Config option for node registration token (ydb-platform#7754)

UgnineSirdis · UgnineSirdis · commit d86d220c7f81 · 2024-08-19T13:00:06.000Z
(cherry picked from commit 0ce24a5)
diff --git a/ydb/core/config/init/init.cpp b/ydb/core/config/init/init.cpp
@@ -228,6 +228,7 @@ class TDefaultNodeBrokerClient
             const TGrpcSslSettings& grpcSettings,
             const TString addr,
             const NYdb::NDiscovery::TNodeRegistrationSettings& settings,
+            const TString& nodeRegistrationToken,
             const IEnv& env)
     {
         TCommandConfig::TServerEndpoint endpoint = TCommandConfig::ParseServerAddress(addr);
@@ -242,7 +243,9 @@ class TDefaultNodeBrokerClient
                 config.UseClientCertificate(certificate.c_str(), privateKey.c_str());
             }
         }
-        config.SetAuthToken(BUILTIN_ACL_ROOT);
+        if (nodeRegistrationToken) {
+            config.SetAuthToken(nodeRegistrationToken);
+        }
         config.SetEndpoint(endpoint.Address);
         auto connection = NYdb::TDriver(config);
 
@@ -313,6 +316,7 @@ class TDefaultNodeBrokerClient
         const TGrpcSslSettings& grpcSettings,
         const TVector<TString>& addrs,
         const NYdb::NDiscovery::TNodeRegistrationSettings& settings,
+        const TString& nodeRegistrationToken,
         const IEnv& env,
         IInitLogger& logger)
     {
@@ -326,6 +330,7 @@ class TDefaultNodeBrokerClient
                     grpcSettings,
                     addr,
                     settings,
+                    nodeRegistrationToken,
                     env);
                 if (result.IsSuccess()) {
                     logger.Out() << "Success. Registered via discovery service as " << result.GetNodeId() << Endl;
@@ -387,6 +392,7 @@ class TDefaultNodeBrokerClient
                 grpcSettings,
                 addrs,
                 newRegSettings,
+                regSettings.NodeRegistrationToken,
                 env,
                 logger);
 
diff --git a/ydb/core/config/init/init.h b/ydb/core/config/init/init.h
@@ -118,6 +118,7 @@ struct TNodeRegistrationSettings {
     bool FixedNodeID;
     ui32 InterconnectPort;
     NActors::TNodeLocation Location;
+    TString NodeRegistrationToken;
 };
 
 class INodeRegistrationResult {
diff --git a/ydb/core/config/init/init_impl.h b/ydb/core/config/init/init_impl.h
@@ -1247,6 +1247,7 @@ class TInitialConfiguratorImpl
             cf.FixedNodeID,
             cf.InterconnectPort,
             cf.CreateNodeLocation(),
+            AppConfig.GetAuthConfig().GetNodeRegistrationToken(),
         };
 
         auto result = NodeBrokerClient.RegisterDynamicNode(cf.GrpcSslSettings, addrs, settings, Env, Logger);
diff --git a/ydb/core/protos/auth.proto b/ydb/core/protos/auth.proto
@@ -54,6 +54,7 @@ message TAuthConfig {
     optional bool UseBuiltinDomain = 78 [default = true];
     optional string AccessServiceType = 79 [default = "Yandex_v2"]; // For now the following values are supported: "Yandex_v2", "Nebius_v1"
     optional string CertificateAuthenticationDomain = 80 [default = "cert"];
+    optional string NodeRegistrationToken = 82 [default = "root@builtin", (Ydb.sensitive) = true];
 }
 
 message TUserRegistryConfig {

Original file line number	Diff line number	Diff line change
`@@ -54,6 +54,7 @@ message TAuthConfig {`
`54`	`54`	`optional bool UseBuiltinDomain = 78 [default = true];`
`55`	`55`	`optional string AccessServiceType = 79 [default = "Yandex_v2"]; // For now the following values are supported: "Yandex_v2", "Nebius_v1"`
`56`	`56`	`optional string CertificateAuthenticationDomain = 80 [default = "cert"];`
	`57`	`+ optional string NodeRegistrationToken = 82 [default = "root@builtin", (Ydb.sensitive) = true];`
`57`	`58`	`}`
`58`	`59`
`59`	`60`	`message TUserRegistryConfig {`