diff options
author | auzhegov <auzhegov@yandex-team.com> | 2023-02-17 14:30:19 +0300 |
---|---|---|
committer | auzhegov <auzhegov@yandex-team.com> | 2023-02-17 14:30:19 +0300 |
commit | e7f46af0fea08f462cd8492cab5aba5c0f48483d (patch) | |
tree | 3a6ef0bce2f6cc963e0e6aef8af978a8ad422c46 | |
parent | 49a708acc9002a668fa866efccb3d752cd60ccbd (diff) | |
download | ydb-e7f46af0fea08f462cd8492cab5aba5c0f48483d.tar.gz |
Перенос yc public yq events api в oss
Initial version
33 files changed, 1025 insertions, 114 deletions
diff --git a/library/cpp/actors/CMakeLists.txt b/library/cpp/actors/CMakeLists.txt index 85c57c9506..9d76935e02 100644 --- a/library/cpp/actors/CMakeLists.txt +++ b/library/cpp/actors/CMakeLists.txt @@ -12,6 +12,7 @@ add_subdirectory(dnsresolver) add_subdirectory(helpers) add_subdirectory(http) add_subdirectory(interconnect) +add_subdirectory(log_backend) add_subdirectory(memory_log) add_subdirectory(prof) add_subdirectory(protos) diff --git a/ydb/core/yq/libs/audit/mock/CMakeLists.darwin.txt b/library/cpp/actors/log_backend/CMakeLists.darwin.txt index 541d9ba2fb..2845e78e35 100644 --- a/ydb/core/yq/libs/audit/mock/CMakeLists.darwin.txt +++ b/library/cpp/actors/log_backend/CMakeLists.darwin.txt @@ -7,13 +7,13 @@ -add_library(libs-audit-mock) -target_link_libraries(libs-audit-mock PUBLIC +add_library(cpp-actors-log_backend) +target_link_libraries(cpp-actors-log_backend PUBLIC contrib-libs-cxxsupp yutil - libs-audit-events - libs-config-protos + cpp-actors-core + library-cpp-logger ) -target_sources(libs-audit-mock PRIVATE - ${CMAKE_SOURCE_DIR}/ydb/core/yq/libs/audit/mock/yq_mock_audit_service.cpp +target_sources(cpp-actors-log_backend PRIVATE + ${CMAKE_SOURCE_DIR}/library/cpp/actors/log_backend/actor_log_backend.cpp ) diff --git a/ydb/core/yq/libs/audit/mock/CMakeLists.linux-aarch64.txt b/library/cpp/actors/log_backend/CMakeLists.linux-aarch64.txt index 049a08c774..15786d6c74 100644 --- a/ydb/core/yq/libs/audit/mock/CMakeLists.linux-aarch64.txt +++ b/library/cpp/actors/log_backend/CMakeLists.linux-aarch64.txt @@ -7,14 +7,14 @@ -add_library(libs-audit-mock) -target_link_libraries(libs-audit-mock PUBLIC +add_library(cpp-actors-log_backend) +target_link_libraries(cpp-actors-log_backend PUBLIC contrib-libs-linux-headers contrib-libs-cxxsupp yutil - libs-audit-events - libs-config-protos + cpp-actors-core + library-cpp-logger ) -target_sources(libs-audit-mock PRIVATE - ${CMAKE_SOURCE_DIR}/ydb/core/yq/libs/audit/mock/yq_mock_audit_service.cpp +target_sources(cpp-actors-log_backend PRIVATE + ${CMAKE_SOURCE_DIR}/library/cpp/actors/log_backend/actor_log_backend.cpp ) diff --git a/ydb/core/yq/libs/audit/mock/CMakeLists.linux.txt b/library/cpp/actors/log_backend/CMakeLists.linux.txt index 049a08c774..15786d6c74 100644 --- a/ydb/core/yq/libs/audit/mock/CMakeLists.linux.txt +++ b/library/cpp/actors/log_backend/CMakeLists.linux.txt @@ -7,14 +7,14 @@ -add_library(libs-audit-mock) -target_link_libraries(libs-audit-mock PUBLIC +add_library(cpp-actors-log_backend) +target_link_libraries(cpp-actors-log_backend PUBLIC contrib-libs-linux-headers contrib-libs-cxxsupp yutil - libs-audit-events - libs-config-protos + cpp-actors-core + library-cpp-logger ) -target_sources(libs-audit-mock PRIVATE - ${CMAKE_SOURCE_DIR}/ydb/core/yq/libs/audit/mock/yq_mock_audit_service.cpp +target_sources(cpp-actors-log_backend PRIVATE + ${CMAKE_SOURCE_DIR}/library/cpp/actors/log_backend/actor_log_backend.cpp ) diff --git a/ydb/core/yq/libs/audit/mock/CMakeLists.txt b/library/cpp/actors/log_backend/CMakeLists.txt index 5bb4faffb4..5bb4faffb4 100644 --- a/ydb/core/yq/libs/audit/mock/CMakeLists.txt +++ b/library/cpp/actors/log_backend/CMakeLists.txt diff --git a/library/cpp/actors/log_backend/actor_log_backend.cpp b/library/cpp/actors/log_backend/actor_log_backend.cpp new file mode 100644 index 0000000000..a6fdd20c7b --- /dev/null +++ b/library/cpp/actors/log_backend/actor_log_backend.cpp @@ -0,0 +1,42 @@ +#include "actor_log_backend.h" + +#include <library/cpp/actors/core/actorsystem.h> +#include <library/cpp/actors/core/log.h> +#include <library/cpp/logger/record.h> + +namespace { + +NActors::NLog::EPriority GetActorLogPriority(ELogPriority priority) { + switch (priority) { + case TLOG_EMERG: + return NActors::NLog::PRI_EMERG; + case TLOG_ALERT: + return NActors::NLog::PRI_ALERT; + case TLOG_CRIT: + return NActors::NLog::PRI_CRIT; + case TLOG_ERR: + return NActors::NLog::PRI_ERROR; + case TLOG_WARNING: + return NActors::NLog::PRI_WARN; + case TLOG_NOTICE: + return NActors::NLog::PRI_NOTICE; + case TLOG_INFO: + return NActors::NLog::PRI_INFO; + case TLOG_DEBUG: + return NActors::NLog::PRI_DEBUG; + default: + return NActors::NLog::PRI_TRACE; + } +} + +} + +TActorLogBackend::TActorLogBackend(NActors::TActorSystem* actorSystem, int logComponent) + : ActorSystem(actorSystem) + , LogComponent(logComponent) +{ +} + +void TActorLogBackend::WriteData(const TLogRecord& rec) { + LOG_LOG(*ActorSystem, GetActorLogPriority(rec.Priority), LogComponent, TString(rec.Data, rec.Len)); +} diff --git a/library/cpp/actors/log_backend/actor_log_backend.h b/library/cpp/actors/log_backend/actor_log_backend.h new file mode 100644 index 0000000000..a51427d498 --- /dev/null +++ b/library/cpp/actors/log_backend/actor_log_backend.h @@ -0,0 +1,20 @@ +#pragma once +#include <library/cpp/logger/backend.h> + +namespace NActors { +class TActorSystem; +} // namespace NActors + +class TActorLogBackend : public TLogBackend { +public: + TActorLogBackend(NActors::TActorSystem* actorSystem, int logComponent); + + void WriteData(const TLogRecord& rec) override; + + void ReopenLog() override { + } + +private: + NActors::TActorSystem* const ActorSystem; + const int LogComponent; +}; diff --git a/ydb/apps/ydbd/CMakeLists.darwin.txt b/ydb/apps/ydbd/CMakeLists.darwin.txt index dbfba1c967..afe2304800 100644 --- a/ydb/apps/ydbd/CMakeLists.darwin.txt +++ b/ydb/apps/ydbd/CMakeLists.darwin.txt @@ -20,7 +20,6 @@ target_link_libraries(ydbd PUBLIC run ydb-core-protos ydb-core-security - libs-audit-mock library-folder_service-mock ydb-library-keys ydb-library-pdisk_io diff --git a/ydb/apps/ydbd/CMakeLists.linux-aarch64.txt b/ydb/apps/ydbd/CMakeLists.linux-aarch64.txt index 3aeaceee3a..376344c5fc 100644 --- a/ydb/apps/ydbd/CMakeLists.linux-aarch64.txt +++ b/ydb/apps/ydbd/CMakeLists.linux-aarch64.txt @@ -20,7 +20,6 @@ target_link_libraries(ydbd PUBLIC run ydb-core-protos ydb-core-security - libs-audit-mock library-folder_service-mock ydb-library-keys ydb-library-pdisk_io diff --git a/ydb/apps/ydbd/CMakeLists.linux.txt b/ydb/apps/ydbd/CMakeLists.linux.txt index 554dfec80f..9cc70c525f 100644 --- a/ydb/apps/ydbd/CMakeLists.linux.txt +++ b/ydb/apps/ydbd/CMakeLists.linux.txt @@ -22,7 +22,6 @@ target_link_libraries(ydbd PUBLIC run ydb-core-protos ydb-core-security - libs-audit-mock library-folder_service-mock ydb-library-keys ydb-library-pdisk_io diff --git a/ydb/apps/ydbd/main.cpp b/ydb/apps/ydbd/main.cpp index 96d9d7cb0d..9f4de1a66c 100644 --- a/ydb/apps/ydbd/main.cpp +++ b/ydb/apps/ydbd/main.cpp @@ -3,7 +3,6 @@ #include <ydb/core/driver_lib/run/main.h> #include <ydb/core/security/ticket_parser.h> #include <ydb/core/ymq/actor/auth_factory.h> -#include <ydb/core/yq/libs/audit/mock/yq_mock_audit_service.h> #include <ydb/library/folder_service/mock/mock_folder_service.h> #include <ydb/library/pdisk_io/aio.h> #include <ydb/library/yql/parser/pg_wrapper/interface/comp_factory.h> @@ -17,7 +16,6 @@ int main(int argc, char **argv) { factories->DataShardExportFactory = std::make_shared<TDataShardExportFactory>(); factories->CreateTicketParser = NKikimr::CreateTicketParser; factories->FolderServiceFactory = NKikimr::NFolderService::CreateMockFolderServiceActor; - factories->YqAuditServiceFactory = NYq::CreateMockYqAuditServiceActor; factories->IoContextFactory = std::make_shared<NKikimr::NPDisk::TIoContextFactoryOSS>(); factories->SqsAuthFactory = std::make_shared<NKikimr::NSQS::TAuthFactory>(); factories->DataStreamsAuthFactory = std::make_shared<NKikimr::NHttpProxy::TIamAuthFactory>(); diff --git a/ydb/core/driver_lib/run/factories.h b/ydb/core/driver_lib/run/factories.h index 79044c996c..27b95729e9 100644 --- a/ydb/core/driver_lib/run/factories.h +++ b/ydb/core/driver_lib/run/factories.h @@ -42,7 +42,6 @@ struct TModuleFactories { IActor*(*CreateTicketParser)(const NKikimrProto::TAuthConfig&); IActor*(*FolderServiceFactory)(const NKikimrProto::NFolderService::TFolderServiceConfig&); - std::function<IActor*(const NYq::NConfig::TAuditConfig& auditConfig, const ::NMonitoring::TDynamicCounterPtr& counters)> YqAuditServiceFactory; // Factory for grpc services TGrpcServiceFactory GrpcServiceFactory; diff --git a/ydb/core/driver_lib/run/kikimr_services_initializers.cpp b/ydb/core/driver_lib/run/kikimr_services_initializers.cpp index ee2720f5e5..d0733d5bd0 100644 --- a/ydb/core/driver_lib/run/kikimr_services_initializers.cpp +++ b/ydb/core/driver_lib/run/kikimr_services_initializers.cpp @@ -2449,7 +2449,6 @@ void TFederatedQueryInitializer::InitializeServices(TActorSystemSetup* setup, co Factories->PqCmConnections, YqSharedResources, Factories->FolderServiceFactory, - Factories->YqAuditServiceFactory, IcPort, Factories->AdditionalComputationNodeFactories ); diff --git a/ydb/core/testlib/CMakeLists.darwin.txt b/ydb/core/testlib/CMakeLists.darwin.txt index 8294cbad15..699c067000 100644 --- a/ydb/core/testlib/CMakeLists.darwin.txt +++ b/ydb/core/testlib/CMakeLists.darwin.txt @@ -66,7 +66,6 @@ target_link_libraries(ydb-core-testlib PUBLIC core-tx-sequenceproxy core-tx-sequenceshard core-tx-time_cast - libs-audit-mock yq-libs-init yq-libs-mock yq-libs-shared_resources diff --git a/ydb/core/testlib/CMakeLists.linux-aarch64.txt b/ydb/core/testlib/CMakeLists.linux-aarch64.txt index aee2ef2473..0439fe96da 100644 --- a/ydb/core/testlib/CMakeLists.linux-aarch64.txt +++ b/ydb/core/testlib/CMakeLists.linux-aarch64.txt @@ -67,7 +67,6 @@ target_link_libraries(ydb-core-testlib PUBLIC core-tx-sequenceproxy core-tx-sequenceshard core-tx-time_cast - libs-audit-mock yq-libs-init yq-libs-mock yq-libs-shared_resources diff --git a/ydb/core/testlib/CMakeLists.linux.txt b/ydb/core/testlib/CMakeLists.linux.txt index aee2ef2473..0439fe96da 100644 --- a/ydb/core/testlib/CMakeLists.linux.txt +++ b/ydb/core/testlib/CMakeLists.linux.txt @@ -67,7 +67,6 @@ target_link_libraries(ydb-core-testlib PUBLIC core-tx-sequenceproxy core-tx-sequenceshard core-tx-time_cast - libs-audit-mock yq-libs-init yq-libs-mock yq-libs-shared_resources diff --git a/ydb/core/testlib/test_client.cpp b/ydb/core/testlib/test_client.cpp index d7841a39e2..1fe50ed10c 100644 --- a/ydb/core/testlib/test_client.cpp +++ b/ydb/core/testlib/test_client.cpp @@ -87,7 +87,6 @@ #include <ydb/core/keyvalue/keyvalue.h> #include <ydb/core/persqueue/pq.h> #include <ydb/core/persqueue/cluster_tracker.h> -#include <ydb/core/yq/libs/audit/mock/yq_mock_audit_service.h> #include <ydb/library/security/ydb_credentials_provider_factory.h> #include <ydb/core/yq/libs/init/init.h> #include <ydb/core/yq/libs/mock/yql_mock.h> @@ -975,7 +974,6 @@ namespace Tests { nullptr, // MakeIntrusive<NPq::NConfigurationManager::TConnections>(), YqSharedResources, NKikimr::NFolderService::CreateMockFolderServiceActor, - NYq::CreateMockYqAuditServiceActor, /*IcPort = */0, {} ); diff --git a/ydb/core/yq/libs/CMakeLists.txt b/ydb/core/yq/libs/CMakeLists.txt index 112d4924c4..bda2195d98 100644 --- a/ydb/core/yq/libs/CMakeLists.txt +++ b/ydb/core/yq/libs/CMakeLists.txt @@ -11,6 +11,7 @@ add_subdirectory(audit) add_subdirectory(checkpoint_storage) add_subdirectory(checkpointing) add_subdirectory(checkpointing_common) +add_subdirectory(cloud_audit) add_subdirectory(common) add_subdirectory(config) add_subdirectory(control_plane_config) diff --git a/ydb/core/yq/libs/audit/CMakeLists.darwin.txt b/ydb/core/yq/libs/audit/CMakeLists.darwin.txt index fb2d3e9e4f..c335dad443 100644 --- a/ydb/core/yq/libs/audit/CMakeLists.darwin.txt +++ b/ydb/core/yq/libs/audit/CMakeLists.darwin.txt @@ -7,7 +7,6 @@ add_subdirectory(events) -add_subdirectory(mock) add_library(yq-libs-audit) target_link_libraries(yq-libs-audit PUBLIC diff --git a/ydb/core/yq/libs/audit/CMakeLists.linux-aarch64.txt b/ydb/core/yq/libs/audit/CMakeLists.linux-aarch64.txt index eb8597ad03..1af4e0ce61 100644 --- a/ydb/core/yq/libs/audit/CMakeLists.linux-aarch64.txt +++ b/ydb/core/yq/libs/audit/CMakeLists.linux-aarch64.txt @@ -7,7 +7,6 @@ add_subdirectory(events) -add_subdirectory(mock) add_library(yq-libs-audit) target_link_libraries(yq-libs-audit PUBLIC diff --git a/ydb/core/yq/libs/audit/CMakeLists.linux.txt b/ydb/core/yq/libs/audit/CMakeLists.linux.txt index eb8597ad03..1af4e0ce61 100644 --- a/ydb/core/yq/libs/audit/CMakeLists.linux.txt +++ b/ydb/core/yq/libs/audit/CMakeLists.linux.txt @@ -7,7 +7,6 @@ add_subdirectory(events) -add_subdirectory(mock) add_library(yq-libs-audit) target_link_libraries(yq-libs-audit PUBLIC diff --git a/ydb/core/yq/libs/audit/mock/yq_mock_audit_service.cpp b/ydb/core/yq/libs/audit/mock/yq_mock_audit_service.cpp deleted file mode 100644 index 55c4482522..0000000000 --- a/ydb/core/yq/libs/audit/mock/yq_mock_audit_service.cpp +++ /dev/null @@ -1,76 +0,0 @@ -#include "yq_mock_audit_service.h" - -#include <ydb/core/yq/libs/audit/events/events.h> - -#include <library/cpp/actors/core/hfunc.h> - -namespace NYq { - -class TYqMockAuditServiceActor : public NActors::TActor<TYqMockAuditServiceActor> { -public: - TYqMockAuditServiceActor() : TActor<TYqMockAuditServiceActor>(&TYqMockAuditServiceActor::StateFunc) {} - - static constexpr char ActorName[] = "YQ_MOCK_AUDIT_SERVICE"; - -private: - STRICT_STFUNC(StateFunc, - hFunc(TEvAuditService::CreateBindingAuditReport, Handle); - hFunc(TEvAuditService::ModifyBindingAuditReport, Handle); - hFunc(TEvAuditService::DeleteBindingAuditReport, Handle); - hFunc(TEvAuditService::CreateConnectionAuditReport, Handle); - hFunc(TEvAuditService::ModifyConnectionAuditReport, Handle); - hFunc(TEvAuditService::DeleteConnectionAuditReport, Handle); - hFunc(TEvAuditService::CreateQueryAuditReport, Handle); - hFunc(TEvAuditService::ControlQueryAuditReport, Handle); - hFunc(TEvAuditService::ModifyQueryAuditReport, Handle); - hFunc(TEvAuditService::DeleteQueryAuditReport, Handle); - ) - - void Handle(TEvAuditService::CreateBindingAuditReport::TPtr& ev) { - Y_UNUSED(ev); - } - - void Handle(TEvAuditService::ModifyBindingAuditReport::TPtr& ev) { - Y_UNUSED(ev); - } - - void Handle(TEvAuditService::DeleteBindingAuditReport::TPtr& ev) { - Y_UNUSED(ev); - } - - void Handle(TEvAuditService::CreateConnectionAuditReport::TPtr& ev) { - Y_UNUSED(ev); - } - - void Handle(TEvAuditService::ModifyConnectionAuditReport::TPtr& ev) { - Y_UNUSED(ev); - } - - void Handle(TEvAuditService::DeleteConnectionAuditReport::TPtr& ev) { - Y_UNUSED(ev); - } - - void Handle(TEvAuditService::CreateQueryAuditReport::TPtr& ev) { - Y_UNUSED(ev); - } - - void Handle(TEvAuditService::ControlQueryAuditReport::TPtr& ev) { - Y_UNUSED(ev); - } - - void Handle(TEvAuditService::ModifyQueryAuditReport::TPtr& ev) { - Y_UNUSED(ev); - } - - void Handle(TEvAuditService::DeleteQueryAuditReport::TPtr& ev) { - Y_UNUSED(ev); - } -}; - -NActors::IActor* CreateMockYqAuditServiceActor(const NConfig::TAuditConfig& config, const ::NMonitoring::TDynamicCounterPtr& counters) { - Y_UNUSED(config); - Y_UNUSED(counters); - return new TYqMockAuditServiceActor(); -} - -} // namespace NYq diff --git a/ydb/core/yq/libs/cloud_audit/CMakeLists.darwin.txt b/ydb/core/yq/libs/cloud_audit/CMakeLists.darwin.txt new file mode 100644 index 0000000000..c98b5373f8 --- /dev/null +++ b/ydb/core/yq/libs/cloud_audit/CMakeLists.darwin.txt @@ -0,0 +1,25 @@ + +# This file was generated by the build system used internally in the Yandex monorepo. +# Only simple modifications are allowed (adding source-files to targets, adding simple properties +# like target_include_directories). These modifications will be ported to original +# ya.make files by maintainers. Any complex modifications which can't be ported back to the +# original buildsystem will not be accepted. + + + +add_library(yq-libs-cloud_audit) +target_link_libraries(yq-libs-cloud_audit PUBLIC + contrib-libs-cxxsupp + yutil + cpp-actors-log_backend + library-cpp-unified_agent_client + yq-libs-actors + libs-audit-events + libs-config-protos + ydb-library-folder_service + library-ycloud-api + client-yc_public-events +) +target_sources(yq-libs-cloud_audit PRIVATE + ${CMAKE_SOURCE_DIR}/ydb/core/yq/libs/cloud_audit/yq_cloud_audit_service.cpp +) diff --git a/ydb/core/yq/libs/cloud_audit/CMakeLists.linux-aarch64.txt b/ydb/core/yq/libs/cloud_audit/CMakeLists.linux-aarch64.txt new file mode 100644 index 0000000000..b0e3c06141 --- /dev/null +++ b/ydb/core/yq/libs/cloud_audit/CMakeLists.linux-aarch64.txt @@ -0,0 +1,26 @@ + +# This file was generated by the build system used internally in the Yandex monorepo. +# Only simple modifications are allowed (adding source-files to targets, adding simple properties +# like target_include_directories). These modifications will be ported to original +# ya.make files by maintainers. Any complex modifications which can't be ported back to the +# original buildsystem will not be accepted. + + + +add_library(yq-libs-cloud_audit) +target_link_libraries(yq-libs-cloud_audit PUBLIC + contrib-libs-linux-headers + contrib-libs-cxxsupp + yutil + cpp-actors-log_backend + library-cpp-unified_agent_client + yq-libs-actors + libs-audit-events + libs-config-protos + ydb-library-folder_service + library-ycloud-api + client-yc_public-events +) +target_sources(yq-libs-cloud_audit PRIVATE + ${CMAKE_SOURCE_DIR}/ydb/core/yq/libs/cloud_audit/yq_cloud_audit_service.cpp +) diff --git a/ydb/core/yq/libs/cloud_audit/CMakeLists.linux.txt b/ydb/core/yq/libs/cloud_audit/CMakeLists.linux.txt new file mode 100644 index 0000000000..b0e3c06141 --- /dev/null +++ b/ydb/core/yq/libs/cloud_audit/CMakeLists.linux.txt @@ -0,0 +1,26 @@ + +# This file was generated by the build system used internally in the Yandex monorepo. +# Only simple modifications are allowed (adding source-files to targets, adding simple properties +# like target_include_directories). These modifications will be ported to original +# ya.make files by maintainers. Any complex modifications which can't be ported back to the +# original buildsystem will not be accepted. + + + +add_library(yq-libs-cloud_audit) +target_link_libraries(yq-libs-cloud_audit PUBLIC + contrib-libs-linux-headers + contrib-libs-cxxsupp + yutil + cpp-actors-log_backend + library-cpp-unified_agent_client + yq-libs-actors + libs-audit-events + libs-config-protos + ydb-library-folder_service + library-ycloud-api + client-yc_public-events +) +target_sources(yq-libs-cloud_audit PRIVATE + ${CMAKE_SOURCE_DIR}/ydb/core/yq/libs/cloud_audit/yq_cloud_audit_service.cpp +) diff --git a/ydb/core/yq/libs/cloud_audit/CMakeLists.txt b/ydb/core/yq/libs/cloud_audit/CMakeLists.txt new file mode 100644 index 0000000000..5bb4faffb4 --- /dev/null +++ b/ydb/core/yq/libs/cloud_audit/CMakeLists.txt @@ -0,0 +1,15 @@ + +# This file was generated by the build system used internally in the Yandex monorepo. +# Only simple modifications are allowed (adding source-files to targets, adding simple properties +# like target_include_directories). These modifications will be ported to original +# ya.make files by maintainers. Any complex modifications which can't be ported back to the +# original buildsystem will not be accepted. + + +if (CMAKE_SYSTEM_PROCESSOR STREQUAL "aarch64" AND UNIX AND NOT APPLE AND NOT ANDROID) + include(CMakeLists.linux-aarch64.txt) +elseif (APPLE AND CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64") + include(CMakeLists.darwin.txt) +elseif (CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64" AND UNIX AND NOT APPLE AND NOT ANDROID) + include(CMakeLists.linux.txt) +endif() diff --git a/ydb/core/yq/libs/cloud_audit/yq_cloud_audit_service.cpp b/ydb/core/yq/libs/cloud_audit/yq_cloud_audit_service.cpp new file mode 100644 index 0000000000..11d828f7b3 --- /dev/null +++ b/ydb/core/yq/libs/cloud_audit/yq_cloud_audit_service.cpp @@ -0,0 +1,844 @@ +#include "yq_cloud_audit_service.h" + +#include <ydb/public/api/client/yc_public/events/yq.pb.h> + +#include <ydb/core/yq/libs/actors/logging/log.h> +#include <ydb/core/yq/libs/audit/events/events.h> +#include <ydb/core/yq/libs/config/protos/issue_id.pb.h> + +#include <ydb/library/folder_service/events.h> +#include <ydb/library/folder_service/folder_service.h> + +#include <library/cpp/unified_agent_client/client.h> + +#include <library/cpp/actors/core/actor.h> +#include <library/cpp/actors/core/actor_bootstrapped.h> +#include <library/cpp/actors/core/hfunc.h> +#include <library/cpp/actors/log_backend/actor_log_backend.h> +#include <library/cpp/retry/retry_policy.h> + +#include <util/datetime/base.h> +#include <util/generic/guid.h> +#include <util/string/builder.h> + +#include <contrib/libs/grpc/include/grpcpp/impl/codegen/status_code_enum.h> + +#include <google/protobuf/util/json_util.h> + +namespace { + +// TODO: move to utils +TString ParsePeer(TString peerName) { + TString res(peerName); + if (res.StartsWith("ipv4:[") || res.StartsWith("ipv6:[")) { + size_t pos = res.find(']'); + Y_VERIFY(pos != TString::npos); + res = res.substr(6, pos - 6); + } else if (res.StartsWith("ipv4:")) { + size_t pos = res.rfind(':'); + if (pos == TString::npos) {//no port + res = res.substr(5); + } else { + res = res.substr(5, pos - 5); + } + } else { + size_t pos = res.rfind(":"); //port + if (pos != TString::npos) { + res = res.substr(0, pos); + } + } + return res; +} + +std::string MapConnectionType(const YandexQuery::ConnectionSetting::ConnectionCase& connectionCase) { + switch (connectionCase) { + case YandexQuery::ConnectionSetting::ConnectionCase::kYdbDatabase: + return "YdbDatabase"; + case YandexQuery::ConnectionSetting::ConnectionCase::kClickhouseCluster: + return "ClickhouseCluster"; + case YandexQuery::ConnectionSetting::ConnectionCase::kDataStreams: + return "DataStreams"; + case YandexQuery::ConnectionSetting::ConnectionCase::kObjectStorage: + return "ObjectStorage"; + case YandexQuery::ConnectionSetting::ConnectionCase::kMonitoring: + return "Monitoring"; + default: + Y_ENSURE(false, "Invalid connection case " << i32(connectionCase)); + } +} + +std::string MapBindingType(const YandexQuery::BindingSetting::BindingCase& bindingCase) { + switch (bindingCase) { + case YandexQuery::BindingSetting::BindingSetting::kDataStreams: + return "YdbDataStreams"; + case YandexQuery::BindingSetting::BindingSetting::kObjectStorage: + return "ObjectStorage"; + default: + Y_ENSURE(false, "Invalid connection case " << i32(bindingCase)); + } +} + +// void FillSubjectType(::yandex::cloud::events::Authentication* authentication, TAuthentication::ESubjectType subjectType) { +// switch (subjectType) { +// case TAuthentication::ESubjectType::SERVICE_ACCOUNT: +// authentication->set_subject_type(::yandex::cloud::events::Authentication::SERVICE_ACCOUNT); +// return; +// case TAuthentication::ESubjectType::FEDERATED_USER_ACCOUNT: +// authentication->set_subject_type(::yandex::cloud::events::Authentication::FEDERATED_USER_ACCOUNT); +// return; +// case TAuthentication::ESubjectType::PASSPORT_USER_ACCOUNT: +// authentication->set_subject_type(::yandex::cloud::events::Authentication::YANDEX_PASSPORT_USER_ACCOUNT); +// return; +// } +// } + +TString MaybeRemoveSuffix(const TString& token) { + const TString suffix = "@as"; + return token.EndsWith(suffix) + ? token.substr(0, token.length() - suffix.length()) + : token; +} + +void FillAuthentication(::yandex::cloud::events::Authentication& authentication, const NYq::TEvAuditService::TExtraInfo& info) { + authentication.set_authenticated(true); + authentication.set_subject_id(MaybeRemoveSuffix(info.User)); + authentication.set_subject_type(::yandex::cloud::events::Authentication::FEDERATED_USER_ACCOUNT); // TODO: +} + +void FillAuthorization(::yandex::cloud::events::Authorization& authorization, const NYql::TIssues& issues) { + authorization.set_authorized(AllOf(issues, [](const auto& t){ return t.IssueCode != NYq::TIssuesIds::ACCESS_DENIED; })); + // for (const auto& permission : ctx.Authorization.Permissions) { + // auto* permision = authorization->add_permissions(); + // permision->set_permission(permission.Permission); + // permision->set_resource_type(permission.ResourceType); + // permision->set_resource_id(permission.ResourceId); + // permision->set_authorized(permission.Authorized); + // } +} + +template<typename TRequest> +void FillRequestMetadata( + ::yandex::cloud::events::RequestMetadata& metadata, + const NYq::TEvAuditService::TExtraInfo& extraInfo, + const TRequest& request) +{ + metadata.set_remote_address(ParsePeer(extraInfo.PeerName)); + metadata.set_user_agent(extraInfo.UserAgent); + metadata.set_request_id(extraInfo.RequestId); + metadata.set_idempotency_id(request.idempotency_key()); +} + +template<typename TEvent> +void FillResponse(TEvent& cloudEvent, const NYql::TIssues& issues) { + cloudEvent.set_event_status(issues.Empty() + ? yandex::cloud::events::EventStatus::DONE + : yandex::cloud::events::EventStatus::ERROR); + + if (issues.Empty()) { + cloudEvent.mutable_response(); + //auto* response = cloudEvent.mutable_response(); + //response->set_operation_id(response->operation_id()); + } else { + auto* error = cloudEvent.mutable_error(); + error->set_code(grpc::StatusCode::UNKNOWN); + error->set_message(issues.ToString()); + } +} + +struct TAuditServiceSensors { + NMonitoring::TDynamicCounterPtr UACounters; + + NMonitoring::TDynamicCounters::TCounterPtr Skipped; + NMonitoring::TDynamicCounters::TCounterPtr CloudIdResolvedSuccess; + NMonitoring::TDynamicCounters::TCounterPtr CloudIdResolvedError; + NMonitoring::TDynamicCounters::TCounterPtr CloudIdResolvedRetry; + NMonitoring::TDynamicCounters::TCounterPtr RecordsSent; + + TAuditServiceSensors(const NMonitoring::TDynamicCounterPtr& counters) { + UACounters = counters->GetSubgroup("subcomponent", "ua_client"); + + Skipped = counters->GetCounter("Skipped", true); + CloudIdResolvedSuccess = counters->GetCounter("CloudIdResolvedSuccess", true); + CloudIdResolvedError = counters->GetCounter("CloudIdResolvedError", true); + CloudIdResolvedRetry = counters->GetCounter("CloudIdResolvedRetry", true); + RecordsSent = counters->GetCounter("RecordsSent", true); + } + + void ReportSkipped() { + Skipped->Inc(); + } + + void ReportCloudIdResolvedSuccess() { + CloudIdResolvedSuccess->Inc(); + } + + void ReportCloudIdResolvedError() { + CloudIdResolvedError->Inc(); + } + + void ReportCloudIdResolvedRetry() { + CloudIdResolvedRetry->Inc(); + } + + void ReportSent() { + RecordsSent->Inc(); + } +}; + +} + +namespace NYq { + +template<class TEvent, class TRequest, class TAuditDetailsObj> +class TAuditEventSenderActor : public NActors::TActorBootstrapped<TAuditEventSenderActor<TEvent, TRequest, TAuditDetailsObj>> { + using Base = NActors::TActorBootstrapped<TAuditEventSenderActor<TEvent, TRequest, TAuditDetailsObj>>; + using IRetryPolicy = IRetryPolicy<NKikimr::NFolderService::TEvFolderService::TEvGetFolderResponse::TPtr&>; + +public: + TAuditEventSenderActor( + NUnifiedAgent::TClientSessionPtr& session, + std::shared_ptr<TAuditServiceSensors> auditServiceSensors, + const std::function<typename TEvent::EventDetails(const TAuditDetails<TAuditDetailsObj>&)>& prepareEventDetails, + const std::function<typename TEvent::RequestParameters(const TRequest&)>& prepareRequestParameters, + const TString& eventType, + const TString& messageName, + TEvAuditService::TExtraInfo&& extraInfo, + TRequest&& request, + NYql::TIssues&& issues, + TAuditDetails<TAuditDetailsObj>&& details, + std::optional<TString>&& eventId) + : Session(session) + , AuditServiceSensors(std::move(auditServiceSensors)) + , PrepareEventDetails(prepareEventDetails) + , PrepareRequestParameters(prepareRequestParameters) + , ExtraInfo(std::move(extraInfo)) + , Request(std::move(request)) + , Issues(std::move(issues)) + , Details(std::move(details)) + , EventId(eventId ? std::move(eventId) : CreateGuidAsString()) + , EventType(eventType) + , MessageName(messageName) + , RetryState(GetRetryPolicy()->CreateRetryState()) {} + + static constexpr NKikimrServices::TActivity::EType ActorActivityType() { return NKikimrServices::TActivity::YQ_AUDIT_EVENT_SENDER_ACTOR; } + + void Bootstrap(const NActors::TActorContext&) { + LOG_YQ_AUDIT_SERVICE_TRACE("EventId: " << *EventId << " (" << EventType << ") received "); + if (!Session) { + LOG_YQ_AUDIT_SERVICE_TRACE("EventId: " << *EventId << " session is null. Skipping event... "); + AuditServiceSensors->ReportSkipped(); + Base::PassAway(); + return; + } + + Base::Become(&TAuditEventSenderActor<TEvent, TRequest, TAuditDetailsObj>::StateFunc); + + FillAuthentication(*CloudEvent.mutable_authentication(), ExtraInfo); + FillAuthorization(*CloudEvent.mutable_authorization(), Issues); + FillRequestMetadata(*CloudEvent.mutable_request_metadata(), ExtraInfo, Request); + + FillRequestParameters(Request); + FillEventMetadata(Details); + FillDetails(Details); + + FillResponse(CloudEvent, Issues); + + if (ExtraInfo.CloudId) { + LOG_YQ_AUDIT_SERVICE_TRACE("EventId: " << *EventId << " cloudId is provided. Send now"); + CloudEvent.mutable_event_metadata()->set_cloud_id(ExtraInfo.CloudId); + SendAndComplete(); + return; + } + + LOG_YQ_AUDIT_SERVICE_TRACE("EventId: " << *EventId << " resolving cloud id ..."); + Base::Send(NKikimr::NFolderService::FolderServiceActorId(), CreateRequest().release(), 0, 0); + } + + std::unique_ptr<NKikimr::NFolderService::TEvFolderService::TEvGetFolderRequest> CreateRequest() { + auto request = std::make_unique<NKikimr::NFolderService::TEvFolderService::TEvGetFolderRequest>(); + request->Request.set_folder_id(ExtraInfo.FolderId); + request->Token = ExtraInfo.Token; + return request; + } + +private: + STRICT_STFUNC(StateFunc, + hFunc(NKikimr::NFolderService::TEvFolderService::TEvGetFolderResponse, Handle); + ) + + void Handle(NKikimr::NFolderService::TEvFolderService::TEvGetFolderResponse::TPtr& ev) { + const auto& response = ev->Get()->Response; + const auto& status = ev->Get()->Status; + if (!status.Ok() || !response.has_folder()) { + auto& status = ev->Get()->Status; + auto delay = RetryState->GetNextRetryDelay(ev); + if (delay) { + AuditServiceSensors->ReportCloudIdResolvedRetry(); + LOG_YQ_AUDIT_SERVICE_ERROR("Folder resolve error. Retry with delay " << *delay << ", EventId: " << *EventId << " cloud id resolve error. " + << "Status " << status.GRpcStatusCode << " " << status.Msg << " details: " << status.Details); + NActors::TActivationContext::Schedule(*delay, new IEventHandle(NKikimr::NFolderService::FolderServiceActorId(), Base::SelfId(), CreateRequest().release())); + return; + } + AuditServiceSensors->ReportCloudIdResolvedError(); + LOG_YQ_AUDIT_SERVICE_ERROR("EventId: " << *EventId << " cloud id resolve error. " + << "Status " << status.GRpcStatusCode << " " << status.Msg << " details: " << status.Details); + LOG_YQ_AUDIT_SERVICE_INFO(MessageName << ": cloud id: [unknown], folder id: [" << CloudEvent.event_metadata().folder_id() << "], user: [" << ExtraInfo.User << "], has issues [" << static_cast<bool>(Issues) << "], details: [" << CloudEvent.details().ShortDebugString() << "]"); + AuditServiceSensors->ReportSkipped(); + Base::PassAway(); + return; + } + + AuditServiceSensors->ReportCloudIdResolvedSuccess(); + + LOG_YQ_AUDIT_SERVICE_TRACE("EventId: " << *EventId << " cloud id resolved"); + const auto cloudId = ev->Get()->Response.folder().cloud_id(); + CloudEvent.mutable_event_metadata()->set_cloud_id(cloudId); + SendAndComplete(); + } + + void FillRequestParameters(TRequest& request) { + *CloudEvent.mutable_request_parameters() = PrepareRequestParameters(request); + } + + template<typename T> + void FillEventMetadata(TAuditDetails<T>& details) { + google::protobuf::Timestamp createdAt; + if (details.Before) { + createdAt = details.Before->meta().common().created_at(); + } else if (details.After) { + createdAt = details.After->meta().common().created_at(); + } else { + auto now = TInstant::Now(); + createdAt.set_seconds(now.Seconds()); + createdAt.set_nanos(now.NanoSeconds() % 1000000000); + } + FillEventMetadataImpl(createdAt); + } + + template<typename T> requires requires (T t) { t.meta().created_at(); } + void FillEventMetadata(TAuditDetails<T>& details) { + google::protobuf::Timestamp createdAt; + if (details.Before) { + createdAt = details.Before->meta().created_at(); + } else if (details.After) { + createdAt = details.After->meta().created_at(); + } else { + auto now = TInstant::Now(); + createdAt.set_seconds(now.Seconds()); + createdAt.set_nanos(now.NanoSeconds() % 1000000000); + } + FillEventMetadataImpl(createdAt); + } + + void FillEventMetadataImpl(const google::protobuf::Timestamp& createdAt) { + auto* eventMetadata = CloudEvent.mutable_event_metadata(); + eventMetadata->set_event_id(*EventId); + eventMetadata->set_event_type(EventType); + *eventMetadata->mutable_created_at() = createdAt; + eventMetadata->set_folder_id(ExtraInfo.FolderId); + } + + void FillDetails(TAuditDetails<TAuditDetailsObj>& details) { + *CloudEvent.mutable_details() = PrepareEventDetails(details); + } + + void SendAndComplete() { + TString output; + google::protobuf::util::JsonPrintOptions printOpts; + printOpts.preserve_proto_field_names = true; + google::protobuf::util::MessageToJsonString(CloudEvent, &output, printOpts); + NUnifiedAgent::TClientMessage message; + message.Payload = TStringBuilder() << output; + + LOG_YQ_AUDIT_SERVICE_TRACE("EventId: " << *EventId << " sending"); + LOG_YQ_AUDIT_SERVICE_INFO(MessageName << ": cloud id: [" << CloudEvent.event_metadata().cloud_id() << "], folder id: [" << CloudEvent.event_metadata().folder_id() << "], user: [" << ExtraInfo.User << "], has issues [" << static_cast<bool>(Issues) << "], details: [" << CloudEvent.details().ShortDebugString() << "]"); + Session->Send(std::move(message)); + + AuditServiceSensors->ReportSent(); + + Base::PassAway(); + } + + static const IRetryPolicy::TPtr& GetRetryPolicy() { + static IRetryPolicy::TPtr policy = IRetryPolicy::GetExponentialBackoffPolicy([](NKikimr::NFolderService::TEvFolderService::TEvGetFolderResponse::TPtr& ev) { + const auto& response = ev->Get()->Response; + const auto& status = ev->Get()->Status; + return !status.Ok() || !response.has_folder() ? ERetryErrorClass::ShortRetry : ERetryErrorClass::NoRetry; + }, TDuration::MilliSeconds(10), TDuration::MilliSeconds(200), TDuration::Seconds(30), 5); + return policy; + } + +private: + NUnifiedAgent::TClientSessionPtr Session; + std::shared_ptr<TAuditServiceSensors> AuditServiceSensors; + std::function<typename TEvent::EventDetails(const TAuditDetails<TAuditDetailsObj>&)> PrepareEventDetails; + std::function<typename TEvent::RequestParameters(const TRequest&)> PrepareRequestParameters; + TEvAuditService::TExtraInfo ExtraInfo; + TRequest Request; + NYql::TIssues Issues; + TAuditDetails<TAuditDetailsObj> Details; + std::optional<TString> EventId; + TString EventType; + TString MessageName; + + TEvent CloudEvent; + IRetryPolicy::IRetryState::TPtr RetryState; +}; + +class TYqCloudAuditServiceActor : public NActors::TActorBootstrapped<TYqCloudAuditServiceActor> { +public: + using Base = NActors::TActorBootstrapped<TYqCloudAuditServiceActor>; + + TYqCloudAuditServiceActor(const NConfig::TAuditConfig& config, const NMonitoring::TDynamicCounterPtr& counters) + : NActors::TActorBootstrapped<TYqCloudAuditServiceActor>() + , Config(config) + , AuditServiceSensors(std::make_shared<TAuditServiceSensors>(counters)) {} + + static constexpr NKikimrServices::TActivity::EType ActorActivityType() { return NKikimrServices::TActivity::YQ_AUDIT_ACTOR; } + + void Bootstrap(const NActors::TActorContext& ctx) { + Base::Become(&TYqCloudAuditServiceActor::StateFunc); + + if (!Config.GetEnabled()) { + LOG_YQ_AUDIT_SERVICE_INFO("Audit service is disabled"); + return; + } + + auto clientParameters = NUnifiedAgent::TClientParameters(Config.GetUAConfig().GetUri()); + SdkLogger = std::make_unique<TLog>(MakeHolder<TActorLogBackend>(ctx.ActorSystem(), NKikimrServices::EServiceKikimr::YDB_SDK)); + clientParameters.SetLog(*SdkLogger); + + const auto& sharedKey = Config.GetUAConfig().GetSharedSecretKey(); + if (!sharedKey.Empty()) { + clientParameters.SetSharedSecretKey(sharedKey); + } + auto clientPtr = NUnifiedAgent::MakeClient(clientParameters); + auto sessionParameters = NUnifiedAgent::TSessionParameters() + .SetCounters(AuditServiceSensors->UACounters); + Session = clientPtr->CreateSession(sessionParameters); + } + +private: + STRICT_STFUNC(StateFunc, + hFunc(TEvAuditService::CreateBindingAuditReport, Handle); + hFunc(TEvAuditService::ModifyBindingAuditReport, Handle); + hFunc(TEvAuditService::DeleteBindingAuditReport, Handle); + hFunc(TEvAuditService::CreateConnectionAuditReport, Handle); + hFunc(TEvAuditService::ModifyConnectionAuditReport, Handle); + hFunc(TEvAuditService::DeleteConnectionAuditReport, Handle); + hFunc(TEvAuditService::CreateQueryAuditReport, Handle); + hFunc(TEvAuditService::ControlQueryAuditReport, Handle); + hFunc(TEvAuditService::ModifyQueryAuditReport, Handle); + hFunc(TEvAuditService::DeleteQueryAuditReport, Handle); + ) + + void Handle(TEvAuditService::CreateBindingAuditReport::TPtr& ev) { + auto& auditReport = *ev.Get()->Get(); + + auto prepareEventDetails = [](const TAuditDetails<YandexQuery::Binding>& details) { + yandex::cloud::events::yq::CreateBinding::EventDetails eventDetails; + if (details.After) { + const auto& after = *details.After; + eventDetails.set_binding_id(after.meta().id()); + eventDetails.set_name(after.content().name()); + eventDetails.set_visibility(YandexQuery::Acl::Visibility_Name(after.content().acl().visibility())); + eventDetails.set_connection_id(after.content().connection_id()); + eventDetails.set_type(MapBindingType(after.content().setting().binding_case())); + } + return eventDetails; + }; + + auto prepareRequestParameters = [](const YandexQuery::CreateBindingRequest& request) { + yandex::cloud::events::yq::CreateBinding::RequestParameters requestParameters; + requestParameters.set_name(request.content().name()); + requestParameters.set_visibility(YandexQuery::Acl::Visibility_Name(request.content().acl().visibility())); + requestParameters.set_connection_id(request.content().connection_id()); + requestParameters.set_type(MapBindingType(request.content().setting().binding_case())); + return requestParameters; + }; + + Register(new TAuditEventSenderActor<yandex::cloud::events::yq::CreateBinding, YandexQuery::CreateBindingRequest, YandexQuery::Binding>( + Session, + AuditServiceSensors, + prepareEventDetails, + prepareRequestParameters, + "yandex.cloud.events.yq.CreateBinding", + "CreateBinding", + std::move(auditReport.ExtraInfo), + std::move(auditReport.Request), + std::move(auditReport.Issues), + std::move(auditReport.Details), + std::move(auditReport.EventId) + )); + } + + void Handle(TEvAuditService::ModifyBindingAuditReport::TPtr& ev) { + auto& auditReport = *ev.Get()->Get(); + + auto prepareEventDetails = [](const TAuditDetails<YandexQuery::Binding>& details) { + yandex::cloud::events::yq::UpdateBinding::EventDetails eventDetails; + if (details.After) { + const auto& after = *details.After; + eventDetails.set_binding_id(after.meta().id()); + eventDetails.set_name(after.content().name()); + eventDetails.set_visibility(YandexQuery::Acl::Visibility_Name(after.content().acl().visibility())); + eventDetails.set_connection_id(after.content().connection_id()); + eventDetails.set_type(MapBindingType(after.content().setting().binding_case())); + } + return eventDetails; + }; + + auto prepareRequestParameters = [](const YandexQuery::ModifyBindingRequest& request) { + yandex::cloud::events::yq::UpdateBinding::RequestParameters requestParameters; + requestParameters.set_binding_id(request.binding_id()); + requestParameters.set_name(request.content().name()); + requestParameters.set_visibility(YandexQuery::Acl::Visibility_Name(request.content().acl().visibility())); + requestParameters.set_connection_id(request.content().connection_id()); + requestParameters.set_type(MapBindingType(request.content().setting().binding_case())); + return requestParameters; + }; + + Register(new TAuditEventSenderActor<yandex::cloud::events::yq::UpdateBinding, YandexQuery::ModifyBindingRequest, YandexQuery::Binding>( + Session, + AuditServiceSensors, + prepareEventDetails, + prepareRequestParameters, + "yandex.cloud.events.yq.UpdateBinding", + "ModifyBinding", + std::move(auditReport.ExtraInfo), + std::move(auditReport.Request), + std::move(auditReport.Issues), + std::move(auditReport.Details), + std::move(auditReport.EventId) + )); + } + + void Handle(TEvAuditService::DeleteBindingAuditReport::TPtr& ev) { + auto& auditReport = *ev.Get()->Get(); + + auto prepareEventDetails = [](const TAuditDetails<YandexQuery::Binding>& details) { + yandex::cloud::events::yq::DeleteBinding::EventDetails eventDetails; + if (details.Before) { + const auto& before = *details.Before; + eventDetails.set_binding_id(before.meta().id()); + eventDetails.set_name(before.content().name()); + eventDetails.set_visibility(YandexQuery::Acl::Visibility_Name(before.content().acl().visibility())); + eventDetails.set_connection_id(before.content().connection_id()); + eventDetails.set_type(MapBindingType(before.content().setting().binding_case())); + } + return eventDetails; + }; + + auto prepareRequestParameters = [](const YandexQuery::DeleteBindingRequest& request) { + yandex::cloud::events::yq::DeleteBinding::RequestParameters requestParameters; + requestParameters.set_binding_id(request.binding_id()); + return requestParameters; + }; + + Register(new TAuditEventSenderActor<yandex::cloud::events::yq::DeleteBinding, YandexQuery::DeleteBindingRequest, YandexQuery::Binding>( + Session, + AuditServiceSensors, + prepareEventDetails, + prepareRequestParameters, + "yandex.cloud.events.yq.DeleteBinding", + "DeleteBinding", + std::move(auditReport.ExtraInfo), + std::move(auditReport.Request), + std::move(auditReport.Issues), + std::move(auditReport.Details), + std::move(auditReport.EventId) + )); + } + + void Handle(TEvAuditService::CreateConnectionAuditReport::TPtr& ev) { + auto& auditReport = *ev.Get()->Get(); + + auto prepareEventDetails = [](const TAuditDetails<YandexQuery::Connection>& details) { + yandex::cloud::events::yq::CreateConnection::EventDetails eventDetails; + if (details.After) { + const auto& after = *details.After; + eventDetails.set_connection_id(after.meta().id()); + eventDetails.set_name(after.content().name()); + eventDetails.set_visibility(YandexQuery::Acl::Visibility_Name(after.content().acl().visibility())); + eventDetails.set_type(MapConnectionType(after.content().setting().connection_case())); + } + return eventDetails; + }; + + auto prepareRequestParameters = [](const YandexQuery::CreateConnectionRequest& request) { + yandex::cloud::events::yq::CreateConnection::RequestParameters requestParameters; + requestParameters.set_name(request.content().name()); + requestParameters.set_visibility(YandexQuery::Acl::Visibility_Name(request.content().acl().visibility())); + requestParameters.set_type(MapConnectionType(request.content().setting().connection_case())); + return requestParameters; + }; + + Register(new TAuditEventSenderActor<yandex::cloud::events::yq::CreateConnection, YandexQuery::CreateConnectionRequest, YandexQuery::Connection>( + Session, + AuditServiceSensors, + prepareEventDetails, + prepareRequestParameters, + "yandex.cloud.events.yq.CreateConnection", + "CreateConnection", + std::move(auditReport.ExtraInfo), + std::move(auditReport.Request), + std::move(auditReport.Issues), + std::move(auditReport.Details), + std::move(auditReport.EventId) + )); + } + + void Handle(TEvAuditService::ModifyConnectionAuditReport::TPtr& ev) { + auto& auditReport = *ev.Get()->Get(); + + auto prepareEventDetails = [](const TAuditDetails<YandexQuery::Connection>& details) { + yandex::cloud::events::yq::UpdateConnection::EventDetails eventDetails; + if (details.After) { + const auto& after = *details.After; + eventDetails.set_connection_id(after.meta().id()); + eventDetails.set_name(after.content().name()); + eventDetails.set_visibility(YandexQuery::Acl::Visibility_Name(after.content().acl().visibility())); + eventDetails.set_type(MapConnectionType(after.content().setting().connection_case())); + } + return eventDetails; + }; + + auto prepareRequestParameters = [](const YandexQuery::ModifyConnectionRequest& request) { + yandex::cloud::events::yq::UpdateConnection::RequestParameters requestParameters; + requestParameters.set_connection_id(request.connection_id()); + requestParameters.set_name(request.content().name()); + requestParameters.set_visibility(YandexQuery::Acl::Visibility_Name(request.content().acl().visibility())); + requestParameters.set_type(MapConnectionType(request.content().setting().connection_case())); + return requestParameters; + }; + + Register(new TAuditEventSenderActor<yandex::cloud::events::yq::UpdateConnection, YandexQuery::ModifyConnectionRequest, YandexQuery::Connection>( + Session, + AuditServiceSensors, + prepareEventDetails, + prepareRequestParameters, + "yandex.cloud.events.yq.UpdateConnection", + "ModifyConnection", + std::move(auditReport.ExtraInfo), + std::move(auditReport.Request), + std::move(auditReport.Issues), + std::move(auditReport.Details), + std::move(auditReport.EventId) + )); + } + + void Handle(TEvAuditService::DeleteConnectionAuditReport::TPtr& ev) { + auto& auditReport = *ev.Get()->Get(); + + auto prepareEventDetails = [](const TAuditDetails<YandexQuery::Connection>& details) { + yandex::cloud::events::yq::DeleteConnection::EventDetails eventDetails; + if (details.Before) { + const auto& before = *details.Before; + eventDetails.set_connection_id(before.meta().id()); + eventDetails.set_name(before.content().name()); + eventDetails.set_visibility(YandexQuery::Acl::Visibility_Name(before.content().acl().visibility())); + eventDetails.set_type(MapConnectionType(before.content().setting().connection_case())); + } + return eventDetails; + }; + + auto prepareRequestParameters = [](const YandexQuery::DeleteConnectionRequest& request) { + yandex::cloud::events::yq::DeleteConnection::RequestParameters requestParameters; + requestParameters.set_connection_id(request.connection_id()); + return requestParameters; + }; + + Register(new TAuditEventSenderActor<yandex::cloud::events::yq::DeleteConnection, YandexQuery::DeleteConnectionRequest, YandexQuery::Connection>( + Session, + AuditServiceSensors, + prepareEventDetails, + prepareRequestParameters, + "yandex.cloud.events.yq.DeleteConnection", + "DeleteConnection", + std::move(auditReport.ExtraInfo), + std::move(auditReport.Request), + std::move(auditReport.Issues), + std::move(auditReport.Details), + std::move(auditReport.EventId) + )); + } + + void Handle(TEvAuditService::CreateQueryAuditReport::TPtr& ev) { + auto& auditReport = *ev.Get()->Get(); + + auto prepareEventDetails = [](const TAuditDetails<YandexQuery::Query>& details) { + yandex::cloud::events::yq::CreateQuery::EventDetails eventDetails; + if (details.After) { + const auto& after = *details.After; + eventDetails.set_query_id(after.meta().common().id()); + eventDetails.set_name(after.content().name()); + eventDetails.set_visibility(YandexQuery::Acl::Visibility_Name(after.content().acl().visibility())); + eventDetails.set_type(YandexQuery::QueryContent::QueryType_Name(after.content().type())); + eventDetails.set_execute_mode(YandexQuery::ExecuteMode_Name(after.meta().execute_mode())); + eventDetails.set_compute_status(YandexQuery::QueryMeta::ComputeStatus_Name(after.meta().status())); + eventDetails.set_text_length(after.content().text().length()); + } + return eventDetails; + }; + + auto prepareRequestParameters = [](const YandexQuery::CreateQueryRequest& request) { + yandex::cloud::events::yq::CreateQuery::RequestParameters requestParameters; + requestParameters.set_name(request.content().name()); + requestParameters.set_visibility(YandexQuery::Acl::Visibility_Name(request.content().acl().visibility())); + requestParameters.set_type(YandexQuery::QueryContent::QueryType_Name(request.content().type())); + requestParameters.set_execute_mode(YandexQuery::ExecuteMode_Name(request.execute_mode())); + requestParameters.set_text_length(request.content().text().length()); + return requestParameters; + }; + + Register(new TAuditEventSenderActor<yandex::cloud::events::yq::CreateQuery, YandexQuery::CreateQueryRequest, YandexQuery::Query>( + Session, + AuditServiceSensors, + prepareEventDetails, + prepareRequestParameters, + "yandex.cloud.events.yq.CreateQuery", + "CreateQuery", + std::move(auditReport.ExtraInfo), + std::move(auditReport.Request), + std::move(auditReport.Issues), + std::move(auditReport.Details), + std::move(auditReport.EventId) + )); + } + + void Handle(TEvAuditService::ControlQueryAuditReport::TPtr& ev) { + auto& auditReport = *ev.Get()->Get(); + + auto prepareEventDetails = [](const TAuditDetails<YandexQuery::Query>& details) { + yandex::cloud::events::yq::ControlQuery::EventDetails eventDetails; + if (details.Before) { + const auto& before = *details.Before; + eventDetails.set_query_id(before.meta().common().id()); + eventDetails.set_name(before.content().name()); + eventDetails.set_visibility(YandexQuery::Acl::Visibility_Name(before.content().acl().visibility())); + eventDetails.set_type(YandexQuery::QueryContent::QueryType_Name(before.content().type())); + eventDetails.set_execute_mode(YandexQuery::ExecuteMode_Name(before.meta().execute_mode())); + eventDetails.set_compute_status(YandexQuery::QueryMeta::ComputeStatus_Name(before.meta().status())); + eventDetails.set_text_length(before.content().text().length()); + } + return eventDetails; + }; + + auto prepareRequestParameters = [](const YandexQuery::ControlQueryRequest& request) { + yandex::cloud::events::yq::ControlQuery::RequestParameters requestParameters; + requestParameters.set_query_id(request.query_id()); + requestParameters.set_action(YandexQuery::QueryAction_Name(request.action())); + return requestParameters; + }; + + Register(new TAuditEventSenderActor<yandex::cloud::events::yq::ControlQuery, YandexQuery::ControlQueryRequest, YandexQuery::Query>( + Session, + AuditServiceSensors, + prepareEventDetails, + prepareRequestParameters, + "yandex.cloud.events.yq.ControlQuery", + "ControlQuery", + std::move(auditReport.ExtraInfo), + std::move(auditReport.Request), + std::move(auditReport.Issues), + std::move(auditReport.Details), + std::move(auditReport.EventId) + )); + } + + void Handle(TEvAuditService::ModifyQueryAuditReport::TPtr& ev) { + auto& auditReport = *ev.Get()->Get(); + + auto prepareEventDetails = [](const TAuditDetails<YandexQuery::Query>& details) { + yandex::cloud::events::yq::UpdateQuery::EventDetails eventDetails; + if (details.After) { + const auto& after = *details.After; + eventDetails.set_query_id(after.meta().common().id()); + eventDetails.set_name(after.content().name()); + eventDetails.set_visibility(YandexQuery::Acl::Visibility_Name(after.content().acl().visibility())); + eventDetails.set_type(YandexQuery::QueryContent::QueryType_Name(after.content().type())); + eventDetails.set_execute_mode(YandexQuery::ExecuteMode_Name(after.meta().execute_mode())); + eventDetails.set_compute_status(YandexQuery::QueryMeta::ComputeStatus_Name(after.meta().status())); + eventDetails.set_text_length(after.content().text().length()); + } + return eventDetails; + }; + + auto prepareRequestParameters = [](const YandexQuery::ModifyQueryRequest& request) { + yandex::cloud::events::yq::UpdateQuery::RequestParameters requestParameters; + requestParameters.set_query_id(request.query_id()); + requestParameters.set_name(request.content().name()); + requestParameters.set_visibility(YandexQuery::Acl::Visibility_Name(request.content().acl().visibility())); + requestParameters.set_type(YandexQuery::QueryContent::QueryType_Name(request.content().type())); + requestParameters.set_execute_mode(YandexQuery::ExecuteMode_Name(request.execute_mode())); + requestParameters.set_state_load_mode(YandexQuery::StateLoadMode_Name(request.state_load_mode())); + requestParameters.set_text_length(request.content().text().length()); + return requestParameters; + }; + + Register(new TAuditEventSenderActor<yandex::cloud::events::yq::UpdateQuery, YandexQuery::ModifyQueryRequest, YandexQuery::Query>( + Session, + AuditServiceSensors, + prepareEventDetails, + prepareRequestParameters, + "yandex.cloud.events.yq.UpdateQuery", + "ModifyQuery", + std::move(auditReport.ExtraInfo), + std::move(auditReport.Request), + std::move(auditReport.Issues), + std::move(auditReport.Details), + std::move(auditReport.EventId) + )); + } + + void Handle(TEvAuditService::DeleteQueryAuditReport::TPtr& ev) { + auto& auditReport = *ev.Get()->Get(); + + auto prepareEventDetails = [](const TAuditDetails<YandexQuery::Query>& details) { + yandex::cloud::events::yq::DeleteQuery::EventDetails eventDetails; + if (details.Before) { + const auto& before = *details.Before; + eventDetails.set_query_id(before.meta().common().id()); + eventDetails.set_name(before.content().name()); + eventDetails.set_visibility(YandexQuery::Acl::Visibility_Name(before.content().acl().visibility())); + eventDetails.set_type(YandexQuery::QueryContent::QueryType_Name(before.content().type())); + eventDetails.set_execute_mode(YandexQuery::ExecuteMode_Name(before.meta().execute_mode())); + eventDetails.set_compute_status(YandexQuery::QueryMeta::ComputeStatus_Name(before.meta().status())); + eventDetails.set_text_length(before.content().text().length()); + } + return eventDetails; + }; + + auto prepareRequestParameters = [](const YandexQuery::DeleteQueryRequest& request) { + yandex::cloud::events::yq::DeleteQuery::RequestParameters requestParameters; + requestParameters.set_query_id(request.query_id()); + return requestParameters; + }; + + Register(new TAuditEventSenderActor<yandex::cloud::events::yq::DeleteQuery, YandexQuery::DeleteQueryRequest, YandexQuery::Query>( + Session, + AuditServiceSensors, + prepareEventDetails, + prepareRequestParameters, + "yandex.cloud.events.yq.DeleteQuery", + "DeleteQuery", + std::move(auditReport.ExtraInfo), + std::move(auditReport.Request), + std::move(auditReport.Issues), + std::move(auditReport.Details), + std::move(auditReport.EventId) + )); + } + +private: + NConfig::TAuditConfig Config; + std::shared_ptr<TAuditServiceSensors> AuditServiceSensors; + std::unique_ptr<TLog> SdkLogger; + NUnifiedAgent::TClientSessionPtr Session; +}; + +NActors::IActor* CreateYqCloudAuditServiceActor(const NConfig::TAuditConfig& config, const NMonitoring::TDynamicCounterPtr& counters) { + return new TYqCloudAuditServiceActor(config, counters); +} + +} // namespace NYq diff --git a/ydb/core/yq/libs/audit/mock/yq_mock_audit_service.h b/ydb/core/yq/libs/cloud_audit/yq_cloud_audit_service.h index 32013a725c..bc3418809e 100644 --- a/ydb/core/yq/libs/audit/mock/yq_mock_audit_service.h +++ b/ydb/core/yq/libs/cloud_audit/yq_cloud_audit_service.h @@ -10,6 +10,6 @@ namespace NYq { -NActors::IActor* CreateMockYqAuditServiceActor(const NConfig::TAuditConfig& config, const ::NMonitoring::TDynamicCounterPtr& counters); +NActors::IActor* CreateYqCloudAuditServiceActor(const NConfig::TAuditConfig& config, const NMonitoring::TDynamicCounterPtr& counters); } // namespace NYq diff --git a/ydb/core/yq/libs/init/CMakeLists.darwin.txt b/ydb/core/yq/libs/init/CMakeLists.darwin.txt index 1edb035bb2..bdc398d459 100644 --- a/ydb/core/yq/libs/init/CMakeLists.darwin.txt +++ b/ydb/core/yq/libs/init/CMakeLists.darwin.txt @@ -22,6 +22,7 @@ target_link_libraries(yq-libs-init PUBLIC yq-libs-audit yq-libs-checkpoint_storage yq-libs-checkpointing + yq-libs-cloud_audit yq-libs-common yq-libs-control_plane_config yq-libs-control_plane_proxy diff --git a/ydb/core/yq/libs/init/CMakeLists.linux-aarch64.txt b/ydb/core/yq/libs/init/CMakeLists.linux-aarch64.txt index 940025921a..ca1957493c 100644 --- a/ydb/core/yq/libs/init/CMakeLists.linux-aarch64.txt +++ b/ydb/core/yq/libs/init/CMakeLists.linux-aarch64.txt @@ -23,6 +23,7 @@ target_link_libraries(yq-libs-init PUBLIC yq-libs-audit yq-libs-checkpoint_storage yq-libs-checkpointing + yq-libs-cloud_audit yq-libs-common yq-libs-control_plane_config yq-libs-control_plane_proxy diff --git a/ydb/core/yq/libs/init/CMakeLists.linux.txt b/ydb/core/yq/libs/init/CMakeLists.linux.txt index 940025921a..ca1957493c 100644 --- a/ydb/core/yq/libs/init/CMakeLists.linux.txt +++ b/ydb/core/yq/libs/init/CMakeLists.linux.txt @@ -23,6 +23,7 @@ target_link_libraries(yq-libs-init PUBLIC yq-libs-audit yq-libs-checkpoint_storage yq-libs-checkpointing + yq-libs-cloud_audit yq-libs-common yq-libs-control_plane_config yq-libs-control_plane_proxy diff --git a/ydb/core/yq/libs/init/init.cpp b/ydb/core/yq/libs/init/init.cpp index b50bc3b782..bb3133b869 100644 --- a/ydb/core/yq/libs/init/init.cpp +++ b/ydb/core/yq/libs/init/init.cpp @@ -5,6 +5,7 @@ #include <ydb/core/yq/libs/audit/yq_audit_service.h> #include <ydb/core/yq/libs/checkpoint_storage/storage_service.h> +#include <ydb/core/yq/libs/cloud_audit/yq_cloud_audit_service.h> #include <ydb/core/yq/libs/control_plane_config/control_plane_config.h> #include <ydb/core/yq/libs/control_plane_proxy/control_plane_proxy.h> #include <ydb/core/yq/libs/health/health.h> @@ -65,7 +66,6 @@ void Init( ::NPq::NConfigurationManager::IConnections::TPtr pqCmConnections, const IYqSharedResources::TPtr& iyqSharedResources, const std::function<IActor*(const NKikimrProto::NFolderService::TFolderServiceConfig& authConfig)>& folderServiceFactory, - const std::function<IActor*(const NYq::NConfig::TAuditConfig& auditConfig, const ::NMonitoring::TDynamicCounterPtr& counters)>& auditServiceFactory, ui32 icPort, const std::vector<NKikimr::NMiniKQL::TComputationNodeFactory>& additionalCompNodeFactories ) @@ -111,10 +111,10 @@ void Init( } if (protoConfig.GetAudit().GetEnabled()) { - auto* auditSerive = auditServiceFactory( + auto* auditService = NYq::CreateYqCloudAuditServiceActor( protoConfig.GetAudit(), yqCounters->GetSubgroup("subsystem", "audit")); - actorRegistrator(NYq::YqAuditServiceActorId(), auditSerive); + actorRegistrator(NYq::YqAuditServiceActorId(), auditService); } // if not enabled then stub diff --git a/ydb/core/yq/libs/init/init.h b/ydb/core/yq/libs/init/init.h index 16a196245a..bb19e6a5f2 100644 --- a/ydb/core/yq/libs/init/init.h +++ b/ydb/core/yq/libs/init/init.h @@ -35,7 +35,6 @@ void Init( ::NPq::NConfigurationManager::IConnections::TPtr pqCmConnections, const IYqSharedResources::TPtr& yqSharedResources, const std::function<IActor*(const NKikimrProto::NFolderService::TFolderServiceConfig& authConfig)>& folderServiceFactory, - const std::function<IActor*(const NYq::NConfig::TAuditConfig& auditConfig, const ::NMonitoring::TDynamicCounterPtr& counters)>& auditServiceFactory, ui32 icPort, const std::vector<NKikimr::NMiniKQL::TComputationNodeFactory>& additionalCompNodeFactories ); |