1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
#pragma once
#include <library/cpp/tvmauth/version.h>
#include <library/cpp/tvmauth/client/facade.h>
#include <library/cpp/tvmauth/client/misc/utils.h>
#include <library/cpp/tvmauth/client/misc/api/threaded_updater.h>
#include <library/cpp/tvmauth/client/misc/tool/settings.h>
#include <util/system/getpid.h>
namespace NTvmAuth {
class TPidCheckedClient: public TTvmClient {
public:
using TTvmClient::TTvmClient;
TString GetServiceTicketFor(const TClientSettings::TAlias& dst) const {
pid_.check();
return TTvmClient::GetServiceTicketFor(dst);
}
TString GetServiceTicketFor(const TTvmId dst) const {
pid_.check();
return TTvmClient::GetServiceTicketFor(dst);
}
TCheckedServiceTicket CheckServiceTicket(TStringBuf ticket) const {
pid_.check();
return TTvmClient::CheckServiceTicket(ticket);
}
TCheckedUserTicket CheckUserTicket(TStringBuf ticket) const {
pid_.check();
return TTvmClient::CheckUserTicket(ticket);
}
TCheckedUserTicket CheckUserTicketWithOveridedEnv(TStringBuf ticket, EBlackboxEnv env) const {
pid_.check();
return TTvmClient::CheckUserTicket(ticket, env);
}
static TStringBuf StatusToString(TClientStatus::ECode s) {
switch (s) {
case TClientStatus::Ok:
return "TvmClient cache is ok";
case TClientStatus::Warning:
return "Normal operation of TvmClient is still possible but there are problems with refreshing cache "
"so it is expiring; "
"is tvm-api.yandex.net accessible? "
"have you changed your TVM-secret or your backend (dst) deleted its TVM-client?";
case TClientStatus::Error:
return "TvmClient cache is already invalid (expired) or soon will be: "
"you can't check valid ServiceTicket or be authenticated by your backends (dsts)";
case TClientStatus::IncompleteTicketsSet:
return "TvmClient cant fetch some of your tickets, this should not happen. ";
}
return "impossible case";
}
private:
struct TPidCheck {
TPidCheck()
: pid_(GetPID())
{
}
void check() const {
const TProcessId pid = GetPID();
Y_ENSURE_EX(pid == pid_,
TNonRetriableException()
<< "Creating TvmClient is forbidden before fork. Original pid: " << pid_
<< ". Current pid: " << pid);
}
private:
const TProcessId pid_;
} const pid_;
};
TString GetServiceTicketForId(const TPidCheckedClient& cl, TTvmId dst) {
return cl.GetServiceTicketFor(dst);
}
class TCustomUpdater: public NTvmApi::TThreadedUpdater {
public:
TCustomUpdater(const NTvmApi::TClientSettings& settings, TLoggerPtr logger)
: TThreadedUpdater(settings, logger)
{
WorkerAwakingPeriod_ = TDuration::MilliSeconds(100);
PublicKeysDurations_.RefreshPeriod = TDuration::MilliSeconds(100);
Init();
StartWorker();
}
};
TPidCheckedClient* CreateTvmApiClient(NTvmApi::TClientSettings& s, TLoggerPtr logger) {
s.LibVersionPrefix = "py_";
Y_ENSURE(s.IsIncompleteTicketsSetAnError, "incomplete tickets set is not supported in ticket_parser2");
return new TPidCheckedClient(s, logger);
}
class TTvmToolClientSettings: public NTvmTool::TClientSettings {
public:
using TClientSettings::TClientSettings;
};
TPidCheckedClient* CreateTvmToolClient(const TTvmToolClientSettings& s, TLoggerPtr logger) {
// We need to disable roles logic: client doesn't allow to use it correctly
NTvmTool::TClientSettings settingsCopy = s;
settingsCopy.ShouldCheckSrc = false;
settingsCopy.ShouldCheckDefaultUid = false;
return new TPidCheckedClient(settingsCopy, logger);
}
TString GetPyVersion() {
return TString("py_") + LibVersion();
}
void StartTvmClientStopping(TPidCheckedClient* cl) {
NInternal::TClientCaningKnife::StartTvmClientStopping(cl);
}
bool IsTvmClientStopped(TPidCheckedClient* cl) {
return NInternal::TClientCaningKnife::IsTvmClientStopped(cl);
}
void DestroyTvmClient(TPidCheckedClient* cl) {
delete cl;
}
}
|
