Перенос yq credentials provider в oss

Initial version
author: auzhegov <auzhegov@yandex-team.com> 2023-02-16 16:08:33 +0300
committer: auzhegov <auzhegov@yandex-team.com> 2023-02-16 16:08:33 +0300
commit: 144eb8b0c1c95bcaec141a13f832a189cbbd4fdc (patch)
tree: d255083f0732e4baac5cc030decd2550bb744591
parent: 722e18210f7daf85f0381ff09afa83c9222c623d (diff)
download: ydb-144eb8b0c1c95bcaec141a13f832a189cbbd4fdc.tar.gz
17 files changed, 36 insertions, 19 deletions
diff --git a/ydb/apps/ydbd/main.cpp b/ydb/apps/ydbd/main.cpp
index 3f24369b36..96d9d7cb0d 100644
--- a/ydb/apps/ydbd/main.cpp
+++ b/ydb/apps/ydbd/main.cpp
@@ -6,7 +6,6 @@
 #include <ydb/core/yq/libs/audit/mock/yq_mock_audit_service.h>
 #include <ydb/library/folder_service/mock/mock_folder_service.h>
 #include <ydb/library/pdisk_io/aio.h>
-#include <ydb/library/security/ydb_credentials_provider_factory.h>
 #include <ydb/library/yql/parser/pg_wrapper/interface/comp_factory.h>
 #include <ydb/core/http_proxy/auth_factory.h>
 
@@ -19,7 +18,6 @@ int main(int argc, char **argv) {
     factories->CreateTicketParser = NKikimr::CreateTicketParser;
     factories->FolderServiceFactory = NKikimr::NFolderService::CreateMockFolderServiceActor;
     factories->YqAuditServiceFactory = NYq::CreateMockYqAuditServiceActor;
-    factories->YdbCredentialProviderFactory = NKikimr::CreateYdbCredentialsProviderFactory;
     factories->IoContextFactory = std::make_shared<NKikimr::NPDisk::TIoContextFactoryOSS>();
     factories->SqsAuthFactory = std::make_shared<NKikimr::NSQS::TAuthFactory>();
     factories->DataStreamsAuthFactory = std::make_shared<NKikimr::NHttpProxy::TIamAuthFactory>();
diff --git a/ydb/core/driver_lib/run/factories.h b/ydb/core/driver_lib/run/factories.h
index 22e6b5f45b..79044c996c 100644
--- a/ydb/core/driver_lib/run/factories.h
+++ b/ydb/core/driver_lib/run/factories.h
@@ -19,8 +19,6 @@
 
 #include <library/cpp/actors/core/actorsystem.h>
 
-#include <ydb/library/security/ydb_credentials_provider_factory.h>
-
 #include <functional>
 #include <unordered_map>
 #include <unordered_set>
@@ -45,7 +43,6 @@ struct TModuleFactories {
     IActor*(*FolderServiceFactory)(const NKikimrProto::NFolderService::TFolderServiceConfig&);
 
     std::function<IActor*(const NYq::NConfig::TAuditConfig& auditConfig, const ::NMonitoring::TDynamicCounterPtr& counters)> YqAuditServiceFactory;
-    NKikimr::TYdbCredentialsProviderFactory YdbCredentialProviderFactory;
     // Factory for grpc services
     TGrpcServiceFactory GrpcServiceFactory;
 
diff --git a/ydb/core/driver_lib/run/kikimr_services_initializers.cpp b/ydb/core/driver_lib/run/kikimr_services_initializers.cpp
index 9ce77bebbe..ee2720f5e5 100644
--- a/ydb/core/driver_lib/run/kikimr_services_initializers.cpp
+++ b/ydb/core/driver_lib/run/kikimr_services_initializers.cpp
@@ -2450,7 +2450,6 @@ void TFederatedQueryInitializer::InitializeServices(TActorSystemSetup* setup, co
         YqSharedResources,
         Factories->FolderServiceFactory,
         Factories->YqAuditServiceFactory,
-        Factories->YdbCredentialProviderFactory,
         IcPort,
         Factories->AdditionalComputationNodeFactories
         );
diff --git a/ydb/core/driver_lib/run/run.cpp b/ydb/core/driver_lib/run/run.cpp
index ff5a8ce935..e07aa51b80 100644
--- a/ydb/core/driver_lib/run/run.cpp
+++ b/ydb/core/driver_lib/run/run.cpp
@@ -121,6 +121,7 @@
 
 #include <library/cpp/actors/util/memory_track.h>
 #include <library/cpp/actors/prof/tag.h>
+#include <ydb/library/security/ydb_credentials_provider_factory.h>
 #include <ydb/library/yql/minikql/invoke_builtins/mkql_builtins.h>
 
 #include <util/charset/wide.h>
@@ -1491,8 +1492,10 @@ TIntrusivePtr<TServiceInitializersList> TKikimrRunner::CreateServiceInitializers
     }
 
     if (serviceMask.EnableYandexQuery && runConfig.AppConfig.GetFederatedQueryConfig().GetEnabled()) {
-        YqSharedResources = NYq::CreateYqSharedResources(runConfig.AppConfig.GetFederatedQueryConfig(),
-            ModuleFactories->YdbCredentialProviderFactory, Counters->GetSubgroup("counters", "yq"));
+        YqSharedResources = NYq::CreateYqSharedResources(
+            runConfig.AppConfig.GetFederatedQueryConfig(),
+            NKikimr::CreateYdbCredentialsProviderFactory,
+            Counters->GetSubgroup("counters", "yq"));
         sil->AddServiceInitializer(new TFederatedQueryInitializer(runConfig, ModuleFactories, YqSharedResources));
     }
 
diff --git a/ydb/core/testlib/test_client.cpp b/ydb/core/testlib/test_client.cpp
index 3b0e653b29..d7841a39e2 100644
--- a/ydb/core/testlib/test_client.cpp
+++ b/ydb/core/testlib/test_client.cpp
@@ -976,7 +976,6 @@ namespace Tests {
                 YqSharedResources,
                 NKikimr::NFolderService::CreateMockFolderServiceActor,
                 NYq::CreateMockYqAuditServiceActor,
-                ydbCredFactory,
                 /*IcPort = */0,
                 {}
                 );
diff --git a/ydb/core/yq/libs/init/CMakeLists.darwin.txt b/ydb/core/yq/libs/init/CMakeLists.darwin.txt
index 98b90bf8f5..1edb035bb2 100644
--- a/ydb/core/yq/libs/init/CMakeLists.darwin.txt
+++ b/ydb/core/yq/libs/init/CMakeLists.darwin.txt
@@ -36,6 +36,7 @@ target_link_libraries(yq-libs-init PUBLIC
   yq-libs-test_connection
   ydb-library-folder_service
   library-folder_service-proto
+  ydb-library-security
   yql-minikql-comp_nodes
   yql-utils-actor_log
   dq-actors-compute
diff --git a/ydb/core/yq/libs/init/CMakeLists.linux-aarch64.txt b/ydb/core/yq/libs/init/CMakeLists.linux-aarch64.txt
index 7643f09b90..940025921a 100644
--- a/ydb/core/yq/libs/init/CMakeLists.linux-aarch64.txt
+++ b/ydb/core/yq/libs/init/CMakeLists.linux-aarch64.txt
@@ -37,6 +37,7 @@ target_link_libraries(yq-libs-init PUBLIC
   yq-libs-test_connection
   ydb-library-folder_service
   library-folder_service-proto
+  ydb-library-security
   yql-minikql-comp_nodes
   yql-utils-actor_log
   dq-actors-compute
diff --git a/ydb/core/yq/libs/init/CMakeLists.linux.txt b/ydb/core/yq/libs/init/CMakeLists.linux.txt
index 7643f09b90..940025921a 100644
--- a/ydb/core/yq/libs/init/CMakeLists.linux.txt
+++ b/ydb/core/yq/libs/init/CMakeLists.linux.txt
@@ -37,6 +37,7 @@ target_link_libraries(yq-libs-init PUBLIC
   yq-libs-test_connection
   ydb-library-folder_service
   library-folder_service-proto
+  ydb-library-security
   yql-minikql-comp_nodes
   yql-utils-actor_log
   dq-actors-compute
diff --git a/ydb/core/yq/libs/init/init.cpp b/ydb/core/yq/libs/init/init.cpp
index 2538d08a05..b50bc3b782 100644
--- a/ydb/core/yq/libs/init/init.cpp
+++ b/ydb/core/yq/libs/init/init.cpp
@@ -25,6 +25,7 @@
 #include <library/cpp/protobuf/json/json2proto.h>
 #include <library/cpp/protobuf/json/proto2json.h>
 
+#include <ydb/library/security/ydb_credentials_provider_factory.h>
 #include <ydb/library/yql/dq/actors/compute/dq_checkpoints.h>
 #include <ydb/library/yql/dq/actors/compute/dq_compute_actor_async_io_factory.h>
 #include <ydb/library/yql/dq/comp_nodes/yql_common_dq_factory.h>
@@ -47,6 +48,7 @@
 #include <ydb/library/yql/providers/ydb/actors/yql_ydb_source_factory.h>
 #include <ydb/library/yql/providers/common/http_gateway/yql_http_default_retry_policy.h>
 
+
 #include <util/stream/file.h>
 #include <util/system/hostname.h>
 
@@ -64,7 +66,6 @@ void Init(
     const IYqSharedResources::TPtr& iyqSharedResources,
     const std::function<IActor*(const NKikimrProto::NFolderService::TFolderServiceConfig& authConfig)>& folderServiceFactory,
     const std::function<IActor*(const NYq::NConfig::TAuditConfig& auditConfig, const ::NMonitoring::TDynamicCounterPtr& counters)>& auditServiceFactory,
-    const NKikimr::TYdbCredentialsProviderFactory& credentialsProviderFactory,
     ui32 icPort,
     const std::vector<NKikimr::NMiniKQL::TComputationNodeFactory>& additionalCompNodeFactories
     )
@@ -83,12 +84,12 @@ void Init(
                 protoConfig.GetCommon(),
                 yqCounters->GetSubgroup("subsystem", "ControlPlaneStorage"),
                 yqSharedResources,
-                credentialsProviderFactory,
+                NKikimr::CreateYdbCredentialsProviderFactory,
                 tenant);
         actorRegistrator(NYq::ControlPlaneStorageServiceActorId(), controlPlaneStorage);
 
         actorRegistrator(NYq::ControlPlaneConfigActorId(),
-            CreateControlPlaneConfigActor(yqSharedResources, credentialsProviderFactory, protoConfig.GetControlPlaneStorage(),
+            CreateControlPlaneConfigActor(yqSharedResources, NKikimr::CreateYdbCredentialsProviderFactory, protoConfig.GetControlPlaneStorage(),
                 yqCounters->GetSubgroup("subsystem", "ControlPlaneConfig"))
         );
     }
@@ -101,12 +102,12 @@ void Init(
 
     if (protoConfig.GetRateLimiter().GetControlPlaneEnabled()) {
         Y_VERIFY(protoConfig.GetQuotasManager().GetEnabled()); // Rate limiter resources want to know CPU quota on creation
-        NActors::IActor* rateLimiterService = NYq::CreateRateLimiterControlPlaneService(protoConfig.GetRateLimiter(), yqSharedResources, credentialsProviderFactory);
+        NActors::IActor* rateLimiterService = NYq::CreateRateLimiterControlPlaneService(protoConfig.GetRateLimiter(), yqSharedResources, NKikimr::CreateYdbCredentialsProviderFactory);
         actorRegistrator(NYq::RateLimiterControlPlaneServiceId(), rateLimiterService);
     }
 
     if (protoConfig.GetRateLimiter().GetDataPlaneEnabled()) {
-        actorRegistrator(NYq::YqQuoterServiceActorId(), NYq::CreateQuoterService(protoConfig.GetRateLimiter(), yqSharedResources, credentialsProviderFactory));
+        actorRegistrator(NYq::YqQuoterServiceActorId(), NYq::CreateQuoterService(protoConfig.GetRateLimiter(), yqSharedResources, NKikimr::CreateYdbCredentialsProviderFactory));
     }
 
     if (protoConfig.GetAudit().GetEnabled()) {
@@ -123,7 +124,7 @@ void Init(
     }
 
     if (protoConfig.GetCheckpointCoordinator().GetEnabled()) {
-        auto checkpointStorage = NYq::NewCheckpointStorageService(protoConfig.GetCheckpointCoordinator(), protoConfig.GetCommon(), credentialsProviderFactory, yqSharedResources);
+        auto checkpointStorage = NYq::NewCheckpointStorageService(protoConfig.GetCheckpointCoordinator(), protoConfig.GetCommon(), NKikimr::CreateYdbCredentialsProviderFactory, yqSharedResources);
         actorRegistrator(NYql::NDq::MakeCheckpointStorageID(), checkpointStorage.release());
     }
 
@@ -228,7 +229,7 @@ void Init(
             ? NFq::CreateLoopbackServiceActor(clientCounters)
             : NFq::CreateInternalServiceActor(
                 yqSharedResources,
-                credentialsProviderFactory,
+                NKikimr::CreateYdbCredentialsProviderFactory,
                 protoConfig.GetPrivateApi(),
                 clientCounters
             );
@@ -273,7 +274,7 @@ void Init(
     if (protoConfig.GetPendingFetcher().GetEnabled()) {
         auto fetcher = CreatePendingFetcher(
             yqSharedResources,
-            credentialsProviderFactory,
+            NKikimr::CreateYdbCredentialsProviderFactory,
             protoConfig.GetCommon(),
             protoConfig.GetCheckpointCoordinator(),
             protoConfig.GetPrivateApi(),
@@ -320,7 +321,7 @@ void Init(
             protoConfig.GetQuotasManager(),
             protoConfig.GetControlPlaneStorage().GetStorage(),
             yqSharedResources,
-            credentialsProviderFactory,
+            NKikimr::CreateYdbCredentialsProviderFactory,
             serviceCounters.Counters,
             {
                 TQuotaDescription(SUBJECT_TYPE_CLOUD, QUOTA_ANALYTICS_COUNT_LIMIT, 100, 1000, NYq::ControlPlaneStorageServiceActorId()),
diff --git a/ydb/core/yq/libs/init/init.h b/ydb/core/yq/libs/init/init.h
index 8d20dd3c5a..16a196245a 100644
--- a/ydb/core/yq/libs/init/init.h
+++ b/ydb/core/yq/libs/init/init.h
@@ -36,7 +36,6 @@ void Init(
     const IYqSharedResources::TPtr& yqSharedResources,
     const std::function<IActor*(const NKikimrProto::NFolderService::TFolderServiceConfig& authConfig)>& folderServiceFactory,
     const std::function<IActor*(const NYq::NConfig::TAuditConfig& auditConfig, const ::NMonitoring::TDynamicCounterPtr& counters)>& auditServiceFactory,
-    const NKikimr::TYdbCredentialsProviderFactory& credentialsProviderFactory,
     ui32 icPort,
     const std::vector<NKikimr::NMiniKQL::TComputationNodeFactory>& additionalCompNodeFactories
 );
diff --git a/ydb/library/protobuf_printer/ut/CMakeLists.darwin.txt b/ydb/library/protobuf_printer/ut/CMakeLists.darwin.txt
index f93c1f8307..2ea3dddfd4 100644
--- a/ydb/library/protobuf_printer/ut/CMakeLists.darwin.txt
+++ b/ydb/library/protobuf_printer/ut/CMakeLists.darwin.txt
@@ -72,6 +72,7 @@ target_proto_addincls(ydb-library-protobuf_printer-ut
   ${CMAKE_BINARY_DIR}
   ${CMAKE_SOURCE_DIR}
   ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src
+  ${CMAKE_SOURCE_DIR}/contrib/libs/googleapis-common-protos
   ${CMAKE_BINARY_DIR}
   ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src
 )
diff --git a/ydb/library/protobuf_printer/ut/CMakeLists.linux-aarch64.txt b/ydb/library/protobuf_printer/ut/CMakeLists.linux-aarch64.txt
index da2c458d36..773e736726 100644
--- a/ydb/library/protobuf_printer/ut/CMakeLists.linux-aarch64.txt
+++ b/ydb/library/protobuf_printer/ut/CMakeLists.linux-aarch64.txt
@@ -75,6 +75,7 @@ target_proto_addincls(ydb-library-protobuf_printer-ut
   ${CMAKE_BINARY_DIR}
   ${CMAKE_SOURCE_DIR}
   ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src
+  ${CMAKE_SOURCE_DIR}/contrib/libs/googleapis-common-protos
   ${CMAKE_BINARY_DIR}
   ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src
 )
diff --git a/ydb/library/protobuf_printer/ut/CMakeLists.linux.txt b/ydb/library/protobuf_printer/ut/CMakeLists.linux.txt
index 6668d28e58..2a7eb095cf 100644
--- a/ydb/library/protobuf_printer/ut/CMakeLists.linux.txt
+++ b/ydb/library/protobuf_printer/ut/CMakeLists.linux.txt
@@ -77,6 +77,7 @@ target_proto_addincls(ydb-library-protobuf_printer-ut
   ${CMAKE_BINARY_DIR}
   ${CMAKE_SOURCE_DIR}
   ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src
+  ${CMAKE_SOURCE_DIR}/contrib/libs/googleapis-common-protos
   ${CMAKE_BINARY_DIR}
   ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src
 )
diff --git a/ydb/library/security/CMakeLists.darwin.txt b/ydb/library/security/CMakeLists.darwin.txt
index e6a52ce4c7..70ee437a1e 100644
--- a/ydb/library/security/CMakeLists.darwin.txt
+++ b/ydb/library/security/CMakeLists.darwin.txt
@@ -12,6 +12,7 @@ add_library(ydb-library-security)
 target_link_libraries(ydb-library-security PUBLIC
   contrib-libs-cxxsupp
   yutil
+  cpp-client-iam
   cpp-digest-crc32c
   client-ydb_types-credentials
 )
diff --git a/ydb/library/security/CMakeLists.linux-aarch64.txt b/ydb/library/security/CMakeLists.linux-aarch64.txt
index 7a49450128..bcf6139d20 100644
--- a/ydb/library/security/CMakeLists.linux-aarch64.txt
+++ b/ydb/library/security/CMakeLists.linux-aarch64.txt
@@ -13,6 +13,7 @@ target_link_libraries(ydb-library-security PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
+  cpp-client-iam
   cpp-digest-crc32c
   client-ydb_types-credentials
 )
diff --git a/ydb/library/security/CMakeLists.linux.txt b/ydb/library/security/CMakeLists.linux.txt
index 7a49450128..bcf6139d20 100644
--- a/ydb/library/security/CMakeLists.linux.txt
+++ b/ydb/library/security/CMakeLists.linux.txt
@@ -13,6 +13,7 @@ target_link_libraries(ydb-library-security PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
+  cpp-client-iam
   cpp-digest-crc32c
   client-ydb_types-credentials
 )
diff --git a/ydb/library/security/ydb_credentials_provider_factory.cpp b/ydb/library/security/ydb_credentials_provider_factory.cpp
index 25174da6f0..677b59c228 100644
--- a/ydb/library/security/ydb_credentials_provider_factory.cpp
+++ b/ydb/library/security/ydb_credentials_provider_factory.cpp
@@ -1,10 +1,22 @@
 #include "ydb_credentials_provider_factory.h"
 
+#include <ydb/public/sdk/cpp/client/iam/iam.h>
 
 namespace NKikimr {
 
 std::shared_ptr<NYdb::ICredentialsProviderFactory> CreateYdbCredentialsProviderFactory(const TYdbCredentialsSettings& settings)
 {
+    if (settings.UseLocalMetadata) {
+        return NYdb::CreateIamCredentialsProviderFactory();
+    } else if (settings.SaKeyFile) {
+        NYdb::TIamJwtFilename params = {.JwtFilename = settings.SaKeyFile};
+
+        if (settings.IamEndpoint)
+            params.Endpoint = settings.IamEndpoint;
+
+        return NYdb::CreateIamJwtFileCredentialsProviderFactory(std::move(params));
+    }
+
     return settings.OAuthToken
         ? NYdb::CreateOAuthCredentialsProviderFactory(settings.OAuthToken)
         : NYdb::CreateInsecureCredentialsProviderFactory();
author	auzhegov <auzhegov@yandex-team.com>	2023-02-16 16:08:33 +0300
committer	auzhegov <auzhegov@yandex-team.com>	2023-02-16 16:08:33 +0300
commit	144eb8b0c1c95bcaec141a13f832a189cbbd4fdc (patch)
tree	d255083f0732e4baac5cc030decd2550bb744591
parent	722e18210f7daf85f0381ff09afa83c9222c623d (diff)
download	ydb-144eb8b0c1c95bcaec141a13f832a189cbbd4fdc.tar.gz