diff options
| author | Vasily Gerasimov <UgnineSirdis@gmail.com> | 2022-03-11 14:07:47 +0300 |
|---|---|---|
| committer | Vasily Gerasimov <UgnineSirdis@gmail.com> | 2022-03-11 14:07:47 +0300 |
| commit | f76f38d3d0493db22b293b1c651345169354cbba (patch) | |
| tree | fe787d77fdbbd1bb62bf5864e2d08343fdde97f9 | |
| parent | 430ee0144216edf8944b370d03cdb48790640f79 (diff) | |
| download | ydb-f76f38d3d0493db22b293b1c651345169354cbba.tar.gz | |
YQ-911 Support overriding CaCert setting in client settings in YDB SDK
Override CaCert in client settings
ref:bc7bc00fc3ca646bcb7866ee9a7b6b62b6f6038d
7 files changed, 23 insertions, 6 deletions
diff --git a/ydb/public/sdk/cpp/client/impl/ydb_internal/db_driver_state/state.cpp b/ydb/public/sdk/cpp/client/impl/ydb_internal/db_driver_state/state.cpp index 7364c34524..ff21e8e71a 100644 --- a/ydb/public/sdk/cpp/client/impl/ydb_internal/db_driver_state/state.cpp +++ b/ydb/public/sdk/cpp/client/impl/ydb_internal/db_driver_state/state.cpp @@ -20,12 +20,14 @@ TDbDriverState::TDbDriverState( const TStringType& discoveryEndpoint, EDiscoveryMode discoveryMode, bool enableSsl, + const TStringType& caCert, IInternalClient* client ) : Database(database) , DiscoveryEndpoint(discoveryEndpoint) , DiscoveryMode(discoveryMode) , EnableSsl(enableSsl) + , CaCert(caCert) , Client(client) , EndpointPool([this, client]() mutable { // this callback will be called just after shared_ptr initialization @@ -126,6 +128,7 @@ TDbDriverStatePtr TDbDriverStateTracker::GetDriverState( TStringType discoveryEndpoint, EDiscoveryMode discoveryMode, bool enableSsl, + TStringType caCert, std::shared_ptr<ICredentialsProviderFactory> credentialsProviderFactory ) { TStringType clientIdentity; @@ -133,7 +136,7 @@ TDbDriverStatePtr TDbDriverStateTracker::GetDriverState( clientIdentity = credentialsProviderFactory->GetClientIdentity(); } Quote(database); - const TStateKey key{database, discoveryEndpoint, clientIdentity, discoveryMode, enableSsl}; + const TStateKey key{database, discoveryEndpoint, clientIdentity, discoveryMode, enableSsl, caCert}; { std::shared_lock lock(Lock_); auto state = States_.find(key); @@ -180,6 +183,7 @@ TDbDriverStatePtr TDbDriverStateTracker::GetDriverState( discoveryEndpoint, discoveryMode, enableSsl, + caCert, DiscoveryClient_), deleter); diff --git a/ydb/public/sdk/cpp/client/impl/ydb_internal/db_driver_state/state.h b/ydb/public/sdk/cpp/client/impl/ydb_internal/db_driver_state/state.h index e0ce63e4b8..77f41c03f0 100644 --- a/ydb/public/sdk/cpp/client/impl/ydb_internal/db_driver_state/state.h +++ b/ydb/public/sdk/cpp/client/impl/ydb_internal/db_driver_state/state.h @@ -31,6 +31,7 @@ public: const TStringType& discoveryEndpoint, EDiscoveryMode discoveryMode, bool enableSsl, + const TStringType& caCert, IInternalClient* client ); @@ -48,6 +49,7 @@ public: const TStringType DiscoveryEndpoint; const EDiscoveryMode DiscoveryMode; const bool EnableSsl; + const TStringType CaCert; std::shared_ptr<ICredentialsProvider> CredentialsProvider; IInternalClient* Client; TEndpointPool EndpointPool; @@ -66,7 +68,7 @@ public: // Tracker allows to get driver state by database and credentials class TDbDriverStateTracker { - using TStateKey = std::tuple<TStringType, TStringType, TStringType, EDiscoveryMode, bool>; + using TStateKey = std::tuple<TStringType, TStringType, TStringType, EDiscoveryMode, bool, TStringType>; struct TStateKeyHash { size_t operator()(const TStateKey& k) const noexcept { THash<TStringType> strHash; @@ -74,7 +76,8 @@ class TDbDriverStateTracker { const size_t h1 = strHash(std::get<1>(k)); const size_t h2 = strHash(std::get<2>(k)); const size_t h3 = ((size_t)std::get<3>(k) << 1) + (size_t)std::get<4>(k); - return (h0 ^ h1 ^ h2 ^ h3); + const size_t h5 = strHash(std::get<5>(k)); + return (h0 ^ h1 ^ h2 ^ h3 ^ h5); } }; public: @@ -84,6 +87,7 @@ public: TStringType DiscoveryEndpoint, EDiscoveryMode discoveryMode, bool enableSsl, + TStringType caCert, std::shared_ptr<ICredentialsProviderFactory> credentialsProviderFactory ); NThreading::TFuture<void> SendNotification( diff --git a/ydb/public/sdk/cpp/client/impl/ydb_internal/grpc_connections/grpc_connections.cpp b/ydb/public/sdk/cpp/client/impl/ydb_internal/grpc_connections/grpc_connections.cpp index 0f75d872c8..b2b47f663a 100644 --- a/ydb/public/sdk/cpp/client/impl/ydb_internal/grpc_connections/grpc_connections.cpp +++ b/ydb/public/sdk/cpp/client/impl/ydb_internal/grpc_connections/grpc_connections.cpp @@ -180,6 +180,7 @@ TGRpcConnectionsImpl::TGRpcConnectionsImpl(std::shared_ptr<IConnectionsParams> p DefaultDiscoveryEndpoint_, DefaultDiscoveryMode_, EnableSsl_, + CaCert_, DefaultCredentialsProviderFactory_ ); } @@ -267,6 +268,7 @@ TDbDriverStatePtr TGRpcConnectionsImpl::GetDriverState( const TMaybe<TStringType>& discoveryEndpoint, const TMaybe<EDiscoveryMode>& discoveryMode, const TMaybe<bool>& enableSsl, + const TMaybe<TStringType>& caCert, const TMaybe<std::shared_ptr<ICredentialsProviderFactory>>& credentialsProviderFactory ) { return StateTracker_.GetDriverState( @@ -274,6 +276,7 @@ TDbDriverStatePtr TGRpcConnectionsImpl::GetDriverState( discoveryEndpoint ? discoveryEndpoint.GetRef() : DefaultDiscoveryEndpoint_, discoveryMode ? discoveryMode.GetRef() : DefaultDiscoveryMode_, enableSsl ? enableSsl.GetRef() : EnableSsl_, + caCert ? caCert.GetRef() : CaCert_, credentialsProviderFactory ? credentialsProviderFactory.GetRef() : DefaultCredentialsProviderFactory_); } diff --git a/ydb/public/sdk/cpp/client/impl/ydb_internal/grpc_connections/grpc_connections.h b/ydb/public/sdk/cpp/client/impl/ydb_internal/grpc_connections/grpc_connections.h index 2c310525ba..2ff3360d42 100644 --- a/ydb/public/sdk/cpp/client/impl/ydb_internal/grpc_connections/grpc_connections.h +++ b/ydb/public/sdk/cpp/client/impl/ydb_internal/grpc_connections/grpc_connections.h @@ -61,6 +61,7 @@ public: const TMaybe<TStringType>& discoveryEndpoint, const TMaybe<EDiscoveryMode>& discoveryMode, const TMaybe<bool>& enableSsl, + const TMaybe<TStringType>& caCert, const TMaybe<std::shared_ptr<ICredentialsProviderFactory>>& credentialsProviderFactory ); IQueueClientContextPtr CreateContext() override; @@ -80,7 +81,7 @@ public: { auto clientConfig = NGrpc::TGRpcClientConfig(dbState->DiscoveryEndpoint); clientConfig.EnableSsl = dbState->EnableSsl; - clientConfig.SslCaCert = CaCert_; + clientConfig.SslCaCert = dbState->CaCert; clientConfig.MemQuota = MemoryQuota_; if (std::is_same<TService,Ydb::Discovery::V1::DiscoveryService>() diff --git a/ydb/public/sdk/cpp/client/ydb_common_client/impl/client.h b/ydb/public/sdk/cpp/client/ydb_common_client/impl/client.h index c43e9aab69..a571fe26c7 100644 --- a/ydb/public/sdk/cpp/client/ydb_common_client/impl/client.h +++ b/ydb/public/sdk/cpp/client/ydb_common_client/impl/client.h @@ -19,9 +19,10 @@ public: const TMaybe<TString>& discoveryEndpoint, const TMaybe<EDiscoveryMode>& discoveryMode, const TMaybe<bool>& enableSsl, + const TMaybe<TString>& caCert, const TMaybe<std::shared_ptr<ICredentialsProviderFactory>>& credentialsProviderFactory) : Connections_(std::move(connections)) - , DbDriverState_(Connections_->GetDriverState(database, discoveryEndpoint, discoveryMode, enableSsl, credentialsProviderFactory)) + , DbDriverState_(Connections_->GetDriverState(database, discoveryEndpoint, discoveryMode, enableSsl, caCert, credentialsProviderFactory)) { Y_VERIFY(DbDriverState_); } @@ -36,6 +37,7 @@ public: settings.DiscoveryEndpoint_, settings.DiscoveryMode_, settings.EnableSsl_, + settings.CaCert_, settings.CredentialsProviderFactory_ ) ) diff --git a/ydb/public/sdk/cpp/client/ydb_common_client/settings.h b/ydb/public/sdk/cpp/client/ydb_common_client/settings.h index 4ada7c09d0..d733392639 100644 --- a/ydb/public/sdk/cpp/client/ydb_common_client/settings.h +++ b/ydb/public/sdk/cpp/client/ydb_common_client/settings.h @@ -31,6 +31,8 @@ struct TCommonClientSettings { FLUENT_SETTING_OPTIONAL(EDiscoveryMode, DiscoveryMode); //! Allows to override current Ssl mode FLUENT_SETTING_OPTIONAL(bool, EnableSsl); + //! Allows to override current Ssl cert + FLUENT_SETTING_OPTIONAL(TStringType, CaCert); }; template<class TDerived> @@ -48,6 +50,7 @@ struct TCommonClientSettingsBase : public TCommonClientSettings { COMMON_CLIENT_SETTINGS_TO_DERIVED(std::shared_ptr<ICredentialsProviderFactory>, CredentialsProviderFactory); COMMON_CLIENT_SETTINGS_TO_DERIVED(EDiscoveryMode, DiscoveryMode); COMMON_CLIENT_SETTINGS_TO_DERIVED(bool, EnableSsl); + COMMON_CLIENT_SETTINGS_TO_DERIVED(TStringType, CaCert); #undef COMMON_CLIENT_SETTINGS_TO_DERIVED diff --git a/ydb/public/sdk/cpp/client/ydb_persqueue_core/impl/persqueue_impl.h b/ydb/public/sdk/cpp/client/ydb_persqueue_core/impl/persqueue_impl.h index 57e9dd43bf..b92b123abe 100644 --- a/ydb/public/sdk/cpp/client/ydb_persqueue_core/impl/persqueue_impl.h +++ b/ydb/public/sdk/cpp/client/ydb_persqueue_core/impl/persqueue_impl.h @@ -24,7 +24,7 @@ public: // Async discovery mode is used because this client is created inside SDK threads. // See YDB-1231 and YDB-1232. TImpl(const TString& clusterEndpoint, std::shared_ptr<TGRpcConnectionsImpl> connections, const TPersQueueClientSettings& settings) - : TClientImplCommon(std::move(connections), settings.Database_, clusterEndpoint, EDiscoveryMode::Async, settings.EnableSsl_, settings.CredentialsProviderFactory_) + : TClientImplCommon(std::move(connections), settings.Database_, clusterEndpoint, EDiscoveryMode::Async, settings.EnableSsl_, settings.CaCert_, settings.CredentialsProviderFactory_) , Settings(settings) , CustomEndpoint(clusterEndpoint) { |