Minor changes

qyryq · qyryq · commit c53e2990102e · 2024-04-24T10:46:19.000Z
diff --git a/ydb/services/lib/actors/pq_schema_actor.h b/ydb/services/lib/actors/pq_schema_actor.h
@@ -128,52 +128,44 @@ namespace NKikimr::NGRpcProxy::V1 {
             return false;
         };
 
-
         void SendDescribeProposeRequest(const NActors::TActorContext& ctx, bool showPrivate) {
             auto navigateRequest = std::make_unique<NSchemeCache::TSchemeCacheNavigate>();
-            navigateRequest->DatabaseName = CanonizePath(Database);
-
-            NSchemeCache::TSchemeCacheNavigate::TEntry entry;
-            if (CheckAccessWithUpdateRowPermission) {
-                entry.Access = NACLib::EAccessRights::UpdateRow;
-            }
-            entry.Path = NKikimr::SplitPath(GetTopicPath());
-            entry.SyncVersion = true;
-            entry.ShowPrivatePath = showPrivate;
-            entry.Operation = NSchemeCache::TSchemeCacheNavigate::OpList;
-            navigateRequest->ResultSet.emplace_back(entry);
-
             if (!SetRequestToken(navigateRequest.get())) {
                 AddIssue(FillIssue("Unauthenticated access is forbidden, please provide credentials",
                                    Ydb::PersQueue::ErrorCode::ACCESS_DENIED));
                 return RespondWithCode(Ydb::StatusIds::UNAUTHORIZED);
             }
+
+            navigateRequest->DatabaseName = CanonizePath(Database);
+            navigateRequest->ResultSet.emplace_back(NSchemeCache::TSchemeCacheNavigate::TEntry{
+                .Path = NKikimr::SplitPath(GetTopicPath()),
+                .Access = CheckAccessWithUpdateRowPermission ? NACLib::UpdateRow : NACLib::DescribeSchema,
+                .Operation = NSchemeCache::TSchemeCacheNavigate::OpList,
+                .ShowPrivatePath = showPrivate,
+                .SyncVersion = true,
+            });
             if (!IsDead) {
                 ctx.Send(MakeSchemeCacheID(), new TEvTxProxySchemeCache::TEvNavigateKeySet(navigateRequest.release()));
             }
         }
 
         bool ReplyIfNotTopic(TEvTxProxySchemeCache::TEvNavigateKeySetResult::TPtr& ev) {
-            const NSchemeCache::TSchemeCacheNavigate* result = ev->Get()->Request.Get();
-            Y_ABORT_UNLESS(result->ResultSet.size() == 1);
-            const auto& response = result->ResultSet.front();
-            const TString path  = JoinPath(response.Path);
-
-            if (ev->Get()->Request.Get()->ResultSet.size() != 1 ||
-                ev->Get()->Request.Get()->ResultSet.begin()->Kind !=
-                NSchemeCache::TSchemeCacheNavigate::KindTopic) {
-                AddIssue(FillIssue(TStringBuilder() << "path '" << path << "' is not a topic",
-                                   Ydb::PersQueue::ErrorCode::VALIDATION_ERROR));
-                RespondWithCode(Ydb::StatusIds::SCHEME_ERROR);
-                return true;
+            auto const& entries = ev->Get()->Request.Get()->ResultSet;
+            Y_ABORT_UNLESS(entries.size() == 1);
+            auto const& entry = entries.front();
+            if (entry.Kind == NSchemeCache::TSchemeCacheNavigate::KindTopic) {
+                return false;
             }
-            return false;
+            AddIssue(FillIssue(TStringBuilder() << "path '" << JoinPath(entry.Path) << "' is not a topic",
+                               Ydb::PersQueue::ErrorCode::VALIDATION_ERROR));
+            RespondWithCode(Ydb::StatusIds::SCHEME_ERROR);
+            return true;
         }
 
         void Handle(TEvTxProxySchemeCache::TEvNavigateKeySetResult::TPtr& ev) {
-            const NSchemeCache::TSchemeCacheNavigate* result = ev->Get()->Request.Get();
-            Y_ABORT_UNLESS(result->ResultSet.size() == 1);
-            const auto& response = result->ResultSet.front();
+            auto const& entries = ev->Get()->Request.Get()->ResultSet;
+            Y_ABORT_UNLESS(entries.size() == 1);
+            const auto& response = entries.front();
             const TString path  = JoinPath(response.Path);
 
             switch (response.Status) {
@@ -248,7 +240,6 @@ namespace NKikimr::NGRpcProxy::V1 {
             }
         }
 
-
         void StateWork(TAutoPtr<IEventHandle>& ev) {
             switch (ev->GetTypeRewrite()) {
                 hFunc(TEvTxProxySchemeCache::TEvNavigateKeySetResult, Handle);
@@ -343,13 +334,13 @@ namespace NKikimr::NGRpcProxy::V1 {
         }
 
         bool SetRequestToken(NSchemeCache::TSchemeCacheNavigate* request) const override {
-            if (this->Request_->GetSerializedToken().empty()) {
-                return !(AppData()->PQConfig.GetRequireCredentialsInNewProtocol());
-            } else {
-                request->UserToken = new NACLib::TUserToken(this->Request_->GetSerializedToken());
+            if (auto const& token = this->Request_->GetSerializedToken()) {
+                request->UserToken = new NACLib::TUserToken(token);
                 return true;
             }
+            return !(AppData()->PQConfig.GetRequireCredentialsInNewProtocol());
         }
+
         bool ProcessCdc(const NSchemeCache::TSchemeCacheNavigate::TEntry& response) override {
             if constexpr (THasCdcStreamCompatibility<TDerived>::Value) {
                 if (static_cast<TDerived*>(this)->IsCdcStreamCompatible()) {
diff --git a/ydb/services/persqueue_v1/actors/schema_actors.cpp b/ydb/services/persqueue_v1/actors/schema_actors.cpp
@@ -1309,8 +1309,7 @@ TDescribePartitionActor::TDescribePartitionActor(NKikimr::NGRpcService::IRequest
 {
 }
 
-void TDescribePartitionActor::Bootstrap(const NActors::TActorContext& ctx)
-{
+void TDescribePartitionActor::Bootstrap(const NActors::TActorContext& ctx) {
     LOG_DEBUG_S(ctx, NKikimrServices::PQ_READ_PROXY, "TDescribePartitionActor" << ctx.SelfID.ToString() << ": Bootstrap");
     CheckAccessWithUpdateRowPermission = true;
     TBase::Bootstrap(ctx);
@@ -1321,7 +1320,10 @@ void TDescribePartitionActor::Bootstrap(const NActors::TActorContext& ctx)
 void TDescribePartitionActor::StateWork(TAutoPtr<IEventHandle>& ev) {
     switch (ev->GetTypeRewrite()) {
         case TEvTxProxySchemeCache::TEvNavigateKeySetResult::EventType:
-            if (MaybeRequestWithDescribeSchema(ev)) {
+            if (NeedToRequestWithDescribeSchema(ev)) {
+                // We do not have the UpdateRow permission. Check if we're allowed to DescribeSchema.
+                CheckAccessWithUpdateRowPermission = false;
+                SendDescribeProposeRequest(ActorContext());
                 break;
             }
             [[fallthrough]];
@@ -1332,39 +1334,35 @@ void TDescribePartitionActor::StateWork(TAutoPtr<IEventHandle>& ev) {
     }
 }
 
-// Return true if the second request to SchemeCache has been sent,
-// i.e. we had already sent the first request checking the UpdateRow permission,
-// but the result was negative, so we try again, this time using the DescribeSchema permission.
-bool TDescribePartitionActor::MaybeRequestWithDescribeSchema(TAutoPtr<IEventHandle>& ev) {
-    if (!std::exchange(CheckAccessWithUpdateRowPermission, false)) {
-        // We've got a response to our second request.
+// Return true if we need to send a second request to SchemeCache with DescribeSchema permission,
+// because the first request checking the UpdateRow permission resulted in an AccessDenied error.
+bool TDescribePartitionActor::NeedToRequestWithDescribeSchema(TAutoPtr<IEventHandle>& ev) {
+    if (!CheckAccessWithUpdateRowPermission) {
+        // We've already sent a request with DescribeSchema, ev is a response to it.
         return false;
     }
 
     auto evNav = *reinterpret_cast<typename TEvTxProxySchemeCache::TEvNavigateKeySetResult::TPtr*>(&ev);
     auto const& entries = evNav->Get()->Request.Get()->ResultSet;
     Y_ABORT_UNLESS(entries.size() == 1);
 
-    if (entries.front().Status == NSchemeCache::TSchemeCacheNavigate::EStatus::Ok) {
-        // We do have access to the requested entity.
+    if (entries.front().Status != NSchemeCache::TSchemeCacheNavigate::EStatus::AccessDenied) {
+        // We do have access to the requested entity or there was an error.
         // Transfer ownership to the ev pointer, and let the base classes' StateWork methods handle the response.
         ev = *reinterpret_cast<TAutoPtr<IEventHandle>*>(&evNav);
         return false;
     }
 
-    // We do not have the UpdateRow permission. Check if we're allowed to DescribeSchema.
-    SendDescribeProposeRequest(ActorContext());
     return true;
 }
 
-void TDescribePartitionActor::HandleCacheNavigateResponse(
-    TEvTxProxySchemeCache::TEvNavigateKeySetResult::TPtr& ev
-) {
-    Y_ABORT_UNLESS(ev->Get()->Request.Get()->ResultSet.size() == 1); // describe for only one topic
+void TDescribePartitionActor::HandleCacheNavigateResponse(TEvTxProxySchemeCache::TEvNavigateKeySetResult::TPtr& ev) {
+    auto const& entries = ev->Get()->Request.Get()->ResultSet;
+    Y_ABORT_UNLESS(entries.size() == 1); // describe for only one topic
     if (ReplyIfNotTopic(ev)) {
         return;
     }
-    PQGroupInfo = ev->Get()->Request->ResultSet[0].PQGroupInfo;
+    PQGroupInfo = entries[0].PQGroupInfo;
     auto* partRes = Result.mutable_partition();
     partRes->set_partition_id(Settings.Partitions[0]);
     partRes->set_active(true);
diff --git a/ydb/services/persqueue_v1/actors/schema_actors.h b/ydb/services/persqueue_v1/actors/schema_actors.h
@@ -264,7 +264,9 @@ using TTabletInfo = TDescribeTopicActorImpl::TTabletInfo;
 
     virtual void Reply(const TActorContext& ctx) override;
 
-    bool MaybeRequestWithDescribeSchema(TAutoPtr<IEventHandle>& ev);
+private:
+
+    bool NeedToRequestWithDescribeSchema(TAutoPtr<IEventHandle>& ev);
 
 private:
     TIntrusiveConstPtr<NSchemeCache::TSchemeCacheNavigate::TPQGroupInfo> PQGroupInfo;
