diff options
| author | ignatloskutov <ignatloskutov@yandex-team.com> | 2024-08-09 14:09:29 +0300 |
|---|---|---|
| committer | ignatloskutov <ignatloskutov@yandex-team.com> | 2024-08-09 14:19:48 +0300 |
| commit | 9de3cba87c796935e63c061d425f9cd69086f1ff (patch) | |
| tree | 8add3176ec16a42c2047b2e9a0bcdeb5785826ea | |
| parent | fc4431b2298b392e5ab598032f69123586c808e1 (diff) | |
| download | ydb-9de3cba87c796935e63c061d425f9cd69086f1ff.tar.gz | |
add support for UserTicket to NAuth::TAuthenticationOptions
ad04d194b1e49b2627213c2159a80ee107399ffe
| -rw-r--r-- | yt/yt/library/auth/authentication_options.cpp | 8 | ||||
| -rw-r--r-- | yt/yt/library/auth/authentication_options.h | 2 | ||||
| -rw-r--r-- | yt/yt/library/auth/credentials_injecting_channel.cpp | 40 | ||||
| -rw-r--r-- | yt/yt/library/auth/credentials_injecting_channel.h | 4 |
4 files changed, 53 insertions, 1 deletions
diff --git a/yt/yt/library/auth/authentication_options.cpp b/yt/yt/library/auth/authentication_options.cpp index b8b000b560..2d72e2a359 100644 --- a/yt/yt/library/auth/authentication_options.cpp +++ b/yt/yt/library/auth/authentication_options.cpp @@ -35,6 +35,13 @@ TAuthenticationOptions TAuthenticationOptions::FromServiceTicketAuth(const IServ }; } +TAuthenticationOptions TAuthenticationOptions::FromUserTicket(const TString& userTicket) +{ + return { + .UserTicket = userTicket + }; +} + const TString& TAuthenticationOptions::GetAuthenticatedUser() const { static const TString UnknownUser("<unknown>"); @@ -52,4 +59,3 @@ NRpc::TAuthenticationIdentity TAuthenticationOptions::GetAuthenticationIdentity( //////////////////////////////////////////////////////////////////////////////// } // namespace NYT::NAuth - diff --git a/yt/yt/library/auth/authentication_options.h b/yt/yt/library/auth/authentication_options.h index d08e76fc76..7b7072e5a3 100644 --- a/yt/yt/library/auth/authentication_options.h +++ b/yt/yt/library/auth/authentication_options.h @@ -18,6 +18,7 @@ struct TAuthenticationOptions static TAuthenticationOptions FromAuthenticationIdentity(const NRpc::TAuthenticationIdentity& identity); static TAuthenticationOptions FromToken(const TString& token); static TAuthenticationOptions FromServiceTicketAuth(const IServiceTicketAuthPtr& ticketAuth); + static TAuthenticationOptions FromUserTicket(const TString& userTicket); const TString& GetAuthenticatedUser() const; NRpc::TAuthenticationIdentity GetAuthenticationIdentity() const; @@ -36,6 +37,7 @@ struct TAuthenticationOptions std::optional<TString> SessionId; std::optional<TString> SslSessionId; std::optional<IServiceTicketAuthPtr> ServiceTicketAuth; + std::optional<TString> UserTicket; }; //////////////////////////////////////////////////////////////////////////////// diff --git a/yt/yt/library/auth/credentials_injecting_channel.cpp b/yt/yt/library/auth/credentials_injecting_channel.cpp index e605161331..2ddd4c7898 100644 --- a/yt/yt/library/auth/credentials_injecting_channel.cpp +++ b/yt/yt/library/auth/credentials_injecting_channel.cpp @@ -31,6 +31,10 @@ NRpc::IChannelPtr CreateCredentialsInjectingChannel( return CreateServiceTicketInjectingChannel( underlyingChannel, options); + } else if (options.UserTicket) { + return CreateUserTicketInjectingChannel( + underlyingChannel, + options); } else { return CreateUserInjectingChannel(underlyingChannel, options); } @@ -208,6 +212,42 @@ NRpc::IChannelPtr CreateServiceTicketInjectingChannel( //////////////////////////////////////////////////////////////////////////////// +class TUserTicketInjectingChannel + : public TUserInjectingChannel +{ +public: + TUserTicketInjectingChannel( + IChannelPtr underlyingChannel, + const TAuthenticationOptions& options) + : TUserInjectingChannel(std::move(underlyingChannel), options) + , UserTicket_(*options.UserTicket) + { } + +protected: + void DoInject(const IClientRequestPtr& request) override + { + TUserInjectingChannel::DoInject(request); + + auto* ext = request->Header().MutableExtension(NRpc::NProto::TCredentialsExt::credentials_ext); + ext->set_user_ticket(UserTicket_); + } + +private: + const TString UserTicket_; +}; + +NRpc::IChannelPtr CreateUserTicketInjectingChannel( + NRpc::IChannelPtr underlyingChannel, + const TAuthenticationOptions& options) +{ + YT_VERIFY(underlyingChannel); + YT_VERIFY(options.UserTicket && *options.UserTicket); + return New<TUserTicketInjectingChannel>( + std::move(underlyingChannel), + options); +} +//////////////////////////////////////////////////////////////////////////////// + class TServiceTicketInjectingChannelFactory : public IChannelFactory { diff --git a/yt/yt/library/auth/credentials_injecting_channel.h b/yt/yt/library/auth/credentials_injecting_channel.h index 3933428172..be65d19273 100644 --- a/yt/yt/library/auth/credentials_injecting_channel.h +++ b/yt/yt/library/auth/credentials_injecting_channel.h @@ -32,6 +32,10 @@ NRpc::IChannelPtr CreateServiceTicketInjectingChannel( NRpc::IChannelPtr underlyingChannel, const TAuthenticationOptions& options); +NRpc::IChannelPtr CreateUserTicketInjectingChannel( + NRpc::IChannelPtr underlyingChannel, + const TAuthenticationOptions& options); + //////////////////////////////////////////////////////////////////////////////// NRpc::IChannelFactoryPtr CreateServiceTicketInjectingChannelFactory( |