system user token usage for metadata

provide error messages fix success checker for table creation
author: ivanmorozov <ivanmorozov@yandex-team.com> 2022-11-30 17:29:52 +0300
committer: ivanmorozov <ivanmorozov@yandex-team.com> 2022-11-30 17:29:52 +0300
commit: 8e02186e1b12cefe9abb4056ad282889093dbeff (patch)
tree: 0105068d70bd3d3e2193508c05be9a9aec01800a
parent: d03aa9285397c1daa052797d42e8c439655a2162 (diff)
download: ydb-8e02186e1b12cefe9abb4056ad282889093dbeff.tar.gz
21 files changed, 89 insertions, 43 deletions
diff --git a/ydb/core/kqp/gateway/kqp_ic_gateway.cpp b/ydb/core/kqp/gateway/kqp_ic_gateway.cpp
index 1105c9d844..ac2b3cd16b 100644
--- a/ydb/core/kqp/gateway/kqp_ic_gateway.cpp
+++ b/ydb/core/kqp/gateway/kqp_ic_gateway.cpp
@@ -1415,7 +1415,9 @@ public:
                     return MakeFuture(ResultFromError<TGenericResult>("incorrect object type"));
                 }
                 NMetadata::IOperationsManager::TModificationContext context;
-                context.SetUserToken(GetUserToken());
+                if (GetUserToken()) {
+                    context.SetUserToken(*GetUserToken());
+                }
                 return DoExecute(manager, settings, context).Apply([](const NThreading::TFuture<NMetadata::TObjectOperatorResult>& f) {
                     if (f.HasValue() && !f.HasException() && f.GetValue().IsSuccess()) {
                         TGenericResult result;
diff --git a/ydb/core/kqp/provider/yql_kikimr_exec.cpp b/ydb/core/kqp/provider/yql_kikimr_exec.cpp
index 6360ad8063..5e0d33670a 100644
--- a/ydb/core/kqp/provider/yql_kikimr_exec.cpp
+++ b/ydb/core/kqp/provider/yql_kikimr_exec.cpp
@@ -410,7 +410,7 @@ public:
     }
 
     std::pair<IGraphTransformer::TStatus, TAsyncTransformCallbackFuture> Execute(const TKiObject& kiObject, const TExprNode::TPtr& input, TExprContext& ctx) {
-        if (!EnsureNotPrepare(ActionInfo, input->Pos(), SessionCtx->Query(), ctx)) {
+        if (!EnsureNotPrepare(ActionInfo + " " + kiObject.TypeId(), input->Pos(), SessionCtx->Query(), ctx)) {
             return SyncError();
         }
 
@@ -432,7 +432,7 @@ public:
                 Y_UNUSED(res);
                 auto resultNode = ctx.NewWorld(input->Pos());
                 return resultNode;
-            }, "Executing " + ActionInfo);
+            }, "Executing " + ActionInfo + " " + kiObject.TypeId());
     }
 };
 
diff --git a/ydb/services/bg_tasks/ds_table/add_tasks.h b/ydb/services/bg_tasks/ds_table/add_tasks.h
index ef1e3bdac9..a63677f6ea 100644
--- a/ydb/services/bg_tasks/ds_table/add_tasks.h
+++ b/ydb/services/bg_tasks/ds_table/add_tasks.h
@@ -17,7 +17,7 @@ protected:
 
 public:
     TAddTasksActor(TExecutorController::TPtr controller, const TTask& task, const TActorId resultWaiter)
-        : TBase(controller->GetRequestConfig())
+        : TBase(controller->GetRequestConfig(), controller->GetUserToken())
         , Controller(controller)
         , Task(task)
         , ResultWaiter(resultWaiter)
diff --git a/ydb/services/bg_tasks/ds_table/assign_tasks.h b/ydb/services/bg_tasks/ds_table/assign_tasks.h
index 640fa39aae..edd63e9d5c 100644
--- a/ydb/services/bg_tasks/ds_table/assign_tasks.h
+++ b/ydb/services/bg_tasks/ds_table/assign_tasks.h
@@ -16,7 +16,7 @@ private:
     virtual std::optional<NInternal::NRequest::TDialogYQLRequest::TRequest> OnSessionId(const TString& sessionId) override;
 public:
     TAssignTasksActor(const ui32 tasksCount, TExecutorController::TPtr controller, const TString& executorId)
-        : TBase(controller->GetRequestConfig())
+        : TBase(controller->GetRequestConfig(), controller->GetUserToken())
         , Controller(controller)
         , TasksCount(tasksCount)
         , ExecutorId(executorId)
diff --git a/ydb/services/bg_tasks/ds_table/executor_controller.h b/ydb/services/bg_tasks/ds_table/executor_controller.h
index cf831712c0..c2de10f7c7 100644
--- a/ydb/services/bg_tasks/ds_table/executor_controller.h
+++ b/ydb/services/bg_tasks/ds_table/executor_controller.h
@@ -1,6 +1,7 @@
 #pragma once
 #include "config.h"
 
+#include <ydb/library/aclib/aclib.h>
 #include <ydb/services/metadata/initializer/common.h>
 
 #include <library/cpp/actors/core/actor.h>
@@ -14,15 +15,21 @@ class TExecutorController: public NMetadataInitializer::IInitializerOutput {
 private:
     const NActors::TActorIdentity ExecutorActorId;
     YDB_READONLY_DEF(TConfig, Config);
+    const NACLib::TUserToken UserToken;
 public:
     using TPtr = std::shared_ptr<TExecutorController>;
     TExecutorController(const NActors::TActorIdentity& executorActorId, const TConfig& config)
         : ExecutorActorId(executorActorId)
         , Config(config)
+        , UserToken(NACLib::TSystemUsers::Metadata())
     {
 
     }
 
+    const NACLib::TUserToken& GetUserToken() const {
+        return UserToken;
+    }
+
     TString GetTableName() const {
         return Config.GetTablePath();
     }
diff --git a/ydb/services/bg_tasks/ds_table/fetch_tasks.h b/ydb/services/bg_tasks/ds_table/fetch_tasks.h
index 0eea7a2646..56b3d78882 100644
--- a/ydb/services/bg_tasks/ds_table/fetch_tasks.h
+++ b/ydb/services/bg_tasks/ds_table/fetch_tasks.h
@@ -18,7 +18,7 @@ protected:
 public:
     TFetchTasksActor(const std::set<TString>& currentTaskIds, const TString& executorId,
         TExecutorController::TPtr controller)
-        : TBase(controller->GetRequestConfig())
+        : TBase(controller->GetRequestConfig(), controller->GetUserToken())
         , CurrentTaskIds(currentTaskIds)
         , ExecutorId(executorId)
         , Controller(controller)
diff --git a/ydb/services/bg_tasks/ds_table/finish_task.h b/ydb/services/bg_tasks/ds_table/finish_task.h
index 2b5020d777..21a527d64a 100644
--- a/ydb/services/bg_tasks/ds_table/finish_task.h
+++ b/ydb/services/bg_tasks/ds_table/finish_task.h
@@ -17,7 +17,7 @@ protected:
 public:
 
     TDropTaskActor(const TString& taskId, TExecutorController::TPtr controller)
-        : TBase(controller->GetRequestConfig())
+        : TBase(controller->GetRequestConfig(), controller->GetUserToken())
         , TaskId(taskId)
         , Controller(controller) {
 
diff --git a/ydb/services/bg_tasks/ds_table/interrupt.h b/ydb/services/bg_tasks/ds_table/interrupt.h
index a48008f00a..a6f8442146 100644
--- a/ydb/services/bg_tasks/ds_table/interrupt.h
+++ b/ydb/services/bg_tasks/ds_table/interrupt.h
@@ -28,7 +28,7 @@ public:
 
     TInterruptTaskActor(TExecutorController::TPtr executorController,
         const TString& taskId, const TInstant nextStartInstant, TTaskStateContainer state)
-        : TBase(executorController->GetRequestConfig())
+        : TBase(executorController->GetRequestConfig(), executorController->GetUserToken())
         , ExecutorController(executorController)
         , TaskId(taskId)
         , NextStartInstant(nextStartInstant)
diff --git a/ydb/services/bg_tasks/ds_table/lock_pinger.h b/ydb/services/bg_tasks/ds_table/lock_pinger.h
index 8c47f7b3f7..8a8cc63d90 100644
--- a/ydb/services/bg_tasks/ds_table/lock_pinger.h
+++ b/ydb/services/bg_tasks/ds_table/lock_pinger.h
@@ -16,7 +16,7 @@ protected:
     virtual std::optional<NInternal::NRequest::TDialogYQLRequest::TRequest> OnSessionId(const TString& sessionId) override;
 public:
     TLockPingerActor(TExecutorController::TPtr executorController, const std::set<TString>& taskIds)
-        : TBase(executorController->GetRequestConfig())
+        : TBase(executorController->GetRequestConfig(), executorController->GetUserToken())
         , TaskIds(taskIds)
         , ExecutorController(executorController) {
         Y_VERIFY(TaskIds.size());
diff --git a/ydb/services/bg_tasks/ds_table/task_enabled.h b/ydb/services/bg_tasks/ds_table/task_enabled.h
index 776d561079..8d4cc12c51 100644
--- a/ydb/services/bg_tasks/ds_table/task_enabled.h
+++ b/ydb/services/bg_tasks/ds_table/task_enabled.h
@@ -20,7 +20,7 @@ protected:
 public:
     TUpdateTaskEnabledActor(TExecutorController::TPtr executorController,
         const TString& taskId, const bool enabled, const TActorId& resultWaiter)
-        : TBase(executorController->GetRequestConfig())
+        : TBase(executorController->GetRequestConfig(), executorController->GetUserToken())
         , ExecutorController(executorController)
         , TaskId(taskId)
         , Enabled(enabled)
diff --git a/ydb/services/metadata/abstract/CMakeLists.txt b/ydb/services/metadata/abstract/CMakeLists.txt
index 4da40e6d1f..0ba05137c2 100644
--- a/ydb/services/metadata/abstract/CMakeLists.txt
+++ b/ydb/services/metadata/abstract/CMakeLists.txt
@@ -11,6 +11,7 @@ add_library(services-metadata-abstract)
 target_link_libraries(services-metadata-abstract PUBLIC
   contrib-libs-cxxsupp
   yutil
+  tools-enum_parser-enum_serialization_runtime
   ydb-library-accessor
   cpp-actors-core
   services-metadata-request
@@ -24,3 +25,8 @@ target_sources(services-metadata-abstract PRIVATE
   ${CMAKE_SOURCE_DIR}/ydb/services/metadata/abstract/fetcher.cpp
   ${CMAKE_SOURCE_DIR}/ydb/services/metadata/abstract/kqp_common.cpp
 )
+generate_enum_serilization(services-metadata-abstract
+  ${CMAKE_SOURCE_DIR}/ydb/services/metadata/abstract/kqp_common.h
+  INCLUDE_HEADERS
+  ydb/services/metadata/abstract/kqp_common.h
+)
diff --git a/ydb/services/metadata/abstract/kqp_common.h b/ydb/services/metadata/abstract/kqp_common.h
index 11651b0e2a..13e1e8f42b 100644
--- a/ydb/services/metadata/abstract/kqp_common.h
+++ b/ydb/services/metadata/abstract/kqp_common.h
@@ -83,7 +83,7 @@ public:
 
     class TModificationContext {
     private:
-        YDB_ACCESSOR_DEF(TMaybe<NACLib::TUserToken>, UserToken);
+        YDB_ACCESSOR_DEF(std::optional<NACLib::TUserToken>, UserToken);
         YDB_ACCESSOR(EActivityType, ActivityType, EActivityType::Undefined);
     public:
         TModificationContext() = default;
diff --git a/ydb/services/metadata/ds_table/accessor_refresh.cpp b/ydb/services/metadata/ds_table/accessor_refresh.cpp
index fcf7ab5496..77e414c5cb 100644
--- a/ydb/services/metadata/ds_table/accessor_refresh.cpp
+++ b/ydb/services/metadata/ds_table/accessor_refresh.cpp
@@ -53,7 +53,7 @@ void TDSAccessorRefresher::Handle(TEvRefresh::TPtr& /*ev*/) {
     for (auto&& i : managers) {
         sb << "SELECT * FROM `" + EscapeC(i->GetTablePath()) + "`;";
     }
-    Register(new TYQLQuerySessionedActor(sb, Config.GetRequestConfig(), InternalController));
+    Register(new TYQLQuerySessionedActor(sb, NACLib::TSystemUsers::Metadata(), Config.GetRequestConfig(), InternalController));
 }
 
 TDSAccessorRefresher::TDSAccessorRefresher(const TConfig& config, ISnapshotsFetcher::TPtr snapshotConstructor)
diff --git a/ydb/services/metadata/ds_table/service.cpp b/ydb/services/metadata/ds_table/service.cpp
index 251241969f..605dbc1e41 100644
--- a/ydb/services/metadata/ds_table/service.cpp
+++ b/ydb/services/metadata/ds_table/service.cpp
@@ -139,6 +139,7 @@ void TService::Handle(TEvRefreshSubscriberData::TPtr& ev) {
 }
 
 void TService::Bootstrap(const NActors::TActorContext& /*ctx*/) {
+    ALS_INFO(0) << "metadata service started" << Endl;
     Become(&TService::StateMain);
     InternalController = std::make_shared<TServiceInternalController>(SelfId());
 }
diff --git a/ydb/services/metadata/initializer/common.h b/ydb/services/metadata/initializer/common.h
index ae693fc5cb..fa63bdb775 100644
--- a/ydb/services/metadata/initializer/common.h
+++ b/ydb/services/metadata/initializer/common.h
@@ -31,7 +31,8 @@ private:
     YDB_READONLY_DEF(typename TDialogPolicy::TRequest, Request);
 protected:
     virtual bool DoExecute(const TActorId& resultCallbackId, const NInternal::NRequest::TConfig& config) const override {
-        TActivationContext::ActorSystem()->Register(new NInternal::NRequest::TYDBRequest<TDialogPolicy>(Request, resultCallbackId, config));
+        TActivationContext::ActorSystem()->Register(new NInternal::NRequest::TYDBRequest<TDialogPolicy>(Request,
+            NACLib::TSystemUsers::Metadata(), resultCallbackId, config));
         return true;
     }
 public:
diff --git a/ydb/services/metadata/manager/alter.h b/ydb/services/metadata/manager/alter.h
index ef9c1936da..70712d9caf 100644
--- a/ydb/services/metadata/manager/alter.h
+++ b/ydb/services/metadata/manager/alter.h
@@ -58,6 +58,7 @@ protected:
     const NMetadata::IOperationsManager::TModificationContext Context;
     std::vector<TTableRecord> Patches;
     TTableRecords RestoreObjectIds;
+    const NACLib::TUserToken UserToken = NACLib::TSystemUsers::Metadata();
     virtual bool PrepareRestoredObjects(std::vector<TObject>& objects) const = 0;
     virtual bool ProcessPreparedObjects(TTableRecords&& records) const = 0;
     virtual void InitState() = 0;
@@ -113,7 +114,7 @@ public:
         }
 
         TBase::Register(new NInternal::NRequest::TYDBRequest<NInternal::NRequest::TDialogCreateSession>(
-            NInternal::NRequest::TDialogCreateSession::TRequest(), TBase::SelfId()));
+            NInternal::NRequest::TDialogCreateSession::TRequest(), UserToken, TBase::SelfId()));
     }
 
     void Handle(typename NInternal::NRequest::TEvRequestResult<NInternal::NRequest::TDialogCreateSession>::TPtr& ev) {
@@ -124,7 +125,7 @@ public:
         Y_VERIFY(SessionId);
 
         InternalController = std::make_shared<TProcessingController<TObject>>(TBase::SelfId());
-        TBase::Register(new TRestoreObjectsActor<TObject>(RestoreObjectIds, InternalController, SessionId));
+        TBase::Register(new TRestoreObjectsActor<TObject>(RestoreObjectIds, UserToken, InternalController, SessionId));
     }
 
     void Handle(typename TEvRestoreFinished<TObject>::TPtr& ev) {
@@ -268,7 +269,7 @@ private:
     using TBase = TModificationActor<TObject>;
 protected:
     virtual bool ProcessPreparedObjects(TTableRecords&& records) const override {
-        TBase::Register(new TUpdateObjectsActor<TObject>(std::move(records),
+        TBase::Register(new TUpdateObjectsActor<TObject>(std::move(records), TBase::UserToken,
             TBase::InternalController, TBase::SessionId, TBase::TransactionId, TBase::Context.GetUserToken()));
         return true;
     }
@@ -286,7 +287,7 @@ private:
     using TBase = TModificationActor<TObject>;
 protected:
     virtual bool ProcessPreparedObjects(TTableRecords&& records) const override {
-        TBase::Register(new TInsertObjectsActor<TObject>(std::move(records),
+        TBase::Register(new TInsertObjectsActor<TObject>(std::move(records), TBase::UserToken,
             TBase::InternalController, TBase::SessionId, TBase::TransactionId, TBase::Context.GetUserToken()));
         return true;
     }
@@ -334,7 +335,7 @@ public:
     using TBase::TBase;
 
     virtual bool ProcessPreparedObjects(TTableRecords&& records) const override {
-        TBase::Register(new TDeleteObjectsActor<TObject>(std::move(records),
+        TBase::Register(new TDeleteObjectsActor<TObject>(std::move(records), TBase::UserToken,
             TBase::InternalController, TBase::SessionId, TBase::TransactionId, TBase::Context.GetUserToken()));
         return true;
     }
diff --git a/ydb/services/metadata/manager/modification.h b/ydb/services/metadata/manager/modification.h
index bac2c54496..67d975cdd7 100644
--- a/ydb/services/metadata/manager/modification.h
+++ b/ydb/services/metadata/manager/modification.h
@@ -17,7 +17,8 @@ private:
     IModificationObjectsController::TPtr Controller;
     const TString SessionId;
     const TString TransactionId;
-    const TMaybe<NACLib::TUserToken> UserToken;
+    const NACLib::TUserToken SystemUserToken;
+    const std::optional<NACLib::TUserToken> UserToken;
     std::deque<NInternal::NRequest::TDialogYQLRequest::TRequest> Requests;
 protected:
     TTableRecords Objects;
@@ -49,7 +50,8 @@ protected:
 
     void Handle(NInternal::NRequest::TEvRequestResult<NInternal::NRequest::TDialogYQLRequest>::TPtr& /*ev*/) {
         if (Requests.size()) {
-            TBase::Register(new NInternal::NRequest::TYDBRequest<NInternal::NRequest::TDialogYQLRequest>(Requests.front(), TBase::SelfId()));
+            TBase::Register(new NInternal::NRequest::TYDBRequest<NInternal::NRequest::TDialogYQLRequest>(
+                Requests.front(), SystemUserToken, TBase::SelfId()));
             Requests.pop_front();
         } else {
             Controller->ModificationFinished();
@@ -57,17 +59,19 @@ protected:
         }
     }
 
-    void Handle(NInternal::NRequest::TEvRequestFailed::TPtr& /*ev*/) {
+    void Handle(NInternal::NRequest::TEvRequestFailed::TPtr& ev) {
         auto g = TBase::PassAwayGuard();
-        Controller->ModificationProblem("cannot execute yql request for upsert objects");
+        Controller->ModificationProblem("cannot execute yql request for " + GetModifyType() +
+            " objects: " + ev->Get()->GetErrorMessage());
     }
 
 public:
-    TModifyObjectsActor(TTableRecords&& objects, IModificationObjectsController::TPtr controller, const TString& sessionId,
-        const TString& transactionId, const TMaybe<NACLib::TUserToken>& userToken)
+    TModifyObjectsActor(TTableRecords&& objects, const NACLib::TUserToken& systemUserToken, IModificationObjectsController::TPtr controller, const TString& sessionId,
+        const TString& transactionId, const std::optional<NACLib::TUserToken>& userToken)
         : Controller(controller)
         , SessionId(sessionId)
         , TransactionId(transactionId)
+        , SystemUserToken(systemUserToken)
         , UserToken(userToken)
         , Objects(std::move(objects))
 
@@ -88,7 +92,8 @@ public:
         TBase::Become(&TModifyObjectsActor::StateMain);
         BuildRequestDirect();
         BuildRequestHistory();
-        TBase::Register(new NInternal::NRequest::TYDBRequest<NInternal::NRequest::TDialogYQLRequest>(Requests.front(), TBase::SelfId()));
+        TBase::Register(new NInternal::NRequest::TYDBRequest<NInternal::NRequest::TDialogYQLRequest>(
+            Requests.front(), SystemUserToken, TBase::SelfId()));
         Requests.pop_front();
     }
 };
diff --git a/ydb/services/metadata/manager/restore.h b/ydb/services/metadata/manager/restore.h
index 6506e5d629..c83eb6ed65 100644
--- a/ydb/services/metadata/manager/restore.h
+++ b/ydb/services/metadata/manager/restore.h
@@ -16,6 +16,7 @@ private:
     typename IRestoreObjectsController::TPtr Controller;
     const TTableRecords ObjectIds;
     TString SessionId;
+    const NACLib::TUserToken UserToken;
 
     void Handle(NInternal::NRequest::TEvRequestResult<NInternal::NRequest::TDialogSelect>::TPtr& ev) {
         auto g = TBase::PassAwayGuard();
@@ -43,10 +44,11 @@ private:
     }
 
 public:
-    TRestoreObjectsActor(const TTableRecords& objectIds, typename IRestoreObjectsController::TPtr controller, const TString& sessionId)
+    TRestoreObjectsActor(const TTableRecords& objectIds, const NACLib::TUserToken& uToken, typename IRestoreObjectsController::TPtr controller, const TString& sessionId)
         : Controller(controller)
         , ObjectIds(objectIds)
         , SessionId(sessionId)
+        , UserToken(uToken)
     {
         Y_VERIFY(SessionId);
     }
@@ -69,7 +71,7 @@ public:
         request.mutable_tx_control()->mutable_begin_tx()->mutable_serializable_read_write();
         request.set_session_id(SessionId);
         TBase::Become(&TRestoreObjectsActor::StateMain);
-        TBase::Register(new NInternal::NRequest::TYDBRequest<NInternal::NRequest::TDialogSelect>(request, TBase::SelfId()));
+        TBase::Register(new NInternal::NRequest::TYDBRequest<NInternal::NRequest::TDialogSelect>(request, UserToken, TBase::SelfId()));
     }
 };
 
diff --git a/ydb/services/metadata/request/request_actor.h b/ydb/services/metadata/request/request_actor.h
index fee842d47b..660a3d34cc 100644
--- a/ydb/services/metadata/request/request_actor.h
+++ b/ydb/services/metadata/request/request_actor.h
@@ -7,6 +7,9 @@
 #include <ydb/core/grpc_services/base/base.h>
 #include <ydb/core/grpc_services/local_rpc/local_rpc.h>
 #include <ydb/library/accessor/accessor.h>
+#include <ydb/library/aclib/aclib.h>
+#include <ydb/library/yql/public/issue/yql_issue_message.h>
+#include <ydb/library/yql/public/issue/yql_issue.h>
 
 namespace NKikimr::NInternal::NRequest {
 
@@ -59,7 +62,14 @@ public:
 };
 
 class TEvRequestFailed: public NActors::TEventLocal<TEvRequestFailed, EEvents::EvRequestFailed> {
+private:
+    YDB_READONLY_DEF(TString, ErrorMessage)
 public:
+    TEvRequestFailed(const TString& errorMessage)
+        : ErrorMessage(errorMessage)
+    {
+
+    }
 };
 
 template <class TResponse>
@@ -75,7 +85,7 @@ class TOperatorChecker<Ydb::Table::CreateTableResponse> {
 public:
     static bool IsSuccess(const Ydb::Table::CreateTableResponse& r) {
         return r.operation().status() == Ydb::StatusIds::SUCCESS ||
-            r.operation().status() != Ydb::StatusIds::ALREADY_EXISTS;
+            r.operation().status() == Ydb::StatusIds::ALREADY_EXISTS;
     }
 };
 
@@ -91,6 +101,7 @@ private:
     const NActors::TActorId ActorRestartId;
     const TConfig Config;
     ui32 Retry = 0;
+    const NACLib::TUserToken UserToken;
 protected:
     class TEvRequestInternalResult: public NActors::TEventLocal<TEvRequestInternalResult, TDialogPolicy::EvResultInternal> {
     private:
@@ -119,7 +130,7 @@ public:
         if (!ev->Get()->GetFuture().HasValue() || ev->Get()->GetFuture().HasException()) {
             ALS_ERROR(NKikimrServices::METADATA_PROVIDER) << "cannot receive result on initialization";
             if (ActorRestartId) {
-                TBase::template Sender<TEvRequestFailed>().SendTo(ActorRestartId);
+                TBase::template Sender<TEvRequestFailed>("incorrect future result").SendTo(ActorRestartId);
             } else {
                 TBase::Schedule(Config.GetRetryPeriod(++Retry), new TEvRequestStart);
             }
@@ -129,8 +140,10 @@ public:
         TResponse response = f.ExtractValue();
         if (!TOperatorChecker<TResponse>::IsSuccess(response)) {
             ALS_ERROR(NKikimrServices::METADATA_PROVIDER) << "incorrect reply: " << response.DebugString();
+            NYql::TIssues issue;
+            NYql::IssuesFromMessage(response.operation().issues(), issue);
             if (ActorRestartId) {
-                TBase::template Sender<TEvRequestFailed>().SendTo(ActorRestartId);
+                TBase::template Sender<TEvRequestFailed>(issue.ToString()).SendTo(ActorRestartId);
             } else {
                 TBase::Schedule(Config.GetRetryPeriod(++Retry), new TEvRequestStart);
             }
@@ -145,7 +158,8 @@ public:
         auto aSystem = TActivationContext::ActorSystem();
         using TRpcRequest = NGRpcService::TGrpcRequestOperationCall<TRequest, TResponse>;
         auto request = ProtoRequest;
-        auto result = NRpcService::DoLocalRpc<TRpcRequest>(std::move(request), AppData()->TenantName, "", aSystem);
+        NACLib::TUserToken uToken("metadata@system", {});
+        auto result = NRpcService::DoLocalRpc<TRpcRequest>(std::move(request), AppData()->TenantName, uToken.SerializeAsString(), aSystem);
         const NActors::TActorId selfId = TBase::SelfId();
         const auto replyCallback = [aSystem, selfId](const NThreading::TFuture<TResponse>& f) {
             aSystem->Send(selfId, new TEvRequestInternalResult(f));
@@ -153,18 +167,23 @@ public:
         result.Subscribe(replyCallback);
     }
 
-    TYDBRequest(const TRequest& request, const NActors::TActorId actorFinishId, const TConfig& config, const NActors::TActorId& actorRestartId = {})
+    TYDBRequest(const TRequest& request, const NACLib::TUserToken& uToken,
+        const NActors::TActorId actorFinishId, const TConfig& config, const NActors::TActorId& actorRestartId = {})
         : ProtoRequest(request)
         , ActorFinishId(actorFinishId)
         , ActorRestartId(actorRestartId)
-        , Config(config) {
+        , Config(config)
+        , UserToken(uToken)
+    {
 
     }
 
-    TYDBRequest(const TRequest& request, const NActors::TActorId actorCallbackId)
+    TYDBRequest(const TRequest& request, const NACLib::TUserToken& uToken, const NActors::TActorId actorCallbackId)
         : ProtoRequest(request)
         , ActorFinishId(actorCallbackId)
-        , ActorRestartId(actorCallbackId) {
+        , ActorRestartId(actorCallbackId)
+        , UserToken(uToken)
+    {
 
     }
 };
@@ -173,7 +192,6 @@ template <class TDialogPolicy>
 class TSessionedActorImpl: public NActors::TActorBootstrapped<TSessionedActorImpl<TDialogPolicy>> {
 private:
     ui32 Retry = 0;
-
     static_assert(!std::is_same<TDialogPolicy, TDialogCreateSession>());
     using TBase = NActors::TActorBootstrapped<TSessionedActorImpl<TDialogPolicy>>;
     void Handle(TEvRequestResult<TDialogCreateSession>::TPtr& ev) {
@@ -184,10 +202,11 @@ private:
         Y_VERIFY(sessionId);
         std::optional<typename TDialogPolicy::TRequest> nextRequest = OnSessionId(sessionId);
         Y_VERIFY(nextRequest);
-        TBase::Register(new TYDBRequest<TDialogPolicy>(*nextRequest, TBase::SelfId(), Config, TBase::SelfId()));
+        TBase::Register(new TYDBRequest<TDialogPolicy>(*nextRequest, UserToken, TBase::SelfId(), Config, TBase::SelfId()));
     }
 protected:
     const NInternal::NRequest::TConfig Config;
+    const NACLib::TUserToken UserToken;
     virtual std::optional<typename TDialogPolicy::TRequest> OnSessionId(const TString& sessionId) = 0;
     virtual void OnResult(const typename TDialogPolicy::TResponse& response) = 0;
 public:
@@ -202,8 +221,9 @@ public:
         }
     }
 
-    TSessionedActorImpl(const NInternal::NRequest::TConfig& config)
+    TSessionedActorImpl(const NInternal::NRequest::TConfig& config, const NACLib::TUserToken& uToken)
         : Config(config)
+        , UserToken(uToken)
     {
 
     }
@@ -222,7 +242,7 @@ public:
     }
 
     void Handle(typename TEvRequestStart::TPtr& /*ev*/) {
-        TBase::Register(new TYDBRequest<TDialogCreateSession>(TDialogCreateSession::TRequest(), TBase::SelfId(), Config, TBase::SelfId()));
+        TBase::Register(new TYDBRequest<TDialogCreateSession>(TDialogCreateSession::TRequest(), UserToken, TBase::SelfId(), Config, TBase::SelfId()));
     }
 
     void Bootstrap() {
@@ -256,8 +276,9 @@ protected:
         Output->OnReply(response);
     }
 public:
-    TYQLQuerySessionedActor(const TString& query, const NInternal::NRequest::TConfig& config, IQueryOutput::TPtr output)
-        : TBase(config)
+    TYQLQuerySessionedActor(const TString& query, const NACLib::TUserToken& uToken,
+        const NInternal::NRequest::TConfig& config, IQueryOutput::TPtr output)
+        : TBase(config, uToken)
         , Query(query)
         , Output(output)
     {
diff --git a/ydb/services/metadata/secret/snapshot.cpp b/ydb/services/metadata/secret/snapshot.cpp
index 6adc494f8d..13264923a7 100644
--- a/ydb/services/metadata/secret/snapshot.cpp
+++ b/ydb/services/metadata/secret/snapshot.cpp
@@ -57,7 +57,7 @@ bool TSnapshot::PatchString(TString& stringForPath) const {
     return true;
 }
 
-bool TSnapshot::CheckSecretAccess(const TString& secretableString, const TMaybe<NACLib::TUserToken>& userToken) const {
+bool TSnapshot::CheckSecretAccess(const TString& secretableString, const std::optional<NACLib::TUserToken>& userToken) const {
     if (!userToken) {
         return true;
     }
diff --git a/ydb/services/metadata/secret/snapshot.h b/ydb/services/metadata/secret/snapshot.h
index 73ff710930..d1f1ba5cab 100644
--- a/ydb/services/metadata/secret/snapshot.h
+++ b/ydb/services/metadata/secret/snapshot.h
@@ -18,7 +18,7 @@ protected:
     virtual TString DoSerializeToString() const override;
 public:
     using TBase::TBase;
-    bool CheckSecretAccess(const TString& secretableString, const TMaybe<NACLib::TUserToken>& userToken) const;
+    bool CheckSecretAccess(const TString& secretableString, const std::optional<NACLib::TUserToken>& userToken) const;
     bool PatchString(TString& stringForPath) const;
 };
author	ivanmorozov <ivanmorozov@yandex-team.com>	2022-11-30 17:29:52 +0300
committer	ivanmorozov <ivanmorozov@yandex-team.com>	2022-11-30 17:29:52 +0300
commit	8e02186e1b12cefe9abb4056ad282889093dbeff (patch)
tree	0105068d70bd3d3e2193508c05be9a9aec01800a
parent	d03aa9285397c1daa052797d42e8c439655a2162 (diff)
download	ydb-8e02186e1b12cefe9abb4056ad282889093dbeff.tar.gz