stable-25-3-1: cherry-pick PR 25678, PR 27729 (#27795)

Author: ydbot

ydb/core/client/server/grpc_server.cpp

@@ -124,6 +124,7 @@ void TGRpcService::SetupIncomingRequests(NYdbGrpc::TLoggerPtr logger) {
             ActorSystem->Send(GRpcRequestProxyId, new TGrpcRequestNoOperationCall<                           \
                 NKikimrClient::In,                                                                           \
                 NKikimrClient::Out,                                                                          \
+                NRuntimeEvents::EType::COMMON,                                                               \
                 NLegacyGrpcService::TLegacyGrpcMethodAccessorTraits<NKikimrClient::In, NKikimrClient::Out>>( \
                     reqCtx, createActorCb,                                                                   \
                     TRequestAuxSettings {                                                                    \

ydb/core/grpc_services/base/base.h

@@ -259,6 +259,15 @@ struct TRpcServices {
     struct TEvForgetOperation : public TEventLocal<TEvForgetOperation, TRpcServices::EvForgetOperation> {};
 };
 
+namespace NRuntimeEvents {
+
+enum class EType {
+    COMMON,
+    BOOTSTRAP_CLUSTER,
+};
+
+} // NRuntimeEvents
+
 // Should be specialized for real responses
 template <class T>
 void FillYdbStatus(T& resp, const NYql::TIssues& issues, Ydb::StatusIds::StatusCode status);
@@ -1118,6 +1127,18 @@ class TEvProxyRuntimeEvent
     const TMaybe<TString> GetGrpcUserAgent() const {
         return GetPeerMetaValues(NYdbGrpc::GRPC_USER_AGENT_HEADER);
     }
+
+    virtual NRuntimeEvents::EType GetRuntimeEventType() {
+        return NRuntimeEvents::EType::COMMON;
+    }
+};
+
+template <NRuntimeEvents::EType RuntimeEventType = NRuntimeEvents::EType::COMMON>
+class TEvProxyRuntimeEventWithType : public TEvProxyRuntimeEvent {
+public:
+    NRuntimeEvents::EType GetRuntimeEventType() override {
+        return RuntimeEventType;
+    }
 };
 
 template <ui32 TRpcId, typename TDerived>
@@ -1135,13 +1156,13 @@ class TEvProxyLegacyEvent
     }
 };
 
-template <ui32 TRpcId, typename TReq, typename TResp, bool IsOperation, typename TDerived, class TMethodAccessorTraits = TYdbGrpcMethodAccessorTraits<TReq, TResp, IsOperation>>
+template <ui32 TRpcId, typename TReq, typename TResp, bool IsOperation, typename TDerived, NRuntimeEvents::EType RuntimeEventType = NRuntimeEvents::EType::COMMON, class TMethodAccessorTraits = TYdbGrpcMethodAccessorTraits<TReq, TResp, IsOperation>>
 class TGRpcRequestWrapperImpl
     : public std::conditional_t<IsOperation,
         TGrpcResponseSenderImpl<TGRpcRequestWrapperImpl<TRpcId, TReq, TResp, IsOperation, TDerived>>,
         IRequestNoOpCtx>
     , public std::conditional_t<TRpcId == TRpcServices::EvGrpcRuntimeRequest,
-        TEvProxyRuntimeEvent,
+        TEvProxyRuntimeEventWithType<RuntimeEventType>,
         TEvProxyLegacyEvent<TRpcId, TDerived>>
 {
     friend class TProtoResponseHelper;
@@ -1499,12 +1520,12 @@ class TGRpcRequestWrapperImpl
     TMaybe<TString> TraceId;
 };
 
-template <ui32 TRpcId, typename TReq, typename TResp, bool IsOperation, typename TDerived, class TMethodAccessorTraits = TYdbGrpcMethodAccessorTraits<TReq, TResp, IsOperation>>
-class TGRpcRequestValidationWrapperImpl : public TGRpcRequestWrapperImpl<TRpcId, TReq, TResp, IsOperation, TDerived, TMethodAccessorTraits> {
+template <ui32 TRpcId, typename TReq, typename TResp, bool IsOperation, typename TDerived, NRuntimeEvents::EType RuntimeEventType = NRuntimeEvents::EType::COMMON, class TMethodAccessorTraits = TYdbGrpcMethodAccessorTraits<TReq, TResp, IsOperation>>
+class TGRpcRequestValidationWrapperImpl : public TGRpcRequestWrapperImpl<TRpcId, TReq, TResp, IsOperation, TDerived, RuntimeEventType, TMethodAccessorTraits> {
 public:
 
     TGRpcRequestValidationWrapperImpl(NYdbGrpc::IRequestContextBase* ctx)
-        : TGRpcRequestWrapperImpl<TRpcId, TReq, TResp, IsOperation, TDerived, TMethodAccessorTraits>(ctx)
+        : TGRpcRequestWrapperImpl<TRpcId, TReq, TResp, IsOperation, TDerived, RuntimeEventType, TMethodAccessorTraits>(ctx)
     { }
 
     bool Validate(TString& error) override {
@@ -1529,13 +1550,13 @@ struct TProtoHasValidate {
 
 class IFacilityProvider;
 
-template <typename TReq, typename TResp, bool IsOperation, class TMethodAccessorTraits = TYdbGrpcMethodAccessorTraits<TReq, TResp, IsOperation>>
+template <typename TReq, typename TResp, bool IsOperation, NRuntimeEvents::EType RuntimeEventType = NRuntimeEvents::EType::COMMON, class TMethodAccessorTraits = TYdbGrpcMethodAccessorTraits<TReq, TResp, IsOperation>>
 class TGrpcRequestCall
     : public std::conditional_t<TProtoHasValidate<TReq>::Value,
         TGRpcRequestValidationWrapperImpl<
-            TRpcServices::EvGrpcRuntimeRequest, TReq, TResp, IsOperation, TGrpcRequestCall<TReq, TResp, IsOperation, TMethodAccessorTraits>, TMethodAccessorTraits>,
+            TRpcServices::EvGrpcRuntimeRequest, TReq, TResp, IsOperation, TGrpcRequestCall<TReq, TResp, IsOperation, RuntimeEventType, TMethodAccessorTraits>, RuntimeEventType, TMethodAccessorTraits>,
         TGRpcRequestWrapperImpl<
-            TRpcServices::EvGrpcRuntimeRequest, TReq, TResp, IsOperation, TGrpcRequestCall<TReq, TResp, IsOperation, TMethodAccessorTraits>, TMethodAccessorTraits>>
+            TRpcServices::EvGrpcRuntimeRequest, TReq, TResp, IsOperation, TGrpcRequestCall<TReq, TResp, IsOperation, RuntimeEventType, TMethodAccessorTraits>, RuntimeEventType, TMethodAccessorTraits>>
 {
     using TRequestIface = typename std::conditional<IsOperation, IRequestOpCtx, IRequestNoOpCtx>::type;
 
@@ -1549,9 +1570,9 @@ class TGrpcRequestCall
 
     using TBase = std::conditional_t<TProtoHasValidate<TReq>::Value,
         TGRpcRequestValidationWrapperImpl<
-            TRpcServices::EvGrpcRuntimeRequest, TReq, TResp, IsOperation, TGrpcRequestCall<TReq, TResp, IsOperation, TMethodAccessorTraits>, TMethodAccessorTraits>,
+            TRpcServices::EvGrpcRuntimeRequest, TReq, TResp, IsOperation, TGrpcRequestCall<TReq, TResp, IsOperation, RuntimeEventType, TMethodAccessorTraits>, RuntimeEventType, TMethodAccessorTraits>,
         TGRpcRequestWrapperImpl<
-            TRpcServices::EvGrpcRuntimeRequest, TReq, TResp, IsOperation, TGrpcRequestCall<TReq, TResp, IsOperation, TMethodAccessorTraits>, TMethodAccessorTraits>>;
+            TRpcServices::EvGrpcRuntimeRequest, TReq, TResp, IsOperation, TGrpcRequestCall<TReq, TResp, IsOperation, RuntimeEventType, TMethodAccessorTraits>, RuntimeEventType, TMethodAccessorTraits>>;
 
     template <typename TCallback>
     TGrpcRequestCall(NYdbGrpc::IRequestContextBase* ctx, TCallback&& cb, TRequestAuxSettings auxSettings = {})
@@ -1606,11 +1627,11 @@ class TGrpcRequestCall
     const TRequestAuxSettings AuxSettings;
 };
 
-template <typename TReq, typename TResp, class TMethodAccessorTraits = TYdbGrpcMethodAccessorTraits<TReq, TResp, true>>
-using TGrpcRequestOperationCall = TGrpcRequestCall<TReq, TResp, true, TMethodAccessorTraits>;
+template <typename TReq, typename TResp, NRuntimeEvents::EType RuntimeEventType = NRuntimeEvents::EType::COMMON, class TMethodAccessorTraits = TYdbGrpcMethodAccessorTraits<TReq, TResp, true>>
+using TGrpcRequestOperationCall = TGrpcRequestCall<TReq, TResp, true, RuntimeEventType, TMethodAccessorTraits>;
 
-template <typename TReq, typename TResp, class TMethodAccessorTraits = TYdbGrpcMethodAccessorTraits<TReq, TResp, false>>
-using TGrpcRequestNoOperationCall = TGrpcRequestCall<TReq, TResp, false, TMethodAccessorTraits>;
+template <typename TReq, typename TResp, NRuntimeEvents::EType RuntimeEventType = NRuntimeEvents::EType::COMMON, class TMethodAccessorTraits = TYdbGrpcMethodAccessorTraits<TReq, TResp, false>>
+using TGrpcRequestNoOperationCall = TGrpcRequestCall<TReq, TResp, false, RuntimeEventType, TMethodAccessorTraits>;
 
 template <ui32 TRpcId, typename TReq, typename TResp, bool IsOperation, TRateLimiterMode RlMode = TRateLimiterMode::Off>
 class TGRpcRequestWrapper

ydb/core/grpc_services/grpc_request_proxy.cpp

@@ -139,6 +139,11 @@ class TGRpcRequestProxyImpl
         return true;
     }
 
+    template<typename TEvent>
+    void HandleBootstrapClusterEvent(TAutoPtr<TEventHandle<TEvent>>& event);
+    template<typename TEvent>
+    static constexpr bool IsBootstrapClusterEvent(TAutoPtr<TEventHandle<TEvent>>& event);
+
     template<class TEvent>
     void PreHandle(TAutoPtr<TEventHandle<TEvent>>& event, const TActorContext& ctx) {
         LogRequest(event);
@@ -184,9 +189,14 @@ class TGRpcRequestProxyImpl
         bool skipResourceCheck = false;
         // do not check connect rights for the deprecated requests without database
         // remove this along with AllowYdbRequestsWithoutDatabase flag
-        bool skipCheckConnectRigths = false;
+        bool skipCheckConnectRights = false;
 
         if (state.State == NYdbGrpc::TAuthState::AS_NOT_PERFORMED) {
+            if (IsBootstrapClusterEvent(event)) {
+                // Allow handle bootstrap cluster event without database
+                HandleBootstrapClusterEvent(event);
+                return;
+            }
             const auto& maybeDatabaseName = requestBaseCtx->GetDatabaseName();
             if (maybeDatabaseName && !maybeDatabaseName.GetRef().empty()) {
                 databaseName = CanonizePath(maybeDatabaseName.GetRef());
@@ -198,7 +208,7 @@ class TGRpcRequestProxyImpl
                 } else {
                     databaseName = RootDatabase;
                     skipResourceCheck = true;
-                    skipCheckConnectRigths = true;
+                    skipCheckConnectRights = true;
                 }
             }
             if (databaseName.empty()) {
@@ -290,7 +300,7 @@ class TGRpcRequestProxyImpl
                 database->SecurityObject,
                 event.Release(),
                 Counters,
-                skipCheckConnectRigths,
+                skipCheckConnectRights,
                 rootAttributes,
                 this));
             return;
@@ -457,6 +467,47 @@ bool TGRpcRequestProxyImpl::IsAuthStateOK(const IRequestProxyCtx& ctx) {
     return false;
 }
 
+template<typename TEvent>
+void TGRpcRequestProxyImpl::HandleBootstrapClusterEvent(TAutoPtr<TEventHandle<TEvent>>& event) {
+    IRequestProxyCtx* requestProxyCtx = event->Get();
+    if (requestProxyCtx->IsClientLost()) {
+        // Any status here
+        LOG_DEBUG(*TlsActivationContext, NKikimrServices::GRPC_SERVER,
+            "Client was disconnected before processing request (grpc request proxy)");
+        requestProxyCtx->ReplyWithYdbStatus(Ydb::StatusIds::UNAVAILABLE);
+        requestProxyCtx->FinishSpan();
+        return;
+    }
+
+    TSchemeBoardEvents::TDescribeSchemeResult schemeData;
+    TIntrusivePtr<TSecurityObject> securityObject = nullptr; // Do not have security object, cluster is not initialized. Check rights via list administration_allowed_sids or bootstrap_allowed_sids
+    static const bool skipCheckConnectRights = true; // Do not check connect rights for bootstrap cluster
+    static const TVector<std::pair<TString, TString>> rootAttributes = {}; // Empty rootAttributes
+    Register(CreateGrpcRequestCheckActor<TEvent>(SelfId(),
+        schemeData,
+        securityObject,
+        event.Release(),
+        Counters,
+        skipCheckConnectRights,
+        rootAttributes,
+        this));
+    return;
+}
+
+template<typename TEvent>
+constexpr bool TGRpcRequestProxyImpl::IsBootstrapClusterEvent(TAutoPtr<TEventHandle<TEvent>>& event) {
+    if constexpr (TEvent::EventType == TRpcServices::EvGrpcRuntimeRequest) {
+        switch (event->Get()->GetRuntimeEventType()) {
+        case NRuntimeEvents::EType::BOOTSTRAP_CLUSTER:
+            return true;
+        case NRuntimeEvents::EType::COMMON:
+            return false;
+        }
+    } else {
+        return false;
+    }
+}
+
 template<class TEvent>
 void TGRpcRequestProxyImpl::MaybeStartTracing(TAutoPtr<TEventHandle<TEvent>>& event) {
     IRequestProxyCtx& ctx = *event->Get();

ydb/core/grpc_services/rpc_config.cpp

@@ -24,7 +24,8 @@ using TEvFetchStorageConfigRequest =
         Ydb::Config::FetchConfigResponse>;
 using TEvBootstrapClusterRequest =
     TGrpcRequestOperationCall<Ydb::Config::BootstrapClusterRequest,
-        Ydb::Config::BootstrapClusterResponse>;
+        Ydb::Config::BootstrapClusterResponse,
+        NRuntimeEvents::EType::BOOTSTRAP_CLUSTER>;
 
 using namespace NActors;
 using namespace Ydb;
@@ -162,7 +163,7 @@ class TReplaceStorageConfigRequest : public TBSConfigRequestGrpc<TReplaceStorage
             return;
         }
         self->Become(&TReplaceStorageConfigRequest::StateFunc);
-        self->Send(MakeBlobStorageNodeWardenID(ctx.SelfID.NodeId()), new TEvNodeWardenQueryStorageConfig(false)); 
+        self->Send(MakeBlobStorageNodeWardenID(ctx.SelfID.NodeId()), new TEvNodeWardenQueryStorageConfig(false));
     }
 
     bool ValidateRequest(Ydb::StatusIds::StatusCode& status, NYql::TIssues& issues) override {
@@ -254,14 +255,14 @@ class TReplaceStorageConfigRequest : public TBSConfigRequestGrpc<TReplaceStorage
             TargetDatabase = metadata.Database;
         }
         else {
-            Reply(Ydb::StatusIds::BAD_REQUEST, "No database name found in metadata", 
+            Reply(Ydb::StatusIds::BAD_REQUEST, "No database name found in metadata",
                     NKikimrIssues::TIssuesIds::DEFAULT_ERROR, ActorContext());
             return;
         }
 
-        if (*TargetDatabase == ("/" + AppData()->DomainsInfo->Domain->Name) || 
+        if (*TargetDatabase == ("/" + AppData()->DomainsInfo->Domain->Name) ||
             *TargetDatabase == AppData()->DomainsInfo->Domain->Name) {
-            Reply(Ydb::StatusIds::BAD_REQUEST, "Provided database is a domain database.", 
+            Reply(Ydb::StatusIds::BAD_REQUEST, "Provided database is a domain database.",
                     NKikimrIssues::TIssuesIds::DEFAULT_ERROR, ActorContext());
             return;
         }
@@ -289,14 +290,14 @@ class TReplaceStorageConfigRequest : public TBSConfigRequestGrpc<TReplaceStorage
         };
         auto pipe = NTabletPipe::CreateClient(SelfId(), MakeConsoleID(), pipeConfig);
         ConsolePipe = RegisterWithSameMailbox(pipe);
-        
+
         auto PrepareAndSendRequest = [&](auto requestType) {
             using TRequestType = decltype(requestType);
             auto request = std::make_unique<TRequestType>();
             request->Record.SetUserToken(Request_->GetSerializedToken());
             request->Record.SetPeerName(Request_->GetPeerName());
             request->Record.SetIngressDatabase(*TargetDatabase);
-            
+
             auto& req = *request->Record.MutableRequest();
             req.set_config(*DatabaseConfig);
 
@@ -606,4 +607,3 @@ void DoBootstrapCluster(std::unique_ptr<IRequestOpCtx> p, const IFacilityProvide
 }
 
 } // namespace NKikimr::NGRpcService
-

ydb/library/grpc/server/grpc_method_setup.h

@@ -5,8 +5,7 @@
 #include <string>
 #include <grpcpp/grpcpp.h>
 
-// Общий макрос для настройки методов gRPC
-#define SETUP_METHOD(methodName, method, rlMode, requestType, serviceType, counterName, auditMode)    \
+#define SETUP_RUNTIME_EVENT_METHOD(methodName, method, rlMode, requestType, serviceType, counterName, auditMode, runtimeEventType)    \
     MakeIntrusive<NGRpcService::TGRpcRequest<                                                         \
         Ydb::serviceType::Y_CAT(methodName, Request),                                                 \
         Ydb::serviceType::Y_CAT(methodName, Response),                                                \
@@ -19,7 +18,8 @@
             NGRpcService::ReportGrpcReqToMon(*ActorSystem, reqCtx->GetPeer());                        \
             ActorSystem->Send(GRpcRequestProxyId, new TGrpcRequestOperationCall<                      \
                 Ydb::serviceType::Y_CAT(methodName, Request),                                         \
-                Ydb::serviceType::Y_CAT(methodName, Response)>(reqCtx, &method,                       \
+                Ydb::serviceType::Y_CAT(methodName, Response),                                        \
+                NRuntimeEvents::EType::runtimeEventType>(reqCtx, &method,                             \
                     TRequestAuxSettings {                                                             \
                         .RlMode = TRateLimiterMode::rlMode,                                           \
                         .AuditMode = auditMode,                                                       \
@@ -32,4 +32,9 @@
         getCounterBlock(Y_STRINGIZE(counterName), Y_STRINGIZE(methodName))                            \
     )->Run()
 
+
+// Общий макрос для настройки методов gRPC
+#define SETUP_METHOD(methodName, method, rlMode, requestType, serviceType, counterName, auditMode)    \
+    SETUP_RUNTIME_EVENT_METHOD(methodName, method, rlMode, requestType, serviceType, counterName, auditMode, COMMON)
+
 #endif // GRPC_METHOD_SETUP_H

ydb/services/config/grpc_service.cpp

@@ -30,9 +30,16 @@ void TConfigGRpcService::SetupIncomingRequests(NYdbGrpc::TLoggerPtr logger) {
 
     SETUP_BS_METHOD(ReplaceConfig, DoReplaceConfig, Rps, CONFIG_REPLACECONFIG, TAuditMode::Modifying(TAuditMode::TLogClassConfig::ClusterAdmin));
     SETUP_BS_METHOD(FetchConfig, DoFetchConfig, Rps, CONFIG_FETCHCONFIG, TAuditMode::NonModifying());
-    SETUP_BS_METHOD(BootstrapCluster, DoBootstrapCluster, Rps, CONFIG_BOOTSTRAP, TAuditMode::Modifying(TAuditMode::TLogClassConfig::ClusterAdmin));
 
     #undef SETUP_BS_METHOD
+
+
+    #define SETUP_BOOTSTRAP_CLUSTER_METHOD(methodName, method, rlMode, requestType, auditModeFlags) \
+        SETUP_RUNTIME_EVENT_METHOD(methodName, method, rlMode, requestType, Config, config, auditModeFlags, BOOTSTRAP_CLUSTER)
+
+    SETUP_BOOTSTRAP_CLUSTER_METHOD(BootstrapCluster, DoBootstrapCluster, Rps, CONFIG_BOOTSTRAP, TAuditMode::Modifying(TAuditMode::TLogClassConfig::ClusterAdmin));
+
+    #undef SETUP_BS_METHOD_WITH_TYPE
 }
 
 } // namespace NKikimr::NGRpcService