diff options
| author | hcpp <hcpp@ydb.tech> | 2023-09-07 12:53:55 +0300 |
|---|---|---|
| committer | hcpp <hcpp@ydb.tech> | 2023-09-07 14:07:44 +0300 |
| commit | d881bffab3520d7b9915fb97f240e807937e8421 (patch) | |
| tree | 22371f0b947b4ce80feaaccb24f6189d902f480f | |
| parent | 3ddbe638dca4f6b3c9a10ba93e8d0d3d888aa6aa (diff) | |
| download | ydb-d881bffab3520d7b9915fb97f240e807937e8421.tar.gz | |
CurrentIam connections have been filtered from synchronization step
| -rw-r--r-- | ydb/core/fq/libs/compute/ydb/synchronization_service/synchronization_service.cpp | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/ydb/core/fq/libs/compute/ydb/synchronization_service/synchronization_service.cpp b/ydb/core/fq/libs/compute/ydb/synchronization_service/synchronization_service.cpp index 27111cb6dc..1c8a3b94c3 100644 --- a/ydb/core/fq/libs/compute/ydb/synchronization_service/synchronization_service.cpp +++ b/ydb/core/fq/libs/compute/ydb/synchronization_service/synchronization_service.cpp @@ -308,6 +308,17 @@ private: LOG_I("Exclude connection by visibility: scope = " << Scope << " , id = " << meta.id() << ", visibility = " << FederatedQuery::Acl::Visibility_Name(content.acl().visibility())); excludeIds.push_back(meta.id()); } + + const auto authCase = GetAuth(connection).identity_case(); + switch (authCase) { + case FederatedQuery::IamAuth::kNone: + case FederatedQuery::IamAuth::kServiceAccount: + break; + case FederatedQuery::IamAuth::kCurrentIam: + case FederatedQuery::IamAuth::IDENTITY_NOT_SET: + LOG_I("Exclude connection by auth: scope = " << Scope << " , id = " << meta.id() << ", auth = " << static_cast<int>(authCase)); + excludeIds.push_back(meta.id()); + } } for (const auto& excludeId: excludeIds) { Connections.erase(excludeId); @@ -320,6 +331,13 @@ private: const auto& meta = binding.meta(); const auto& content = binding.content(); const auto& setting = content.setting(); + const auto& connectionId = content.connection_id(); + if (!Connections.contains(connectionId)) { + LOG_I("Exclude binding because connection is filtered out: scope = " << Scope << " , id = " << meta.id() << ", connection id = " << connectionId); + excludeIds.push_back(meta.id()); + continue; + } + switch (setting.binding_case()) { case FederatedQuery::BindingSetting::kObjectStorage: break; |