[Ldap] Improve parse hosts (#6864)

Author: molotkov-and

ydb/core/security/ldap_auth_provider/ldap_auth_provider.cpp

@@ -2,6 +2,7 @@
 #include <ydb/library/actors/core/log.h>
 #include <ydb/core/base/ticket_parser.h>
 #include <ydb/core/security/ticket_parser_log.h>
+#include <ydb/core/util/address_classifier.h>
 #include <queue>
 #include "ldap_auth_provider.h"
 #include "ldap_utils.h"
@@ -70,6 +71,7 @@ class TLdapAuthProvider : public NActors::TActorBootstrapped<TLdapAuthProvider>
     TLdapAuthProvider(const NKikimrProto::TLdapAuthentication& settings)
         : Settings(settings)
         , FilterCreator(Settings)
+        , UrisCreator(Settings, Settings.GetPort() != 0 ? Settings.GetPort() : NKikimrLdap::GetPort(Settings.GetScheme()))
     {
         const TString& requestedGroupAttribute = Settings.GetRequestedGroupAttribute();
         RequestedAttributes[0] = const_cast<char*>(requestedGroupAttribute.empty() ? "memberOf" : requestedGroupAttribute.c_str());
@@ -186,7 +188,7 @@ class TLdapAuthProvider : public NActors::TActorBootstrapped<TLdapAuthProvider>
         result = NKikimrLdap::Bind(*ld, Settings.GetBindDn(), Settings.GetBindPassword());
         if (!NKikimrLdap::IsSuccess(result)) {
             TEvLdapAuthProvider::TError error {
-                .Message = "Could not perform initial LDAP bind for dn " + Settings.GetBindDn() + " on server " + UrisList + "\n"
+                .Message = "Could not perform initial LDAP bind for dn " + Settings.GetBindDn() + " on server " + UrisCreator.GetUris() + "\n"
                             + NKikimrLdap::ErrorToString(result),
                 .Retryable = NKikimrLdap::IsRetryableError(result)
             };
@@ -215,12 +217,10 @@ class TLdapAuthProvider : public NActors::TActorBootstrapped<TLdapAuthProvider>
             }
         }
 
-        const ui32 port = Settings.GetPort() != 0 ? Settings.GetPort() : NKikimrLdap::GetPort(Settings.GetScheme());
-        UrisList = GetUris(port);
-        result = NKikimrLdap::Init(ld, Settings.GetScheme(), UrisList, port);
+        result = NKikimrLdap::Init(ld, Settings.GetScheme(), UrisCreator.GetUris(), UrisCreator.GetConfiguredPort());
         if (!NKikimrLdap::IsSuccess(result)) {
             return {{TEvLdapAuthProvider::EStatus::UNAVAILABLE,
-                    {.Message = "Could not initialize LDAP connection for uris: " + UrisList + ". " + NKikimrLdap::LdapError(*ld),
+                    {.Message = "Could not initialize LDAP connection for uris: " + UrisCreator.GetUris() + ". " + NKikimrLdap::LdapError(*ld),
                     .Retryable = false}}};
         }
 
@@ -250,14 +250,14 @@ class TLdapAuthProvider : public NActors::TActorBootstrapped<TLdapAuthProvider>
         char* dn = NKikimrLdap::GetDn(*request.Ld, request.Entry);
         if (dn == nullptr) {
             return {{TEvLdapAuthProvider::EStatus::UNAUTHORIZED,
-                    {.Message = "Could not get dn for the first entry matching " + FilterCreator.GetFilter(request.Login) + " on server " + UrisList + "\n"
+                    {.Message = "Could not get dn for the first entry matching " + FilterCreator.GetFilter(request.Login) + " on server " + UrisCreator.GetUris() + "\n"
                             + NKikimrLdap::LdapError(*request.Ld),
                     .Retryable = false}}};
         }
         TEvLdapAuthProvider::TError error;
         int result = NKikimrLdap::Bind(*request.Ld, dn, request.Password);
         if (!NKikimrLdap::IsSuccess(result)) {
-            error.Message = "LDAP login failed for user " + TString(dn) + " on server " + UrisList + "\n"
+            error.Message = "LDAP login failed for user " + TString(dn) + " on server " + UrisCreator.GetUris() + "\n"
                             + NKikimrLdap::ErrorToString((result));
             error.Retryable = NKikimrLdap::IsRetryableError(result);
         }
@@ -279,7 +279,7 @@ class TLdapAuthProvider : public NActors::TActorBootstrapped<TLdapAuthProvider>
         TSearchUserResponse response;
         if (!NKikimrLdap::IsSuccess(result)) {
             response.Status = NKikimrLdap::ErrorToStatus(result);
-            response.Error = {.Message = "Could not search for filter " + searchFilter + " on server " + UrisList + "\n"
+            response.Error = {.Message = "Could not search for filter " + searchFilter + " on server " + UrisCreator.GetUris() + "\n"
                                          + NKikimrLdap::ErrorToString(result),
                               .Retryable = NKikimrLdap::IsRetryableError(result)};
             return response;
@@ -288,11 +288,11 @@ class TLdapAuthProvider : public NActors::TActorBootstrapped<TLdapAuthProvider>
         if (countEntries != 1) {
             if (countEntries == 0) {
                 response.Error  = {.Message = "LDAP user " + request.User + " does not exist. "
-                                              "LDAP search for filter " + searchFilter + " on server " + UrisList + " return no entries",
+                                              "LDAP search for filter " + searchFilter + " on server " + UrisCreator.GetUris() + " return no entries",
                                    .Retryable = false};
             } else {
                 response.Error = {.Message = "LDAP user " + request.User + " is not unique. "
-                                             "LDAP search for filter " + searchFilter + " on server " + UrisList + " return " + countEntries + " entries",
+                                             "LDAP search for filter " + searchFilter + " on server " + UrisCreator.GetUris() + " return " + countEntries + " entries",
                                   .Retryable = false};
             }
             response.Status = TEvLdapAuthProvider::EStatus::UNAUTHORIZED;
@@ -392,42 +392,11 @@ class TLdapAuthProvider : public NActors::TActorBootstrapped<TLdapAuthProvider>
         return {TEvLdapAuthProvider::EStatus::SUCCESS, {}};
     }
 
-    TString GetUris(ui32 port) const {
-        TStringBuilder uris;
-        if (Settings.HostsSize() > 0) {
-            for (const auto& host : Settings.GetHosts()) {
-                uris << CreateUri(host, port) << " ";
-            }
-            uris.remove(uris.size() - 1);
-        } else {
-            uris << CreateUri(Settings.GetHost(), port);
-        }
-        return uris;
-    }
-
-    TString CreateUri(const TString& endpoint, ui32 port) const {
-        TStringBuilder uri;
-        uri << Settings.GetScheme() << "://" << endpoint;
-        if (!HasEndpointPort(endpoint)) {
-            uri << ':' << port;
-        }
-        return uri;
-    }
-
-    static bool HasEndpointPort(const TString& endpoint) {
-        size_t colonPos = endpoint.rfind(':');
-        if (colonPos == TString::npos) {
-            return false;
-        }
-        ++colonPos;
-        return (endpoint.size() - colonPos) > 0;
-    }
-
 private:
     const NKikimrProto::TLdapAuthentication Settings;
     const TSearchFilterCreator FilterCreator;
+    const TLdapUrisCreator UrisCreator;
     char* RequestedAttributes[2];
-    TString UrisList;
 };
 
 IActor* CreateLdapAuthProvider(const NKikimrProto::TLdapAuthentication& settings) {