Merge 3db8b40 into f72af11

Author: molotkov-and

ydb/core/client/flat_ut.cpp

@@ -1282,7 +1282,9 @@ Y_UNIT_TEST_SUITE(TFlatTest) {
     Y_UNIT_TEST(CheckACL) {
         TPortManager pm;
         ui16 port = pm.GetPort(2134);
-        TServer cleverServer = TServer(TServerSettings(port));
+        NKikimrProto::TAuthConfig authConfig;
+        authConfig.SetUseBuiltinDomain(true);
+        TServer cleverServer = TServer(TServerSettings(port, authConfig));
         if (!true) {
             cleverServer.GetRuntime()->SetLogPriority(NKikimrServices::FLAT_TX_SCHEMESHARD, NActors::NLog::PRI_DEBUG);
             cleverServer.GetRuntime()->SetLogPriority(NKikimrServices::TX_DATASHARD, NActors::NLog::PRI_DEBUG);

ydb/core/kqp/ut/common/kqp_ut_common.cpp

@@ -108,7 +108,9 @@ TKikimrRunner::TKikimrRunner(const TKikimrSettings& settings) {
 
     effectiveKqpSettings.insert(effectiveKqpSettings.end(), settings.KqpSettings.begin(), settings.KqpSettings.end());
 
-    ServerSettings.Reset(MakeHolder<Tests::TServerSettings>(mbusPort, NKikimrProto::TAuthConfig(), settings.PQConfig));
+    NKikimrProto::TAuthConfig authConfig;
+    authConfig.SetUseBuiltinDomain(true);
+    ServerSettings.Reset(MakeHolder<Tests::TServerSettings>(mbusPort, authConfig, settings.PQConfig));
     ServerSettings->SetDomainName(settings.DomainRoot);
     ServerSettings->SetKqpSettings(effectiveKqpSettings);
 

ydb/core/protos/auth.proto

@@ -48,6 +48,7 @@ message TAuthConfig {
     optional string LdapAuthenticationDomain = 75 [default = "ldap"];
     optional bool UseAccessServiceApiKey = 76 [default = false]; // Use IAM ApiKey
     optional string AsSignatureExpireTime = 77 [default = "1m"];
+    optional bool UseBuiltinDomain = 78 [default = false];
 }
 
 message TUserRegistryConfig {

ydb/core/security/ticket_parser_impl.h

@@ -465,7 +465,7 @@ class TTicketParserImpl : public TActorBootstrapped<TDerived> {
 
     template <typename TTokenRecord>
     bool CanInitBuiltinToken(const TString& key, TTokenRecord& record) {
-        if (record.TokenType == TDerived::ETokenType::Unknown || record.TokenType == TDerived::ETokenType::Builtin) {
+        if (Config.GetUseBuiltinDomain() && (record.TokenType == TDerived::ETokenType::Unknown || record.TokenType == TDerived::ETokenType::Builtin)) {
             if(record.Ticket.EndsWith("@" BUILTIN_ACL_DOMAIN)) {
                 record.TokenType = TDerived::ETokenType::Builtin;
                 SetToken(key, record, new NACLib::TUserToken({

ydb/core/sys_view/ut_common.cpp

@@ -32,7 +32,9 @@ TTestEnv::TTestEnv(ui32 staticNodes, ui32 dynamicNodes, ui32 storagePools, ui32
 
     TVector<NKikimrKqp::TKqpSetting> kqpSettings;
 
-    Settings = new Tests::TServerSettings(mbusPort);
+    NKikimrProto::TAuthConfig authConfig;
+    authConfig.SetUseBuiltinDomain(true);
+    Settings = new Tests::TServerSettings(mbusPort, authConfig);
     Settings->SetDomainName("Root");
     Settings->SetNodeCount(staticNodes);
     Settings->SetDynamicNodeCount(dynamicNodes);

ydb/core/testlib/test_pq_client.h

@@ -28,6 +28,7 @@ const static ui32 PQ_DEFAULT_NODE_COUNT = 2;
 inline Tests::TServerSettings PQSettings(ui16 port = 0, ui32 nodesCount = PQ_DEFAULT_NODE_COUNT, const TString& yql_timeout = "10", const THolder<TTempFileHandle>& netDataFile = nullptr) {
     NKikimrPQ::TPQConfig pqConfig;
     NKikimrProto::TAuthConfig authConfig;
+    authConfig.SetUseBuiltinDomain(true);
     authConfig.SetUseBlackBox(false);
     authConfig.SetUseAccessService(false);
     authConfig.SetUseAccessServiceTLS(false);
@@ -542,7 +543,7 @@ class TFlatMsgBusPQClient : public NFlatTests::TFlatMsgBusClient {
         auto driverConfig = NYdb::TDriverConfig()
             .SetEndpoint(endpoint)
             .SetLog(CreateLogBackend("cerr", ELogPriority::TLOG_DEBUG));
-        if (databaseName) 
+        if (databaseName)
             driverConfig.SetDatabase(*databaseName);
         Driver.Reset(MakeHolder<NYdb::TDriver>(driverConfig));
 
@@ -791,7 +792,7 @@ class TFlatMsgBusPQClient : public NFlatTests::TFlatMsgBusClient {
     {
         auto response = RequestTopicMetadata(name);
 
-        if (response.GetErrorCode() != (ui32)NPersQueue::NErrorCode::OK) 
+        if (response.GetErrorCode() != (ui32)NPersQueue::NErrorCode::OK)
             return 0;
 
         UNIT_ASSERT(response.HasMetaResponse());
@@ -1081,7 +1082,7 @@ class TFlatMsgBusPQClient : public NFlatTests::TFlatMsgBusClient {
         Cerr << "ChooseProxy response:\n" << PrintToString(response) << Endl;
 
         UNIT_ASSERT_C(status.ok(), status.error_message());
- 
+
         UNIT_ASSERT_VALUES_EQUAL_C((NMsgBusProxy::EResponseStatus)response.GetStatus(), NMsgBusProxy::MSTATUS_OK, "proxy failure");
     }
 
@@ -1096,7 +1097,7 @@ class TFlatMsgBusPQClient : public NFlatTests::TFlatMsgBusClient {
         TString cookie = GetOwnership({writeRequest.Topic, writeRequest.Partition}, expectedOwnerStatus);
 
         THolder<NMsgBusProxy::TBusPersQueue> request = writeRequest.GetRequest(data, cookie);
-        if (!ticket.empty()) 
+        if (!ticket.empty())
             request.Get()->Record.SetTicket(ticket);
 
         auto response = CallPersQueueGRPC(request->Record);

ydb/core/tx/tiering/ut/ut_tiers.cpp

@@ -533,7 +533,9 @@ Y_UNIT_TEST_SUITE(ColumnShardTiers) {
         ui32 grpcPort = pm.GetPort();
         ui32 msgbPort = pm.GetPort();
 
-        Tests::TServerSettings serverSettings(msgbPort);
+        NKikimrProto::TAuthConfig authConfig;
+        authConfig.SetUseBuiltinDomain(true);
+        Tests::TServerSettings serverSettings(msgbPort, authConfig);
         serverSettings.Port = msgbPort;
         serverSettings.GrpcPort = grpcPort;
         serverSettings.SetDomainName("Root")

ydb/services/metadata/initializer/ut/ut_init.cpp

@@ -108,7 +108,9 @@ Y_UNIT_TEST_SUITE(Initializer) {
         ui32 grpcPort = pm.GetPort();
         ui32 msgbPort = pm.GetPort();
 
-        Tests::TServerSettings serverSettings(msgbPort);
+        NKikimrProto::TAuthConfig authConfig;
+        authConfig.SetUseBuiltinDomain(true);
+        Tests::TServerSettings serverSettings(msgbPort, authConfig);
         serverSettings.Port = msgbPort;
         serverSettings.GrpcPort = grpcPort;
         serverSettings.SetDomainName("Root")

ydb/services/metadata/secret/ut/ut_secret.cpp

@@ -258,7 +258,9 @@ Y_UNIT_TEST_SUITE(Secret) {
         NKikimrConfig::TAppConfig appConfig;
         appConfig.MutableTableServiceConfig()->SetEnablePreparedDdl(true);
 
-        Tests::TServerSettings serverSettings(msgbPort);
+        NKikimrProto::TAuthConfig authConfig;
+        authConfig.SetUseBuiltinDomain(true);
+        Tests::TServerSettings serverSettings(msgbPort, authConfig);
         serverSettings.Port = msgbPort;
         serverSettings.GrpcPort = grpcPort;
         serverSettings.SetDomainName("Root")

ydb/services/ydb/ydb_common_ut.h

@@ -59,7 +59,10 @@ class TBasicKikimrWithGrpcAndRootSchema {
     {
         ui16 port = PortManager.GetPort(2134);
         ui16 grpc = PortManager.GetPort(2135);
-        ServerSettings = new TServerSettings(port);
+
+        NKikimrProto::TAuthConfig authConfig = appConfig.GetAuthConfig();
+        authConfig.SetUseBuiltinDomain(true);
+        ServerSettings = new TServerSettings(port, authConfig);
         ServerSettings->SetGrpcPort(grpc);
         ServerSettings->SetLogBackend(logBackend);
         ServerSettings->SetDomainName("Root");
@@ -78,7 +81,6 @@ class TBasicKikimrWithGrpcAndRootSchema {
             ServerSettings->AddStoragePoolType("hdd2");
         }
         ServerSettings->AppConfig->MergeFrom(appConfig);
-        ServerSettings->AuthConfig = appConfig.GetAuthConfig();
         ServerSettings->FeatureFlags = appConfig.GetFeatureFlags();
         ServerSettings->SetKqpSettings(kqpSettings);
         ServerSettings->SetEnableDataColumnForIndexTable(true);

ydb/tests/library/harness/kikimr_config.py

@@ -331,6 +331,9 @@ def __init__(
 
         if auth_config_path:
             self.yaml_config["auth_config"] = _load_yaml_config(auth_config_path)
+        else:
+            self.yaml_config['auth_config'] = {}
+        self.yaml_config['auth_config']['use_builtin_domain'] = True
 
         if fq_config_path:
             self.yaml_config["federated_query_config"] = _load_yaml_config(fq_config_path)