient = NYdb::NDiscovery::TDiscoveryClient(connection); - const auto result = discoveryClient.NodeRegistration(GetNodeRegistrationSettings()).GetValueSync(); + client.CreateSession().Apply(createSessionHandler).Wait(); connection.Stop(true); - - UNIT_ASSERT_C(result.IsSuccess(), result.GetIssues().ToOneLineString()); } -Y_UNIT_TEST(TestRegisterNodeViaDiscovery_ServerWithCertVerification_ClientDoesNotProvideCorrectCerts) { +Y_UNIT_TEST(TestWrongCertIndentity) { TKikimrServerWithCertVerificationAndWrongIndentity server; ui16 grpc = server.GetPort(); TString location = TStringBuilder() << "localhost:" << grpc; const NTest::TCertAndKey& caCert = TKikimrTestWithServerCert::GetCACertAndKey(); - NTest::TCertAndKey clientServerCert = NTest::GenerateSignedCert(caCert, NTest::TProps::AsClientServer()); + const NTest::TCertAndKey& clientServerCert = NTest::GenerateSignedCert(caCert, NTest::TProps::AsClientServer()); auto connection = NYdb::TDriver( TDriverConfig() + .SetAuthToken("test_user@builtin") .UseSecureConnection(caCert.Certificate.c_str()) - .UseClientCertificate(clientServerCert.Certificate.c_str(),clientServerCert.PrivateKey.c_str()) + .UseClientCertificate(clientServerCert.Certificate.c_str(), clientServerCert.PrivateKey.c_str()) .SetEndpoint(location)); - NYdb::NDiscovery::TDiscoveryClient discoveryClient = NYdb::NDiscovery::TDiscoveryClient(connection); - const auto result = discoveryClient.NodeRegistration(GetNodeRegistrationSettings()).GetValueSync(); - connection.Stop(true); - - UNIT_ASSERT_C(!result.IsSuccess(), result.GetIssues().ToOneLineString()); - UNIT_ASSERT_STRINGS_EQUAL(result.GetIssues().ToOneLineString(), "{ <main>: Error: Cannot authorize node by certificate }"); -} + auto client = NYdb::NTable::TTableClient(connection); + std::function<void(const TAsyncCreateSessionResult& future)> createSessionHandler = + [client] (const TAsyncCreateSessionResult& future) mutable { + const auto& sessionValue = future.GetValue(); + UNIT_ASSERT_C(!sessionValue.IsTransportError(), sessionValue.GetIssues().ToString()); // do not authorize table service through cert + UNIT_ASSERT_EQUAL(sessionValue.GetStatus(), EStatus::SUCCESS); + }; -Y_UNIT_TEST(TestRegisterNodeViaDiscovery_ServerWithCertVerification_ClientDoesNotProvideAnyCerts) { - TKikimrServerWithCertVerification server; - ui16 grpc = server.GetPort(); - TString location = TStringBuilder() << "localhost:" << grpc; - - auto connection = NYdb::TDriver( - TDriverConfig() - .SetEndpoint(location)); - - NYdb::NDiscovery::TDiscoveryClient discoveryClient = NYdb::NDiscovery::TDiscoveryClient(connection); - const auto result = discoveryClient.NodeRegistration(GetNodeRegistrationSettings()).GetValueSync(); + client.CreateSession().Apply(createSessionHandler).Wait(); connection.Stop(true); - - UNIT_ASSERT_C(result.IsTransportError(), result.GetIssues().ToOneLineString()); } -Y_UNIT_TEST(TestRegisterNodeViaDiscovery_ServerWithCertVerification_ClientProvidesServerCerts) { +Y_UNIT_TEST(TestIncorrectUsageClientCertFails) { TKikimrServerWithCertVerification server; ui16 grpc = server.GetPort(); TString location = TStringBuilder() << "localhost:" << grpc; @@ -393,18 +300,23 @@ Y_UNIT_TEST(TestRegisterNodeViaDiscovery_ServerWithCertVerification_ClientProvid auto connection = NYdb::TDriver( TDriverConfig() + .SetAuthToken("test_user@builtin") .UseSecureConnection(caCert.Certificate.c_str()) - .UseClientCertificate(serverCert.Certificate.c_str(),serverCert.PrivateKey.c_str()) + .UseClientCertificate(serverCert.Certificate.c_str(), serverCert.PrivateKey.c_str()) .SetEndpoint(location)); - NYdb::NDiscovery::TDiscoveryClient discoveryClient = NYdb::NDiscovery::TDiscoveryClient(connection); - const auto result = discoveryClient.NodeRegistration(GetNodeRegistrationSettings()).GetValueSync(); - connection.Stop(true); + auto client = NYdb::NTable::TTableClient(connection); + std::function<void(const TAsyncCreateSessionResult& future)> createSessionHandler = + [client] (const TAsyncCreateSessionResult& future) mutable { + const auto& sessionValue = future.GetValue(); + UNIT_ASSERT_C(sessionValue.IsTransportError(), sessionValue.GetIssues().ToString()); + }; - UNIT_ASSERT_C(result.IsTransportError(), result.GetIssues().ToOneLineString()); + client.CreateSession().Apply(createSessionHandler).Wait(); + connection.Stop(true); } -Y_UNIT_TEST(TestRegisterNodeViaDiscovery_ServerWithCertVerification_ClientProvidesCorruptedCert) { +Y_UNIT_TEST(TestCorruptedCertFails) { TKikimrServerWithCertVerification server; ui16 grpc = server.GetPort(); TString location = TStringBuilder() << "localhost:" << grpc; @@ -418,18 +330,23 @@ Y_UNIT_TEST(TestRegisterNodeViaDiscovery_ServerWithCertVerification_ClientProvid } auto connection = NYdb::TDriver( TDriverConfig() + .SetAuthToken("test_user@builtin") .UseSecureConnection(caCert.Certificate.c_str()) .UseClientCertificate(clientServerCert.Certificate.c_str(), clientServerCert.PrivateKey.c_str()) .SetEndpoint(location)); - NYdb::NDiscovery::TDiscoveryClient discoveryClient = NYdb::NDiscovery::TDiscoveryClient(connection); - const auto result = discoveryClient.NodeRegistration(GetNodeRegistrationSettings()).GetValueSync(); - connection.Stop(true); + auto client = NYdb::NTable::TTableClient(connection); + std::function<void(const TAsyncCreateSessionResult& future)> createSessionHandler = + [client] (const TAsyncCreateSessionResult& future) mutable { + const auto& sessionValue = future.GetValue(); + UNIT_ASSERT_C(sessionValue.IsTransportError(), sessionValue.GetIssues().ToString()); + }; - UNIT_ASSERT_C(result.IsTransportError(), result.GetIssues().ToOneLineString()); + client.CreateSession().Apply(createSessionHandler).Wait(); + connection.Stop(true); } -Y_UNIT_TEST(TestRegisterNodeViaDiscovery_ServerWithCertVerification_ClientProvidesCorruptedPrivatekey) { +Y_UNIT_TEST(TestCorruptedKeyFails) { TKikimrServerWithCertVerification server; ui16 grpc = server.GetPort(); TString location = TStringBuilder() << "localhost:" << grpc; @@ -443,18 +360,23 @@ Y_UNIT_TEST(TestRegisterNodeViaDiscovery_ServerWithCertVerification_ClientProvid } auto connection = NYdb::TDriver( TDriverConfig() + .SetAuthToken("test_user@builtin") .UseSecureConnection(caCert.Certificate.c_str()) .UseClientCertificate(clientServerCert.Certificate.c_str(), clientServerCert.PrivateKey.c_str()) .SetEndpoint(location)); - NYdb::NDiscovery::TDiscoveryClient discoveryClient = NYdb::NDiscovery::TDiscoveryClient(connection); - const auto result = discoveryClient.NodeRegistration(GetNodeRegistrationSettings()).GetValueSync(); - connection.Stop(true); + auto client = NYdb::NTable::TTableClient(connection); + std::function<void(const TAsyncCreateSessionResult& future)> createSessionHandler = + [client] (const TAsyncCreateSessionResult& future) mutable { + const auto& sessionValue = future.GetValue(); + UNIT_ASSERT_C(sessionValue.IsTransportError(), sessionValue.GetIssues().ToString()); + }; - UNIT_ASSERT_C(result.IsTransportError(), result.GetIssues().ToOneLineString()); + client.CreateSession().Apply(createSessionHandler).Wait(); + connection.Stop(true); } -Y_UNIT_TEST(TestRegisterNodeViaDiscovery_ServerWithCertVerification_ClientProvidesExpiredCert) { +Y_UNIT_TEST(TestExpiredCertFails) { TKikimrServerWithCertVerification server; ui16 grpc = server.GetPort(); TString location = TStringBuilder() << "localhost:" << grpc; @@ -467,18 +389,23 @@ Y_UNIT_TEST(TestRegisterNodeViaDiscovery_ServerWithCertVerification_ClientProvid auto connection = NYdb::TDriver( TDriverConfig() + .SetAuthToken("test_user@builtin") .UseSecureConnection(caCert.Certificate.c_str()) .UseClientCertificate(clientServerCert.Certificate.c_str(), clientServerCert.PrivateKey.c_str()) .SetEndpoint(location)); - NYdb::NDiscovery::TDiscoveryClient discoveryClient = NYdb::NDiscovery::TDiscoveryClient(connection); - const auto result = discoveryClient.NodeRegistration(GetNodeRegistrationSettings()).GetValueSync(); - connection.Stop(true); + auto client = NYdb::NTable::TTableClient(connection); + std::function<void(const TAsyncCreateSessionResult& future)> createSessionHandler = + [client] (const TAsyncCreateSessionResult& future) mutable { + const auto& sessionValue = future.GetValue(); + UNIT_ASSERT_C(sessionValue.IsTransportError(), sessionValue.GetIssues().ToString()); + }; - UNIT_ASSERT_C(result.IsTransportError(), result.GetIssues().ToOneLineString()); + client.CreateSession().Apply(createSessionHandler).Wait(); + connection.Stop(true); } -Y_UNIT_TEST(TestRegisterNodeViaDiscovery_ServerWithOutCertVerification_ClientProvidesExpiredCert) { +Y_UNIT_TEST(TestServerWithoutCertVerificationAndExpiredCertWorks) { TKikimrServerWithOutCertVerification server; ui16 grpc = server.GetPort(); TString location = TStringBuilder() << "localhost:" << grpc; @@ -491,18 +418,24 @@ Y_UNIT_TEST(TestRegisterNodeViaDiscovery_ServerWithOutCertVerification_ClientPro auto connection = NYdb::TDriver( TDriverConfig() + .SetAuthToken("test_user@builtin") .UseSecureConnection(caCert.Certificate.c_str()) .UseClientCertificate(clientServerCert.Certificate.c_str(), clientServerCert.PrivateKey.c_str()) .SetEndpoint(location)); - NYdb::NDiscovery::TDiscoveryClient discoveryClient = NYdb::NDiscovery::TDiscoveryClient(connection); - const auto result = discoveryClient.NodeRegistration(GetNodeRegistrationSettings()).GetValueSync(); - connection.Stop(true); + auto client = NYdb::NTable::TTableClient(connection); + std::function<void(const TAsyncCreateSessionResult& future)> createSessionHandler = + [client] (const TAsyncCreateSessionResult& future) mutable { + const auto& sessionValue = future.GetValue(); + UNIT_ASSERT_C(!sessionValue.IsTransportError(), sessionValue.GetIssues().ToString()); + UNIT_ASSERT_EQUAL(sessionValue.GetStatus(), EStatus::SUCCESS); + }; - UNIT_ASSERT_C(result.IsSuccess(), result.GetIssues().ToOneLineString()); + client.CreateSession().Apply(createSessionHandler).Wait(); + connection.Stop(true); } -Y_UNIT_TEST(TestRegisterNodeViaDiscovery_ServerWithCertVerification_ClientDoesNotProvideClientCerts) { +Y_UNIT_TEST(TestClientWithoutCertPassed) { TKikimrServerWithCertVerification server; ui16 grpc = server.GetPort(); TString location = TStringBuilder() << "localhost:" << grpc; @@ -511,15 +444,20 @@ Y_UNIT_TEST(TestRegisterNodeViaDiscovery_ServerWithCertVerification_ClientDoesNo auto connection = NYdb::TDriver( TDriverConfig() + .SetAuthToken("test_user@builtin") .UseSecureConnection(caCert.Certificate.c_str()) .SetEndpoint(location)); - NYdb::NDiscovery::TDiscoveryClient discoveryClient = NYdb::NDiscovery::TDiscoveryClient(connection); - const auto result = discoveryClient.NodeRegistration(GetNodeRegistrationSettings()).GetValueSync(); - connection.Stop(true); + auto client = NYdb::NTable::TTableClient(connection); + std::function<void(const TAsyncCreateSessionResult& future)> createSessionHandler = + [client] (const TAsyncCreateSessionResult& future) mutable { + const auto& sessionValue = future.GetValue(); + UNIT_ASSERT_C(!sessionValue.IsTransportError(), sessionValue.GetIssues().ToString()); + UNIT_ASSERT_EQUAL(sessionValue.GetStatus(), EStatus::SUCCESS); + }; - UNIT_ASSERT_C(!result.IsSuccess(), result.GetIssues().ToOneLineString()); - UNIT_ASSERT_STRINGS_EQUAL(result.GetIssues().ToOneLineString(), "{ <main>: Error: Cannot authorize node. Node has not provided certificate }"); + client.CreateSession().Apply(createSessionHandler).Wait(); + connection.Stop(true); } NClient::TKikimr GetKikimr(const TString& addr, const NTest::TCertAndKey& caCert, const NTest::TCertAndKey& clientServerCert) { @@ -566,7 +504,7 @@ THolder<NClient::TRegistrationResult> TryToRegisterDynamicNode( false)); } -Y_UNIT_TEST(TestRegisterNodeViaLegacy_ServerWithCertVerification_ClientWithCorrectCerts) { +Y_UNIT_TEST(TestServerWithCertVerificationClientWithCertCallsRegisterNode) { TKikimrServerWithCertVerification server; ui16 grpc = server.GetPort(); TString location = TStringBuilder() << "localhost:" << grpc; @@ -584,7 +522,7 @@ Y_UNIT_TEST(TestRegisterNodeViaLegacy_ServerWithCertVerification_ClientWithCorre Cerr << "Register node result " << resp->Record().ShortUtf8DebugString() << Endl; } -Y_UNIT_TEST(TestRegisterNodeViaLegacy_ServerWithCertVerification_ClientProvidesEmptyClientCerts) { +Y_UNIT_TEST(TestServerWithCertVerificationClientWithoutCertCallsRegisterNodeFails) { TKikimrServerWithCertVerification server; ui16 grpc = server.GetPort(); TString location = TStringBuilder() << "localhost:" << grpc; @@ -603,7 +541,7 @@ Y_UNIT_TEST(TestRegisterNodeViaLegacy_ServerWithCertVerification_ClientProvidesE Cerr << "Register node result " << resp->Record().ShortUtf8DebugString() << Endl; } -Y_UNIT_TEST(TestRegisterNodeViaLegacy_ServerWithoutCertVerification_ClientProvidesCorrectCerts) { +Y_UNIT_TEST(TestServerWithoutCertVerificationClientWithCertCallsRegisterNode) { TKikimrServerWithOutCertVerification server; ui16 grpc = server.GetPort(); TString location = TStringBuilder() << "localhost:" << grpc; @@ -621,7 +559,7 @@ Y_UNIT_TEST(TestRegisterNodeViaLegacy_ServerWithoutCertVerification_ClientProvid Cerr << "Register node result " << resp->Record().ShortUtf8DebugString() << Endl; } -Y_UNIT_TEST(TestRegisterNodeViaLegacy_ServerWithoutCertVerification_ClientProvidesEmptyClientCerts) { +Y_UNIT_TEST(TestServerWithoutCertVerificationClientWithoutCertCallsRegisterNode) { TKikimrServerWithOutCertVerification server; ui16 grpc = server.GetPort(); TString location = TStringBuilder() << "localhost:" << grpc; @@ -639,7 +577,7 @@ Y_UNIT_TEST(TestRegisterNodeViaLegacy_ServerWithoutCertVerification_ClientProvid Cerr << "Register node result " << resp->Record().ShortUtf8DebugString() << Endl; } -Y_UNIT_TEST(TestRegisterNodeViaLegacy_ServerWithCertVerification_ClientDoesNotProvideCorrectCerts) { +Y_UNIT_TEST(TestServerWithWrongIndentityClientWithCertCallsRegisterNodeFails) { TKikimrServerWithCertVerificationAndWrongIndentity server; ui16 grpc = server.GetPort(); TString location = TStringBuilder() << "localhost:" << grpc; @@ -658,6 +596,28 @@ Y_UNIT_TEST(TestRegisterNodeViaLegacy_ServerWithCertVerification_ClientDoesNotPr Cerr << "Register node result " << resp->Record().ShortUtf8DebugString() << Endl; } +Y_UNIT_TEST(TestInsecureClient) { + TKikimrServerWithCertVerification server; + ui16 grpc = server.GetPort(); + TString location = TStringBuilder() << "localhost:" << grpc; + + auto connection = NYdb::TDriver( + TDriverConfig() + .SetAuthToken("test_user@builtin") + .SetEndpoint(location)); + + auto client = NYdb::NTable::TTableClient(connection); + std::function<void(const TAsyncCreateSessionResult& future)> createSessionHandler = + [client] (const TAsyncCreateSessionResult& future) mutable { + const auto& sessionValue = future.GetValue(); + UNIT_ASSERT_C(sessionValue.IsTransportError(), sessionValue.GetIssues().ToString()); + }; + + client.CreateSession().Apply(createSessionHandler).Wait(); + + connection.Stop(true); +} + } } // namespace NKikimr |