cloud id for audit logs has been improved

author: hcpp <hcpp@ydb.tech> 2022-10-28 16:53:03 +0300
committer: hcpp <hcpp@ydb.tech> 2022-10-28 16:53:03 +0300
commit: b4da588c0be28d60d4e20245dd7488054268000d (patch)
tree: 2185e523a42f432a64a10b80a523befc2797a6f3
parent: a4f0fef62c4cf2e35d9c050a9156d3aac77c127e (diff)
download: ydb-b4da588c0be28d60d4e20245dd7488054268000d.tar.gz
1 files changed, 118 insertions, 117 deletions
diff --git a/ydb/core/grpc_services/rpc_yq.cpp b/ydb/core/grpc_services/rpc_yq.cpp
index 5c1692ccc6..a5a06e26ea 100644
--- a/ydb/core/grpc_services/rpc_yq.cpp
+++ b/ydb/core/grpc_services/rpc_yq.cpp
@@ -151,6 +151,7 @@ protected:
 
         NYq::TEvAuditService::TExtraInfo extraInfo{
             .Token = Token,
+            .CloudId = response.AuditDetails.CloudId,
             .FolderId = FolderId,
             .User = User,
             .PeerName = PeerName,
@@ -472,70 +473,70 @@ std::unique_ptr<TEvProxyRuntimeEvent> CreateGetResultDataRequestOperationCall(TI
     return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::GetResultDataRequest, YandexQuery::GetResultDataResponse>>(ctx.Release(), &DoYandexQueryGetResultDataRequest, permissions);
 }
 
-std::unique_ptr<TEvProxyRuntimeEvent> CreateListJobsRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) {
-    static const std::function permissions{ [](const YandexQuery::ListJobsRequest&) -> TVector<NPerms::TPermission> {
-        return {
+std::unique_ptr<TEvProxyRuntimeEvent> CreateListJobsRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) {
+    static const std::function permissions{ [](const YandexQuery::ListJobsRequest&) -> TVector<NPerms::TPermission> {
+        return {
             NPerms::Required("yq.jobs.get"),
             NPerms::Optional("yq.resources.viewPublic"),
-            NPerms::Optional("yq.resources.viewPrivate")
-        };
-    } };
-
-    return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::ListJobsRequest, YandexQuery::ListJobsResponse>>(ctx.Release(), &DoYandexQueryListJobsRequest, permissions);
+            NPerms::Optional("yq.resources.viewPrivate")
+        };
+    } };
+
+    return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::ListJobsRequest, YandexQuery::ListJobsResponse>>(ctx.Release(), &DoYandexQueryListJobsRequest, permissions);
 }
 
-std::unique_ptr<TEvProxyRuntimeEvent> CreateDescribeJobRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) {
-    static const std::function permissions{ [](const YandexQuery::DescribeJobRequest&) -> TVector<NPerms::TPermission> {
-        return {
+std::unique_ptr<TEvProxyRuntimeEvent> CreateDescribeJobRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) {
+    static const std::function permissions{ [](const YandexQuery::DescribeJobRequest&) -> TVector<NPerms::TPermission> {
+        return {
             NPerms::Required("yq.jobs.get"),
             NPerms::Optional("yq.resources.viewPublic"),
-            NPerms::Optional("yq.resources.viewPrivate")
-        };
-    } };
-
-    return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::DescribeJobRequest, YandexQuery::DescribeJobResponse>>(ctx.Release(), &DoYandexQueryDescribeJobRequest, permissions);
+            NPerms::Optional("yq.resources.viewPrivate")
+        };
+    } };
+
+    return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::DescribeJobRequest, YandexQuery::DescribeJobResponse>>(ctx.Release(), &DoYandexQueryDescribeJobRequest, permissions);
 }
 
-std::unique_ptr<TEvProxyRuntimeEvent> CreateCreateConnectionRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) {
-    static const std::function permissions{ [](const YandexQuery::CreateConnectionRequest& request) -> TVector<NPerms::TPermission> {
+std::unique_ptr<TEvProxyRuntimeEvent> CreateCreateConnectionRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) {
+    static const std::function permissions{ [](const YandexQuery::CreateConnectionRequest& request) -> TVector<NPerms::TPermission> {
         TVector<NPerms::TPermission> basePermissions{
             NPerms::Required("yq.connections.create"),
         };
         if (request.content().acl().visibility() == YandexQuery::Acl::SCOPE) {
             basePermissions.push_back(NPerms::Required("yq.resources.managePublic"));
         }
-        return basePermissions;
-    } };
-
-    return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::CreateConnectionRequest, YandexQuery::CreateConnectionResponse>>(ctx.Release(), &DoYandexQueryCreateConnectionRequest, permissions);
-}
-
-std::unique_ptr<TEvProxyRuntimeEvent> CreateListConnectionsRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) {
-    static const std::function permissions{ [](const YandexQuery::ListConnectionsRequest&) -> TVector<NPerms::TPermission> {
-        return {
+        return basePermissions;
+    } };
+
+    return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::CreateConnectionRequest, YandexQuery::CreateConnectionResponse>>(ctx.Release(), &DoYandexQueryCreateConnectionRequest, permissions);
+}
+
+std::unique_ptr<TEvProxyRuntimeEvent> CreateListConnectionsRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) {
+    static const std::function permissions{ [](const YandexQuery::ListConnectionsRequest&) -> TVector<NPerms::TPermission> {
+        return {
             NPerms::Required("yq.connections.get"),
             NPerms::Optional("yq.resources.viewPublic"),
-            NPerms::Optional("yq.resources.viewPrivate")
-        };
-    } };
-
-    return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::ListConnectionsRequest, YandexQuery::ListConnectionsResponse>>(ctx.Release(), &DoYandexQueryListConnectionsRequest, permissions);
-}
-
-std::unique_ptr<TEvProxyRuntimeEvent> CreateDescribeConnectionRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) {
-    static const std::function permissions{ [](const YandexQuery::DescribeConnectionRequest&) -> TVector<NPerms::TPermission> {
-        return {
+            NPerms::Optional("yq.resources.viewPrivate")
+        };
+    } };
+
+    return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::ListConnectionsRequest, YandexQuery::ListConnectionsResponse>>(ctx.Release(), &DoYandexQueryListConnectionsRequest, permissions);
+}
+
+std::unique_ptr<TEvProxyRuntimeEvent> CreateDescribeConnectionRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) {
+    static const std::function permissions{ [](const YandexQuery::DescribeConnectionRequest&) -> TVector<NPerms::TPermission> {
+        return {
             NPerms::Required("yq.connections.get"),
             NPerms::Optional("yq.resources.viewPublic"),
-            NPerms::Optional("yq.resources.viewPrivate")
-        };
-    } };
-
-    return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::DescribeConnectionRequest, YandexQuery::DescribeConnectionResponse>>(ctx.Release(), &DoYandexQueryDescribeConnectionRequest, permissions);
-}
-
-std::unique_ptr<TEvProxyRuntimeEvent> CreateModifyConnectionRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) {
-    static const std::function permissions{ [](const YandexQuery::ModifyConnectionRequest& request) -> TVector<NPerms::TPermission> {
+            NPerms::Optional("yq.resources.viewPrivate")
+        };
+    } };
+
+    return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::DescribeConnectionRequest, YandexQuery::DescribeConnectionResponse>>(ctx.Release(), &DoYandexQueryDescribeConnectionRequest, permissions);
+}
+
+std::unique_ptr<TEvProxyRuntimeEvent> CreateModifyConnectionRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) {
+    static const std::function permissions{ [](const YandexQuery::ModifyConnectionRequest& request) -> TVector<NPerms::TPermission> {
         TVector<NPerms::TPermission> basePermissions{
             NPerms::Required("yq.connections.update"),
             NPerms::Optional("yq.resources.managePrivate")
@@ -543,36 +544,36 @@ std::unique_ptr<TEvProxyRuntimeEvent> CreateModifyConnectionRequestOperationCall
         if (request.content().acl().visibility() == YandexQuery::Acl::SCOPE) {
             basePermissions.push_back(NPerms::Required("yq.resources.managePublic"));
         }
-        return basePermissions;
-    } };
-
-    return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::ModifyConnectionRequest, YandexQuery::ModifyConnectionResponse>>(ctx.Release(), &DoYandexQueryModifyConnectionRequest, permissions);
-}
-
-std::unique_ptr<TEvProxyRuntimeEvent> CreateDeleteConnectionRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) {
-    static const std::function permissions{ [](const YandexQuery::DeleteConnectionRequest&) -> TVector<NPerms::TPermission> {
-        return {
+        return basePermissions;
+    } };
+
+    return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::ModifyConnectionRequest, YandexQuery::ModifyConnectionResponse>>(ctx.Release(), &DoYandexQueryModifyConnectionRequest, permissions);
+}
+
+std::unique_ptr<TEvProxyRuntimeEvent> CreateDeleteConnectionRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) {
+    static const std::function permissions{ [](const YandexQuery::DeleteConnectionRequest&) -> TVector<NPerms::TPermission> {
+        return {
             NPerms::Required("yq.connections.delete"),
             NPerms::Optional("yq.resources.managePublic"),
             NPerms::Optional("yq.resources.managePrivate")
-        };
-    } };
-
-    return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::DeleteConnectionRequest, YandexQuery::DeleteConnectionResponse>>(ctx.Release(), &DoYandexQueryDeleteConnectionRequest, permissions);
-}
-
-std::unique_ptr<TEvProxyRuntimeEvent> CreateTestConnectionRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) {
-    static const std::function permissions{ [](const YandexQuery::TestConnectionRequest&) -> TVector<NPerms::TPermission> {
-        return {
-            NPerms::Required("yq.connections.create")
-        };
-    } };
-
-    return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::TestConnectionRequest, YandexQuery::TestConnectionResponse>>(ctx.Release(), &DoYandexQueryTestConnectionRequest, permissions);
-}
-
-std::unique_ptr<TEvProxyRuntimeEvent> CreateCreateBindingRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) {
-    static const std::function permissions{ [](const YandexQuery::CreateBindingRequest&) -> TVector<NPerms::TPermission> {
+        };
+    } };
+
+    return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::DeleteConnectionRequest, YandexQuery::DeleteConnectionResponse>>(ctx.Release(), &DoYandexQueryDeleteConnectionRequest, permissions);
+}
+
+std::unique_ptr<TEvProxyRuntimeEvent> CreateTestConnectionRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) {
+    static const std::function permissions{ [](const YandexQuery::TestConnectionRequest&) -> TVector<NPerms::TPermission> {
+        return {
+            NPerms::Required("yq.connections.create")
+        };
+    } };
+
+    return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::TestConnectionRequest, YandexQuery::TestConnectionResponse>>(ctx.Release(), &DoYandexQueryTestConnectionRequest, permissions);
+}
+
+std::unique_ptr<TEvProxyRuntimeEvent> CreateCreateBindingRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) {
+    static const std::function permissions{ [](const YandexQuery::CreateBindingRequest&) -> TVector<NPerms::TPermission> {
         // For use in binding links on connection with visibility SCOPE,
         // the yq.resources.managePublic permission is required. But there
         // is no information about connection visibility in this place,
@@ -581,62 +582,62 @@ std::unique_ptr<TEvProxyRuntimeEvent> CreateCreateBindingRequestOperationCall(TI
             NPerms::Required("yq.bindings.create"),
             NPerms::Optional("yq.resources.managePublic")
         };
-    } };
-
-    return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::CreateBindingRequest, YandexQuery::CreateBindingResponse>>(ctx.Release(), &DoYandexQueryCreateBindingRequest, permissions);
-}
-
-std::unique_ptr<TEvProxyRuntimeEvent> CreateListBindingsRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) {
-    static const std::function permissions{ [](const YandexQuery::ListBindingsRequest&) -> TVector<NPerms::TPermission> {
-        return {
+    } };
+
+    return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::CreateBindingRequest, YandexQuery::CreateBindingResponse>>(ctx.Release(), &DoYandexQueryCreateBindingRequest, permissions);
+}
+
+std::unique_ptr<TEvProxyRuntimeEvent> CreateListBindingsRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) {
+    static const std::function permissions{ [](const YandexQuery::ListBindingsRequest&) -> TVector<NPerms::TPermission> {
+        return {
             NPerms::Required("yq.bindings.get"),
             NPerms::Optional("yq.resources.viewPublic"),
-            NPerms::Optional("yq.resources.viewPrivate")
-        };
-    } };
-
-    return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::ListBindingsRequest, YandexQuery::ListBindingsResponse>>(ctx.Release(), &DoYandexQueryListBindingsRequest, permissions);
-}
-
-std::unique_ptr<TEvProxyRuntimeEvent> CreateDescribeBindingRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) {
-    static const std::function permissions{ [](const YandexQuery::DescribeBindingRequest&) -> TVector<NPerms::TPermission> {
-        return {
+            NPerms::Optional("yq.resources.viewPrivate")
+        };
+    } };
+
+    return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::ListBindingsRequest, YandexQuery::ListBindingsResponse>>(ctx.Release(), &DoYandexQueryListBindingsRequest, permissions);
+}
+
+std::unique_ptr<TEvProxyRuntimeEvent> CreateDescribeBindingRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) {
+    static const std::function permissions{ [](const YandexQuery::DescribeBindingRequest&) -> TVector<NPerms::TPermission> {
+        return {
             NPerms::Required("yq.bindings.get"),
             NPerms::Optional("yq.resources.viewPublic"),
-            NPerms::Optional("yq.resources.viewPrivate")
-        };
-    } };
-
-    return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::DescribeBindingRequest, YandexQuery::DescribeBindingResponse>>(ctx.Release(), &DoYandexQueryDescribeBindingRequest, permissions);
-}
-
-std::unique_ptr<TEvProxyRuntimeEvent> CreateModifyBindingRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) {
-    static const std::function permissions{ [](const YandexQuery::ModifyBindingRequest&) -> TVector<NPerms::TPermission> {
+            NPerms::Optional("yq.resources.viewPrivate")
+        };
+    } };
+
+    return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::DescribeBindingRequest, YandexQuery::DescribeBindingResponse>>(ctx.Release(), &DoYandexQueryDescribeBindingRequest, permissions);
+}
+
+std::unique_ptr<TEvProxyRuntimeEvent> CreateModifyBindingRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) {
+    static const std::function permissions{ [](const YandexQuery::ModifyBindingRequest&) -> TVector<NPerms::TPermission> {
         // For use in binding links on connection with visibility SCOPE,
         // the yq.resources.managePublic permission is required. But there
         // is no information about connection visibility in this place,
         // so yq.resources.managePublic is always requested as optional
-        return {
+        return {
             NPerms::Required("yq.bindings.update"),
             NPerms::Optional("yq.resources.managePrivate"),
-            NPerms::Optional("yq.resources.managePublic")
-        };
-    } };
-
-    return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::ModifyBindingRequest, YandexQuery::ModifyBindingResponse>>(ctx.Release(), &DoYandexQueryModifyBindingRequest, permissions);
-}
-
-std::unique_ptr<TEvProxyRuntimeEvent> CreateDeleteBindingRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) {
-    static const std::function permissions{ [](const YandexQuery::DeleteBindingRequest&) -> TVector<NPerms::TPermission> {
-        return {
+            NPerms::Optional("yq.resources.managePublic")
+        };
+    } };
+
+    return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::ModifyBindingRequest, YandexQuery::ModifyBindingResponse>>(ctx.Release(), &DoYandexQueryModifyBindingRequest, permissions);
+}
+
+std::unique_ptr<TEvProxyRuntimeEvent> CreateDeleteBindingRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) {
+    static const std::function permissions{ [](const YandexQuery::DeleteBindingRequest&) -> TVector<NPerms::TPermission> {
+        return {
             NPerms::Required("yq.bindings.delete"),
             NPerms::Optional("yq.resources.managePublic"),
-            NPerms::Optional("yq.resources.managePrivate")
-        };
-    } };
-
-    return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::DeleteBindingRequest, YandexQuery::DeleteBindingResponse>>(ctx.Release(), &DoYandexQueryDeleteBindingRequest, permissions);
-}
+            NPerms::Optional("yq.resources.managePrivate")
+        };
+    } };
+
+    return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::DeleteBindingRequest, YandexQuery::DeleteBindingResponse>>(ctx.Release(), &DoYandexQueryDeleteBindingRequest, permissions);
+}
 
 } // namespace NGRpcService
 } // namespace NKikimr
author	hcpp <hcpp@ydb.tech>	2022-10-28 16:53:03 +0300
committer	hcpp <hcpp@ydb.tech>	2022-10-28 16:53:03 +0300
commit	b4da588c0be28d60d4e20245dd7488054268000d (patch)
tree	2185e523a42f432a64a10b80a523befc2797a6f3
parent	a4f0fef62c4cf2e35d9c050a9156d3aac77c127e (diff)
download	ydb-b4da588c0be28d60d4e20245dd7488054268000d.tar.gz