diff options
| author | ivanmorozov <ivanmorozov@yandex-team.com> | 2022-12-20 16:35:58 +0300 |
|---|---|---|
| committer | ivanmorozov <ivanmorozov@yandex-team.com> | 2022-12-20 16:35:58 +0300 |
| commit | ec56091007b81e45277c49d5c88ef1fa85c25de2 (patch) | |
| tree | 215151e3ce01d065d153f0a25681fecc6bda29b2 | |
| parent | 39a690bb36ba82cd67c87f9f72608ec845d407f1 (diff) | |
| download | ydb-ec56091007b81e45277c49d5c88ef1fa85c25de2.tar.gz | |
use default all-users group in general case. not kikimr only.
| -rw-r--r-- | ydb/core/base/appdata.h | 2 | ||||
| -rw-r--r-- | ydb/core/driver_lib/run/run.cpp | 9 | ||||
| -rw-r--r-- | ydb/core/protos/config.proto | 2 |
3 files changed, 9 insertions, 4 deletions
diff --git a/ydb/core/base/appdata.h b/ydb/core/base/appdata.h index 8be75810dc..f7b64137e9 100644 --- a/ydb/core/base/appdata.h +++ b/ydb/core/base/appdata.h @@ -149,7 +149,7 @@ struct TAppData { bool UsePartitionStatsCollectorForTests = false; TVector<TString> AdministrationAllowedSIDs; // users/groups which allowed to perform administrative tasks TVector<TString> DefaultUserSIDs; - TString AllAuthenticatedUsers; + TString AllAuthenticatedUsers = "all-users@well-known"; TString TenantName; TResourceProfilesPtr ResourceProfiles; diff --git a/ydb/core/driver_lib/run/run.cpp b/ydb/core/driver_lib/run/run.cpp index 8413bf636e..6dec2e73f6 100644 --- a/ydb/core/driver_lib/run/run.cpp +++ b/ydb/core/driver_lib/run/run.cpp @@ -122,6 +122,7 @@ #include <library/cpp/actors/prof/tag.h> #include <ydb/library/yql/minikql/invoke_builtins/mkql_builtins.h> +#include <util/charset/wide.h> #include <util/folder/dirut.h> #include <util/system/file.h> #include <util/system/getpid.h> @@ -203,8 +204,12 @@ public: TVector<TString> defaultUserSIDs(securityConfig.GetDefaultUserSIDs().begin(), securityConfig.GetDefaultUserSIDs().end()); appData->DefaultUserSIDs = std::move(defaultUserSIDs); } - const auto& allAuthenticatedUsers = securityConfig.GetAllAuthenticatedUsers(); - appData->AllAuthenticatedUsers = !allAuthenticatedUsers.Empty() ? allAuthenticatedUsers : "all-users@well-known"; + if (securityConfig.HasAllAuthenticatedUsers()) { + const TString& allUsersGroup = Strip(securityConfig.GetAllAuthenticatedUsers()); + if (allUsersGroup) { + appData->AllAuthenticatedUsers = allUsersGroup; + } + } appData->FeatureFlags = Config.GetFeatureFlags(); appData->AllowHugeKeyValueDeletes = Config.GetFeatureFlags().GetAllowHugeKeyValueDeletes(); diff --git a/ydb/core/protos/config.proto b/ydb/core/protos/config.proto index a48324b33d..0f19054433 100644 --- a/ydb/core/protos/config.proto +++ b/ydb/core/protos/config.proto @@ -223,7 +223,7 @@ message TDomainsConfig { repeated string MonitoringAllowedSIDs = 2; repeated string AdministrationAllowedSIDs = 3; repeated string DefaultUserSIDs = 4; - optional string AllAuthenticatedUsers = 5 [default = "all-users@well-known"]; + optional string AllAuthenticatedUsers = 5; repeated string ViewerAllowedSIDs = 6; message TUser { |