Single credentials provider for YDB CLI commands (#14387)

author: Nikolay Perfilov <pnv1@yandex-team.ru> 2025-02-10 23:04:14 +0300
committer: GitHub <noreply@github.com> 2025-02-10 20:04:14 +0000
commit: 1b5d9e2ff1d57aaa4d1d784c37756d92331e5dc2 (patch)
tree: 907aa29d91b7d36ac8a7026441f04a03720b7e7f
parent: 2b9bf6b0f7d97465f2bddaf9d1ad9a032561fb46 (diff)
download: ydb-1b5d9e2ff1d57aaa4d1d784c37756d92331e5dc2.tar.gz
8 files changed, 53 insertions, 15 deletions
diff --git a/ydb/apps/ydb/CHANGELOG.md b/ydb/apps/ydb/CHANGELOG.md
index d8600b0a45..79eaef374c 100644
--- a/ydb/apps/ydb/CHANGELOG.md
+++ b/ydb/apps/ydb/CHANGELOG.md
@@ -1,3 +1,4 @@
+* Fixed a bug where `ydb auth get-token` command tried to authenticate twice: while listing andpoints and while executing actual token request.
 * Include coordination nodes in local backups (`ydb tools dump` and `ydb tools restore`). Rate limiters that utilize the coordination node are saved in the coordination node's backup folder, preserving the existing path hierarchy.
 * Fixed a bug where some errors could be ignored when restoring from a local backup.
 * Added `ydb workload log import generator` command.
diff --git a/ydb/public/lib/ydb_cli/commands/topic_operations_scenario.cpp b/ydb/public/lib/ydb_cli/commands/topic_operations_scenario.cpp
index 6c54ddc057..f066c2c64f 100644
--- a/ydb/public/lib/ydb_cli/commands/topic_operations_scenario.cpp
+++ b/ydb/public/lib/ydb_cli/commands/topic_operations_scenario.cpp
@@ -21,7 +21,7 @@ TTopicOperationsScenario::TTopicOperationsScenario() :
 {
 }
 
-int TTopicOperationsScenario::Run(const TConfig& config)
+int TTopicOperationsScenario::Run(TConfig& config)
 {
     InitLog(config);
     InitDriver(config);
@@ -60,13 +60,13 @@ THolder<TLogBackend> TTopicOperationsScenario::MakeLogBackend(TConfig::EVerbosit
                             TConfig::VerbosityLevelToELogPriority(level));
 }
 
-void TTopicOperationsScenario::InitLog(const TConfig& config)
+void TTopicOperationsScenario::InitLog(TConfig& config)
 {
     Log = std::make_shared<TLog>(MakeLogBackend(config.VerbosityLevel));
     Log->SetFormatter(GetPrefixLogFormatter(""));
 }
 
-void TTopicOperationsScenario::InitDriver(const TConfig& config)
+void TTopicOperationsScenario::InitDriver(TConfig& config)
 {
     Driver =
         std::make_unique<NYdb::TDriver>(TYdbCommand::CreateDriver(config,
diff --git a/ydb/public/lib/ydb_cli/commands/topic_operations_scenario.h b/ydb/public/lib/ydb_cli/commands/topic_operations_scenario.h
index 0913cc492d..d5b2e1653c 100644
--- a/ydb/public/lib/ydb_cli/commands/topic_operations_scenario.h
+++ b/ydb/public/lib/ydb_cli/commands/topic_operations_scenario.h
@@ -37,7 +37,7 @@ class TTopicOperationsScenario {
 public:
     TTopicOperationsScenario();
 
-    int Run(const TClientCommand::TConfig& config);
+    int Run(TClientCommand::TConfig& config);
 
     void EnsurePercentileIsValid() const;
     void EnsureWarmupSecIsValid() const;
@@ -132,8 +132,8 @@ private:
 
     static THolder<TLogBackend> MakeLogBackend(TClientCommand::TConfig::EVerbosityLevel level);
 
-    void InitLog(const TClientCommand::TConfig& config);
-    void InitDriver(const TClientCommand::TConfig& config);
+    void InitLog(TClientCommand::TConfig& config);
+    void InitDriver(TClientCommand::TConfig& config);
     void InitStatsCollector();
 };
 
diff --git a/ydb/public/lib/ydb_cli/commands/ydb_command.cpp b/ydb/public/lib/ydb_cli/commands/ydb_command.cpp
index a4f9ce3f3b..8a1e23c779 100644
--- a/ydb/public/lib/ydb_cli/commands/ydb_command.cpp
+++ b/ydb/public/lib/ydb_cli/commands/ydb_command.cpp
@@ -19,11 +19,11 @@ TYdbCommand::TYdbCommand(const TString& name, const std::initializer_list<TStrin
     : TLeafCommand(name, aliases, description)
 {}
 
-TDriverConfig TYdbCommand::CreateDriverConfig(const TConfig& config) {
+TDriverConfig TYdbCommand::CreateDriverConfig(TConfig& config) {
     auto driverConfig = TDriverConfig()
         .SetEndpoint(config.Address)
         .SetDatabase(config.Database)
-        .SetCredentialsProviderFactory(config.CredentialsGetter(config))        ;
+        .SetCredentialsProviderFactory(config.GetSingletonCredentialsProviderFactory());
 
     if (config.EnableSsl)
         driverConfig.UseSecureConnection(config.CaCerts);
@@ -33,11 +33,11 @@ TDriverConfig TYdbCommand::CreateDriverConfig(const TConfig& config) {
     return driverConfig;
 }
 
-TDriver TYdbCommand::CreateDriver(const TConfig& config) {
+TDriver TYdbCommand::CreateDriver(TConfig& config) {
     return TDriver(CreateDriverConfig(config));
 }
 
-TDriver TYdbCommand::CreateDriver(const TConfig& config, std::unique_ptr<TLogBackend>&& loggingBackend) {
+TDriver TYdbCommand::CreateDriver(TConfig& config, std::unique_ptr<TLogBackend>&& loggingBackend) {
     auto driverConfig = CreateDriverConfig(config);
     driverConfig.SetLog(std::move(loggingBackend));
 
diff --git a/ydb/public/lib/ydb_cli/commands/ydb_command.h b/ydb/public/lib/ydb_cli/commands/ydb_command.h
index d43eabfa66..a5871f8cb1 100644
--- a/ydb/public/lib/ydb_cli/commands/ydb_command.h
+++ b/ydb/public/lib/ydb_cli/commands/ydb_command.h
@@ -25,11 +25,11 @@ public:
         const TString& description = TString()
     );
 
-    static TDriver CreateDriver(const TConfig& config);
-    static TDriver CreateDriver(const TConfig& config, std::unique_ptr<TLogBackend>&& loggingBackend);
+    static TDriver CreateDriver(TConfig& config);
+    static TDriver CreateDriver(TConfig& config, std::unique_ptr<TLogBackend>&& loggingBackend);
 
 private:
-    static TDriverConfig CreateDriverConfig(const TConfig& config);
+    static TDriverConfig CreateDriverConfig(TConfig& config);
 };
 
 class TYdbReadOnlyCommand : public TYdbCommand {
diff --git a/ydb/public/lib/ydb_cli/commands/ydb_service_auth.cpp b/ydb/public/lib/ydb_cli/commands/ydb_service_auth.cpp
index a7096c4f02..66d84aa8a7 100644
--- a/ydb/public/lib/ydb_cli/commands/ydb_service_auth.cpp
+++ b/ydb/public/lib/ydb_cli/commands/ydb_service_auth.cpp
@@ -38,8 +38,7 @@ bool TCommandGetToken::Prompt(TConfig& config) {
 }
 
 int TCommandGetToken::Run(TConfig& config) {
-    auto credentialsProviderFactory = config.CredentialsGetter(config);
-
+    auto credentialsProviderFactory = config.GetSingletonCredentialsProviderFactory();
     if (credentialsProviderFactory) {
         auto driver = CreateDriver(config);
         TDummyClient client(driver);
diff --git a/ydb/public/lib/ydb_cli/common/command.cpp b/ydb/public/lib/ydb_cli/common/command.cpp
index a4960f999a..fadb3019eb 100644
--- a/ydb/public/lib/ydb_cli/common/command.cpp
+++ b/ydb/public/lib/ydb_cli/common/command.cpp
@@ -73,6 +73,41 @@ size_t TClientCommand::TConfig::ParseHelpCommandVerbosilty(int argc, char** argv
     return cnt;
 }
 
+namespace {
+    class TSingleProviderFactory : public ICredentialsProviderFactory {
+    public:
+        TSingleProviderFactory(std::shared_ptr<ICredentialsProviderFactory> originalFactory)
+        : OriginalFactory(originalFactory)
+        {}
+    virtual std::shared_ptr<ICredentialsProvider> CreateProvider() const override {
+        if (!provider) {
+            provider = OriginalFactory->CreateProvider();
+        }
+        return provider;
+    }
+    virtual std::shared_ptr<ICredentialsProvider> CreateProvider(std::weak_ptr<ICoreFacility> facility) const override {
+        if (!provider) {
+            provider = OriginalFactory->CreateProvider(facility);
+        }
+        return provider;
+    }
+
+    private:
+        std::shared_ptr<ICredentialsProviderFactory> OriginalFactory;
+        mutable TCredentialsProviderPtr provider = nullptr;
+    };
+}
+
+std::shared_ptr<ICredentialsProviderFactory> TClientCommand::TConfig::GetSingletonCredentialsProviderFactory() {
+    if (!SingletonCredentialsProviderFactory) {
+        auto credentialsGetterResult = CredentialsGetter(*this);
+        if (credentialsGetterResult) {
+            SingletonCredentialsProviderFactory = std::make_shared<TSingleProviderFactory>(credentialsGetterResult);
+        }
+    }
+    return SingletonCredentialsProviderFactory;
+}
+
 TClientCommand::TOptsParseOneLevelResult::TOptsParseOneLevelResult(TConfig& config) {
     int _argc = 1;
     int levels = 1;
diff --git a/ydb/public/lib/ydb_cli/common/command.h b/ydb/public/lib/ydb_cli/common/command.h
index abf6ad6bd4..789fdda743 100644
--- a/ydb/public/lib/ydb_cli/common/command.h
+++ b/ydb/public/lib/ydb_cli/common/command.h
@@ -150,6 +150,7 @@ public:
         bool AssumeYes = false;
 
         TCredentialsGetter CredentialsGetter;
+        std::shared_ptr<ICredentialsProviderFactory> SingletonCredentialsProviderFactory = nullptr;
 
         TConfig(int argc, char** argv)
             : ArgC(argc)
@@ -174,6 +175,8 @@ public:
             };
         }
 
+        std::shared_ptr<ICredentialsProviderFactory> GetSingletonCredentialsProviderFactory();
+
         bool HasHelpCommand() const {
             return HasArgs({ "--help" }) || HasArgs({ "-h" }) || HasArgs({ "-?" }) || HasArgs({ "--help-ex" });
         }
author	Nikolay Perfilov <pnv1@yandex-team.ru>	2025-02-10 23:04:14 +0300
committer	GitHub <noreply@github.com>	2025-02-10 20:04:14 +0000
commit	1b5d9e2ff1d57aaa4d1d784c37756d92331e5dc2 (patch)
tree	907aa29d91b7d36ac8a7026441f04a03720b7e7f
parent	2b9bf6b0f7d97465f2bddaf9d1ad9a032561fb46 (diff)
download	ydb-1b5d9e2ff1d57aaa4d1d784c37756d92331e5dc2.tar.gz