Fix sqs json api folder service token (ydb-platform#11244)

iddqdex · Nov 5, 2024 · 97340e3 · 97340e3
1 parent 4d16fd9
commit 97340e3
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 18 deletions.
diff --git a/ydb/core/http_proxy/http_req.cpp b/ydb/core/http_proxy/http_req.cpp
@@ -462,6 +462,7 @@ namespace NKikimr::NHttpProxy {
 
         public:
             void Bootstrap(const TActorContext& ctx) {
+                PoolId = ctx.SelfID.PoolID();
                 StartTime = ctx.Now();
                 try {
                     HttpContext.RequestBodyToProto(&Request);
@@ -553,15 +554,14 @@ namespace NKikimr::NHttpProxy {
                         .Counters = nullptr,
                         .AWSSignature = std::move(HttpContext.GetSignature()),
                         .IAMToken = HttpContext.IamToken,
-                        .FolderID = HttpContext.FolderId
+                        .FolderID = HttpContext.FolderId,
+                        .RequestFormat = NSQS::TAuthActorData::Json,
+                        .Requester = ctx.SelfID
                     };
 
-                    auto authRequestProxy = MakeHolder<NSQS::THttpProxyAuthRequestProxy>(
-                        std::move(data),
-                        "",
-                        ctx.SelfID);
-
-                    ctx.RegisterWithSameMailbox(authRequestProxy.Release());
+                    AppData(ctx.ActorSystem())->SqsAuthFactory->RegisterAuthActor(
+                        *ctx.ActorSystem(),
+                        std::move(data));
                 }
 
                 ctx.Schedule(RequestTimeout, new TEvents::TEvWakeup());

diff --git a/ydb/core/http_proxy/ut/datastreams_fixture.h b/ydb/core/http_proxy/ut/datastreams_fixture.h
@@ -17,6 +17,7 @@
 #include <ydb/core/http_proxy/http_service.h>
 #include <ydb/core/http_proxy/metrics_actor.h>
 #include <ydb/core/mon/sync_http_mon.h>
+#include <ydb/core/ymq/actor/auth_multi_factory.h>
 
 #include <ydb/library/aclib/aclib.h>
 #include <ydb/library/persqueue/tests/counters.h>
@@ -859,6 +860,11 @@ class THttpProxyTestMock : public NUnitTest::TBaseFixture {
         actorId = as->Register(NKikimr::NFolderService::CreateFolderServiceActor(folderServiceConfig, "cloud4"));
         as->RegisterLocalService(NSQS::MakeSqsFolderServiceID(), actorId);
 
+        NActors::TActorSystemSetup::TLocalServices services {};
+        MultiAuthFactory = std::make_unique<NKikimr::NSQS::TMultiAuthFactory>();
+        MultiAuthFactory->Initialize(services, *AppData(as), AppData(as)->SqsConfig);
+        AppData(as)->SqsAuthFactory = MultiAuthFactory.get();
+
         for (ui32 i = 0; i < ActorRuntime->GetNodeCount(); i++) {
             auto nodeId = ActorRuntime->GetNodeId(i);
 
@@ -898,6 +904,7 @@ class THttpProxyTestMock : public NUnitTest::TBaseFixture {
     std::unique_ptr<grpc::Server> AccessServiceServer;
     std::unique_ptr<grpc::Server> IamTokenServer;
     std::unique_ptr<grpc::Server> DatabaseServiceServer;
+    std::unique_ptr<NKikimr::NSQS::TMultiAuthFactory> MultiAuthFactory;
     TAutoPtr<TMon> Monitoring;
     TIntrusivePtr<NMonitoring::TDynamicCounters> Counters = {};
     THolder<NYdbGrpc::TGRpcServer> GRpcServer;

diff --git a/ydb/core/ymq/actor/auth_factory.h b/ydb/core/ymq/actor/auth_factory.h
@@ -13,28 +13,29 @@ namespace NKikimr::NSQS {
 struct TAuthActorData {
     // Used by both private and public API
 
+    enum ESqsRequestFormat {
+        Xml = 0,
+        Json
+    };
+
     THolder<NKikimrClient::TSqsRequest> SQSRequest;
     THolder<IReplyCallback> HTTPCallback;
     std::function<void(TString)> UserSidCallback;
-
     bool EnableQueueLeader;
-
     // Used by private API only
-
     EAction Action;
-
     ui32 ExecutorPoolID;
     TStringBuf CloudID;
     TStringBuf ResourceID;
-
     TCloudAuthCounters * Counters; //nullptr when constructed from public API
-
     THolder<TAwsRequestSignV4> AWSSignature;
-
     // Used only by private API for which AWSSignature is empty.
 
     TStringBuf IAMToken;
     TStringBuf FolderID;
+
+    ESqsRequestFormat RequestFormat = Xml;
+    TActorId Requester;
 };
 
 /**

diff --git a/ydb/core/ymq/actor/auth_multi_factory.cpp b/ydb/core/ymq/actor/auth_multi_factory.cpp
@@ -583,10 +583,21 @@ void TMultiAuthFactory::RegisterAuthActor(NActors::TActorSystem& system, TAuthAc
     }
 
     const ui32 poolID = data.ExecutorPoolID;
-    system.Register(                                                        //token needed only for ResourceManager
-        new TCloudAuthRequestProxy(std::move(data), UseResourceManagerFolderService_ ? CredentialsProvider_->GetAuthInfo() : ""),
-        NActors::TMailboxType::HTSwap,
-        poolID);
+
+    // token needed only for ResourceManager
+    const auto token = UseResourceManagerFolderService_ ? CredentialsProvider_->GetAuthInfo() : "";
+
+    if (data.RequestFormat == NSQS::TAuthActorData::Json) {
+        system.Register(
+            new THttpProxyAuthRequestProxy(std::move(data), token, data.Requester),
+            NActors::TMailboxType::HTSwap,
+            poolID);
+    } else {
+        system.Register(
+            new TCloudAuthRequestProxy(std::move(data), token),
+            NActors::TMailboxType::HTSwap,
+            poolID);
+    }
 }
 
 TMultiAuthFactory::TCredentialsFactoryPtr