diff options
| author | auzhegov <auzhegov@yandex-team.com> | 2023-08-04 13:39:43 +0300 |
|---|---|---|
| committer | auzhegov <auzhegov@yandex-team.com> | 2023-08-04 15:13:09 +0300 |
| commit | 8da1cb6e4dcd6950755002e4f9341f41fd6ffb8f (patch) | |
| tree | 42ba73a7b4d5a7cfd80161292a5b38ce40ad4c38 | |
| parent | 5af67714dddb1b9aebdcfc23efe9a8c579bd6d27 (diff) | |
| download | ydb-8da1cb6e4dcd6950755002e4f9341f41fd6ffb8f.tar.gz | |
Extra validations
21 files changed, 563 insertions, 625 deletions
diff --git a/ydb/core/fq/libs/control_plane_config/control_plane_config.cpp b/ydb/core/fq/libs/control_plane_config/control_plane_config.cpp index 549744794f..ce474bda42 100644 --- a/ydb/core/fq/libs/control_plane_config/control_plane_config.cpp +++ b/ydb/core/fq/libs/control_plane_config/control_plane_config.cpp @@ -1,36 +1,24 @@ #include "control_plane_config.h" #include <ydb/core/fq/libs/actors/logging/log.h> -#include <ydb/core/fq/libs/config/yq_issue.h> -#include <ydb/core/fq/libs/common/cache.h> -#include <ydb/core/fq/libs/common/entity_id.h> #include <ydb/core/fq/libs/control_plane_storage/control_plane_storage.h> #include <ydb/core/fq/libs/control_plane_storage/events/events.h> #include <ydb/core/fq/libs/control_plane_storage/util.h> #include <ydb/core/fq/libs/quota_manager/quota_manager.h> #include <ydb/core/fq/libs/shared_resources/db_exec.h> -#include <ydb/core/fq/libs/test_connection/events/events.h> -#include <ydb/core/fq/libs/ydb/util.h> #include <ydb/core/fq/libs/ydb/ydb.h> #include <ydb/core/fq/libs/control_plane_storage/schema.h> #include <ydb/core/fq/libs/db_schema/db_schema.h> -#include <ydb/core/fq/libs/quota_manager/quota_manager.h> #include <library/cpp/actors/core/actor_bootstrapped.h> #include <library/cpp/actors/core/actor.h> -#include <ydb/library/ydb_issue/issue_helpers.h> #include <ydb/library/db_pool/db_pool.h> #include <ydb/library/yql/public/issue/yql_issue_message.h> -#include <ydb/library/security/util.h> -#include <ydb/public/sdk/cpp/client/ydb_scheme/scheme.h> -#include <util/generic/maybe.h> #include <util/generic/ptr.h> #include <util/datetime/base.h> #include <util/digest/multi.h> -#include <util/generic/yexception.h> -#include <util/string/join.h> #include <util/system/hostname.h> namespace NFq { @@ -205,7 +193,7 @@ private: "WriteStateTime", true ); - if (oldInfo) { + if (oldInfo) { executer.Process(SelfId(), [this, oldInfo=oldInfo](TStateTimeExecuter&) { this->ReflectTenantChanges(oldInfo); diff --git a/ydb/core/fq/libs/control_plane_proxy/actors/control_plane_storage_requester_actor.cpp b/ydb/core/fq/libs/control_plane_proxy/actors/control_plane_storage_requester_actor.cpp index d2e7e8bfa9..3ff65a525f 100644 --- a/ydb/core/fq/libs/control_plane_proxy/actors/control_plane_storage_requester_actor.cpp +++ b/ydb/core/fq/libs/control_plane_proxy/actors/control_plane_storage_requester_actor.cpp @@ -16,7 +16,7 @@ namespace NFq { namespace NPrivate { using namespace NActors; -using namespace NFq::NConfig; +using namespace ::NFq::NConfig; using namespace NKikimr; using namespace NThreading; @@ -76,7 +76,7 @@ public: void SendCPSRequest() { CPP_LOG_I("TControlPlaneStorageRequesterActor Sending CPS request. Actor id: " << TBase::SelfId()); const auto& request = Request; - auto event = new TCPSEventRequest("yandexcloud://" + request->Get()->FolderId, + auto event = new TCPSEventRequest(request->Get()->Scope, CPSRequestFactory(request), request->Get()->User, request->Get()->Token, diff --git a/ydb/core/fq/libs/control_plane_proxy/actors/control_plane_proxy_request_actor.h b/ydb/core/fq/libs/control_plane_proxy/actors/request_actor.h index 0a94b23334..12084c0ce5 100644 --- a/ydb/core/fq/libs/control_plane_proxy/actors/control_plane_proxy_request_actor.h +++ b/ydb/core/fq/libs/control_plane_proxy/actors/request_actor.h @@ -1,6 +1,7 @@ #pragma once #include "counters.h" +#include "utils.h" #include <contrib/libs/fmt/include/fmt/format.h> #include <library/cpp/actors/core/event.h> @@ -29,23 +30,11 @@ protected: typename TRequestProxy::TPtr RequestProxy; ::NFq::TControlPlaneProxyConfig Config; - TRequestProto RequestProto; - TString Scope; - TString FolderId; - TString User; - TString Token; - TActorId Sender; - ui32 Cookie; TActorId ServiceId; TRequestCounters Counters; TInstant StartTime; std::function<void(const TDuration&, bool /* isSuccess */, bool /* isTimeout */)> Probe; TPermissions Permissions; - TString CloudId; - TString SubjectType; - const TMaybe<TQuotaMap> Quotas; - TTenantInfo::TPtr TenantInfo; - TMaybe<FederatedQuery::Internal::ComputeDatabaseInternal> ComputeDatabase; ui32 RetryCount = 0; bool ReplyWithResponseOnSuccess = true; @@ -54,41 +43,18 @@ public: explicit TRequestActor(typename TRequestProxy::TPtr requestProxy, const ::NFq::TControlPlaneProxyConfig& config, - TActorId sender, - ui32 cookie, - const TString& scope, - const TString& folderId, - TRequestProto&& requestProto, - TString&& user, - TString&& token, const TActorId& serviceId, const TRequestCounters& counters, const std::function<void(const TDuration&, bool, bool)>& probe, - TPermissions permissions, - const TString& cloudId, - const TString& subjectType, - TMaybe<TQuotaMap>&& quotas = Nothing(), - TMaybe<FederatedQuery::Internal::ComputeDatabaseInternal>&& - computeDatabase = Nothing(), + const TPermissions& availablePermissions, bool replyWithResponseOnSuccess = true) : RequestProxy(requestProxy) , Config(config) - , RequestProto(std::forward<TRequestProto>(requestProto)) - , Scope(scope) - , FolderId(folderId) - , User(std::move(user)) - , Token(std::move(token)) - , Sender(sender) - , Cookie(cookie) , ServiceId(serviceId) , Counters(counters) , StartTime(TInstant::Now()) , Probe(probe) - , Permissions(permissions) - , CloudId(cloudId) - , SubjectType(subjectType) - , Quotas(std::move(quotas)) - , ComputeDatabase(std::move(computeDatabase)) + , Permissions(ExtractPermissions(RequestProxy, availablePermissions)) , ReplyWithResponseOnSuccess(replyWithResponseOnSuccess) { Counters.IncInFly(); } @@ -117,8 +83,8 @@ public: } void Handle(TEvControlPlaneConfig::TEvGetTenantInfoResponse::TPtr& ev) { - TenantInfo = std::move(ev->Get()->TenantInfo); - if (TenantInfo) { + RequestProxy->Get()->TenantInfo = std::move(ev->Get()->TenantInfo); + if (RequestProxy->Get()->TenantInfo) { SendRequestIfCan(); } else { RetryCount++; @@ -128,7 +94,7 @@ public: } void HandleTimeout() { - CPP_LOG_D("Request timeout. " << RequestProto.DebugString()); + CPP_LOG_D("Request timeout. " << RequestProxy->Get()->Request.DebugString()); NYql::TIssues issues; NYql::TIssue issue = MakeErrorIssue(TIssuesIds::TIMEOUT, @@ -166,7 +132,7 @@ public: const TDuration delta = TInstant::Now() - StartTime; Counters.IncError(); Probe(delta, false, isTimeout); - Send(Sender, new TResponseProxy(issues, SubjectType), 0, Cookie); + Send(RequestProxy->Sender, new TResponseProxy(issues, RequestProxy->Get()->SubjectType), 0, RequestProxy->Cookie); PassAway(); } @@ -176,35 +142,35 @@ public: Counters.IncOk(); Probe(delta, true, false); if (ReplyWithResponseOnSuccess) { - Send(Sender, - new TResponseProxy(std::forward<TArgs>(args)..., SubjectType), + Send(RequestProxy->Sender, + new TResponseProxy(std::forward<TArgs>(args)..., RequestProxy->Get()->SubjectType), 0, - Cookie); + RequestProxy->Cookie); } else { RequestProxy->Get()->Response = - std::make_unique<TResponseProxy>(std::forward<TArgs>(args)..., SubjectType); + std::make_unique<TResponseProxy>(std::forward<TArgs>(args)..., RequestProxy->Get()->SubjectType); RequestProxy->Get()->ControlPlaneYDBOperationWasPerformed = true; Send(RequestProxy->Forward(ControlPlaneProxyActorId())); } PassAway(); } - virtual bool CanSendRequest() const { return bool(TenantInfo); } + virtual bool CanSendRequest() const { return bool(RequestProxy->Get()->TenantInfo); } void SendRequestIfCan() { if (CanSendRequest()) { Send(ServiceId, - new TRequest(Scope, - RequestProto, - User, - Token, - CloudId, + new TRequest(RequestProxy->Get()->Scope, + RequestProxy->Get()->Request, + RequestProxy->Get()->User, + RequestProxy->Get()->Token, + RequestProxy->Get()->CloudId, Permissions, - Quotas, - TenantInfo, - ComputeDatabase.GetOrElse({})), + RequestProxy->Get()->Quotas, + RequestProxy->Get()->TenantInfo, + RequestProxy->Get()->ComputeDatabase.GetOrElse({})), 0, - Cookie); + RequestProxy->Cookie); } } @@ -240,7 +206,7 @@ public: void OnBootstrap() override { Become(&TCreateQueryRequestActor::StateFunc); - if (Quotas) { + if (RequestProxy->Get()->Quotas) { SendCreateRateLimiterResourceRequest(); } else { SendRequestIfCan(); @@ -248,21 +214,21 @@ public: } void SendCreateRateLimiterResourceRequest() { - if (auto quotaIt = Quotas->find(QUOTA_CPU_PERCENT_LIMIT); quotaIt != Quotas->end()) { + if (auto quotaIt = RequestProxy->Get()->Quotas->find(QUOTA_CPU_PERCENT_LIMIT); quotaIt != RequestProxy->Get()->Quotas->end()) { const double cloudLimit = static_cast<double>(quotaIt->second.Limit.Value * 10); // percent -> milliseconds CPP_LOG_T("Create rate limiter resource for cloud with limit " << cloudLimit << "ms"); Send(RateLimiterControlPlaneServiceId(), - new TEvRateLimiter::TEvCreateResource(CloudId, cloudLimit)); + new TEvRateLimiter::TEvCreateResource(RequestProxy->Get()->CloudId, cloudLimit)); } else { NYql::TIssues issues; NYql::TIssue issue = MakeErrorIssue(TIssuesIds::INTERNAL_ERROR, - TStringBuilder() << "CPU quota for cloud \"" << CloudId + TStringBuilder() << "CPU quota for cloud \"" << RequestProxy->Get()->CloudId << "\" was not found"); issues.AddIssue(issue); - CPP_LOG_W("Failed to get cpu quota for cloud " << CloudId); + CPP_LOG_W("Failed to get cpu quota for cloud " << RequestProxy->Get()->CloudId); ReplyWithError(issues); } } @@ -285,7 +251,7 @@ public: } bool CanSendRequest() const override { - return (QuoterResourceCreated || !Quotas) && TBaseRequestActor::CanSendRequest(); + return (QuoterResourceCreated || !RequestProxy->Get()->Quotas) && TBaseRequestActor::CanSendRequest(); } }; diff --git a/ydb/core/fq/libs/control_plane_proxy/actors/utils.h b/ydb/core/fq/libs/control_plane_proxy/actors/utils.h index 42701c3311..96ebcf1227 100644 --- a/ydb/core/fq/libs/control_plane_proxy/actors/utils.h +++ b/ydb/core/fq/libs/control_plane_proxy/actors/utils.h @@ -10,11 +10,11 @@ namespace NFq { template<typename T> std::shared_ptr<NYdb::NTable::TTableClient> CreateNewTableClient( const T& ev, - const NFq::TComputeConfig& computeConfig, + const ::NFq::TComputeConfig& computeConfig, const TYqSharedResources::TPtr& yqSharedResources, const NKikimr::TYdbCredentialsProviderFactory& credentialsProviderFactory) { - auto scope = "yandexcloud://" + ev->Get()->FolderId; - NFq::NConfig::TYdbStorageConfig computeConnection = computeConfig.GetConnection(scope); + auto scope = ev->Get()->Scope; + ::NFq::NConfig::TYdbStorageConfig computeConnection = computeConfig.GetConnection(scope); computeConnection.set_endpoint(ev->Get()->ComputeDatabase->connection().endpoint()); computeConnection.set_database(ev->Get()->ComputeDatabase->connection().database()); @@ -27,4 +27,28 @@ std::shared_ptr<NYdb::NTable::TTableClient> CreateNewTableClient( tableSettings); } +inline static const TMap<TString, TPermissions::TPermission> PermissionsItems = { + {"yq.resources.viewPublic@as", TPermissions::VIEW_PUBLIC}, + {"yq.resources.viewPrivate@as", TPermissions::VIEW_PRIVATE}, + {"yq.queries.viewAst@as", TPermissions::VIEW_AST}, + {"yq.resources.managePublic@as", TPermissions::MANAGE_PUBLIC}, + {"yq.resources.managePrivate@as", TPermissions::MANAGE_PRIVATE}, + {"yq.queries.invoke@as", TPermissions::QUERY_INVOKE}, + {"yq.queries.viewQueryText@as", TPermissions::VIEW_QUERY_TEXT}, +}; + +template<typename T> +TPermissions ExtractPermissions(T& ev, const TPermissions& availablePermissions) { + TPermissions permissions; + for (const auto& permission : ev->Get()->Permissions) { + if (auto it = PermissionsItems.find(permission); it != PermissionsItems.end()) { + // cut off permissions that should not be used in other services + if (availablePermissions.Check(it->second)) { + permissions.Set(it->second); + } + } + } + return permissions; +} + } // namespace NFq diff --git a/ydb/core/fq/libs/control_plane_proxy/actors/ydb_schema_query_actor.cpp b/ydb/core/fq/libs/control_plane_proxy/actors/ydb_schema_query_actor.cpp index fbfeba1bbe..b4e8d88559 100644 --- a/ydb/core/fq/libs/control_plane_proxy/actors/ydb_schema_query_actor.cpp +++ b/ydb/core/fq/libs/control_plane_proxy/actors/ydb_schema_query_actor.cpp @@ -13,7 +13,7 @@ namespace NFq { namespace NPrivate { using namespace NActors; -using namespace NFq::NConfig; +using namespace ::NFq::NConfig; using namespace NKikimr; using namespace NThreading; using namespace NYdb; diff --git a/ydb/core/fq/libs/control_plane_proxy/config.cpp b/ydb/core/fq/libs/control_plane_proxy/config.cpp index 37ad16e836..20cb82e9df 100644 --- a/ydb/core/fq/libs/control_plane_proxy/config.cpp +++ b/ydb/core/fq/libs/control_plane_proxy/config.cpp @@ -4,13 +4,6 @@ namespace NFq { namespace { -TDuration GetDuration(const TString& value, const TDuration& defaultValue) -{ - TDuration result = defaultValue; - TDuration::TryParse(value, result); - return result; -} - NConfig::TControlPlaneProxyConfig FillDefaultParameters(NConfig::TControlPlaneProxyConfig config) { if (!config.GetRequestTimeout()) { @@ -32,9 +25,12 @@ NConfig::TControlPlaneProxyConfig FillDefaultParameters(NConfig::TControlPlanePr TControlPlaneProxyConfig::TControlPlaneProxyConfig( const NConfig::TControlPlaneProxyConfig& config, + const NConfig::TControlPlaneStorageConfig& storageConfig, const NConfig::TComputeConfig& computeConfig, - const NConfig::TCommonConfig& commonConfig) + const NConfig::TCommonConfig& commonConfig, + const NYql::TS3GatewayConfig& s3Config) : Proto(FillDefaultParameters(config)) + , StorageConfig(TControlPlaneStorageConfig(storageConfig, s3Config, commonConfig)) , ComputeConfig(computeConfig) , CommonConfig(commonConfig) , RequestTimeout(GetDuration(Proto.GetRequestTimeout(), TDuration::Seconds(30))) diff --git a/ydb/core/fq/libs/control_plane_proxy/config.h b/ydb/core/fq/libs/control_plane_proxy/config.h index ae98bb989b..9a1932e1d2 100644 --- a/ydb/core/fq/libs/control_plane_proxy/config.h +++ b/ydb/core/fq/libs/control_plane_proxy/config.h @@ -4,13 +4,16 @@ #include <ydb/core/fq/libs/config/protos/common.pb.h> #include <ydb/core/fq/libs/config/protos/compute.pb.h> #include <ydb/core/fq/libs/config/protos/control_plane_proxy.pb.h> +#include <ydb/core/fq/libs/control_plane_storage/config.h> #include <util/datetime/base.h> +#include <util/generic/set.h> namespace NFq { struct TControlPlaneProxyConfig { NConfig::TControlPlaneProxyConfig Proto; + TControlPlaneStorageConfig StorageConfig; TComputeConfig ComputeConfig; NConfig::TCommonConfig CommonConfig; TDuration RequestTimeout; @@ -19,8 +22,10 @@ struct TControlPlaneProxyConfig { TControlPlaneProxyConfig( const NConfig::TControlPlaneProxyConfig& config, + const NConfig::TControlPlaneStorageConfig& storageConfig, const NConfig::TComputeConfig& computeConfig, - const NConfig::TCommonConfig& commonConfig); + const NConfig::TCommonConfig& commonConfig, + const NYql::TS3GatewayConfig& s3Config); }; } // NFq diff --git a/ydb/core/fq/libs/control_plane_proxy/control_plane_proxy.cpp b/ydb/core/fq/libs/control_plane_proxy/control_plane_proxy.cpp index 3244cca00b..726ad83366 100644 --- a/ydb/core/fq/libs/control_plane_proxy/control_plane_proxy.cpp +++ b/ydb/core/fq/libs/control_plane_proxy/control_plane_proxy.cpp @@ -8,6 +8,7 @@ #include <ydb/core/fq/libs/compute/ydb/events/events.h> #include <ydb/core/fq/libs/control_plane_config/control_plane_config.h> #include <ydb/core/fq/libs/control_plane_storage/control_plane_storage.h> +#include <ydb/core/fq/libs/control_plane_storage/request_validators.h> #include <ydb/core/fq/libs/control_plane_storage/events/events.h> #include <ydb/core/fq/libs/quota_manager/quota_manager.h> #include <ydb/core/fq/libs/rate_limiter/events/control_plane_events.h> @@ -17,11 +18,12 @@ #include <ydb/core/fq/libs/ydb/ydb.h> #include <ydb/core/fq/libs/config/yq_issue.h> -#include <ydb/core/fq/libs/control_plane_proxy/actors/control_plane_proxy_request_actor.h> #include <ydb/core/fq/libs/control_plane_proxy/actors/control_plane_storage_requester_actor.h> +#include <ydb/core/fq/libs/control_plane_proxy/actors/request_actor.h> #include <ydb/core/fq/libs/control_plane_proxy/actors/utils.h> #include <ydb/core/fq/libs/control_plane_proxy/actors/ydb_schema_query_actor.h> #include <ydb/core/fq/libs/control_plane_proxy/events/events.h> +#include <ydb/public/lib/fq/scope.h> #include <library/cpp/actors/core/actor.h> #include <library/cpp/actors/core/actor_bootstrapped.h> @@ -54,12 +56,12 @@ namespace NFq { namespace { using namespace NActors; -using namespace NFq::NConfig; +using namespace ::NFq::NConfig; using namespace NKikimr; using namespace NThreading; using namespace NYdb; using namespace NYdb::NTable; -using namespace NFq::NPrivate; +using namespace ::NFq::NPrivate; LWTRACE_USING(YQ_CONTROL_PLANE_PROXY_PROVIDER); @@ -266,14 +268,14 @@ class TResolveFolderActor : public NActors::TActorBootstrapped<TResolveFolderAct public: TResolveFolderActor(const TRequestCommonCountersPtr& counters, TActorId sender, const ::NFq::TControlPlaneProxyConfig& config, - const TString& folderId, const TString& token, + const TString& scope, const TString& token, const std::function<void(const TDuration&, bool, bool)>& probe, TEventRequest event, ui32 cookie, bool quotaManagerEnabled) : Config(config) , Sender(sender) , Counters(counters) - , FolderId(folderId) + , FolderId(NYdb::NFq::TScope(scope).ParseFolder()) , Token(token) , Probe(probe) , Event(event) @@ -379,7 +381,6 @@ class TCreateComputeDatabaseActor : public NActors::TActorBootstrapped<TCreateCo TActorId Sender; TRequestCommonCountersPtr Counters; TString CloudId; - TString FolderId; TString Scope; TString Token; std::function<void(const TDuration&, bool, bool)> Probe; @@ -389,28 +390,29 @@ class TCreateComputeDatabaseActor : public NActors::TActorBootstrapped<TCreateCo public: TCreateComputeDatabaseActor(const TRequestCommonCountersPtr& counters, - TActorId sender, const ::NFq::TControlPlaneProxyConfig& config, - const ::NFq::TComputeConfig& computeConfig, const TString& cloudId, - const TString& folderId, const TString& scope, - const std::function<void(const TDuration&, bool, bool)>& probe, - TEventRequest event, ui32 cookie) + TActorId sender, + const ::NFq::TControlPlaneProxyConfig& config, + const ::NFq::TComputeConfig& computeConfig, + const TString& cloudId, + const TString& scope, + const std::function<void(const TDuration&, bool, bool)>& probe, + TEventRequest event, + ui32 cookie) : Config(config) , ComputeConfig(computeConfig) , Sender(sender) , Counters(counters) , CloudId(cloudId) - , FolderId(folderId) , Scope(scope) , Probe(probe) , Event(event) , Cookie(cookie) - , StartTime(TInstant::Now()) - {} + , StartTime(TInstant::Now()) { } static constexpr char ActorName[] = "YQ_CONTROL_PLANE_PROXY_CREATE_DATABASE"; void Bootstrap() { - CPP_LOG_T("Create database bootstrap. CloudId: " << CloudId << " FolderId: " << FolderId << " Scope: " << Scope << " Actor id: " << SelfId()); + CPP_LOG_T("Create database bootstrap. CloudId: " << CloudId << " Scope: " << Scope << " Actor id: " << SelfId()); if (!ComputeConfig.YdbComputeControlPlaneEnabled()) { Event->Get()->ComputeDatabase = FederatedQuery::Internal::ComputeDatabaseInternal{}; TActivationContext::Send(Event->Forward(ControlPlaneProxyActorId())); @@ -419,7 +421,7 @@ public: } Become(&TCreateComputeDatabaseActor::StateFunc, Config.RequestTimeout, new NActors::TEvents::TEvWakeup()); Counters->InFly->Inc(); - Send(NFq::ComputeDatabaseControlPlaneServiceActorId(), CreateRequest().release(), 0, 0); + Send(::NFq::ComputeDatabaseControlPlaneServiceActorId(), CreateRequest().release(), 0, 0); } std::unique_ptr<TEvYdbCompute::TEvCreateDatabaseRequest> CreateRequest() { @@ -432,7 +434,7 @@ public: ) void HandleTimeout() { - CPP_LOG_D("Create database timeout. CloudId: " << CloudId << " FolderId: " << FolderId << " Scope: " << Scope << " Actor id: " << SelfId()); + CPP_LOG_D("Create database timeout. CloudId: " << CloudId << " Scope: " << Scope << " Actor id: " << SelfId()); NYql::TIssues issues; NYql::TIssue issue = MakeErrorIssue(TIssuesIds::TIMEOUT, "Create database: request timeout. Try repeating the request later"); issues.AddIssue(issue); @@ -474,20 +476,22 @@ private: const bool QuotaManagerEnabled; NConfig::TComputeConfig ComputeConfig; TActorId AccessService; - NFq::TSigner::TPtr Signer; + ::NFq::TSigner::TPtr Signer; public: TControlPlaneProxyActor( const NConfig::TControlPlaneProxyConfig& config, + const NConfig::TControlPlaneStorageConfig& storageConfig, const NConfig::TComputeConfig& computeConfig, const NConfig::TCommonConfig& commonConfig, + const NYql::TS3GatewayConfig& s3Config, const ::NFq::TSigner::TPtr& signer, const TYqSharedResources::TPtr& yqSharedResources, const NKikimr::TYdbCredentialsProviderFactory& credentialsProviderFactory, const ::NMonitoring::TDynamicCounterPtr& counters, bool quotaManagerEnabled) : Counters(counters) - , Config(config, computeConfig, commonConfig) + , Config(config, storageConfig, computeConfig, commonConfig, s3Config) , YqSharedResources(yqSharedResources) , CredentialsProviderFactory(credentialsProviderFactory) , QuotaManagerEnabled(quotaManagerEnabled) @@ -549,30 +553,6 @@ private: hFunc(NMon::TEvHttpInfo, Handle); ) - inline static const TMap<TString, TPermissions::TPermission> PermissionsItems = { - {"yq.resources.viewPublic@as", TPermissions::VIEW_PUBLIC}, - {"yq.resources.viewPrivate@as", TPermissions::VIEW_PRIVATE}, - {"yq.queries.viewAst@as", TPermissions::VIEW_AST}, - {"yq.resources.managePublic@as", TPermissions::MANAGE_PUBLIC}, - {"yq.resources.managePrivate@as", TPermissions::MANAGE_PRIVATE}, - {"yq.queries.invoke@as", TPermissions::QUERY_INVOKE}, - {"yq.queries.viewQueryText@as", TPermissions::VIEW_QUERY_TEXT}, - }; - - template<typename T> - TPermissions ExtractPermissions(T& ev, const TPermissions& availablePermissions) { - TPermissions permissions; - for (const auto& permission : ev->Get()->Permissions) { - if (auto it = PermissionsItems.find(permission); it != PermissionsItems.end()) { - // cut off permissions that should not be used in other services - if (availablePermissions.Check(it->second)) { - permissions.Set(it->second); - } - } - } - return permissions; - } - template<typename T> NYql::TIssues ValidatePermissions(T& ev, const TVector<TString>& requiredPermissions) { NYql::TIssues issues; @@ -582,23 +562,20 @@ private: for (const auto& requiredPermission : requiredPermissions) { if (!IsIn(ev->Get()->Permissions, requiredPermission)) { - issues.AddIssue(MakeErrorIssue(TIssuesIds::ACCESS_DENIED, "No permission " + requiredPermission + " in a given scope yandexcloud://" + ev->Get()->FolderId)); + issues.AddIssue(MakeErrorIssue(TIssuesIds::ACCESS_DENIED, "No permission " + requiredPermission + " in a given scope " + ev->Get()->Scope)); } } return issues; } - - void Handle(TEvControlPlaneProxy::TEvCreateQueryRequest::TPtr& ev) { TInstant startTime = TInstant::Now(); FederatedQuery::CreateQueryRequest request = ev->Get()->Request; CPP_LOG_T("CreateQueryRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; - const TString folderId = ev->Get()->FolderId; const TString subjectType = ev->Get()->SubjectType; - const TString scope = "yandexcloud://" + folderId; + const TString scope = ev->Get()->Scope; TString user = ev->Get()->User; TString token = ev->Get()->Token; const int byteSize = request.ByteSize(); @@ -613,7 +590,7 @@ private: Register(new TResolveFolderActor<TEvControlPlaneProxy::TEvCreateQueryRequest::TPtr, TEvControlPlaneProxy::TEvCreateQueryResponse> (Counters.GetCommonCounters(RTC_RESOLVE_FOLDER), sender, - Config, folderId, token, + Config, scope, token, probe, ev, cookie, QuotaManagerEnabled)); return; } @@ -644,7 +621,7 @@ private: TEvControlPlaneProxy::TEvCreateQueryResponse> (Counters.GetCommonCounters(RTC_CREATE_COMPUTE_DATABASE), sender, Config, Config.ComputeConfig, cloudId, - folderId, scope, probe, ev, cookie)); + scope, probe, ev, cookie)); return; } @@ -653,26 +630,12 @@ private: | TPermissions::TPermission::MANAGE_PUBLIC }; - { - auto sender = ev->Sender; - auto cookie = ev->Cookie; - auto permissions = ExtractPermissions(ev, availablePermissions); - auto computeDatabase = ev->Get()->ComputeDatabase; - auto quotas = ev->Get()->Quotas; - Register(new TCreateQueryRequestActor - (ev, Config, sender, cookie, scope, folderId, - std::move(request), - std::move(user), - std::move(token), - ControlPlaneStorageServiceActorId(), - requestCounters, - probe, - permissions, - cloudId, - subjectType, - std::move(quotas), - std::move(computeDatabase))); - } + Register(new TCreateQueryRequestActor(ev, + Config, + ControlPlaneStorageServiceActorId(), + requestCounters, + probe, + availablePermissions)); } void Handle(TEvControlPlaneProxy::TEvListQueriesRequest::TPtr& ev) { @@ -680,9 +643,8 @@ private: FederatedQuery::ListQueriesRequest request = ev->Get()->Request; CPP_LOG_T("ListQueriesRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; - const TString folderId = ev->Get()->FolderId; const TString subjectType = ev->Get()->SubjectType; - const TString scope = "yandexcloud://" + folderId; + const TString scope = ev->Get()->Scope; TString user = ev->Get()->User; TString token = ev->Get()->Token; const int byteSize = request.ByteSize(); @@ -697,7 +659,7 @@ private: Register(new TResolveFolderActor<TEvControlPlaneProxy::TEvListQueriesRequest::TPtr, TEvControlPlaneProxy::TEvListQueriesResponse> (Counters.GetCommonCounters(RTC_RESOLVE_FOLDER), sender, - Config, folderId, token, + Config, scope, token, probe, ev, cookie, QuotaManagerEnabled)); return; } @@ -728,26 +690,17 @@ private: | TPermissions::TPermission::VIEW_PRIVATE }; - { - auto sender = ev->Sender; - auto cookie = ev->Cookie; - auto permissions = ExtractPermissions(ev, availablePermissions); - Register(new TRequestActor<FederatedQuery::ListQueriesRequest, - TEvControlPlaneStorage::TEvListQueriesRequest, - TEvControlPlaneStorage::TEvListQueriesResponse, - TEvControlPlaneProxy::TEvListQueriesRequest, - TEvControlPlaneProxy::TEvListQueriesResponse> - (ev, Config, sender, cookie, scope, folderId, - std::move(request), - std::move(user), - std::move(token), - ControlPlaneStorageServiceActorId(), - requestCounters, - probe, - permissions, - cloudId, - subjectType)); - } + Register(new TRequestActor<FederatedQuery::ListQueriesRequest, + TEvControlPlaneStorage::TEvListQueriesRequest, + TEvControlPlaneStorage::TEvListQueriesResponse, + TEvControlPlaneProxy::TEvListQueriesRequest, + TEvControlPlaneProxy::TEvListQueriesResponse>( + ev, + Config, + ControlPlaneStorageServiceActorId(), + requestCounters, + probe, + availablePermissions)); } void Handle(TEvControlPlaneProxy::TEvDescribeQueryRequest::TPtr& ev) { @@ -755,9 +708,8 @@ private: FederatedQuery::DescribeQueryRequest request = ev->Get()->Request; CPP_LOG_T("DescribeQueryRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; - const TString folderId = ev->Get()->FolderId; const TString subjectType = ev->Get()->SubjectType; - const TString scope = "yandexcloud://" + folderId; + const TString scope = ev->Get()->Scope; TString user = ev->Get()->User; TString token = ev->Get()->Token; const TString queryId = request.query_id(); @@ -773,7 +725,7 @@ private: Register(new TResolveFolderActor<TEvControlPlaneProxy::TEvDescribeQueryRequest::TPtr, TEvControlPlaneProxy::TEvDescribeQueryResponse> (Counters.GetCommonCounters(RTC_RESOLVE_FOLDER), sender, - Config, folderId, token, + Config, scope, token, probe, ev, cookie, QuotaManagerEnabled)); return; } @@ -806,26 +758,17 @@ private: | TPermissions::VIEW_QUERY_TEXT }; - { - auto sender = ev->Sender; - auto cookie = ev->Cookie; - auto permissions = ExtractPermissions(ev, availablePermissions); - Register(new TRequestActor<FederatedQuery::DescribeQueryRequest, - TEvControlPlaneStorage::TEvDescribeQueryRequest, - TEvControlPlaneStorage::TEvDescribeQueryResponse, - TEvControlPlaneProxy::TEvDescribeQueryRequest, - TEvControlPlaneProxy::TEvDescribeQueryResponse> - (ev, Config, sender, cookie, scope, folderId, - std::move(request), - std::move(user), - std::move(token), - ControlPlaneStorageServiceActorId(), - requestCounters, - probe, - permissions, - cloudId, - subjectType)); - } + Register(new TRequestActor<FederatedQuery::DescribeQueryRequest, + TEvControlPlaneStorage::TEvDescribeQueryRequest, + TEvControlPlaneStorage::TEvDescribeQueryResponse, + TEvControlPlaneProxy::TEvDescribeQueryRequest, + TEvControlPlaneProxy::TEvDescribeQueryResponse>( + ev, + Config, + ControlPlaneStorageServiceActorId(), + requestCounters, + probe, + availablePermissions)); } void Handle(TEvControlPlaneProxy::TEvGetQueryStatusRequest::TPtr& ev) { @@ -833,9 +776,8 @@ private: FederatedQuery::GetQueryStatusRequest request = ev->Get()->Request; CPP_LOG_T("GetStatusRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; - const TString folderId = ev->Get()->FolderId; const TString subjectType = ev->Get()->SubjectType; - const TString scope = "yandexcloud://" + folderId; + const TString scope = ev->Get()->Scope; TString user = ev->Get()->User; TString token = ev->Get()->Token; const TString queryId = request.query_id(); @@ -851,7 +793,7 @@ private: Register(new TResolveFolderActor<TEvControlPlaneProxy::TEvGetQueryStatusRequest::TPtr, TEvControlPlaneProxy::TEvGetQueryStatusResponse> (Counters.GetCommonCounters(RTC_RESOLVE_FOLDER), sender, - Config, folderId, token, + Config, scope, token, probe, ev, cookie, QuotaManagerEnabled)); return; } @@ -882,26 +824,17 @@ private: | TPermissions::TPermission::VIEW_PRIVATE }; - { - auto sender = ev->Sender; - auto cookie = ev->Cookie; - auto permissions = ExtractPermissions(ev, availablePermissions); - Register(new TRequestActor<FederatedQuery::GetQueryStatusRequest, - TEvControlPlaneStorage::TEvGetQueryStatusRequest, - TEvControlPlaneStorage::TEvGetQueryStatusResponse, - TEvControlPlaneProxy::TEvGetQueryStatusRequest, - TEvControlPlaneProxy::TEvGetQueryStatusResponse> - (ev, Config, sender, cookie, scope, folderId, - std::move(request), - std::move(user), - std::move(token), - ControlPlaneStorageServiceActorId(), - requestCounters, - probe, - permissions, - cloudId, - subjectType)); - } + Register(new TRequestActor<FederatedQuery::GetQueryStatusRequest, + TEvControlPlaneStorage::TEvGetQueryStatusRequest, + TEvControlPlaneStorage::TEvGetQueryStatusResponse, + TEvControlPlaneProxy::TEvGetQueryStatusRequest, + TEvControlPlaneProxy::TEvGetQueryStatusResponse>( + ev, + Config, + ControlPlaneStorageServiceActorId(), + requestCounters, + probe, + availablePermissions)); } void Handle(TEvControlPlaneProxy::TEvModifyQueryRequest::TPtr& ev) { @@ -909,9 +842,8 @@ private: FederatedQuery::ModifyQueryRequest request = ev->Get()->Request; CPP_LOG_T("ModifyQueryRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; - const TString folderId = ev->Get()->FolderId; const TString subjectType = ev->Get()->SubjectType; - const TString scope = "yandexcloud://" + folderId; + const TString scope = ev->Get()->Scope; TString user = ev->Get()->User; TString token = ev->Get()->Token; const TString queryId = request.query_id(); @@ -927,7 +859,7 @@ private: Register(new TResolveFolderActor<TEvControlPlaneProxy::TEvModifyQueryRequest::TPtr, TEvControlPlaneProxy::TEvModifyQueryResponse> (Counters.GetCommonCounters(RTC_RESOLVE_FOLDER), sender, - Config, folderId, token, + Config, scope, token, probe, ev, cookie, QuotaManagerEnabled)); return; } @@ -958,7 +890,7 @@ private: TEvControlPlaneProxy::TEvModifyQueryResponse> (Counters.GetCommonCounters(RTC_CREATE_COMPUTE_DATABASE), sender, Config, Config.ComputeConfig, cloudId, - folderId, scope, probe, ev, cookie)); + scope, probe, ev, cookie)); return; } @@ -968,29 +900,17 @@ private: | TPermissions::TPermission::MANAGE_PRIVATE }; - { - auto sender = ev->Sender; - auto cookie = ev->Cookie; - auto permissions = ExtractPermissions(ev, availablePermissions); - auto computeDatabase = ev->Get()->ComputeDatabase; - Register(new TRequestActor<FederatedQuery::ModifyQueryRequest, - TEvControlPlaneStorage::TEvModifyQueryRequest, - TEvControlPlaneStorage::TEvModifyQueryResponse, - TEvControlPlaneProxy::TEvModifyQueryRequest, - TEvControlPlaneProxy::TEvModifyQueryResponse> - (ev, Config, sender, cookie, scope, folderId, - std::move(request), - std::move(user), - std::move(token), - ControlPlaneStorageServiceActorId(), - requestCounters, - probe, - permissions, - cloudId, - subjectType, - {}, - std::move(computeDatabase))); - } + Register(new TRequestActor<FederatedQuery::ModifyQueryRequest, + TEvControlPlaneStorage::TEvModifyQueryRequest, + TEvControlPlaneStorage::TEvModifyQueryResponse, + TEvControlPlaneProxy::TEvModifyQueryRequest, + TEvControlPlaneProxy::TEvModifyQueryResponse>( + ev, + Config, + ControlPlaneStorageServiceActorId(), + requestCounters, + probe, + availablePermissions)); } void Handle(TEvControlPlaneProxy::TEvDeleteQueryRequest::TPtr& ev) { @@ -998,9 +918,8 @@ private: FederatedQuery::DeleteQueryRequest request = ev->Get()->Request; CPP_LOG_T("DeleteQueryRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; - const TString folderId = ev->Get()->FolderId; const TString subjectType = ev->Get()->SubjectType; - const TString scope = "yandexcloud://" + folderId; + const TString scope = ev->Get()->Scope; TString user = ev->Get()->User; TString token = ev->Get()->Token; const TString queryId = request.query_id(); @@ -1016,7 +935,7 @@ private: Register(new TResolveFolderActor<TEvControlPlaneProxy::TEvDeleteQueryRequest::TPtr, TEvControlPlaneProxy::TEvDeleteQueryResponse> (Counters.GetCommonCounters(RTC_RESOLVE_FOLDER), sender, - Config, folderId, token, + Config, scope, token, probe, ev, cookie, QuotaManagerEnabled)); return; } @@ -1047,26 +966,17 @@ private: | TPermissions::TPermission::MANAGE_PRIVATE }; - { - auto sender = ev->Sender; - auto cookie = ev->Cookie; - auto permissions = ExtractPermissions(ev, availablePermissions); - Register(new TRequestActor<FederatedQuery::DeleteQueryRequest, - TEvControlPlaneStorage::TEvDeleteQueryRequest, - TEvControlPlaneStorage::TEvDeleteQueryResponse, - TEvControlPlaneProxy::TEvDeleteQueryRequest, - TEvControlPlaneProxy::TEvDeleteQueryResponse> - (ev, Config, sender, cookie, scope, folderId, - std::move(request), - std::move(user), - std::move(token), - ControlPlaneStorageServiceActorId(), - requestCounters, - probe, - permissions, - cloudId, - subjectType)); - } + Register(new TRequestActor<FederatedQuery::DeleteQueryRequest, + TEvControlPlaneStorage::TEvDeleteQueryRequest, + TEvControlPlaneStorage::TEvDeleteQueryResponse, + TEvControlPlaneProxy::TEvDeleteQueryRequest, + TEvControlPlaneProxy::TEvDeleteQueryResponse>( + ev, + Config, + ControlPlaneStorageServiceActorId(), + requestCounters, + probe, + availablePermissions)); } void Handle(TEvControlPlaneProxy::TEvControlQueryRequest::TPtr& ev) { @@ -1074,9 +984,8 @@ private: FederatedQuery::ControlQueryRequest request = ev->Get()->Request; CPP_LOG_T("ControlQueryRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; - const TString folderId = ev->Get()->FolderId; const TString subjectType = ev->Get()->SubjectType; - const TString scope = "yandexcloud://" + folderId; + const TString scope = ev->Get()->Scope; TString user = ev->Get()->User; TString token = ev->Get()->Token; const TString queryId = request.query_id(); @@ -1092,7 +1001,7 @@ private: Register(new TResolveFolderActor<TEvControlPlaneProxy::TEvControlQueryRequest::TPtr, TEvControlPlaneProxy::TEvControlQueryResponse> (Counters.GetCommonCounters(RTC_RESOLVE_FOLDER), sender, - Config, folderId, token, + Config, scope, token, probe, ev, cookie, QuotaManagerEnabled)); return; } @@ -1123,26 +1032,17 @@ private: | TPermissions::TPermission::MANAGE_PRIVATE }; - { - auto sender = ev->Sender; - auto cookie = ev->Cookie; - auto permissions = ExtractPermissions(ev, availablePermissions); - Register(new TRequestActor<FederatedQuery::ControlQueryRequest, - TEvControlPlaneStorage::TEvControlQueryRequest, - TEvControlPlaneStorage::TEvControlQueryResponse, - TEvControlPlaneProxy::TEvControlQueryRequest, - TEvControlPlaneProxy::TEvControlQueryResponse> - (ev, Config, sender, cookie, scope, folderId, - std::move(request), - std::move(user), - std::move(token), - ControlPlaneStorageServiceActorId(), - requestCounters, - probe, - permissions, - cloudId, - subjectType)); - } + Register(new TRequestActor<FederatedQuery::ControlQueryRequest, + TEvControlPlaneStorage::TEvControlQueryRequest, + TEvControlPlaneStorage::TEvControlQueryResponse, + TEvControlPlaneProxy::TEvControlQueryRequest, + TEvControlPlaneProxy::TEvControlQueryResponse>( + ev, + Config, + ControlPlaneStorageServiceActorId(), + requestCounters, + probe, + availablePermissions)); } void Handle(TEvControlPlaneProxy::TEvGetResultDataRequest::TPtr& ev) { @@ -1150,9 +1050,8 @@ private: FederatedQuery::GetResultDataRequest request = ev->Get()->Request; CPP_LOG_T("GetResultDataRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; - const TString folderId = ev->Get()->FolderId; const TString subjectType = ev->Get()->SubjectType; - const TString scope = "yandexcloud://" + folderId; + const TString scope = ev->Get()->Scope; TString user = ev->Get()->User; TString token = ev->Get()->Token; const TString queryId = request.query_id(); @@ -1171,7 +1070,7 @@ private: Register(new TResolveFolderActor<TEvControlPlaneProxy::TEvGetResultDataRequest::TPtr, TEvControlPlaneProxy::TEvGetResultDataResponse> (Counters.GetCommonCounters(RTC_RESOLVE_FOLDER), sender, - Config, folderId, token, + Config, scope, token, probe, ev, cookie, QuotaManagerEnabled)); return; } @@ -1202,26 +1101,17 @@ private: | TPermissions::TPermission::VIEW_PRIVATE }; - { - auto sender = ev->Sender; - auto cookie = ev->Cookie; - auto permissions = ExtractPermissions(ev, availablePermissions); - Register(new TRequestActor<FederatedQuery::GetResultDataRequest, - TEvControlPlaneStorage::TEvGetResultDataRequest, - TEvControlPlaneStorage::TEvGetResultDataResponse, - TEvControlPlaneProxy::TEvGetResultDataRequest, - TEvControlPlaneProxy::TEvGetResultDataResponse> - (ev, Config, sender, cookie, scope, folderId, - std::move(request), - std::move(user), - std::move(token), - ControlPlaneStorageServiceActorId(), - requestCounters, - probe, - permissions, - cloudId, - subjectType)); - } + Register(new TRequestActor<FederatedQuery::GetResultDataRequest, + TEvControlPlaneStorage::TEvGetResultDataRequest, + TEvControlPlaneStorage::TEvGetResultDataResponse, + TEvControlPlaneProxy::TEvGetResultDataRequest, + TEvControlPlaneProxy::TEvGetResultDataResponse>( + ev, + Config, + ControlPlaneStorageServiceActorId(), + requestCounters, + probe, + availablePermissions)); } void Handle(TEvControlPlaneProxy::TEvListJobsRequest::TPtr& ev) { @@ -1229,9 +1119,8 @@ private: FederatedQuery::ListJobsRequest request = ev->Get()->Request; CPP_LOG_T("ListJobsRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; - const TString folderId = ev->Get()->FolderId; const TString subjectType = ev->Get()->SubjectType; - const TString scope = "yandexcloud://" + folderId; + const TString scope = ev->Get()->Scope; TString user = ev->Get()->User; TString token = ev->Get()->Token; const TString queryId = request.query_id(); @@ -1247,7 +1136,7 @@ private: Register(new TResolveFolderActor<TEvControlPlaneProxy::TEvListJobsRequest::TPtr, TEvControlPlaneProxy::TEvListJobsResponse> (Counters.GetCommonCounters(RTC_RESOLVE_FOLDER), sender, - Config, folderId, token, + Config, scope, token, probe, ev, cookie, QuotaManagerEnabled)); return; } @@ -1278,26 +1167,17 @@ private: | TPermissions::TPermission::VIEW_PRIVATE }; - { - auto sender = ev->Sender; - auto cookie = ev->Cookie; - auto permissions = ExtractPermissions(ev, availablePermissions); - Register(new TRequestActor<FederatedQuery::ListJobsRequest, - TEvControlPlaneStorage::TEvListJobsRequest, - TEvControlPlaneStorage::TEvListJobsResponse, - TEvControlPlaneProxy::TEvListJobsRequest, - TEvControlPlaneProxy::TEvListJobsResponse> - (ev, Config, sender, cookie, scope, folderId, - std::move(request), - std::move(user), - std::move(token), - ControlPlaneStorageServiceActorId(), - requestCounters, - probe, - permissions, - cloudId, - subjectType)); - } + Register(new TRequestActor<FederatedQuery::ListJobsRequest, + TEvControlPlaneStorage::TEvListJobsRequest, + TEvControlPlaneStorage::TEvListJobsResponse, + TEvControlPlaneProxy::TEvListJobsRequest, + TEvControlPlaneProxy::TEvListJobsResponse>( + ev, + Config, + ControlPlaneStorageServiceActorId(), + requestCounters, + probe, + availablePermissions)); } void Handle(TEvControlPlaneProxy::TEvDescribeJobRequest::TPtr& ev) { @@ -1305,9 +1185,8 @@ private: FederatedQuery::DescribeJobRequest request = ev->Get()->Request; CPP_LOG_T("DescribeJobRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; - const TString folderId = ev->Get()->FolderId; const TString subjectType = ev->Get()->SubjectType; - const TString scope = "yandexcloud://" + folderId; + const TString scope = ev->Get()->Scope; TString user = ev->Get()->User; TString token = ev->Get()->Token; const TString jobId = request.job_id(); @@ -1323,7 +1202,7 @@ private: Register(new TResolveFolderActor<TEvControlPlaneProxy::TEvDescribeJobRequest::TPtr, TEvControlPlaneProxy::TEvDescribeJobResponse> (Counters.GetCommonCounters(RTC_RESOLVE_FOLDER), sender, - Config, folderId, token, + Config, scope, token, probe, ev, cookie, QuotaManagerEnabled)); return; } @@ -1356,26 +1235,17 @@ private: | TPermissions::VIEW_QUERY_TEXT }; - { - auto sender = ev->Sender; - auto cookie = ev->Cookie; - auto permissions = ExtractPermissions(ev, availablePermissions); - Register(new TRequestActor<FederatedQuery::DescribeJobRequest, - TEvControlPlaneStorage::TEvDescribeJobRequest, - TEvControlPlaneStorage::TEvDescribeJobResponse, - TEvControlPlaneProxy::TEvDescribeJobRequest, - TEvControlPlaneProxy::TEvDescribeJobResponse> - (ev, Config, sender, cookie, scope, folderId, - std::move(request), - std::move(user), - std::move(token), - ControlPlaneStorageServiceActorId(), - requestCounters, - probe, - permissions, - cloudId, - subjectType)); - } + Register(new TRequestActor<FederatedQuery::DescribeJobRequest, + TEvControlPlaneStorage::TEvDescribeJobRequest, + TEvControlPlaneStorage::TEvDescribeJobResponse, + TEvControlPlaneProxy::TEvDescribeJobRequest, + TEvControlPlaneProxy::TEvDescribeJobResponse>( + ev, + Config, + ControlPlaneStorageServiceActorId(), + requestCounters, + probe, + availablePermissions)); } void Handle(TEvControlPlaneProxy::TEvCreateConnectionRequest::TPtr& ev) { @@ -1383,10 +1253,9 @@ private: FederatedQuery::CreateConnectionRequest request = ev->Get()->Request; CPP_LOG_T("CreateConnectionRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; - const TString folderId = ev->Get()->FolderId; const TString subjectType = ev->Get()->SubjectType; const bool ydbOperationWasPerformed = ev->Get()->ComputeYDBOperationWasPerformed; - const TString scope = "yandexcloud://" + folderId; + const TString scope = ev->Get()->Scope; TString user = ev->Get()->User; TString token = ev->Get()->Token; const int byteSize = request.ByteSize(); @@ -1401,7 +1270,7 @@ private: Register(new TResolveFolderActor<TEvControlPlaneProxy::TEvCreateConnectionRequest::TPtr, TEvControlPlaneProxy::TEvCreateConnectionResponse> (Counters.GetCommonCounters(RTC_RESOLVE_FOLDER), sender, - Config, folderId, token, + Config, scope, token, probe, ev, cookie, QuotaManagerEnabled)); return; } @@ -1437,8 +1306,34 @@ private: TEvControlPlaneProxy::TEvCreateConnectionResponse> (Counters.GetCommonCounters(RTC_CREATE_COMPUTE_DATABASE), sender, Config, Config.ComputeConfig, cloudId, - folderId, scope, probe, ev, cookie)); - return; + scope, probe, ev, cookie)); + return; + } + + if (Config.ComputeConfig.YdbComputeControlPlaneEnabled() && !ev->Get()->RequestValidationPassed) { + auto requestValidationIssues = + ::NFq::ValidateConnection(ev, + Config.StorageConfig.Proto.GetMaxRequestSize(), + Config.StorageConfig.AvailableConnections, + Config.StorageConfig.Proto.GetDisableCurrentIam(), + false); + if (requestValidationIssues) { + CPS_LOG_E("CreateConnectionRequest, validation failed: " + << scope << " " << user << " " << NKikimr::MaskTicket(token) + << " " << request.DebugString() + << " error: " << requestValidationIssues.ToString()); + Send(ev->Sender, + new TEvControlPlaneProxy::TEvCreateConnectionResponse( + requestValidationIssues, subjectType), + 0, + ev->Cookie); + requestCounters.IncError(); + TDuration delta = TInstant::Now() - startTime; + requestCounters.Common->LatencyMs->Collect(delta.MilliSeconds()); + probe(delta, false, false); + return; + } + ev->Get()->RequestValidationPassed = true; } static const TPermissions availablePermissions { @@ -1463,29 +1358,17 @@ private: return; } - { - auto sender = ev->Sender; - auto cookie = ev->Cookie; - auto permissions = ExtractPermissions(ev, availablePermissions); - auto computeDatabase = ev->Get()->ComputeDatabase; - Register(new TRequestActor<FederatedQuery::CreateConnectionRequest, - TEvControlPlaneStorage::TEvCreateConnectionRequest, - TEvControlPlaneStorage::TEvCreateConnectionResponse, - TEvControlPlaneProxy::TEvCreateConnectionRequest, - TEvControlPlaneProxy::TEvCreateConnectionResponse> - (ev, Config, sender, cookie, scope, folderId, - std::move(request), - std::move(user), - std::move(token), - ControlPlaneStorageServiceActorId(), - requestCounters, - probe, - permissions, - cloudId, - subjectType, - {}, - std::move(computeDatabase))); - } + Register(new TRequestActor<FederatedQuery::CreateConnectionRequest, + TEvControlPlaneStorage::TEvCreateConnectionRequest, + TEvControlPlaneStorage::TEvCreateConnectionResponse, + TEvControlPlaneProxy::TEvCreateConnectionRequest, + TEvControlPlaneProxy::TEvCreateConnectionResponse>( + ev, + Config, + ControlPlaneStorageServiceActorId(), + requestCounters, + probe, + availablePermissions)); } void Handle(TEvControlPlaneProxy::TEvListConnectionsRequest::TPtr& ev) { @@ -1493,9 +1376,8 @@ private: FederatedQuery::ListConnectionsRequest request = ev->Get()->Request; CPP_LOG_T("ListConnectionsRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; - const TString folderId = ev->Get()->FolderId; const TString subjectType = ev->Get()->SubjectType; - const TString scope = "yandexcloud://" + folderId; + const TString scope = ev->Get()->Scope; TString user = ev->Get()->User; TString token = ev->Get()->Token; const int byteSize = request.ByteSize(); @@ -1510,7 +1392,7 @@ private: Register(new TResolveFolderActor<TEvControlPlaneProxy::TEvListConnectionsRequest::TPtr, TEvControlPlaneProxy::TEvListConnectionsResponse> (Counters.GetCommonCounters(RTC_RESOLVE_FOLDER), sender, - Config, folderId, token, + Config, scope, token, probe, ev, cookie, QuotaManagerEnabled)); return; } @@ -1541,26 +1423,17 @@ private: | TPermissions::TPermission::VIEW_PRIVATE }; - { - auto sender = ev->Sender; - auto cookie = ev->Cookie; - auto permissions = ExtractPermissions(ev, availablePermissions); - Register(new TRequestActor<FederatedQuery::ListConnectionsRequest, - TEvControlPlaneStorage::TEvListConnectionsRequest, - TEvControlPlaneStorage::TEvListConnectionsResponse, - TEvControlPlaneProxy::TEvListConnectionsRequest, - TEvControlPlaneProxy::TEvListConnectionsResponse> - (ev, Config, sender, cookie, scope, folderId, - std::move(request), - std::move(user), - std::move(token), - ControlPlaneStorageServiceActorId(), - requestCounters, - probe, - permissions, - cloudId, - subjectType)); - } + Register(new TRequestActor<FederatedQuery::ListConnectionsRequest, + TEvControlPlaneStorage::TEvListConnectionsRequest, + TEvControlPlaneStorage::TEvListConnectionsResponse, + TEvControlPlaneProxy::TEvListConnectionsRequest, + TEvControlPlaneProxy::TEvListConnectionsResponse>( + ev, + Config, + ControlPlaneStorageServiceActorId(), + requestCounters, + probe, + availablePermissions)); } void Handle(TEvControlPlaneProxy::TEvDescribeConnectionRequest::TPtr& ev) { @@ -1568,9 +1441,8 @@ private: FederatedQuery::DescribeConnectionRequest request = ev->Get()->Request; CPP_LOG_T("DescribeConnectionRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; - const TString folderId = ev->Get()->FolderId; const TString subjectType = ev->Get()->SubjectType; - const TString scope = "yandexcloud://" + folderId; + const TString scope = ev->Get()->Scope; TString user = ev->Get()->User; TString token = ev->Get()->Token; const TString connectionId = request.connection_id(); @@ -1586,7 +1458,7 @@ private: Register(new TResolveFolderActor<TEvControlPlaneProxy::TEvDescribeConnectionRequest::TPtr, TEvControlPlaneProxy::TEvDescribeConnectionResponse> (Counters.GetCommonCounters(RTC_RESOLVE_FOLDER), sender, - Config, folderId, token, + Config, scope, token, probe, ev, cookie, QuotaManagerEnabled)); return; } @@ -1617,26 +1489,17 @@ private: | TPermissions::TPermission::VIEW_PRIVATE }; - { - auto sender = ev->Sender; - auto cookie = ev->Cookie; - auto permissions = ExtractPermissions(ev, availablePermissions); - Register(new TRequestActor<FederatedQuery::DescribeConnectionRequest, - TEvControlPlaneStorage::TEvDescribeConnectionRequest, - TEvControlPlaneStorage::TEvDescribeConnectionResponse, - TEvControlPlaneProxy::TEvDescribeConnectionRequest, - TEvControlPlaneProxy::TEvDescribeConnectionResponse> - (ev, Config, sender, cookie, scope, folderId, - std::move(request), - std::move(user), - std::move(token), - ControlPlaneStorageServiceActorId(), - requestCounters, - probe, - permissions, - cloudId, - subjectType)); - } + Register(new TRequestActor<FederatedQuery::DescribeConnectionRequest, + TEvControlPlaneStorage::TEvDescribeConnectionRequest, + TEvControlPlaneStorage::TEvDescribeConnectionResponse, + TEvControlPlaneProxy::TEvDescribeConnectionRequest, + TEvControlPlaneProxy::TEvDescribeConnectionResponse>( + ev, + Config, + ControlPlaneStorageServiceActorId(), + requestCounters, + probe, + availablePermissions)); } void Handle(TEvControlPlaneProxy::TEvModifyConnectionRequest::TPtr& ev) { @@ -1644,9 +1507,8 @@ private: FederatedQuery::ModifyConnectionRequest request = ev->Get()->Request; CPP_LOG_T("ModifyConnectionRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; - const TString folderId = ev->Get()->FolderId; const TString subjectType = ev->Get()->SubjectType; - const TString scope = "yandexcloud://" + folderId; + const TString scope = ev->Get()->Scope; TString user = ev->Get()->User; TString token = ev->Get()->Token; const TString connectionId = request.connection_id(); @@ -1662,7 +1524,7 @@ private: Register(new TResolveFolderActor<TEvControlPlaneProxy::TEvModifyConnectionRequest::TPtr, TEvControlPlaneProxy::TEvModifyConnectionResponse> (Counters.GetCommonCounters(RTC_RESOLVE_FOLDER), sender, - Config, folderId, token, + Config, scope, token, probe, ev, cookie, QuotaManagerEnabled)); return; } @@ -1698,10 +1560,37 @@ private: TEvControlPlaneProxy::TEvModifyConnectionResponse> (Counters.GetCommonCounters(RTC_CREATE_COMPUTE_DATABASE), sender, Config, Config.ComputeConfig, cloudId, - folderId, scope, probe, ev, cookie)); + scope, probe, ev, cookie)); return; } + if (Config.ComputeConfig.YdbComputeControlPlaneEnabled() && + !ev->Get()->RequestValidationPassed) { + auto requestValidationIssues = + ::NFq::ValidateConnection(ev, + Config.StorageConfig.Proto.GetMaxRequestSize(), + Config.StorageConfig.AvailableConnections, + Config.StorageConfig.Proto.GetDisableCurrentIam(), + false); + if (requestValidationIssues) { + CPS_LOG_E("ModifyConnectionRequest, validation failed: " + << scope << " " << user << " " << NKikimr::MaskTicket(token) + << " " << request.DebugString() + << " error: " << requestValidationIssues.ToString()); + Send(ev->Sender, + new TEvControlPlaneProxy::TEvModifyConnectionResponse( + requestValidationIssues, subjectType), + 0, + ev->Cookie); + requestCounters.IncError(); + TDuration delta = TInstant::Now() - startTime; + requestCounters.Common->LatencyMs->Collect(delta.MilliSeconds()); + probe(delta, false, false); + return; + } + ev->Get()->RequestValidationPassed = true; + } + static const TPermissions availablePermissions { TPermissions::TPermission::MANAGE_PUBLIC | TPermissions::TPermission::MANAGE_PRIVATE @@ -1729,28 +1618,18 @@ private: } const bool controlPlaneYDBOperationWasPerformed = ev->Get()->ControlPlaneYDBOperationWasPerformed; if (!controlPlaneYDBOperationWasPerformed) { - auto sender = ev->Sender; - auto cookie = ev->Cookie; - auto permissions = ExtractPermissions(ev, availablePermissions); - auto computeDatabase = ev->Get()->ComputeDatabase; Register(new TRequestActor<FederatedQuery::ModifyConnectionRequest, TEvControlPlaneStorage::TEvModifyConnectionRequest, TEvControlPlaneStorage::TEvModifyConnectionResponse, TEvControlPlaneProxy::TEvModifyConnectionRequest, - TEvControlPlaneProxy::TEvModifyConnectionResponse> - (ev, Config, sender, cookie, scope, folderId, - std::move(request), - std::move(user), - std::move(token), - ControlPlaneStorageServiceActorId(), - requestCounters, - probe, - permissions, - cloudId, - subjectType, - {}, - std::move(computeDatabase), - !Config.ComputeConfig.YdbComputeControlPlaneEnabled())); + TEvControlPlaneProxy::TEvModifyConnectionResponse>( + ev, + Config, + ControlPlaneStorageServiceActorId(), + requestCounters, + probe, + availablePermissions, + !Config.ComputeConfig.YdbComputeControlPlaneEnabled())); return; } @@ -1783,9 +1662,8 @@ private: FederatedQuery::DeleteConnectionRequest request = ev->Get()->Request; CPP_LOG_T("DeleteConnectionRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; - const TString folderId = ev->Get()->FolderId; const TString subjectType = ev->Get()->SubjectType; - const TString scope = "yandexcloud://" + folderId; + const TString scope = ev->Get()->Scope; TString user = ev->Get()->User; TString token = ev->Get()->Token; const TString connectionId = request.connection_id(); @@ -1801,7 +1679,7 @@ private: Register(new TResolveFolderActor<TEvControlPlaneProxy::TEvDeleteConnectionRequest::TPtr, TEvControlPlaneProxy::TEvDeleteConnectionResponse> (Counters.GetCommonCounters(RTC_RESOLVE_FOLDER), sender, - Config, folderId, token, + Config, scope, token, probe, ev, cookie, QuotaManagerEnabled)); return; } @@ -1832,7 +1710,7 @@ private: TEvControlPlaneProxy::TEvDeleteConnectionResponse> (Counters.GetCommonCounters(RTC_CREATE_COMPUTE_DATABASE), sender, Config, Config.ComputeConfig, cloudId, - folderId, scope, probe, ev, cookie)); + scope, probe, ev, cookie)); return; } @@ -1852,22 +1730,18 @@ private: const bool controlPlaneYDBOperationWasPerformed = ev->Get()->ControlPlaneYDBOperationWasPerformed; if (!controlPlaneYDBOperationWasPerformed) { - auto sender = ev->Sender; - auto cookie = ev->Cookie; - auto permissions = ExtractPermissions(ev, availablePermissions); - auto computeDatabase = ev->Get()->ComputeDatabase; Register(new TRequestActor<FederatedQuery::DeleteConnectionRequest, TEvControlPlaneStorage::TEvDeleteConnectionRequest, TEvControlPlaneStorage::TEvDeleteConnectionResponse, TEvControlPlaneProxy::TEvDeleteConnectionRequest, - TEvControlPlaneProxy::TEvDeleteConnectionResponse> - (ev, Config, sender, cookie, scope, folderId, - std::move(request), std::move(user), std::move(token), - ControlPlaneStorageServiceActorId(), - requestCounters, - probe, - permissions, - cloudId, subjectType, {}, std::move(computeDatabase), !Config.ComputeConfig.YdbComputeControlPlaneEnabled())); + TEvControlPlaneProxy::TEvDeleteConnectionResponse>( + ev, + Config, + ControlPlaneStorageServiceActorId(), + requestCounters, + probe, + availablePermissions, + !Config.ComputeConfig.YdbComputeControlPlaneEnabled())); return; } @@ -1894,11 +1768,11 @@ private: FederatedQuery::TestConnectionRequest request = ev->Get()->Request; CPP_LOG_T("TestConnectionRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; - const TString folderId = ev->Get()->FolderId; + const TString subjectType = ev->Get()->SubjectType; - const TString scope = "yandexcloud://" + folderId; + const TString scope = ev->Get()->Scope; TString user = ev->Get()->User; - TString token = ev->Get()->Token; + TString token = ev->Get()->Token; const int byteSize = request.ByteSize(); TActorId sender = ev->Sender; ui64 cookie = ev->Cookie; @@ -1911,7 +1785,7 @@ private: Register(new TResolveFolderActor<TEvControlPlaneProxy::TEvTestConnectionRequest::TPtr, TEvControlPlaneProxy::TEvTestConnectionResponse> (Counters.GetCommonCounters(RTC_RESOLVE_FOLDER), sender, - Config, folderId, token, + Config, scope, token, probe, ev, cookie, QuotaManagerEnabled)); return; } @@ -1942,21 +1816,12 @@ private: return; } - { - auto sender = ev->Sender; - auto cookie = ev->Cookie; - auto permissions = ExtractPermissions(ev, {}); - Register(new TRequestActor<FederatedQuery::TestConnectionRequest, - TEvTestConnection::TEvTestConnectionRequest, - TEvTestConnection::TEvTestConnectionResponse, - TEvControlPlaneProxy::TEvTestConnectionRequest, - TEvControlPlaneProxy::TEvTestConnectionResponse> - (ev, Config, sender, cookie, scope, folderId, - std::move(request), std::move(user), std::move(token), - TestConnectionActorId(), - requestCounters, - probe, permissions, cloudId, subjectType)); - } + Register(new TRequestActor<FederatedQuery::TestConnectionRequest, + TEvTestConnection::TEvTestConnectionRequest, + TEvTestConnection::TEvTestConnectionResponse, + TEvControlPlaneProxy::TEvTestConnectionRequest, + TEvControlPlaneProxy::TEvTestConnectionResponse>( + ev, Config, TestConnectionActorId(), requestCounters, probe, {})); } void Handle(TEvControlPlaneProxy::TEvCreateBindingRequest::TPtr& ev) { @@ -1964,10 +1829,9 @@ private: FederatedQuery::CreateBindingRequest request = ev->Get()->Request; CPP_LOG_T("CreateBindingRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; - const TString folderId = ev->Get()->FolderId; const TString subjectType = ev->Get()->SubjectType; const bool ydbOperationWasPerformed = ev->Get()->ComputeYDBOperationWasPerformed; - const TString scope = "yandexcloud://" + folderId; + const TString scope = ev->Get()->Scope; TString user = ev->Get()->User; TString token = ev->Get()->Token; const int byteSize = request.ByteSize(); @@ -1982,7 +1846,7 @@ private: Register(new TResolveFolderActor<TEvControlPlaneProxy::TEvCreateBindingRequest::TPtr, TEvControlPlaneProxy::TEvCreateBindingResponse> (Counters.GetCommonCounters(RTC_RESOLVE_FOLDER), sender, - Config, folderId, token, + Config, scope, token, probe, ev, cookie, QuotaManagerEnabled)); return; } @@ -2016,10 +1880,36 @@ private: TEvControlPlaneProxy::TEvCreateBindingResponse> (Counters.GetCommonCounters(RTC_CREATE_COMPUTE_DATABASE), sender, Config, Config.ComputeConfig, cloudId, - folderId, scope, probe, ev, cookie)); + scope, probe, ev, cookie)); return; } + if (Config.ComputeConfig.YdbComputeControlPlaneEnabled() && + !ev->Get()->RequestValidationPassed) { + auto requestValidationIssues = + ::NFq::ValidateBinding(ev, + Config.StorageConfig.Proto.GetMaxRequestSize(), + Config.StorageConfig.AvailableBindings, + Config.StorageConfig.GeneratorPathsLimit); + if (requestValidationIssues) { + CPS_LOG_E("CreateBindingRequest, validation failed: " + << scope << " " << user << " " << NKikimr::MaskTicket(token) + << " " << request.DebugString() + << " error: " << requestValidationIssues.ToString()); + Send(ev->Sender, + new TEvControlPlaneProxy::TEvCreateBindingResponse( + requestValidationIssues, subjectType), + 0, + ev->Cookie); + requestCounters.IncError(); + TDuration delta = TInstant::Now() - startTime; + requestCounters.Common->LatencyMs->Collect(delta.MilliSeconds()); + probe(delta, false, false); + return; + } + ev->Get()->RequestValidationPassed = true; + } + static const TPermissions availablePermissions { TPermissions::TPermission::VIEW_PUBLIC | TPermissions::TPermission::MANAGE_PUBLIC @@ -2046,23 +1936,17 @@ private: return; } - { - auto sender = ev->Sender; - auto cookie = ev->Cookie; - auto permissions = ExtractPermissions(ev, availablePermissions); - auto computeDatabase = ev->Get()->ComputeDatabase; - Register(new TRequestActor<FederatedQuery::CreateBindingRequest, - TEvControlPlaneStorage::TEvCreateBindingRequest, - TEvControlPlaneStorage::TEvCreateBindingResponse, - TEvControlPlaneProxy::TEvCreateBindingRequest, - TEvControlPlaneProxy::TEvCreateBindingResponse> - (ev, Config, sender, cookie, scope, folderId, - std::move(request), std::move(user), std::move(token), - ControlPlaneStorageServiceActorId(), - requestCounters, - probe, permissions, - cloudId, subjectType, {}, std::move(computeDatabase))); - } + Register(new TRequestActor<FederatedQuery::CreateBindingRequest, + TEvControlPlaneStorage::TEvCreateBindingRequest, + TEvControlPlaneStorage::TEvCreateBindingResponse, + TEvControlPlaneProxy::TEvCreateBindingRequest, + TEvControlPlaneProxy::TEvCreateBindingResponse>( + ev, + Config, + ControlPlaneStorageServiceActorId(), + requestCounters, + probe, + availablePermissions)); } void Handle(TEvControlPlaneProxy::TEvListBindingsRequest::TPtr& ev) { @@ -2070,9 +1954,8 @@ private: FederatedQuery::ListBindingsRequest request = ev->Get()->Request; CPP_LOG_T("ListBindingsRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; - const TString folderId = ev->Get()->FolderId; const TString subjectType = ev->Get()->SubjectType; - const TString scope = "yandexcloud://" + folderId; + const TString scope = ev->Get()->Scope; TString user = ev->Get()->User; TString token = ev->Get()->Token; const int byteSize = request.ByteSize(); @@ -2087,7 +1970,7 @@ private: Register(new TResolveFolderActor<TEvControlPlaneProxy::TEvListBindingsRequest::TPtr, TEvControlPlaneProxy::TEvListBindingsResponse> (Counters.GetCommonCounters(RTC_RESOLVE_FOLDER), sender, - Config, folderId, token, + Config, scope, token, probe, ev, cookie, QuotaManagerEnabled)); return; } @@ -2118,22 +2001,17 @@ private: | TPermissions::TPermission::VIEW_PRIVATE }; - { - auto sender = ev->Sender; - auto cookie = ev->Cookie; - auto permissions = ExtractPermissions(ev, availablePermissions); - Register(new TRequestActor<FederatedQuery::ListBindingsRequest, - TEvControlPlaneStorage::TEvListBindingsRequest, - TEvControlPlaneStorage::TEvListBindingsResponse, - TEvControlPlaneProxy::TEvListBindingsRequest, - TEvControlPlaneProxy::TEvListBindingsResponse> - (ev, Config, sender, cookie, scope, folderId, - std::move(request), std::move(user), std::move(token), - ControlPlaneStorageServiceActorId(), - requestCounters, - probe, - permissions, cloudId, subjectType)); - } + Register(new TRequestActor<FederatedQuery::ListBindingsRequest, + TEvControlPlaneStorage::TEvListBindingsRequest, + TEvControlPlaneStorage::TEvListBindingsResponse, + TEvControlPlaneProxy::TEvListBindingsRequest, + TEvControlPlaneProxy::TEvListBindingsResponse>( + ev, + Config, + ControlPlaneStorageServiceActorId(), + requestCounters, + probe, + availablePermissions)); } void Handle(TEvControlPlaneProxy::TEvDescribeBindingRequest::TPtr& ev) { @@ -2141,9 +2019,8 @@ private: FederatedQuery::DescribeBindingRequest request = ev->Get()->Request; CPP_LOG_T("DescribeBindingRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; - const TString folderId = ev->Get()->FolderId; const TString subjectType = ev->Get()->SubjectType; - const TString scope = "yandexcloud://" + folderId; + const TString scope = ev->Get()->Scope; TString user = ev->Get()->User; TString token = ev->Get()->Token; const TString bindingId = request.binding_id(); @@ -2159,7 +2036,7 @@ private: Register(new TResolveFolderActor<TEvControlPlaneProxy::TEvDescribeBindingRequest::TPtr, TEvControlPlaneProxy::TEvDescribeBindingResponse> (Counters.GetCommonCounters(RTC_RESOLVE_FOLDER), sender, - Config, folderId, token, + Config, scope, token, probe, ev, cookie, QuotaManagerEnabled)); return; } @@ -2190,22 +2067,17 @@ private: | TPermissions::TPermission::VIEW_PRIVATE }; - { - auto sender = ev->Sender; - auto cookie = ev->Cookie; - auto permissions = ExtractPermissions(ev, availablePermissions); - Register(new TRequestActor<FederatedQuery::DescribeBindingRequest, - TEvControlPlaneStorage::TEvDescribeBindingRequest, - TEvControlPlaneStorage::TEvDescribeBindingResponse, - TEvControlPlaneProxy::TEvDescribeBindingRequest, - TEvControlPlaneProxy::TEvDescribeBindingResponse> - (ev, Config, sender, cookie, scope, folderId, - std::move(request), std::move(user), std::move(token), - ControlPlaneStorageServiceActorId(), - requestCounters, - probe, - permissions, cloudId, subjectType)); - } + Register(new TRequestActor<FederatedQuery::DescribeBindingRequest, + TEvControlPlaneStorage::TEvDescribeBindingRequest, + TEvControlPlaneStorage::TEvDescribeBindingResponse, + TEvControlPlaneProxy::TEvDescribeBindingRequest, + TEvControlPlaneProxy::TEvDescribeBindingResponse>( + ev, + Config, + ControlPlaneStorageServiceActorId(), + requestCounters, + probe, + availablePermissions)); } void Handle(TEvControlPlaneProxy::TEvModifyBindingRequest::TPtr& ev) { @@ -2213,9 +2085,8 @@ private: FederatedQuery::ModifyBindingRequest request = ev->Get()->Request; CPP_LOG_T("ModifyBindingRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; - const TString folderId = ev->Get()->FolderId; const TString subjectType = ev->Get()->SubjectType; - const TString scope = "yandexcloud://" + folderId; + const TString scope = ev->Get()->Scope; TString user = ev->Get()->User; TString token = ev->Get()->Token; const TString bindingId = request.binding_id(); @@ -2231,7 +2102,7 @@ private: Register(new TResolveFolderActor<TEvControlPlaneProxy::TEvModifyBindingRequest::TPtr, TEvControlPlaneProxy::TEvModifyBindingResponse> (Counters.GetCommonCounters(RTC_RESOLVE_FOLDER), sender, - Config, folderId, token, + Config, scope, token, probe, ev, cookie, QuotaManagerEnabled)); return; } @@ -2262,10 +2133,36 @@ private: TEvControlPlaneProxy::TEvModifyBindingResponse> (Counters.GetCommonCounters(RTC_CREATE_COMPUTE_DATABASE), sender, Config, Config.ComputeConfig, cloudId, - folderId, scope, probe, ev, cookie)); + scope, probe, ev, cookie)); return; } + if (Config.ComputeConfig.YdbComputeControlPlaneEnabled() && + !ev->Get()->RequestValidationPassed) { + auto requestValidationIssues = + ::NFq::ValidateBinding(ev, + Config.StorageConfig.Proto.GetMaxRequestSize(), + Config.StorageConfig.AvailableBindings, + Config.StorageConfig.GeneratorPathsLimit); + if (requestValidationIssues) { + CPS_LOG_E("ModifyBindingRequest, validation failed: " + << scope << " " << user << " " << NKikimr::MaskTicket(token) + << " " << request.DebugString() + << " error: " << requestValidationIssues.ToString()); + Send(ev->Sender, + new TEvControlPlaneProxy::TEvModifyBindingResponse( + requestValidationIssues, subjectType), + 0, + ev->Cookie); + requestCounters.IncError(); + TDuration delta = TInstant::Now() - startTime; + requestCounters.Common->LatencyMs->Collect(delta.MilliSeconds()); + probe(delta, false, false); + return; + } + ev->Get()->RequestValidationPassed = true; + } + static const TPermissions availablePermissions { TPermissions::TPermission::MANAGE_PUBLIC | TPermissions::TPermission::MANAGE_PRIVATE @@ -2290,22 +2187,18 @@ private: const bool controlPlaneYDBOperationWasPerformed = ev->Get()->ControlPlaneYDBOperationWasPerformed; if (!controlPlaneYDBOperationWasPerformed) { - auto sender = ev->Sender; - auto cookie = ev->Cookie; - auto permissions = ExtractPermissions(ev, availablePermissions); - auto computeDatabase = ev->Get()->ComputeDatabase; Register(new TRequestActor<FederatedQuery::ModifyBindingRequest, TEvControlPlaneStorage::TEvModifyBindingRequest, TEvControlPlaneStorage::TEvModifyBindingResponse, TEvControlPlaneProxy::TEvModifyBindingRequest, - TEvControlPlaneProxy::TEvModifyBindingResponse> - (ev, Config, sender, cookie, scope, folderId, - std::move(request), std::move(user), std::move(token), - ControlPlaneStorageServiceActorId(), - requestCounters, - probe, - permissions, - cloudId, subjectType, {}, std::move(computeDatabase), !Config.ComputeConfig.YdbComputeControlPlaneEnabled())); + TEvControlPlaneProxy::TEvModifyBindingResponse>( + ev, + Config, + ControlPlaneStorageServiceActorId(), + requestCounters, + probe, + availablePermissions, + !Config.ComputeConfig.YdbComputeControlPlaneEnabled())); return; } @@ -2335,9 +2228,8 @@ private: FederatedQuery::DeleteBindingRequest request = ev->Get()->Request; CPP_LOG_T("DeleteBindingRequest: " << request.DebugString()); const TString cloudId = ev->Get()->CloudId; - const TString folderId = ev->Get()->FolderId; const TString subjectType = ev->Get()->SubjectType; - const TString scope = "yandexcloud://" + folderId; + const TString scope = ev->Get()->Scope; TString user = ev->Get()->User; TString token = ev->Get()->Token; const TString bindingId = request.binding_id(); @@ -2353,7 +2245,7 @@ private: Register(new TResolveFolderActor<TEvControlPlaneProxy::TEvDeleteBindingRequest::TPtr, TEvControlPlaneProxy::TEvDeleteBindingResponse> (Counters.GetCommonCounters(RTC_RESOLVE_FOLDER), sender, - Config, folderId, token, + Config, scope, token, probe, ev, cookie, QuotaManagerEnabled)); return; } @@ -2384,7 +2276,7 @@ private: TEvControlPlaneProxy::TEvDeleteBindingResponse> (Counters.GetCommonCounters(RTC_CREATE_COMPUTE_DATABASE), sender, Config, Config.ComputeConfig, cloudId, - folderId, scope, probe, ev, cookie)); + scope, probe, ev, cookie)); return; } @@ -2405,22 +2297,18 @@ private: const bool controlPlaneYDBOperationWasPerformed = ev->Get()->ControlPlaneYDBOperationWasPerformed; if (!controlPlaneYDBOperationWasPerformed) { - auto sender = ev->Sender; - auto cookie = ev->Cookie; - auto permissions = ExtractPermissions(ev, availablePermissions); - auto computeDatabase = ev->Get()->ComputeDatabase; Register(new TRequestActor<FederatedQuery::DeleteBindingRequest, TEvControlPlaneStorage::TEvDeleteBindingRequest, TEvControlPlaneStorage::TEvDeleteBindingResponse, TEvControlPlaneProxy::TEvDeleteBindingRequest, - TEvControlPlaneProxy::TEvDeleteBindingResponse> - (ev, Config, sender, cookie, scope, folderId, - std::move(request), std::move(user), std::move(token), - ControlPlaneStorageServiceActorId(), - requestCounters, - probe, - permissions, - cloudId, subjectType, {}, std::move(computeDatabase), !Config.ComputeConfig.YdbComputeControlPlaneEnabled())); + TEvControlPlaneProxy::TEvDeleteBindingResponse>( + ev, + Config, + ControlPlaneStorageServiceActorId(), + requestCounters, + probe, + availablePermissions, + !Config.ComputeConfig.YdbComputeControlPlaneEnabled())); return; } @@ -2464,8 +2352,10 @@ TActorId ControlPlaneProxyActorId() { IActor* CreateControlPlaneProxyActor( const NConfig::TControlPlaneProxyConfig& config, + const NConfig::TControlPlaneStorageConfig& storageConfig, const NConfig::TComputeConfig& computeConfig, const NConfig::TCommonConfig& commonConfig, + const NYql::TS3GatewayConfig& s3Config, const ::NFq::TSigner::TPtr& signer, const TYqSharedResources::TPtr& yqSharedResources, const NKikimr::TYdbCredentialsProviderFactory& credentialsProviderFactory, @@ -2473,8 +2363,10 @@ IActor* CreateControlPlaneProxyActor( bool quotaManagerEnabled) { return new TControlPlaneProxyActor( config, + storageConfig, computeConfig, commonConfig, + s3Config, signer, yqSharedResources, credentialsProviderFactory, diff --git a/ydb/core/fq/libs/control_plane_proxy/control_plane_proxy.h b/ydb/core/fq/libs/control_plane_proxy/control_plane_proxy.h index 2ed2fa24a7..70c4c2149e 100644 --- a/ydb/core/fq/libs/control_plane_proxy/control_plane_proxy.h +++ b/ydb/core/fq/libs/control_plane_proxy/control_plane_proxy.h @@ -29,8 +29,10 @@ NActors::TActorId ControlPlaneProxyActorId(); NActors::IActor* CreateControlPlaneProxyActor( const NConfig::TControlPlaneProxyConfig& config, + const NConfig::TControlPlaneStorageConfig& storageConfig, const NConfig::TComputeConfig& computeConfig, const NConfig::TCommonConfig& commonConfig, + const NYql::TS3GatewayConfig& s3Config, const ::NFq::TSigner::TPtr& signer, const TYqSharedResources::TPtr& yqSharedResources, const NKikimr::TYdbCredentialsProviderFactory& credentialsProviderFactory, diff --git a/ydb/core/fq/libs/control_plane_proxy/events/events.h b/ydb/core/fq/libs/control_plane_proxy/events/events.h index 7db87b0d15..28d61bf2ba 100644 --- a/ydb/core/fq/libs/control_plane_proxy/events/events.h +++ b/ydb/core/fq/libs/control_plane_proxy/events/events.h @@ -75,14 +75,14 @@ struct TEvControlPlaneProxy { struct TBaseControlPlaneRequest : NActors::TEventLocal<TDerived, EventType> { using TProxyResponse = typename TResponseSelector<TDerived>::type; - TBaseControlPlaneRequest(const TString& folderId, + TBaseControlPlaneRequest(const TString& scope, const ProtoMessage& request, const TString& user, const TString& token, const TVector<TString>& permissions, TMaybe<TQuotaMap> quotas = Nothing(), TTenantInfo::TPtr tenantInfo = nullptr) - : FolderId(folderId) + : Scope(scope) , Request(request) , User(user) , Token(token) @@ -92,7 +92,7 @@ struct TEvControlPlaneProxy { , ComputeYDBOperationWasPerformed(false) , ControlPlaneYDBOperationWasPerformed(false) { } - TString FolderId; + TString Scope; TString CloudId; ProtoMessage Request; TString User; @@ -106,6 +106,7 @@ struct TEvControlPlaneProxy { std::unique_ptr<TProxyResponse> Response; std::shared_ptr<NYdb::NTable::TTableClient> YDBClient; TMaybe<FederatedQuery::Internal::ComputeDatabaseInternal> ComputeDatabase; + bool RequestValidationPassed = false; }; template<typename ProtoMessage, ui32 EventType> diff --git a/ydb/core/fq/libs/control_plane_proxy/ut/control_plane_proxy_ut.cpp b/ydb/core/fq/libs/control_plane_proxy/ut/control_plane_proxy_ut.cpp index 6c36450e35..04c5fd1495 100644 --- a/ydb/core/fq/libs/control_plane_proxy/ut/control_plane_proxy_ut.cpp +++ b/ydb/core/fq/libs/control_plane_proxy/ut/control_plane_proxy_ut.cpp @@ -89,8 +89,10 @@ public: struct TTestBootstrap { const TDuration RequestTimeout = TDuration::Seconds(10); NConfig::TControlPlaneProxyConfig Config; + NConfig::TControlPlaneStorageConfig StorageConfig; NConfig::TComputeConfig ComputeConfig; NConfig::TCommonConfig CommonConfig; + NYql::TS3GatewayConfig S3Config; TRuntimePtr Runtime; TGrabActor* MetaStorageGrab; @@ -147,7 +149,7 @@ struct TTestBootstrap { TActorId sender = Runtime->AllocateEdgeActor(); FederatedQuery::ListQueriesRequest proto; - auto request = std::make_unique<TEvControlPlaneProxy::TEvListQueriesRequest>("my_folder", proto, user, "", permissions); + auto request = std::make_unique<TEvControlPlaneProxy::TEvListQueriesRequest>("yandexcloud://my_folder", proto, user, "", permissions); Runtime->Send(new IEventHandle(ControlPlaneProxyActorId(), sender, request.release())); Runtime->DispatchEvents({}, TDuration::Zero()); } @@ -157,7 +159,7 @@ struct TTestBootstrap { TActorId sender = Runtime->AllocateEdgeActor(); FederatedQuery::DescribeQueryRequest proto; - auto request = std::make_unique<TEvControlPlaneProxy::TEvDescribeQueryRequest>("my_folder", proto, user, "", permissions); + auto request = std::make_unique<TEvControlPlaneProxy::TEvDescribeQueryRequest>("yandexcloud://my_folder", proto, user, "", permissions); Runtime->Send(new IEventHandle(ControlPlaneProxyActorId(), sender, request.release())); Runtime->DispatchEvents({}, TDuration::Zero()); } @@ -167,7 +169,7 @@ struct TTestBootstrap { TActorId sender = Runtime->AllocateEdgeActor(); FederatedQuery::GetQueryStatusRequest proto; - auto request = std::make_unique<TEvControlPlaneProxy::TEvGetQueryStatusRequest>("my_folder", proto, user, "", permissions); + auto request = std::make_unique<TEvControlPlaneProxy::TEvGetQueryStatusRequest>("yandexcloud://my_folder", proto, user, "", permissions); Runtime->Send(new IEventHandle(ControlPlaneProxyActorId(), sender, request.release())); Runtime->DispatchEvents({}, TDuration::Zero()); } @@ -177,7 +179,7 @@ struct TTestBootstrap { TActorId sender = Runtime->AllocateEdgeActor(); FederatedQuery::ModifyQueryRequest proto; - auto request = std::make_unique<TEvControlPlaneProxy::TEvModifyQueryRequest>("my_folder", proto, user, "", permissions); + auto request = std::make_unique<TEvControlPlaneProxy::TEvModifyQueryRequest>("yandexcloud://my_folder", proto, user, "", permissions); Runtime->Send(new IEventHandle(ControlPlaneProxyActorId(), sender, request.release())); Runtime->DispatchEvents({}, TDuration::Zero()); } @@ -187,7 +189,7 @@ struct TTestBootstrap { TActorId sender = Runtime->AllocateEdgeActor(); FederatedQuery::DeleteQueryRequest proto; - auto request = std::make_unique<TEvControlPlaneProxy::TEvDeleteQueryRequest>("my_folder", proto, user, "", permissions); + auto request = std::make_unique<TEvControlPlaneProxy::TEvDeleteQueryRequest>("yandexcloud://my_folder", proto, user, "", permissions); Runtime->Send(new IEventHandle(ControlPlaneProxyActorId(), sender, request.release())); Runtime->DispatchEvents({}, TDuration::Zero()); } @@ -197,7 +199,7 @@ struct TTestBootstrap { TActorId sender = Runtime->AllocateEdgeActor(); FederatedQuery::ControlQueryRequest proto; - auto request = std::make_unique<TEvControlPlaneProxy::TEvControlQueryRequest>("my_folder", proto, user, "", permissions); + auto request = std::make_unique<TEvControlPlaneProxy::TEvControlQueryRequest>("yandexcloud://my_folder", proto, user, "", permissions); Runtime->Send(new IEventHandle(ControlPlaneProxyActorId(), sender, request.release())); Runtime->DispatchEvents({}, TDuration::Zero()); } @@ -207,7 +209,7 @@ struct TTestBootstrap { TActorId sender = Runtime->AllocateEdgeActor(); FederatedQuery::GetResultDataRequest proto; - auto request = std::make_unique<TEvControlPlaneProxy::TEvGetResultDataRequest>("my_folder", proto, user, "", permissions); + auto request = std::make_unique<TEvControlPlaneProxy::TEvGetResultDataRequest>("yandexcloud://my_folder", proto, user, "", permissions); Runtime->Send(new IEventHandle(ControlPlaneProxyActorId(), sender, request.release())); Runtime->DispatchEvents({}, TDuration::Zero()); } @@ -228,7 +230,7 @@ struct TTestBootstrap { TActorId sender = Runtime->AllocateEdgeActor(); FederatedQuery::DescribeJobRequest proto; - auto request = std::make_unique<TEvControlPlaneProxy::TEvDescribeJobRequest>("my_folder", proto, user, "", permissions); + auto request = std::make_unique<TEvControlPlaneProxy::TEvDescribeJobRequest>("yandexcloud://my_folder", proto, user, "", permissions); Runtime->Send(new IEventHandle(ControlPlaneProxyActorId(), sender, request.release())); Runtime->DispatchEvents({}, TDuration::Zero()); } @@ -246,7 +248,7 @@ struct TTestBootstrap { ->set_id(serviceAccountId); } - auto request = std::make_unique<TEvControlPlaneProxy::TEvCreateConnectionRequest>("my_folder", proto, user, "", permissions); + auto request = std::make_unique<TEvControlPlaneProxy::TEvCreateConnectionRequest>("yandexcloud://my_folder", proto, user, "", permissions); Runtime->Send(new IEventHandle(ControlPlaneProxyActorId(), sender, request.release())); Runtime->DispatchEvents({}, TDuration::Zero()); } @@ -256,7 +258,7 @@ struct TTestBootstrap { TActorId sender = Runtime->AllocateEdgeActor(); FederatedQuery::ListConnectionsRequest proto; - auto request = std::make_unique<TEvControlPlaneProxy::TEvListConnectionsRequest>("my_folder", proto, user, "", permissions); + auto request = std::make_unique<TEvControlPlaneProxy::TEvListConnectionsRequest>("yandexcloud://my_folder", proto, user, "", permissions); Runtime->Send(new IEventHandle(ControlPlaneProxyActorId(), sender, request.release())); Runtime->DispatchEvents({}, TDuration::Zero()); } @@ -266,7 +268,7 @@ struct TTestBootstrap { TActorId sender = Runtime->AllocateEdgeActor(); FederatedQuery::DescribeConnectionRequest proto; - auto request = std::make_unique<TEvControlPlaneProxy::TEvDescribeConnectionRequest>("my_folder", proto, user, "", permissions); + auto request = std::make_unique<TEvControlPlaneProxy::TEvDescribeConnectionRequest>("yandexcloud://my_folder", proto, user, "", permissions); Runtime->Send(new IEventHandle(ControlPlaneProxyActorId(), sender, request.release())); Runtime->DispatchEvents({}, TDuration::Zero()); } @@ -284,7 +286,7 @@ struct TTestBootstrap { ->set_id(serviceAccountId); } - auto request = std::make_unique<TEvControlPlaneProxy::TEvModifyConnectionRequest>("my_folder", proto, user, "", permissions); + auto request = std::make_unique<TEvControlPlaneProxy::TEvModifyConnectionRequest>("yandexcloud://my_folder", proto, user, "", permissions); Runtime->Send(new IEventHandle(ControlPlaneProxyActorId(), sender, request.release())); Runtime->DispatchEvents({}, TDuration::Zero()); } @@ -294,7 +296,7 @@ struct TTestBootstrap { TActorId sender = Runtime->AllocateEdgeActor(); FederatedQuery::DeleteConnectionRequest proto; - auto request = std::make_unique<TEvControlPlaneProxy::TEvDeleteConnectionRequest>("my_folder", proto, user, "", permissions); + auto request = std::make_unique<TEvControlPlaneProxy::TEvDeleteConnectionRequest>("yandexcloud://my_folder", proto, user, "", permissions); Runtime->Send(new IEventHandle(ControlPlaneProxyActorId(), sender, request.release())); Runtime->DispatchEvents({}, TDuration::Zero()); } @@ -311,7 +313,7 @@ struct TTestBootstrap { ->set_id(serviceAccountId); } - auto request = std::make_unique<TEvControlPlaneProxy::TEvTestConnectionRequest>("my_folder", proto, user, "", permissions); + auto request = std::make_unique<TEvControlPlaneProxy::TEvTestConnectionRequest>("yandexcloud://my_folder", proto, user, "", permissions); Runtime->Send(new IEventHandle(ControlPlaneProxyActorId(), sender, request.release())); Runtime->DispatchEvents({}, TDuration::Zero()); } @@ -321,7 +323,7 @@ struct TTestBootstrap { TActorId sender = Runtime->AllocateEdgeActor(); FederatedQuery::CreateBindingRequest proto; - auto request = std::make_unique<TEvControlPlaneProxy::TEvCreateBindingRequest>("my_folder", proto, user, "", permissions); + auto request = std::make_unique<TEvControlPlaneProxy::TEvCreateBindingRequest>("yandexcloud://my_folder", proto, user, "", permissions); Runtime->Send(new IEventHandle(ControlPlaneProxyActorId(), sender, request.release())); Runtime->DispatchEvents({}, TDuration::Zero()); } @@ -331,7 +333,7 @@ struct TTestBootstrap { TActorId sender = Runtime->AllocateEdgeActor(); FederatedQuery::ListBindingsRequest proto; - auto request = std::make_unique<TEvControlPlaneProxy::TEvListBindingsRequest>("my_folder", proto, user, "", permissions); + auto request = std::make_unique<TEvControlPlaneProxy::TEvListBindingsRequest>("yandexcloud://my_folder", proto, user, "", permissions); Runtime->Send(new IEventHandle(ControlPlaneProxyActorId(), sender, request.release())); Runtime->DispatchEvents({}, TDuration::Zero()); } @@ -341,7 +343,7 @@ struct TTestBootstrap { TActorId sender = Runtime->AllocateEdgeActor(); FederatedQuery::DescribeBindingRequest proto; - auto request = std::make_unique<TEvControlPlaneProxy::TEvDescribeBindingRequest>("my_folder", proto, user, "", permissions); + auto request = std::make_unique<TEvControlPlaneProxy::TEvDescribeBindingRequest>("yandexcloud://my_folder", proto, user, "", permissions); Runtime->Send(new IEventHandle(ControlPlaneProxyActorId(), sender, request.release())); Runtime->DispatchEvents({}, TDuration::Zero()); } @@ -351,7 +353,7 @@ struct TTestBootstrap { TActorId sender = Runtime->AllocateEdgeActor(); FederatedQuery::ModifyBindingRequest proto; - auto request = std::make_unique<TEvControlPlaneProxy::TEvModifyBindingRequest>("my_folder", proto, user, "", permissions); + auto request = std::make_unique<TEvControlPlaneProxy::TEvModifyBindingRequest>("yandexcloud://my_folder", proto, user, "", permissions); Runtime->Send(new IEventHandle(ControlPlaneProxyActorId(), sender, request.release())); Runtime->DispatchEvents({}, TDuration::Zero()); } @@ -361,7 +363,7 @@ struct TTestBootstrap { TActorId sender = Runtime->AllocateEdgeActor(); FederatedQuery::DeleteBindingRequest proto; - auto request = std::make_unique<TEvControlPlaneProxy::TEvDeleteBindingRequest>("my_folder", proto, user, "", permissions); + auto request = std::make_unique<TEvControlPlaneProxy::TEvDeleteBindingRequest>("yandexcloud://my_folder", proto, user, "", permissions); Runtime->Send(new IEventHandle(ControlPlaneProxyActorId(), sender, request.release())); Runtime->DispatchEvents({}, TDuration::Zero()); } @@ -382,8 +384,10 @@ private: runtime->SetLogPriority(NKikimrServices::STREAMS_CONTROL_PLANE_SERVICE, NLog::PRI_DEBUG); auto controlPlaneProxy = CreateControlPlaneProxyActor( Config, + StorageConfig, ComputeConfig, CommonConfig, + S3Config, nullptr, NFq::TYqSharedResources::TPtr{}, NKikimr::TYdbCredentialsProviderFactory(nullptr), diff --git a/ydb/core/fq/libs/control_plane_storage/validators.cpp b/ydb/core/fq/libs/control_plane_storage/validators.cpp index 9a05d8953d..c1296ba8e0 100644 --- a/ydb/core/fq/libs/control_plane_storage/validators.cpp +++ b/ydb/core/fq/libs/control_plane_storage/validators.cpp @@ -90,8 +90,13 @@ TValidationQuery CreateModifyUniqueNameValidator(const TString& tableName, ythrow TCodeLineException(TIssuesIds::INTERNAL_ERROR) << "Not valid number of lines, one is expected. Please contact internal support"; } - FederatedQuery::Acl::Visibility oldVisibility = static_cast<FederatedQuery::Acl::Visibility>(parser.ColumnParser(VISIBILITY_COLUMN_NAME).GetOptionalInt64().GetOrElse(FederatedQuery::Acl::VISIBILITY_UNSPECIFIED)); - TString oldName = parser.ColumnParser(NAME_COLUMN_NAME).GetOptionalString().GetOrElse(""); + FederatedQuery::Acl::Visibility oldVisibility = + static_cast<FederatedQuery::Acl::Visibility>( + parser.ColumnParser(VISIBILITY_COLUMN_NAME) + .GetOptionalInt64() + .GetOrElse(FederatedQuery::Acl::VISIBILITY_UNSPECIFIED)); + TString oldName = + parser.ColumnParser(NAME_COLUMN_NAME).GetOptionalString().GetOrElse(""); if (oldVisibility == visibility && oldName == name) { return false; diff --git a/ydb/core/fq/libs/control_plane_storage/ydb_control_plane_storage_bindings.cpp b/ydb/core/fq/libs/control_plane_storage/ydb_control_plane_storage_bindings.cpp index bba5464128..3e134579bd 100644 --- a/ydb/core/fq/libs/control_plane_storage/ydb_control_plane_storage_bindings.cpp +++ b/ydb/core/fq/libs/control_plane_storage/ydb_control_plane_storage_bindings.cpp @@ -82,7 +82,16 @@ void TYdbControlPlaneStorageActor::Handle(TEvControlPlaneStorage::TEvCreateBindi " ($scope, $binding_id, $connection_id, $user, $visibility, $name, $binding, $revision, $internal);" ); - auto validatorName = CreateUniqueNameValidator( + auto connectionNameUniqueValidator = CreateUniqueNameValidator( + CONNECTIONS_TABLE_NAME, + content.acl().visibility(), + scope, + content.name(), + user, + "Connection with the same name already exists. Please choose another name", + YdbConnection->TablePathPrefix); + + auto bindingNameUniqueValidator = CreateUniqueNameValidator( BINDINGS_TABLE_NAME, content.acl().visibility(), scope, @@ -119,7 +128,8 @@ void TYdbControlPlaneStorageActor::Handle(TEvControlPlaneStorage::TEvCreateBindi validators.push_back(CreateIdempotencyKeyValidator(scope, idempotencyKey, response, YdbConnection->TablePathPrefix)); } - validators.push_back(validatorName); + validators.push_back(connectionNameUniqueValidator); + validators.push_back(bindingNameUniqueValidator); validators.push_back(validatorCountBindings); validators.push_back(validatorConnectionExists); validators.push_back(connectionValidator); @@ -540,7 +550,18 @@ void TYdbControlPlaneStorageActor::Handle(TEvControlPlaneStorage::TEvModifyBindi } { - auto modifyUniqueNameValidator = CreateModifyUniqueNameValidator( + auto connectionNameUniqueValidator = CreateUniqueNameValidator( + CONNECTIONS_TABLE_NAME, + request.content().acl().visibility(), + scope, + request.content().name(), + user, + "Connection with the same name already exists. Please choose another name", + YdbConnection->TablePathPrefix); + validators.push_back(connectionNameUniqueValidator); + } + { + auto bindingNameUniqueValidator = CreateModifyUniqueNameValidator( BINDINGS_TABLE_NAME, BINDING_ID_COLUMN_NAME, request.content().acl().visibility(), @@ -550,7 +571,7 @@ void TYdbControlPlaneStorageActor::Handle(TEvControlPlaneStorage::TEvModifyBindi bindingId, "Binding with the same name already exists. Please choose another name", YdbConnection->TablePathPrefix); - validators.push_back(modifyUniqueNameValidator); + validators.push_back(bindingNameUniqueValidator); } const auto readQuery = readQueryBuilder.Build(); diff --git a/ydb/core/fq/libs/control_plane_storage/ydb_control_plane_storage_connections.cpp b/ydb/core/fq/libs/control_plane_storage/ydb_control_plane_storage_connections.cpp index 24f487b086..8edb3dc701 100644 --- a/ydb/core/fq/libs/control_plane_storage/ydb_control_plane_storage_connections.cpp +++ b/ydb/core/fq/libs/control_plane_storage/ydb_control_plane_storage_connections.cpp @@ -84,7 +84,7 @@ void TYdbControlPlaneStorageActor::Handle(TEvControlPlaneStorage::TEvCreateConne " ($scope, $connection_id, $user, $visibility, $name, $connection_type, $connection, $revision, $internal);" ); - auto validatorName = CreateUniqueNameValidator( + auto connectionNameUniqueValidator = CreateUniqueNameValidator( CONNECTIONS_TABLE_NAME, content.acl().visibility(), scope, @@ -93,6 +93,15 @@ void TYdbControlPlaneStorageActor::Handle(TEvControlPlaneStorage::TEvCreateConne "Connection with the same name already exists. Please choose another name", YdbConnection->TablePathPrefix); + auto bindingNameUniqueValidator = CreateUniqueNameValidator( + BINDINGS_TABLE_NAME, + content.acl().visibility(), + scope, + content.name(), + user, + "Binding with the same name already exists. Please choose another name", + YdbConnection->TablePathPrefix); + auto validatorCountConnections = CreateCountEntitiesValidator( scope, CONNECTIONS_TABLE_NAME, @@ -104,7 +113,8 @@ void TYdbControlPlaneStorageActor::Handle(TEvControlPlaneStorage::TEvCreateConne if (idempotencyKey) { validators.push_back(CreateIdempotencyKeyValidator(scope, idempotencyKey, response, YdbConnection->TablePathPrefix)); } - validators.push_back(validatorName); + validators.push_back(connectionNameUniqueValidator); + validators.push_back(bindingNameUniqueValidator); validators.push_back(validatorCountConnections); if (content.acl().visibility() == FederatedQuery::Acl::PRIVATE) { @@ -526,7 +536,7 @@ void TYdbControlPlaneStorageActor::Handle(TEvControlPlaneStorage::TEvModifyConne } { - auto modifyUniqueNameValidator = CreateModifyUniqueNameValidator( + auto connectionNameUniqueValidator = CreateModifyUniqueNameValidator( CONNECTIONS_TABLE_NAME, CONNECTION_ID_COLUMN_NAME, request.content().acl().visibility(), @@ -536,7 +546,18 @@ void TYdbControlPlaneStorageActor::Handle(TEvControlPlaneStorage::TEvModifyConne connectionId, "Connection with the same name already exists. Please choose another name", YdbConnection->TablePathPrefix); - validators.push_back(modifyUniqueNameValidator); + validators.push_back(connectionNameUniqueValidator); + } + { + auto bindingNameUniqueValidator = CreateUniqueNameValidator( + BINDINGS_TABLE_NAME, + request.content().acl().visibility(), + scope, + request.content().name(), + user, + "Binding with the same name already exists. Please choose another name", + YdbConnection->TablePathPrefix); + validators.push_back(bindingNameUniqueValidator); } const auto readQuery = readQueryBuilder.Build(); diff --git a/ydb/core/fq/libs/init/init.cpp b/ydb/core/fq/libs/init/init.cpp index 26a56ead46..f1ba3cee7a 100644 --- a/ydb/core/fq/libs/init/init.cpp +++ b/ydb/core/fq/libs/init/init.cpp @@ -104,8 +104,10 @@ void Init( if (protoConfig.GetControlPlaneProxy().GetEnabled()) { auto controlPlaneProxy = NFq::CreateControlPlaneProxyActor( protoConfig.GetControlPlaneProxy(), + protoConfig.GetControlPlaneStorage(), protoConfig.GetCompute(), protoConfig.GetCommon(), + protoConfig.GetGateways().GetS3(), signer, yqSharedResources, NKikimr::CreateYdbCredentialsProviderFactory, diff --git a/ydb/core/grpc_services/CMakeLists.darwin-x86_64.txt b/ydb/core/grpc_services/CMakeLists.darwin-x86_64.txt index ba88f6914a..e49349eb64 100644 --- a/ydb/core/grpc_services/CMakeLists.darwin-x86_64.txt +++ b/ydb/core/grpc_services/CMakeLists.darwin-x86_64.txt @@ -60,6 +60,7 @@ target_link_libraries(ydb-core-grpc_services PUBLIC ydb-library-services api-grpc-draft api-protos + public-lib-fq public-lib-operation_id cpp-client-resources services-ext_index-common diff --git a/ydb/core/grpc_services/CMakeLists.linux-aarch64.txt b/ydb/core/grpc_services/CMakeLists.linux-aarch64.txt index 44ae197938..29e90416a0 100644 --- a/ydb/core/grpc_services/CMakeLists.linux-aarch64.txt +++ b/ydb/core/grpc_services/CMakeLists.linux-aarch64.txt @@ -61,6 +61,7 @@ target_link_libraries(ydb-core-grpc_services PUBLIC ydb-library-services api-grpc-draft api-protos + public-lib-fq public-lib-operation_id cpp-client-resources services-ext_index-common diff --git a/ydb/core/grpc_services/CMakeLists.linux-x86_64.txt b/ydb/core/grpc_services/CMakeLists.linux-x86_64.txt index 44ae197938..29e90416a0 100644 --- a/ydb/core/grpc_services/CMakeLists.linux-x86_64.txt +++ b/ydb/core/grpc_services/CMakeLists.linux-x86_64.txt @@ -61,6 +61,7 @@ target_link_libraries(ydb-core-grpc_services PUBLIC ydb-library-services api-grpc-draft api-protos + public-lib-fq public-lib-operation_id cpp-client-resources services-ext_index-common diff --git a/ydb/core/grpc_services/CMakeLists.windows-x86_64.txt b/ydb/core/grpc_services/CMakeLists.windows-x86_64.txt index ba88f6914a..e49349eb64 100644 --- a/ydb/core/grpc_services/CMakeLists.windows-x86_64.txt +++ b/ydb/core/grpc_services/CMakeLists.windows-x86_64.txt @@ -60,6 +60,7 @@ target_link_libraries(ydb-core-grpc_services PUBLIC ydb-library-services api-grpc-draft api-protos + public-lib-fq public-lib-operation_id cpp-client-resources services-ext_index-common diff --git a/ydb/core/grpc_services/rpc_fq.cpp b/ydb/core/grpc_services/rpc_fq.cpp index bf4e70a67c..a089a9037f 100644 --- a/ydb/core/grpc_services/rpc_fq.cpp +++ b/ydb/core/grpc_services/rpc_fq.cpp @@ -8,6 +8,7 @@ #include <ydb/core/fq/libs/control_plane_proxy/events/events.h> #include <ydb/core/fq/libs/control_plane_proxy/utils.h> #include <ydb/public/api/protos/draft/fq.pb.h> +#include <ydb/public/lib/fq/scope.h> #include <ydb/library/aclib/aclib.h> @@ -113,7 +114,12 @@ public: } const auto* req = GetProtoRequest(); - auto ev = MakeHolder<EvRequestType>(FolderId, *req, User, Token, permissions); + auto ev = MakeHolder<EvRequestType>( + NYdb::NFq::TScope{NYdb::NFq::TScope::YandexCloudScopeSchema + "://" + FolderId}.ToString(), + *req, + User, + Token, + permissions); Send(NFq::ControlPlaneProxyActorId(), ev.Release()); Become(&TFederatedQueryRequestRPC<RpcRequestType, EvRequestType, EvResponseType>::StateFunc); } diff --git a/ydb/core/grpc_services/ya.make b/ydb/core/grpc_services/ya.make index 18e4b06f83..4d70532df8 100644 --- a/ydb/core/grpc_services/ya.make +++ b/ydb/core/grpc_services/ya.make @@ -123,6 +123,7 @@ PEERDIR( ydb/library/services ydb/public/api/grpc/draft ydb/public/api/protos + ydb/public/lib/fq ydb/public/lib/operation_id ydb/public/sdk/cpp/client/resources ydb/services/ext_index/common |