diff options
| author | uzhas <[email protected]> | 2023-01-31 20:03:50 +0300 |
|---|---|---|
| committer | uzhas <[email protected]> | 2023-01-31 20:03:50 +0300 |
| commit | a4af50c830dfb9c71c06e2a3a68362062cdb07b6 (patch) | |
| tree | c545aabbee89b35abc6c22176b0f2e477bd4b5c2 | |
| parent | bc2a47316d20edc6633f873f8a27fc1e7a0c4709 (diff) | |
use fq in http api
| -rw-r--r-- | ydb/core/grpc_services/rpc_fq.cpp | 307 | ||||
| -rw-r--r-- | ydb/core/grpc_services/service_fq.h | 53 | ||||
| -rw-r--r-- | ydb/core/public_http/fq_handlers.h | 64 | ||||
| -rw-r--r-- | ydb/core/public_http/grpc_request_context_wrapper.h | 1 | ||||
| -rw-r--r-- | ydb/core/public_http/protos/fq.proto | 6 | ||||
| -rw-r--r-- | ydb/services/fq/grpc_service.cpp | 250 |
6 files changed, 390 insertions, 291 deletions
diff --git a/ydb/core/grpc_services/rpc_fq.cpp b/ydb/core/grpc_services/rpc_fq.cpp index 91d5443aecb..3010da09658 100644 --- a/ydb/core/grpc_services/rpc_fq.cpp +++ b/ydb/core/grpc_services/rpc_fq.cpp @@ -20,6 +20,7 @@ namespace NKikimr { namespace NGRpcService { using namespace Ydb; +using NPerms = NKikimr::TEvTicketParser::TEvAuthorizeTicket; template <typename RpcRequestType, typename EvRequestType, typename EvResponseType, typename CastRequest, typename CastResult> class TFederatedQueryRequestRPC : public TRpcOperationRequestActor< @@ -294,7 +295,7 @@ using TFederatedQueryGetResultDataRPC = TFederatedQueryRequestRPC< YandexQuery::GetResultDataRequest, FederatedQuery::GetResultDataResult>; -void DoGetResultDataRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider&) { +void DoFederatedQueryGetResultDataRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider&) { TActivationContext::AsActorContext().Register(new TFederatedQueryGetResultDataRPC(p.release())); } @@ -305,7 +306,7 @@ using TFederatedQueryListJobsRPC = TFederatedQueryRequestRPC< YandexQuery::ListJobsRequest, FederatedQuery::ListJobsResult>; -void DoListJobsRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider&) { +void DoFederatedQueryListJobsRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider&) { TActivationContext::AsActorContext().Register(new TFederatedQueryListJobsRPC(p.release())); } @@ -316,7 +317,7 @@ using TFederatedQueryDescribeJobRPC = TFederatedQueryRequestRPC< YandexQuery::DescribeJobRequest, FederatedQuery::DescribeJobResult>; -void DoDescribeJobRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider&) { +void DoFederatedQueryDescribeJobRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider&) { TActivationContext::AsActorContext().Register(new TFederatedQueryDescribeJobRPC(p.release())); } @@ -327,7 +328,7 @@ using TFederatedQueryCreateConnectionRPC = TFederatedQueryRequestRPC< YandexQuery::CreateConnectionRequest, FederatedQuery::CreateConnectionResult>; -void DoCreateConnectionRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider&) { +void DoFederatedQueryCreateConnectionRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider&) { TActivationContext::AsActorContext().Register(new TFederatedQueryCreateConnectionRPC(p.release())); } @@ -338,7 +339,7 @@ using TFederatedQueryListConnectionsRPC = TFederatedQueryRequestRPC< YandexQuery::ListConnectionsRequest, FederatedQuery::ListConnectionsResult>; -void DoListConnectionsRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider&) { +void DoFederatedQueryListConnectionsRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider&) { TActivationContext::AsActorContext().Register(new TFederatedQueryListConnectionsRPC(p.release())); } @@ -349,7 +350,7 @@ using TFederatedQueryDescribeConnectionRPC = TFederatedQueryRequestRPC< YandexQuery::DescribeConnectionRequest, FederatedQuery::DescribeConnectionResult>; -void DoDescribeConnectionRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider&) { +void DoFederatedQueryDescribeConnectionRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider&) { TActivationContext::AsActorContext().Register(new TFederatedQueryDescribeConnectionRPC(p.release())); } @@ -360,7 +361,7 @@ using TFederatedQueryModifyConnectionRPC = TFederatedQueryRequestRPC< YandexQuery::ModifyConnectionRequest, FederatedQuery::ModifyConnectionResult>; -void DoModifyConnectionRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider&) { +void DoFederatedQueryModifyConnectionRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider&) { TActivationContext::AsActorContext().Register(new TFederatedQueryModifyConnectionRPC(p.release())); } @@ -371,7 +372,7 @@ using TFederatedQueryDeleteConnectionRPC = TFederatedQueryRequestRPC< YandexQuery::DeleteConnectionRequest, FederatedQuery::DeleteConnectionResult>; -void DoDeleteConnectionRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider&) { +void DoFederatedQueryDeleteConnectionRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider&) { TActivationContext::AsActorContext().Register(new TFederatedQueryDeleteConnectionRPC(p.release())); } @@ -382,7 +383,7 @@ using TFederatedQueryTestConnectionRPC = TFederatedQueryRequestRPC< YandexQuery::TestConnectionRequest, FederatedQuery::TestConnectionResult>; -void DoTestConnectionRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider&) { +void DoFederatedQueryTestConnectionRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider&) { TActivationContext::AsActorContext().Register(new TFederatedQueryTestConnectionRPC(p.release())); } @@ -393,7 +394,7 @@ using TFederatedQueryCreateBindingRPC = TFederatedQueryRequestRPC< YandexQuery::CreateBindingRequest, FederatedQuery::CreateBindingResult>; -void DoCreateBindingRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& ) { +void DoFederatedQueryCreateBindingRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& ) { TActivationContext::AsActorContext().Register(new TFederatedQueryCreateBindingRPC(p.release())); } @@ -404,7 +405,7 @@ using TFederatedQueryListBindingsRPC = TFederatedQueryRequestRPC< YandexQuery::ListBindingsRequest, FederatedQuery::ListBindingsResult>; -void DoListBindingsRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider&) { +void DoFederatedQueryListBindingsRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider&) { TActivationContext::AsActorContext().Register(new TFederatedQueryListBindingsRPC(p.release())); } @@ -415,7 +416,7 @@ using TFederatedQueryDescribeBindingRPC = TFederatedQueryRequestRPC< YandexQuery::DescribeBindingRequest, FederatedQuery::DescribeBindingResult>; -void DoDescribeBindingRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider&) { +void DoFederatedQueryDescribeBindingRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider&) { TActivationContext::AsActorContext().Register(new TFederatedQueryDescribeBindingRPC(p.release())); } @@ -426,7 +427,7 @@ using TFederatedQueryModifyBindingRPC = TFederatedQueryRequestRPC< YandexQuery::ModifyBindingRequest, FederatedQuery::ModifyBindingResult>; -void DoModifyBindingRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider&) { +void DoFederatedQueryModifyBindingRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider&) { TActivationContext::AsActorContext().Register(new TFederatedQueryModifyBindingRPC(p.release())); } @@ -437,9 +438,287 @@ using TFederatedQueryDeleteBindingRPC = TFederatedQueryRequestRPC< YandexQuery::DeleteBindingRequest, FederatedQuery::DeleteBindingResult>; -void DoDeleteBindingRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider&) { +void DoFederatedQueryDeleteBindingRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider&) { TActivationContext::AsActorContext().Register(new TFederatedQueryDeleteBindingRPC(p.release())); } +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryCreateQueryRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) { + static const std::function permissions{[](const FederatedQuery::CreateQueryRequest& request) { + TVector<NPerms::TPermission> basePermissions{ + NPerms::Required("yq.queries.create"), + NPerms::Optional("yq.connections.use"), + NPerms::Optional("yq.bindings.use") + }; + if (request.execute_mode() != FederatedQuery::SAVE) { + basePermissions.push_back(NPerms::Required("yq.queries.invoke")); + } + if (request.content().acl().visibility() == FederatedQuery::Acl::SCOPE) { + basePermissions.push_back(NPerms::Required("yq.resources.managePublic")); + } + return basePermissions; + }}; + + return std::make_unique<TGrpcFqRequestOperationCall<FederatedQuery::CreateQueryRequest, FederatedQuery::CreateQueryResponse>>(ctx.Release(), &DoFederatedQueryCreateQueryRequest, permissions); +} + +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryListQueriesRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) { + static const std::function permissions{[](const FederatedQuery::ListQueriesRequest&) -> TVector<NPerms::TPermission> { + return { + NPerms::Required("yq.queries.get"), + NPerms::Optional("yq.resources.viewPublic"), + NPerms::Optional("yq.resources.viewPrivate") + }; + }}; + + return std::make_unique<TGrpcFqRequestOperationCall<FederatedQuery::ListQueriesRequest, FederatedQuery::ListQueriesResponse>>(ctx.Release(), &DoFederatedQueryListQueriesRequest, permissions); +} + +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryDescribeQueryRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) { + static const std::function permissions{[](const FederatedQuery::DescribeQueryRequest&) -> TVector<NPerms::TPermission> { + return { + NPerms::Required("yq.queries.get"), + NPerms::Optional("yq.queries.viewAst"), + NPerms::Optional("yq.resources.viewPublic"), + NPerms::Optional("yq.resources.viewPrivate") + }; + }}; + + return std::make_unique<TGrpcFqRequestOperationCall<FederatedQuery::DescribeQueryRequest, FederatedQuery::DescribeQueryResponse>>(ctx.Release(), &DoFederatedQueryDescribeQueryRequest, permissions); +} + +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryGetQueryStatusRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) { + static const std::function permissions{[](const FederatedQuery::GetQueryStatusRequest&) -> TVector<NPerms::TPermission> { + return { + NPerms::Required("yq.queries.getStatus"), + NPerms::Optional("yq.resources.viewPublic"), + NPerms::Optional("yq.resources.viewPrivate") + }; + }}; + + return std::make_unique<TGrpcFqRequestOperationCall<FederatedQuery::GetQueryStatusRequest, FederatedQuery::GetQueryStatusResponse>>(ctx.Release(), &DoFederatedQueryGetQueryStatusRequest, permissions); +} + +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryModifyQueryRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) { + static const std::function permissions{[](const FederatedQuery::ModifyQueryRequest& request) { + TVector<NPerms::TPermission> basePermissions{ + NPerms::Required("yq.queries.update"), + NPerms::Optional("yq.connections.use"), + NPerms::Optional("yq.bindings.use"), + NPerms::Optional("yq.resources.managePrivate") + }; + if (request.execute_mode() != FederatedQuery::SAVE) { + basePermissions.push_back(NPerms::Required("yq.queries.invoke")); + } + if (request.content().acl().visibility() == FederatedQuery::Acl::SCOPE) { + basePermissions.push_back(NPerms::Required("yq.resources.managePublic")); + } + return basePermissions; + }}; + + return std::make_unique<TGrpcFqRequestOperationCall<FederatedQuery::ModifyQueryRequest, FederatedQuery::ModifyQueryResponse>>(ctx.Release(), &DoFederatedQueryModifyQueryRequest, permissions); +} + +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryDeleteQueryRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) { + static const std::function permissions{[](const FederatedQuery::DeleteQueryRequest&) -> TVector<NPerms::TPermission> { + return { + NPerms::Required("yq.queries.delete"), + NPerms::Optional("yq.resources.managePublic"), + NPerms::Optional("yq.resources.managePrivate") + }; + }}; + + return std::make_unique<TGrpcFqRequestOperationCall<FederatedQuery::DeleteQueryRequest, FederatedQuery::DeleteQueryResponse>>(ctx.Release(), &DoFederatedQueryDeleteQueryRequest, permissions); +} + +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryControlQueryRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) { + static const std::function permissions{[](const FederatedQuery::ControlQueryRequest&) -> TVector<NPerms::TPermission> { + return { + NPerms::Required("yq.queries.control"), + NPerms::Optional("yq.resources.managePublic"), + NPerms::Optional("yq.resources.managePrivate") + }; + }}; + + return std::make_unique<TGrpcFqRequestOperationCall<FederatedQuery::ControlQueryRequest, FederatedQuery::ControlQueryResponse>>(ctx.Release(), &DoFederatedQueryControlQueryRequest, permissions); +} + +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryGetResultDataRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) { + static const std::function permissions{ [](const FederatedQuery::GetResultDataRequest&) -> TVector<NPerms::TPermission> { + return { + NPerms::Required("yq.queries.getData"), + NPerms::Optional("yq.resources.viewPublic"), + NPerms::Optional("yq.resources.viewPrivate") + }; + } }; + + return std::make_unique<TGrpcFqRequestOperationCall<FederatedQuery::GetResultDataRequest, FederatedQuery::GetResultDataResponse>>(ctx.Release(), &DoFederatedQueryGetResultDataRequest, permissions); +} + +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryListJobsRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) { + static const std::function permissions{ [](const FederatedQuery::ListJobsRequest&) -> TVector<NPerms::TPermission> { + return { + NPerms::Required("yq.jobs.get"), + NPerms::Optional("yq.resources.viewPublic"), + NPerms::Optional("yq.resources.viewPrivate") + }; + } }; + + return std::make_unique<TGrpcFqRequestOperationCall<FederatedQuery::ListJobsRequest, FederatedQuery::ListJobsResponse>>(ctx.Release(), &DoFederatedQueryListJobsRequest, permissions); +} + +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryDescribeJobRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) { + static const std::function permissions{ [](const FederatedQuery::DescribeJobRequest&) -> TVector<NPerms::TPermission> { + return { + NPerms::Required("yq.jobs.get"), + NPerms::Optional("yq.resources.viewPublic"), + NPerms::Optional("yq.resources.viewPrivate") + }; + } }; + + return std::make_unique<TGrpcFqRequestOperationCall<FederatedQuery::DescribeJobRequest, FederatedQuery::DescribeJobResponse>>(ctx.Release(), &DoFederatedQueryDescribeJobRequest, permissions); +} + +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryCreateConnectionRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) { + static const std::function permissions{ [](const FederatedQuery::CreateConnectionRequest& request) -> TVector<NPerms::TPermission> { + TVector<NPerms::TPermission> basePermissions{ + NPerms::Required("yq.connections.create"), + }; + if (request.content().acl().visibility() == FederatedQuery::Acl::SCOPE) { + basePermissions.push_back(NPerms::Required("yq.resources.managePublic")); + } + return basePermissions; + } }; + + return std::make_unique<TGrpcFqRequestOperationCall<FederatedQuery::CreateConnectionRequest, FederatedQuery::CreateConnectionResponse>>(ctx.Release(), &DoFederatedQueryCreateConnectionRequest, permissions); +} + +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryListConnectionsRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) { + static const std::function permissions{ [](const FederatedQuery::ListConnectionsRequest&) -> TVector<NPerms::TPermission> { + return { + NPerms::Required("yq.connections.get"), + NPerms::Optional("yq.resources.viewPublic"), + NPerms::Optional("yq.resources.viewPrivate") + }; + } }; + + return std::make_unique<TGrpcFqRequestOperationCall<FederatedQuery::ListConnectionsRequest, FederatedQuery::ListConnectionsResponse>>(ctx.Release(), &DoFederatedQueryListConnectionsRequest, permissions); +} + +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryDescribeConnectionRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) { + static const std::function permissions{ [](const FederatedQuery::DescribeConnectionRequest&) -> TVector<NPerms::TPermission> { + return { + NPerms::Required("yq.connections.get"), + NPerms::Optional("yq.resources.viewPublic"), + NPerms::Optional("yq.resources.viewPrivate") + }; + } }; + + return std::make_unique<TGrpcFqRequestOperationCall<FederatedQuery::DescribeConnectionRequest, FederatedQuery::DescribeConnectionResponse>>(ctx.Release(), &DoFederatedQueryDescribeConnectionRequest, permissions); +} + +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryModifyConnectionRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) { + static const std::function permissions{ [](const FederatedQuery::ModifyConnectionRequest& request) -> TVector<NPerms::TPermission> { + TVector<NPerms::TPermission> basePermissions{ + NPerms::Required("yq.connections.update"), + NPerms::Optional("yq.resources.managePrivate") + }; + if (request.content().acl().visibility() == FederatedQuery::Acl::SCOPE) { + basePermissions.push_back(NPerms::Required("yq.resources.managePublic")); + } + return basePermissions; + } }; + + return std::make_unique<TGrpcFqRequestOperationCall<FederatedQuery::ModifyConnectionRequest, FederatedQuery::ModifyConnectionResponse>>(ctx.Release(), &DoFederatedQueryModifyConnectionRequest, permissions); +} + +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryDeleteConnectionRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) { + static const std::function permissions{ [](const FederatedQuery::DeleteConnectionRequest&) -> TVector<NPerms::TPermission> { + return { + NPerms::Required("yq.connections.delete"), + NPerms::Optional("yq.resources.managePublic"), + NPerms::Optional("yq.resources.managePrivate") + }; + } }; + + return std::make_unique<TGrpcFqRequestOperationCall<FederatedQuery::DeleteConnectionRequest, FederatedQuery::DeleteConnectionResponse>>(ctx.Release(), &DoFederatedQueryDeleteConnectionRequest, permissions); +} + +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryTestConnectionRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) { + static const std::function permissions{ [](const FederatedQuery::TestConnectionRequest&) -> TVector<NPerms::TPermission> { + return { + NPerms::Required("yq.connections.create") + }; + } }; + + return std::make_unique<TGrpcFqRequestOperationCall<FederatedQuery::TestConnectionRequest, FederatedQuery::TestConnectionResponse>>(ctx.Release(), &DoFederatedQueryTestConnectionRequest, permissions); +} + +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryCreateBindingRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) { + static const std::function permissions{ [](const FederatedQuery::CreateBindingRequest&) -> TVector<NPerms::TPermission> { + // For use in binding links on connection with visibility SCOPE, + // the yq.resources.managePublic permission is required. But there + // is no information about connection visibility in this place, + // so yq.resources.managePublic is always requested as optional + return { + NPerms::Required("yq.bindings.create"), + NPerms::Optional("yq.resources.managePublic") + }; + } }; + + return std::make_unique<TGrpcFqRequestOperationCall<FederatedQuery::CreateBindingRequest, FederatedQuery::CreateBindingResponse>>(ctx.Release(), &DoFederatedQueryCreateBindingRequest, permissions); +} + +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryListBindingsRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) { + static const std::function permissions{ [](const FederatedQuery::ListBindingsRequest&) -> TVector<NPerms::TPermission> { + return { + NPerms::Required("yq.bindings.get"), + NPerms::Optional("yq.resources.viewPublic"), + NPerms::Optional("yq.resources.viewPrivate") + }; + } }; + + return std::make_unique<TGrpcFqRequestOperationCall<FederatedQuery::ListBindingsRequest, FederatedQuery::ListBindingsResponse>>(ctx.Release(), &DoFederatedQueryListBindingsRequest, permissions); +} + +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryDescribeBindingRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) { + static const std::function permissions{ [](const FederatedQuery::DescribeBindingRequest&) -> TVector<NPerms::TPermission> { + return { + NPerms::Required("yq.bindings.get"), + NPerms::Optional("yq.resources.viewPublic"), + NPerms::Optional("yq.resources.viewPrivate") + }; + } }; + + return std::make_unique<TGrpcFqRequestOperationCall<FederatedQuery::DescribeBindingRequest, FederatedQuery::DescribeBindingResponse>>(ctx.Release(), &DoFederatedQueryDescribeBindingRequest, permissions); +} + +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryModifyBindingRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) { + static const std::function permissions{ [](const FederatedQuery::ModifyBindingRequest&) -> TVector<NPerms::TPermission> { + // For use in binding links on connection with visibility SCOPE, + // the yq.resources.managePublic permission is required. But there + // is no information about connection visibility in this place, + // so yq.resources.managePublic is always requested as optional + return { + NPerms::Required("yq.bindings.update"), + NPerms::Optional("yq.resources.managePrivate"), + NPerms::Optional("yq.resources.managePublic") + }; + } }; + + return std::make_unique<TGrpcFqRequestOperationCall<FederatedQuery::ModifyBindingRequest, FederatedQuery::ModifyBindingResponse>>(ctx.Release(), &DoFederatedQueryModifyBindingRequest, permissions); +} + +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryDeleteBindingRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) { + static const std::function permissions{ [](const FederatedQuery::DeleteBindingRequest&) -> TVector<NPerms::TPermission> { + return { + NPerms::Required("yq.bindings.delete"), + NPerms::Optional("yq.resources.managePublic"), + NPerms::Optional("yq.resources.managePrivate") + }; + } }; + + return std::make_unique<TGrpcFqRequestOperationCall<FederatedQuery::DeleteBindingRequest, FederatedQuery::DeleteBindingResponse>>(ctx.Release(), &DoFederatedQueryDeleteBindingRequest, permissions); +} + } // namespace NGRpcService } // namespace NKikimr diff --git a/ydb/core/grpc_services/service_fq.h b/ydb/core/grpc_services/service_fq.h index 99e52fbb137..3d119cba8dc 100644 --- a/ydb/core/grpc_services/service_fq.h +++ b/ydb/core/grpc_services/service_fq.h @@ -71,20 +71,45 @@ void DoFederatedQueryGetQueryStatusRequest(std::unique_ptr<IRequestOpCtx> p, con void DoFederatedQueryModifyQueryRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); void DoFederatedQueryDeleteQueryRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); void DoFederatedQueryControlQueryRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); -void DoGetResultDataRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); -void DoListJobsRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); -void DoDescribeJobRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); -void DoCreateConnectionRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); -void DoListConnectionsRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); -void DoDescribeConnectionRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); -void DoModifyConnectionRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); -void DoDeleteConnectionRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); -void DoTestConnectionRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); -void DoCreateBindingRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); -void DoListBindingsRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); -void DoDescribeBindingRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); -void DoModifyBindingRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); -void DoDeleteBindingRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); +void DoFederatedQueryGetResultDataRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); +void DoFederatedQueryListJobsRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); +void DoFederatedQueryDescribeJobRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); +void DoFederatedQueryCreateConnectionRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); +void DoFederatedQueryListConnectionsRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); +void DoFederatedQueryDescribeConnectionRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); +void DoFederatedQueryModifyConnectionRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); +void DoFederatedQueryDeleteConnectionRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); +void DoFederatedQueryTestConnectionRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); +void DoFederatedQueryCreateBindingRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); +void DoFederatedQueryListBindingsRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); +void DoFederatedQueryDescribeBindingRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); +void DoFederatedQueryModifyBindingRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); +void DoFederatedQueryDeleteBindingRequest(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvider& facility); + +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryCreateQueryRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx); +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryListQueriesRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx); +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryDescribeQueryRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx); +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryGetQueryStatusRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx); +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryModifyQueryRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx); +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryDeleteQueryRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx); +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryControlQueryRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx); +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryGetResultDataRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx); + +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryListJobsRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx); +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryDescribeJobRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx); + +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryCreateConnectionRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx); +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryListConnectionsRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx); +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryDescribeConnectionRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx); +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryModifyConnectionRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx); +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryDeleteConnectionRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx); +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryTestConnectionRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx); + +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryCreateBindingRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx); +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryListBindingsRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx); +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryDescribeBindingRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx); +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryModifyBindingRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx); +std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryDeleteBindingRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx); } // namespace NGRpcService } // namespace NKikimr diff --git a/ydb/core/public_http/fq_handlers.h b/ydb/core/public_http/fq_handlers.h index d2cad7ef7b2..aa89361d472 100644 --- a/ydb/core/public_http/fq_handlers.h +++ b/ydb/core/public_http/fq_handlers.h @@ -6,7 +6,7 @@ #include <library/cpp/protobuf/json/json2proto.h> #include <ydb/core/protos/services.pb.h> #include <ydb/core/grpc_services/grpc_request_proxy.h> -#include <ydb/core/grpc_services/service_yq.h> +#include <ydb/core/grpc_services/service_fq.h> #include <ydb/core/public_http/protos/fq.pb.h> #include <ydb/core/yq/libs/result_formatter/result_formatter.h> @@ -93,60 +93,60 @@ void FqConvert(const Ydb::Operations::Operation& src, FQHttp::Error& dst) { SIMPLE_COPY_REPEATABLE_RENAME_FIELD(issues, details); } -void FqConvert(const FQHttp::CreateQueryRequest& src, YandexQuery::QueryContent& dst) { +void FqConvert(const FQHttp::CreateQueryRequest& src, FederatedQuery::QueryContent& dst) { SIMPLE_COPY_FIELD(type); SIMPLE_COPY_FIELD(name); SIMPLE_COPY_FIELD(text); SIMPLE_COPY_FIELD(description); } -void FqConvert(const YandexQuery::QueryContent& src, FQHttp::GetQueryResult& dst) { +void FqConvert(const FederatedQuery::QueryContent& src, FQHttp::GetQueryResult& dst) { SIMPLE_COPY_FIELD(type); SIMPLE_COPY_MUTABLE_WRAPPER_FIELD(name); SIMPLE_COPY_MUTABLE_WRAPPER_FIELD(text); SIMPLE_COPY_MUTABLE_WRAPPER_FIELD(description); } -void FqConvert(const FQHttp::CreateQueryRequest& src, YandexQuery::CreateQueryRequest& dst) { +void FqConvert(const FQHttp::CreateQueryRequest& src, FederatedQuery::CreateQueryRequest& dst) { FqConvert(src, *dst.mutable_content()); - dst.set_execute_mode(YandexQuery::RUN); + dst.set_execute_mode(FederatedQuery::RUN); auto& content = *dst.mutable_content(); - if (content.type() == YandexQuery::QueryContent::QUERY_TYPE_UNSPECIFIED) { - content.set_type(YandexQuery::QueryContent::ANALYTICS); + if (content.type() == FederatedQuery::QueryContent::QUERY_TYPE_UNSPECIFIED) { + content.set_type(FederatedQuery::QueryContent::ANALYTICS); } - if (content.acl().visibility() == YandexQuery::Acl::VISIBILITY_UNSPECIFIED) { - content.mutable_acl()->set_visibility(YandexQuery::Acl::PRIVATE); + if (content.acl().visibility() == FederatedQuery::Acl::VISIBILITY_UNSPECIFIED) { + content.mutable_acl()->set_visibility(FederatedQuery::Acl::PRIVATE); } content.set_automatic(true); } -void FqConvert(const YandexQuery::CreateQueryResult& src, FQHttp::CreateQueryResult& dst) { +void FqConvert(const FederatedQuery::CreateQueryResult& src, FQHttp::CreateQueryResult& dst) { SIMPLE_COPY_RENAME_FIELD(query_id, id); } -void FqConvert(const YandexQuery::CommonMeta& src, FQHttp::QueryMeta& dst) { +void FqConvert(const FederatedQuery::CommonMeta& src, FQHttp::QueryMeta& dst) { SIMPLE_COPY_MUTABLE_RENAME_FIELD(created_at, started_at); } -void FqConvert(const YandexQuery::QueryMeta& src, FQHttp::QueryMeta& dst) { +void FqConvert(const FederatedQuery::QueryMeta& src, FQHttp::QueryMeta& dst) { SIMPLE_COPY_MUTABLE_FIELD(finished_at); FqConvert(src.common(), dst); } -FQHttp::GetQueryResult::ComputeStatus RemapQueryStatus(YandexQuery::QueryMeta::ComputeStatus status) { +FQHttp::GetQueryResult::ComputeStatus RemapQueryStatus(FederatedQuery::QueryMeta::ComputeStatus status) { switch (status) { - case YandexQuery::QueryMeta::COMPLETED: + case FederatedQuery::QueryMeta::COMPLETED: return FQHttp::GetQueryResult::COMPLETED; - case YandexQuery::QueryMeta::ABORTED_BY_USER: + case FederatedQuery::QueryMeta::ABORTED_BY_USER: [[fallthrough]]; - case YandexQuery::QueryMeta::ABORTED_BY_SYSTEM: + case FederatedQuery::QueryMeta::ABORTED_BY_SYSTEM: [[fallthrough]]; - case YandexQuery::QueryMeta::FAILED: + case FederatedQuery::QueryMeta::FAILED: return FQHttp::GetQueryResult::FAILED; default: @@ -154,12 +154,12 @@ FQHttp::GetQueryResult::ComputeStatus RemapQueryStatus(YandexQuery::QueryMeta::C } } -void FqConvert(const YandexQuery::ResultSetMeta& src, FQHttp::ResultSetMeta& dst) { +void FqConvert(const FederatedQuery::ResultSetMeta& src, FQHttp::ResultSetMeta& dst) { SIMPLE_COPY_MUTABLE_WRAPPER_FIELD(rows_count); SIMPLE_COPY_MUTABLE_WRAPPER_FIELD(truncated); } -void FqConvert(const YandexQuery::Query& src, FQHttp::GetQueryResult& dst) { +void FqConvert(const FederatedQuery::Query& src, FQHttp::GetQueryResult& dst) { FQ_CONVERT_FIELD(meta); FqConvert(src.content(), dst); @@ -181,28 +181,28 @@ void FqConvert(const YandexQuery::Query& src, FQHttp::GetQueryResult& dst) { } } -void FqConvert(const FQHttp::GetQueryRequest& src, YandexQuery::DescribeQueryRequest& dst) { +void FqConvert(const FQHttp::GetQueryRequest& src, FederatedQuery::DescribeQueryRequest& dst) { SIMPLE_COPY_FIELD(query_id); } -void FqConvert(const YandexQuery::DescribeQueryResult& src, FQHttp::GetQueryResult& dst) { +void FqConvert(const FederatedQuery::DescribeQueryResult& src, FQHttp::GetQueryResult& dst) { FqConvert(src.query(), dst); } -void FqConvert(const FQHttp::GetQueryStatusRequest& src, YandexQuery::GetQueryStatusRequest& dst) { +void FqConvert(const FQHttp::GetQueryStatusRequest& src, FederatedQuery::GetQueryStatusRequest& dst) { SIMPLE_COPY_FIELD(query_id); } -void FqConvert(const YandexQuery::GetQueryStatusResult& src, FQHttp::GetQueryStatusResult& dst) { +void FqConvert(const FederatedQuery::GetQueryStatusResult& src, FQHttp::GetQueryStatusResult& dst) { dst.set_status(RemapQueryStatus(src.status())); } -void FqConvert(const FQHttp::StopQueryRequest& src, YandexQuery::ControlQueryRequest& dst) { +void FqConvert(const FQHttp::StopQueryRequest& src, FederatedQuery::ControlQueryRequest& dst) { SIMPLE_COPY_FIELD(query_id); - dst.set_action(YandexQuery::ABORT); + dst.set_action(FederatedQuery::ABORT); } -void FqConvert(const FQHttp::GetResultDataRequest& src, YandexQuery::GetResultDataRequest& dst) { +void FqConvert(const FQHttp::GetResultDataRequest& src, FederatedQuery::GetResultDataRequest& dst) { SIMPLE_COPY_FIELD(query_id); SIMPLE_COPY_FIELD(result_set_index); SIMPLE_COPY_FIELD(offset); @@ -213,7 +213,7 @@ void FqConvert(const FQHttp::GetResultDataRequest& src, YandexQuery::GetResultDa } } -void FqConvert(const YandexQuery::GetResultDataResult& src, FQHttp::GetResultDataResult& dst) { +void FqConvert(const FederatedQuery::GetResultDataResult& src, FQHttp::GetResultDataResult& dst) { SIMPLE_COPY_MUTABLE_FIELD(result_set); } @@ -240,8 +240,8 @@ void SetIdempotencyKey(T& dst, const TString& key) { Y_UNUSED(key); if constexpr ( - std::is_same<T, YandexQuery::CreateQueryRequest>::value || - std::is_same<T, YandexQuery::ControlQueryRequest>::value) + std::is_same<T, FederatedQuery::CreateQueryRequest>::value || + std::is_same<T, FederatedQuery::ControlQueryRequest>::value) { dst.set_idempotency_key(key); } @@ -381,11 +381,11 @@ class TJson##action : public TGrpcCallWrapper<t1, t2, t3, t4, t5> { typedef TGrpcCallWrapper<t1, t2, t3, t4, t5> TBase; \ public: \ explicit TJson##action(const THttpRequestContext& request) \ - : TBase(request, &NGRpcService::Create##internalAction##RequestOperationCall) {} \ + : TBase(request, &NGRpcService::CreateFederatedQuery##internalAction##RequestOperationCall) {} \ } -#define DECLARE_YQ_GRPC_ACTOR(action, internalAction) DECLARE_YQ_GRPC_ACTOR_IMPL(action, internalAction, YandexQuery::internalAction##Request, FQHttp::action##Request, YandexQuery::internalAction##Result, FQHttp::action##Result, YandexQuery::internalAction##Response) -#define DECLARE_YQ_GRPC_ACTOR_WIHT_EMPTY_RESULT(action, internalAction) DECLARE_YQ_GRPC_ACTOR_IMPL(action, internalAction, YandexQuery::internalAction##Request, FQHttp::action##Request, YandexQuery::internalAction##Result, ::google::protobuf::Empty, YandexQuery::internalAction##Response) +#define DECLARE_YQ_GRPC_ACTOR(action, internalAction) DECLARE_YQ_GRPC_ACTOR_IMPL(action, internalAction, FederatedQuery::internalAction##Request, FQHttp::action##Request, FederatedQuery::internalAction##Result, FQHttp::action##Result, FederatedQuery::internalAction##Response) +#define DECLARE_YQ_GRPC_ACTOR_WIHT_EMPTY_RESULT(action, internalAction) DECLARE_YQ_GRPC_ACTOR_IMPL(action, internalAction, FederatedQuery::internalAction##Request, FQHttp::action##Request, FederatedQuery::internalAction##Result, ::google::protobuf::Empty, FederatedQuery::internalAction##Response) DECLARE_YQ_GRPC_ACTOR(CreateQuery, CreateQuery); DECLARE_YQ_GRPC_ACTOR(GetQuery, DescribeQuery); diff --git a/ydb/core/public_http/grpc_request_context_wrapper.h b/ydb/core/public_http/grpc_request_context_wrapper.h index 964e33ef3a2..f4213aab85d 100644 --- a/ydb/core/public_http/grpc_request_context_wrapper.h +++ b/ydb/core/public_http/grpc_request_context_wrapper.h @@ -4,7 +4,6 @@ #include <ydb/core/grpc_services/base/base.h> #include <ydb/core/viewer/json/json.h> -#include <ydb/public/api/protos/yq.pb.h> #include <library/cpp/actors/http/http_proxy.h> namespace NKikimr::NPublicHttp { diff --git a/ydb/core/public_http/protos/fq.proto b/ydb/core/public_http/protos/fq.proto index c625542ea47..a0d08027d06 100644 --- a/ydb/core/public_http/protos/fq.proto +++ b/ydb/core/public_http/protos/fq.proto @@ -8,7 +8,7 @@ import "ydb/public/api/protos/ydb_status_codes.proto"; import "ydb/public/api/protos/ydb_value.proto"; import "google/protobuf/timestamp.proto"; import "google/protobuf/wrappers.proto"; -import "ydb/public/api/protos/yq.proto"; +import "ydb/public/api/protos/draft/fq.proto"; //////////////////////////////////////////////////////////// @@ -43,7 +43,7 @@ message ResultSetMeta { } message CreateQueryRequest { - YandexQuery.QueryContent.QueryType type = 1; + FederatedQuery.QueryContent.QueryType type = 1; string name = 2; string text = 3; string description = 4; @@ -66,7 +66,7 @@ message GetQueryResult { } google.protobuf.StringValue id = 1; - YandexQuery.QueryContent.QueryType type = 2; + FederatedQuery.QueryContent.QueryType type = 2; google.protobuf.StringValue name = 3; google.protobuf.StringValue description = 4; ComputeStatus status = 5; diff --git a/ydb/services/fq/grpc_service.cpp b/ydb/services/fq/grpc_service.cpp index c1f519e8d8a..a12f5d98720 100644 --- a/ydb/services/fq/grpc_service.cpp +++ b/ydb/services/fq/grpc_service.cpp @@ -35,245 +35,41 @@ void TGRpcFederatedQueryService::DecRequest() { void TGRpcFederatedQueryService::SetupIncomingRequests(NGrpc::TLoggerPtr logger) { auto getCounterBlock = CreateCounterCb(Counters_, ActorSystem_); - using NPerms = NKikimr::TEvTicketParser::TEvAuthorizeTicket; - - static const std::function CreateQueryPermissions{[](const FederatedQuery::CreateQueryRequest& request) { - TVector<NPerms::TPermission> permissions{ - NPerms::Required("yq.queries.create"), - NPerms::Optional("yq.connections.use"), - NPerms::Optional("yq.bindings.use") - }; - if (request.execute_mode() != FederatedQuery::SAVE) { - permissions.push_back(NPerms::Required("yq.queries.invoke")); - } - if (request.content().acl().visibility() == FederatedQuery::Acl::SCOPE) { - permissions.push_back(NPerms::Required("yq.resources.managePublic")); - } - return permissions; - }}; - - static const std::function ListQueriesPermissions{[](const FederatedQuery::ListQueriesRequest&) -> TVector<NPerms::TPermission> { - return { - NPerms::Required("yq.queries.get"), - NPerms::Optional("yq.resources.viewPublic"), - NPerms::Optional("yq.resources.viewPrivate") - }; - }}; - - static const std::function DescribeQueryPermissions{[](const FederatedQuery::DescribeQueryRequest&) -> TVector<NPerms::TPermission> { - return { - NPerms::Required("yq.queries.get"), - NPerms::Optional("yq.queries.viewAst"), - NPerms::Optional("yq.resources.viewPublic"), - NPerms::Optional("yq.resources.viewPrivate") - }; - }}; - - static const std::function GetQueryStatusPermissions{[](const FederatedQuery::GetQueryStatusRequest&) -> TVector<NPerms::TPermission> { - return { - NPerms::Required("yq.queries.getStatus"), - NPerms::Optional("yq.resources.viewPublic"), - NPerms::Optional("yq.resources.viewPrivate") - }; - }}; - - static const std::function ModifyQueryPermissions{[](const FederatedQuery::ModifyQueryRequest& request) { - TVector<NPerms::TPermission> permissions{ - NPerms::Required("yq.queries.update"), - NPerms::Optional("yq.connections.use"), - NPerms::Optional("yq.bindings.use"), - NPerms::Optional("yq.resources.managePrivate") - }; - if (request.execute_mode() != FederatedQuery::SAVE) { - permissions.push_back(NPerms::Required("yq.queries.invoke")); - } - if (request.content().acl().visibility() == FederatedQuery::Acl::SCOPE) { - permissions.push_back(NPerms::Required("yq.resources.managePublic")); - } else { - permissions.push_back(NPerms::Optional("yq.resources.managePublic")); - } - return permissions; - }}; - - static const std::function DeleteQueryPermissions{[](const FederatedQuery::DeleteQueryRequest&) -> TVector<NPerms::TPermission> { - return { - NPerms::Required("yq.queries.delete"), - NPerms::Optional("yq.resources.managePublic"), - NPerms::Optional("yq.resources.managePrivate") - }; - }}; - - static const std::function ControlQueryPermissions{[](const FederatedQuery::ControlQueryRequest&) -> TVector<NPerms::TPermission> { - return { - NPerms::Required("yq.queries.control"), - NPerms::Optional("yq.resources.managePublic"), - NPerms::Optional("yq.resources.managePrivate") - }; - }}; - - static const std::function GetResultDataPermissions{[](const FederatedQuery::GetResultDataRequest&) -> TVector<NPerms::TPermission> { - return { - NPerms::Required("yq.queries.getData"), - NPerms::Optional("yq.resources.viewPublic"), - NPerms::Optional("yq.resources.viewPrivate") - }; - }}; - - static const std::function ListJobsPermissions{[](const FederatedQuery::ListJobsRequest&) -> TVector<NPerms::TPermission> { - return { - NPerms::Required("yq.jobs.get"), - NPerms::Optional("yq.resources.viewPublic"), - NPerms::Optional("yq.resources.viewPrivate") - }; - }}; - - static const std::function DescribeJobPermissions{[](const FederatedQuery::DescribeJobRequest&) -> TVector<NPerms::TPermission> { - return { - NPerms::Required("yq.jobs.get"), - NPerms::Optional("yq.resources.viewPublic"), - NPerms::Optional("yq.resources.viewPrivate") - }; - }}; - - static const std::function CreateConnectionPermissions{[](const FederatedQuery::CreateConnectionRequest& request) { - TVector<NPerms::TPermission> permissions{ - NPerms::Required("yq.connections.create"), - }; - if (request.content().acl().visibility() == FederatedQuery::Acl::SCOPE) { - permissions.push_back(NPerms::Required("yq.resources.managePublic")); - } - return permissions; - }}; - - static const std::function ListConnectionsPermissions{[](const FederatedQuery::ListConnectionsRequest&) -> TVector<NPerms::TPermission> { - return { - NPerms::Required("yq.connections.get"), - NPerms::Optional("yq.resources.viewPublic"), - NPerms::Optional("yq.resources.viewPrivate") - }; - }}; - - static const std::function DescribeConnectionPermissions{[](const FederatedQuery::DescribeConnectionRequest&) -> TVector<NPerms::TPermission> { - return { - NPerms::Required("yq.connections.get"), - NPerms::Optional("yq.resources.viewPublic"), - NPerms::Optional("yq.resources.viewPrivate") - }; - }}; - - static const std::function ModifyConnectionPermissions{[](const FederatedQuery::ModifyConnectionRequest& request) { - TVector<NPerms::TPermission> permissions{ - NPerms::Required("yq.connections.update"), - NPerms::Optional("yq.resources.managePrivate") - }; - if (request.content().acl().visibility() == FederatedQuery::Acl::SCOPE) { - permissions.push_back(NPerms::Required("yq.resources.managePublic")); - } else { - permissions.push_back(NPerms::Optional("yq.resources.managePublic")); - } - return permissions; - }}; - - static const std::function DeleteConnectionPermissions{[](const FederatedQuery::DeleteConnectionRequest&) -> TVector<NPerms::TPermission> { - return { - NPerms::Required("yq.connections.delete"), - NPerms::Optional("yq.resources.managePublic"), - NPerms::Optional("yq.resources.managePrivate") - }; - }}; - - static const std::function TestConnectionPermissions{[](const FederatedQuery::TestConnectionRequest&) -> TVector<NPerms::TPermission> { - return { - NPerms::Required("yq.connections.create") - }; - }}; - - static const std::function CreateBindingPermissions{[](const FederatedQuery::CreateBindingRequest&) { - TVector<NPerms::TPermission> permissions{ - NPerms::Required("yq.bindings.create"), - }; - // For use in binding links on connection with visibility SCOPE, - // the yq.resources.managePublic permission is required. But there - // is no information about connection visibility in this place, - // so yq.resources.managePublic is always requested as optional - permissions.push_back(NPerms::Optional("yq.resources.managePublic")); - return permissions; - }}; - - static const std::function ListBindingsPermissions{[](const FederatedQuery::ListBindingsRequest&) -> TVector<NPerms::TPermission> { - return { - NPerms::Required("yq.bindings.get"), - NPerms::Optional("yq.resources.viewPublic"), - NPerms::Optional("yq.resources.viewPrivate") - }; - }}; - - static const std::function DescribeBindingPermissions{[](const FederatedQuery::DescribeBindingRequest&) -> TVector<NPerms::TPermission> { - return { - NPerms::Required("yq.bindings.get"), - NPerms::Optional("yq.resources.viewPublic"), - NPerms::Optional("yq.resources.viewPrivate") - }; - }}; - - static const std::function ModifyBindingPermissions{[](const FederatedQuery::ModifyBindingRequest&) { - TVector<NPerms::TPermission> permissions{ - NPerms::Required("yq.bindings.update"), - NPerms::Optional("yq.resources.managePrivate") - }; - // For use in binding links on connection with visibility SCOPE, - // the yq.resources.managePublic permission is required. But there - // is no information about connection visibility in this place, - // so yq.resources.managePublic is always requested as optional - permissions.push_back(NPerms::Optional("yq.resources.managePublic")); - return permissions; - }}; - - static const std::function DeleteBindingPermissions{[](const FederatedQuery::DeleteBindingRequest&) -> TVector<NPerms::TPermission> { - return { - NPerms::Required("yq.bindings.delete"), - NPerms::Optional("yq.resources.managePublic"), - NPerms::Optional("yq.resources.managePrivate") - }; - }}; - #ifdef ADD_REQUEST #error ADD_REQUEST macro already defined #endif -#define ADD_REQUEST(NAME, CB, PERMISSIONS) \ +#define ADD_REQUEST(NAME, CB) \ MakeIntrusive<TGRpcRequest<FederatedQuery::NAME##Request, FederatedQuery::NAME##Response, TGRpcFederatedQueryService, TSecurityTextFormatPrinter<FederatedQuery::NAME##Request>, TSecurityTextFormatPrinter<FederatedQuery::NAME##Response>>>( \ this, &Service_, CQ_, \ [this](NGrpc::IRequestContextBase *ctx) { \ NGRpcService::ReportGrpcReqToMon(*ActorSystem_, ctx->GetPeer()); \ - ActorSystem_->Send(GRpcRequestProxyId_, \ - new TGrpcFqRequestOperationCall<FederatedQuery::NAME##Request, FederatedQuery::NAME##Response> \ - (ctx, &CB, PERMISSIONS)); \ + ActorSystem_->Send(GRpcRequestProxyId_, CreateFederatedQuery##NAME##RequestOperationCall(ctx).release()); \ }, \ &FederatedQuery::V1::FederatedQueryService::AsyncService::Request##NAME, \ #NAME, logger, getCounterBlock("fq", #NAME)) \ ->Run(); \ - ADD_REQUEST(CreateQuery, DoFederatedQueryCreateQueryRequest, CreateQueryPermissions) - ADD_REQUEST(ListQueries, DoFederatedQueryListQueriesRequest, ListQueriesPermissions) - ADD_REQUEST(DescribeQuery, DoFederatedQueryDescribeQueryRequest, DescribeQueryPermissions) - ADD_REQUEST(GetQueryStatus, DoFederatedQueryGetQueryStatusRequest, GetQueryStatusPermissions) - ADD_REQUEST(ModifyQuery, DoFederatedQueryModifyQueryRequest, ModifyQueryPermissions) - ADD_REQUEST(DeleteQuery, DoFederatedQueryDeleteQueryRequest, DeleteQueryPermissions) - ADD_REQUEST(ControlQuery, DoFederatedQueryControlQueryRequest, ControlQueryPermissions) - ADD_REQUEST(GetResultData, DoGetResultDataRequest, GetResultDataPermissions) - ADD_REQUEST(ListJobs, DoListJobsRequest, ListJobsPermissions) - ADD_REQUEST(DescribeJob, DoDescribeJobRequest, DescribeJobPermissions) - ADD_REQUEST(CreateConnection, DoCreateConnectionRequest, CreateConnectionPermissions) - ADD_REQUEST(ListConnections, DoListConnectionsRequest, ListConnectionsPermissions) - ADD_REQUEST(DescribeConnection, DoDescribeConnectionRequest, DescribeConnectionPermissions) - ADD_REQUEST(ModifyConnection, DoModifyConnectionRequest, ModifyConnectionPermissions) - ADD_REQUEST(DeleteConnection, DoDeleteConnectionRequest, DeleteConnectionPermissions) - ADD_REQUEST(TestConnection, DoTestConnectionRequest, TestConnectionPermissions) - ADD_REQUEST(CreateBinding, DoCreateBindingRequest, CreateBindingPermissions) - ADD_REQUEST(ListBindings, DoListBindingsRequest, ListBindingsPermissions) - ADD_REQUEST(DescribeBinding, DoDescribeBindingRequest, DescribeBindingPermissions) - ADD_REQUEST(ModifyBinding, DoModifyBindingRequest, ModifyBindingPermissions) - ADD_REQUEST(DeleteBinding, DoDeleteBindingRequest, DeleteBindingPermissions) + ADD_REQUEST(CreateQuery, DoFederatedQueryCreateQueryRequest) + ADD_REQUEST(ListQueries, DoFederatedQueryListQueriesRequest) + ADD_REQUEST(DescribeQuery, DoFederatedQueryDescribeQueryRequest) + ADD_REQUEST(GetQueryStatus, DoFederatedQueryGetQueryStatusRequest) + ADD_REQUEST(ModifyQuery, DoFederatedQueryModifyQueryRequest) + ADD_REQUEST(DeleteQuery, DoFederatedQueryDeleteQueryRequest) + ADD_REQUEST(ControlQuery, DoFederatedQueryControlQueryRequest) + ADD_REQUEST(GetResultData, DoFederatedQueryGetResultDataRequest) + ADD_REQUEST(ListJobs, DoFederatedQueryListJobsRequest) + ADD_REQUEST(DescribeJob, DoFederatedQueryDescribeJobRequest) + ADD_REQUEST(CreateConnection, DoFederatedQueryCreateConnectionRequest) + ADD_REQUEST(ListConnections, DoFederatedQueryListConnectionsRequest) + ADD_REQUEST(DescribeConnection, DoFederatedQueryDescribeConnectionRequest) + ADD_REQUEST(ModifyConnection, DoFederatedQueryModifyConnectionRequest) + ADD_REQUEST(DeleteConnection, DoFederatedQueryDeleteConnectionRequest) + ADD_REQUEST(TestConnection, DoFederatedQueryTestConnectionRequest) + ADD_REQUEST(CreateBinding, DoFederatedQueryCreateBindingRequest) + ADD_REQUEST(ListBindings, DoFederatedQueryListBindingsRequest) + ADD_REQUEST(DescribeBinding, DoFederatedQueryDescribeBindingRequest) + ADD_REQUEST(ModifyBinding, DoFederatedQueryModifyBindingRequest) + ADD_REQUEST(DeleteBinding, DoFederatedQueryDeleteBindingRequest) #undef ADD_REQUEST |