Describe users even they haven't been logged in (#12574)

author: kungurtsev <kungasc@ydb.tech> 2024-12-12 18:23:58 +0100
committer: GitHub <noreply@github.com> 2024-12-12 18:23:58 +0100
commit: d779ea87a0fe2a5e6357eb4a601b71263c7d585a (patch)
tree: b746836dad4c2fb84cc3d6a248c8feeb657e6a86
parent: 1b8803148be125460f9c905972a660cd0416ec8a (diff)
download: ydb-d779ea87a0fe2a5e6357eb4a601b71263c7d585a.tar.gz
4 files changed, 43 insertions, 17 deletions
diff --git a/ydb/core/grpc_services/grpc_request_proxy.cpp b/ydb/core/grpc_services/grpc_request_proxy.cpp
index 078bfe1556..fbfaed71d8 100644
--- a/ydb/core/grpc_services/grpc_request_proxy.cpp
+++ b/ydb/core/grpc_services/grpc_request_proxy.cpp
@@ -479,7 +479,8 @@ void TGRpcRequestProxyImpl::HandleSchemeBoard(TSchemeBoardEvents::TEvNotifyUpdat
     }
 
     if (describeScheme.GetPathDescription().HasDomainDescription()
-        && describeScheme.GetPathDescription().GetDomainDescription().HasSecurityState()) {
+        && describeScheme.GetPathDescription().GetDomainDescription().HasSecurityState()
+        && describeScheme.GetPathDescription().GetDomainDescription().GetSecurityState().PublicKeysSize() > 0) {
         LOG_DEBUG_S(*TlsActivationContext, NKikimrServices::GRPC_SERVER, "Updating SecurityState for " << databaseName);
         Send(MakeTicketParserID(), new TEvTicketParser::TEvUpdateLoginSecurityState(
             describeScheme.GetPathDescription().GetDomainDescription().GetSecurityState()
@@ -489,6 +490,8 @@ void TGRpcRequestProxyImpl::HandleSchemeBoard(TSchemeBoardEvents::TEvNotifyUpdat
             LOG_DEBUG_S(*TlsActivationContext, NKikimrServices::GRPC_SERVER, "Can't update SecurityState for " << databaseName << " - no DomainDescription");
         } else if (!describeScheme.GetPathDescription().GetDomainDescription().HasSecurityState()) {
             LOG_DEBUG_S(*TlsActivationContext, NKikimrServices::GRPC_SERVER, "Can't update SecurityState for " << databaseName << " - no SecurityState");
+        } else if (describeScheme.GetPathDescription().GetDomainDescription().GetSecurityState().PublicKeysSize() == 0) {
+            LOG_DEBUG_S(*TlsActivationContext, NKikimrServices::GRPC_SERVER, "Can't update SecurityState for " << databaseName << " - no PublicKeys");
         }
     }
 
diff --git a/ydb/core/tx/schemeshard/schemeshard_info_types.h b/ydb/core/tx/schemeshard/schemeshard_info_types.h
index aae38bf13e..63a7e9d1a1 100644
--- a/ydb/core/tx/schemeshard/schemeshard_info_types.h
+++ b/ydb/core/tx/schemeshard/schemeshard_info_types.h
@@ -2012,10 +2012,6 @@ struct TSubDomainInfo: TSimpleRefCount<TSubDomainInfo> {
         DiskQuotaExceeded = value;
     }
 
-    bool HasSecurityState() const {
-        return SecurityState.PublicKeysSize() > 0;
-    }
-
     const NLoginProto::TSecurityState& GetSecurityState() const {
         return SecurityState;
     }
diff --git a/ydb/core/tx/schemeshard/schemeshard_path_describer.cpp b/ydb/core/tx/schemeshard/schemeshard_path_describer.cpp
index 033ff72685..fe521ea8db 100644
--- a/ydb/core/tx/schemeshard/schemeshard_path_describer.cpp
+++ b/ydb/core/tx/schemeshard/schemeshard_path_describer.cpp
@@ -939,9 +939,7 @@ void TPathDescriber::DescribeDomainExtra(TPathElement::TPtr pathEl) {
     for (auto& pool: subDomainInfo->GetStoragePools()) {
         *entry->AddStoragePools() = pool;
     }
-    if (subDomainInfo->HasSecurityState()) {
-        entry->MutableSecurityState()->CopyFrom(subDomainInfo->GetSecurityState());
-    }
+    entry->MutableSecurityState()->CopyFrom(subDomainInfo->GetSecurityState());
 }
 
 void TPathDescriber::DescribeBlockStoreVolume(TPathId pathId, TPathElement::TPtr pathEl) {
diff --git a/ydb/core/tx/schemeshard/ut_login/ut_login.cpp b/ydb/core/tx/schemeshard/ut_login/ut_login.cpp
index 48ffbb9766..47e73d33e2 100644
--- a/ydb/core/tx/schemeshard/ut_login/ut_login.cpp
+++ b/ydb/core/tx/schemeshard/ut_login/ut_login.cpp
@@ -40,20 +40,49 @@ Y_UNIT_TEST_SUITE(TSchemeShardLoginTest) {
         TTestBasicRuntime runtime;
         TTestEnv env(runtime);
         ui64 txId = 100;
+
+        {
+            auto describe = DescribePath(runtime, TTestTxConfig::SchemeShard, "/MyRoot");
+            Cerr << describe.DebugString() << Endl;
+            UNIT_ASSERT(describe.HasPathDescription());
+            UNIT_ASSERT(describe.GetPathDescription().HasDomainDescription());
+            UNIT_ASSERT(describe.GetPathDescription().GetDomainDescription().HasSecurityState());
+            UNIT_ASSERT_VALUES_EQUAL(describe.GetPathDescription().GetDomainDescription().GetSecurityState().PublicKeysSize(), 0);
+            UNIT_ASSERT_VALUES_EQUAL(describe.GetPathDescription().GetDomainDescription().GetSecurityState().SidsSize(), 0);
+        }
+
         CreateAlterLoginCreateUser(runtime, ++txId, "/MyRoot", "user1", "password1");
+        
+        {
+            auto describe = DescribePath(runtime, TTestTxConfig::SchemeShard, "/MyRoot");
+            UNIT_ASSERT(describe.HasPathDescription());
+            UNIT_ASSERT(describe.GetPathDescription().HasDomainDescription());
+            UNIT_ASSERT(describe.GetPathDescription().GetDomainDescription().HasSecurityState());
+            UNIT_ASSERT_VALUES_EQUAL(describe.GetPathDescription().GetDomainDescription().GetSecurityState().PublicKeysSize(), 0);
+            UNIT_ASSERT_VALUES_EQUAL(describe.GetPathDescription().GetDomainDescription().GetSecurityState().SidsSize(), 1);
+        }
+
+        // public keys are filled after the first login
         auto resultLogin = Login(runtime, "user1", "password1");
         UNIT_ASSERT_VALUES_EQUAL(resultLogin.error(), "");
-        auto describe = DescribePath(runtime, TTestTxConfig::SchemeShard, "/MyRoot");
-        UNIT_ASSERT(describe.HasPathDescription());
-        UNIT_ASSERT(describe.GetPathDescription().HasDomainDescription());
-        UNIT_ASSERT(describe.GetPathDescription().GetDomainDescription().HasSecurityState());
-        UNIT_ASSERT(describe.GetPathDescription().GetDomainDescription().GetSecurityState().PublicKeysSize() > 0);
+
+        {
+            auto describe = DescribePath(runtime, TTestTxConfig::SchemeShard, "/MyRoot");
+            UNIT_ASSERT(describe.HasPathDescription());
+            UNIT_ASSERT(describe.GetPathDescription().HasDomainDescription());
+            UNIT_ASSERT(describe.GetPathDescription().GetDomainDescription().HasSecurityState());
+            UNIT_ASSERT_VALUES_EQUAL(describe.GetPathDescription().GetDomainDescription().GetSecurityState().PublicKeysSize(), 1);
+            UNIT_ASSERT_VALUES_EQUAL(describe.GetPathDescription().GetDomainDescription().GetSecurityState().SidsSize(), 1);
+        }
 
         // check token
-        NLogin::TLoginProvider login;
-        login.UpdateSecurityState(describe.GetPathDescription().GetDomainDescription().GetSecurityState());
-        auto resultValidate = login.ValidateToken({.Token = resultLogin.token()});
-        UNIT_ASSERT_VALUES_EQUAL(resultValidate.User, "user1");
+        {
+            auto describe = DescribePath(runtime, TTestTxConfig::SchemeShard, "/MyRoot");
+            NLogin::TLoginProvider login;
+            login.UpdateSecurityState(describe.GetPathDescription().GetDomainDescription().GetSecurityState());
+            auto resultValidate = login.ValidateToken({.Token = resultLogin.token()});
+            UNIT_ASSERT_VALUES_EQUAL(resultValidate.User, "user1");
+        }
     }
 
     Y_UNIT_TEST(DisableBuiltinAuthMechanism) {
author	kungurtsev <kungasc@ydb.tech>	2024-12-12 18:23:58 +0100
committer	GitHub <noreply@github.com>	2024-12-12 18:23:58 +0100
commit	d779ea87a0fe2a5e6357eb4a601b71263c7d585a (patch)
tree	b746836dad4c2fb84cc3d6a248c8feeb657e6a86
parent	1b8803148be125460f9c905972a660cd0416ec8a (diff)
download	ydb-d779ea87a0fe2a5e6357eb4a601b71263c7d585a.tar.gz