1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
#include "settings.h"
#include <util/datetime/base.h>
#include <util/stream/file.h>
#include <util/system/fs.h>
#include <set>
namespace NTvmAuth::NTvmApi {
void TClientSettings::CheckPermissions(const TString& dir) {
const TString name = dir + "/check.tmp";
try {
NFs::EnsureExists(dir);
TFile file(name, CreateAlways | RdWr);
NFs::Remove(name);
} catch (const std::exception& e) {
NFs::Remove(name);
ythrow TPermissionDenied() << "Permission denied to disk cache directory: " << e.what();
}
}
void TClientSettings::CheckValid() const {
if (DiskCacheDir) {
CheckPermissions(DiskCacheDir);
}
if (TStringBuf(Secret)) {
Y_ENSURE_EX(NeedServiceTicketsFetching(),
TBrokenTvmClientSettings() << "Secret is present but destinations list is empty. It makes no sense");
}
if (NeedServiceTicketsFetching()) {
Y_ENSURE_EX(SelfTvmId != 0,
TBrokenTvmClientSettings() << "SelfTvmId cannot be 0 if fetching of Service Tickets required");
Y_ENSURE_EX((TStringBuf)Secret,
TBrokenTvmClientSettings() << "Secret is required for fetching of Service Tickets");
}
if (CheckServiceTickets) {
Y_ENSURE_EX(SelfTvmId != 0,
TBrokenTvmClientSettings() << "SelfTvmId cannot be 0 if checking of Service Tickets required");
}
if (FetchRolesForIdmSystemSlug) {
Y_ENSURE_EX(DiskCacheDir,
TBrokenTvmClientSettings() << "Disk cache must be enabled to use roles: "
"they can be heavy");
}
bool needSmth = NeedServiceTicketsFetching() ||
IsServiceTicketCheckingRequired() ||
IsUserTicketCheckingRequired();
Y_ENSURE_EX(needSmth, TBrokenTvmClientSettings() << "Invalid settings: nothing to do");
// Useless now: keep it here to avoid forgetting check from TDst. TODO: PASSP-35377
for (const auto& dst : FetchServiceTicketsForDsts) {
Y_ENSURE_EX(dst.Id != 0, TBrokenTvmClientSettings() << "TvmId cannot be 0");
}
// TODO: check only FetchServiceTicketsForDsts_
// Python binding checks settings before normalization
for (const auto& [alias, dst] : FetchServiceTicketsForDstsWithAliases) {
Y_ENSURE_EX(dst.Id != 0, TBrokenTvmClientSettings() << "TvmId cannot be 0");
}
Y_ENSURE_EX(TiroleTvmId != 0, TBrokenTvmClientSettings() << "TiroleTvmId cannot be 0");
}
TClientSettings TClientSettings::CloneNormalized() const {
TClientSettings res = *this;
std::set<TTvmId> allDsts;
for (const auto& tvmid : res.FetchServiceTicketsForDsts) {
allDsts.insert(tvmid.Id);
}
for (const auto& [alias, tvmid] : res.FetchServiceTicketsForDstsWithAliases) {
allDsts.insert(tvmid.Id);
}
if (FetchRolesForIdmSystemSlug) {
allDsts.insert(res.TiroleTvmId);
}
res.FetchServiceTicketsForDsts = {allDsts.begin(), allDsts.end()};
res.CheckValid();
return res;
}
}
|