Support in ydbd and legacy grpc service calls

UgnineSirdis · UgnineSirdis · commit c7fcad4d6714 · 2024-10-07T08:53:14.000Z
diff --git a/ydb/core/driver_lib/cli_base/cli_cmds_db.cpp b/ydb/core/driver_lib/cli_base/cli_cmds_db.cpp
@@ -825,6 +825,8 @@ class TClientCommandSchemaTableOptions : public TClientCommand {
         ClientConfig.MaxInFlight = CommandConfig.ClientConfig.MaxInFlight;
         ClientConfig.EnableSsl = CommandConfig.ClientConfig.EnableSsl;
         ClientConfig.SslCredentials.pem_root_certs = CommandConfig.ClientConfig.SslCredentials.pem_root_certs;
+        ClientConfig.SslCredentials.pem_cert_chain = CommandConfig.ClientConfig.SslCredentials.pem_cert_chain;
+        ClientConfig.SslCredentials.pem_private_key = CommandConfig.ClientConfig.SslCredentials.pem_private_key;
     }
 
     template<typename T>
diff --git a/ydb/core/driver_lib/cli_base/cli_cmds_root.cpp b/ydb/core/driver_lib/cli_base/cli_cmds_root.cpp
@@ -194,6 +194,10 @@ class TClientCommandRootLite : public TClientCommandRootKikimrBase {
         if (config.EnableSsl) {
             CommandConfig.ClientConfig.EnableSsl = config.EnableSsl;
             CommandConfig.ClientConfig.SslCredentials.pem_root_certs = config.CaCerts;
+            if (config.ClientCert) {
+                CommandConfig.ClientConfig.SslCredentials.pem_cert_chain = config.ClientCert;
+                CommandConfig.ClientConfig.SslCredentials.pem_private_key = config.ClientCertPrivateKey;
+            }
         }
     }
 
diff --git a/ydb/core/driver_lib/cli_base/cli_grpc.h b/ydb/core/driver_lib/cli_base/cli_grpc.h
@@ -94,6 +94,8 @@ class TClientGRpcCommand : public TClientCommand {
         ClientConfig.MaxInFlight = CommandConfig.ClientConfig.MaxInFlight;
         ClientConfig.EnableSsl = CommandConfig.ClientConfig.EnableSsl;
         ClientConfig.SslCredentials.pem_root_certs = CommandConfig.ClientConfig.SslCredentials.pem_root_certs;
+        ClientConfig.SslCredentials.pem_cert_chain = CommandConfig.ClientConfig.SslCredentials.pem_cert_chain;
+        ClientConfig.SslCredentials.pem_private_key = CommandConfig.ClientConfig.SslCredentials.pem_private_key;
     }
 
     static int PrepareConfigCredentials(NGRpcProxy::TGRpcClientConfig clientConfig, TConfig& commandConfig) {
@@ -159,4 +161,3 @@ class TClientGRpcCommand : public TClientCommand {
 
 }
 }
-
diff --git a/ydb/core/driver_lib/cli_utils/cli_cmds_root.cpp b/ydb/core/driver_lib/cli_utils/cli_cmds_root.cpp
@@ -62,6 +62,10 @@ class TClientCommandRoot : public TClientCommandRootKikimrBase {
         if (config.EnableSsl) {
             CommandConfig.ClientConfig.EnableSsl = config.EnableSsl;
             CommandConfig.ClientConfig.SslCredentials.pem_root_certs = config.CaCerts;
+            if (config.ClientCert) {
+                CommandConfig.ClientConfig.SslCredentials.pem_cert_chain = config.ClientCert;
+                CommandConfig.ClientConfig.SslCredentials.pem_private_key = config.ClientCertPrivateKey;
+            }
         }
     }
 };
diff --git a/ydb/core/driver_lib/cli_utils/cli_cmds_tenant.cpp b/ydb/core/driver_lib/cli_utils/cli_cmds_tenant.cpp
@@ -142,6 +142,8 @@ class TTenantClientGRpcCommand : public TTenantClientCommand {
         ClientConfig.MaxInFlight = CommandConfig.ClientConfig.MaxInFlight;
         ClientConfig.EnableSsl = CommandConfig.ClientConfig.EnableSsl;
         ClientConfig.SslCredentials.pem_root_certs = CommandConfig.ClientConfig.SslCredentials.pem_root_certs;
+        ClientConfig.SslCredentials.pem_cert_chain = CommandConfig.ClientConfig.SslCredentials.pem_cert_chain;
+        ClientConfig.SslCredentials.pem_private_key = CommandConfig.ClientConfig.SslCredentials.pem_private_key;
     }
 
     int Run(TConfig &config) override
diff --git a/ydb/core/driver_lib/run/main.cpp b/ydb/core/driver_lib/run/main.cpp
@@ -90,6 +90,8 @@ int MainRun(const TKikimrRunConfig& runConfig, std::shared_ptr<TModuleFactories>
         NMsgBusProxy::TMsgBusClientConfig mbusConfig;
         mbusConfig.ConfigureLastGetopt(opts, "mb-");
         opts.AddLongOption("ca-file", "Path to a file containing the PEM encoding of the server root certificates for tls connections.\n").RequiredArgument("PATH");
+        opts.AddLongOption("client-cert-file", "Path to a file containing the PEM encoding of the client certificate for tls connections.\n").RequiredArgument("PATH");
+        opts.AddLongOption("client-cert-key-file", "Path to a file containing the PEM encoding of the client certificate private key for tls connections.\n").RequiredArgument("PATH");
         NDriverClient::HideOptions(opts);
         opts.AddLongOption('s', "server", "Server address to connect (default $KIKIMR_SERVER)").RequiredArgument("ADDR[:NUM]");
         opts.AddLongOption('k', "token", "Security token").RequiredArgument("TOKEN");
@@ -205,4 +207,3 @@ int ParameterizedMain(int argc, char **argv, std::shared_ptr<NKikimr::TModuleFac
         return 1;
     }
 }
-

Original file line number	Diff line number	Diff line change
`@@ -825,6 +825,8 @@ class TClientCommandSchemaTableOptions : public TClientCommand {`
`825`	`825`	`ClientConfig.MaxInFlight = CommandConfig.ClientConfig.MaxInFlight;`
`826`	`826`	`ClientConfig.EnableSsl = CommandConfig.ClientConfig.EnableSsl;`
`827`	`827`	`ClientConfig.SslCredentials.pem_root_certs = CommandConfig.ClientConfig.SslCredentials.pem_root_certs;`
	`828`	`+ ClientConfig.SslCredentials.pem_cert_chain = CommandConfig.ClientConfig.SslCredentials.pem_cert_chain;`
	`829`	`+ ClientConfig.SslCredentials.pem_private_key = CommandConfig.ClientConfig.SslCredentials.pem_private_key;`
`828`	`830`	`}`
`829`	`831`
`830`	`832`	`template<typename T>`
Original file line number	Diff line number	Diff line change
`@@ -194,6 +194,10 @@ class TClientCommandRootLite : public TClientCommandRootKikimrBase {`
`194`	`194`	`if (config.EnableSsl) {`
`195`	`195`	`CommandConfig.ClientConfig.EnableSsl = config.EnableSsl;`
`196`	`196`	`CommandConfig.ClientConfig.SslCredentials.pem_root_certs = config.CaCerts;`
	`197`	`+ if (config.ClientCert) {`
	`198`	`+ CommandConfig.ClientConfig.SslCredentials.pem_cert_chain = config.ClientCert;`
	`199`	`+ CommandConfig.ClientConfig.SslCredentials.pem_private_key = config.ClientCertPrivateKey;`
	`200`	`+ }`
`197`	`201`	`}`
`198`	`202`	`}`
`199`	`203`
Original file line number	Diff line number	Diff line change
`@@ -94,6 +94,8 @@ class TClientGRpcCommand : public TClientCommand {`
`94`	`94`	`ClientConfig.MaxInFlight = CommandConfig.ClientConfig.MaxInFlight;`
`95`	`95`	`ClientConfig.EnableSsl = CommandConfig.ClientConfig.EnableSsl;`
`96`	`96`	`ClientConfig.SslCredentials.pem_root_certs = CommandConfig.ClientConfig.SslCredentials.pem_root_certs;`
	`97`	`+ ClientConfig.SslCredentials.pem_cert_chain = CommandConfig.ClientConfig.SslCredentials.pem_cert_chain;`
	`98`	`+ ClientConfig.SslCredentials.pem_private_key = CommandConfig.ClientConfig.SslCredentials.pem_private_key;`
`97`	`99`	`}`
`98`	`100`
`99`	`101`	`static int PrepareConfigCredentials(NGRpcProxy::TGRpcClientConfig clientConfig, TConfig& commandConfig) {`
`@@ -159,4 +161,3 @@ class TClientGRpcCommand : public TClientCommand {`
`159`	`161`
`160`	`162`	`}`
`161`	`163`	`}`
`162`		`-`
Original file line number	Diff line number	Diff line change
`@@ -62,6 +62,10 @@ class TClientCommandRoot : public TClientCommandRootKikimrBase {`
`62`	`62`	`if (config.EnableSsl) {`
`63`	`63`	`CommandConfig.ClientConfig.EnableSsl = config.EnableSsl;`
`64`	`64`	`CommandConfig.ClientConfig.SslCredentials.pem_root_certs = config.CaCerts;`
	`65`	`+ if (config.ClientCert) {`
	`66`	`+ CommandConfig.ClientConfig.SslCredentials.pem_cert_chain = config.ClientCert;`
	`67`	`+ CommandConfig.ClientConfig.SslCredentials.pem_private_key = config.ClientCertPrivateKey;`
	`68`	`+ }`
`65`	`69`	`}`
`66`	`70`	`}`
`67`	`71`	`};`
Original file line number	Diff line number	Diff line change
`@@ -142,6 +142,8 @@ class TTenantClientGRpcCommand : public TTenantClientCommand {`
`142`	`142`	`ClientConfig.MaxInFlight = CommandConfig.ClientConfig.MaxInFlight;`
`143`	`143`	`ClientConfig.EnableSsl = CommandConfig.ClientConfig.EnableSsl;`
`144`	`144`	`ClientConfig.SslCredentials.pem_root_certs = CommandConfig.ClientConfig.SslCredentials.pem_root_certs;`
	`145`	`+ ClientConfig.SslCredentials.pem_cert_chain = CommandConfig.ClientConfig.SslCredentials.pem_cert_chain;`
	`146`	`+ ClientConfig.SslCredentials.pem_private_key = CommandConfig.ClientConfig.SslCredentials.pem_private_key;`
`145`	`147`	`}`
`146`	`148`
`147`	`149`	`int Run(TConfig &config) override`
Original file line number	Diff line number	Diff line change
`@@ -90,6 +90,8 @@ int MainRun(const TKikimrRunConfig& runConfig, std::shared_ptr<TModuleFactories>`
`90`	`90`	`NMsgBusProxy::TMsgBusClientConfig mbusConfig;`
`91`	`91`	`mbusConfig.ConfigureLastGetopt(opts, "mb-");`
`92`	`92`	`opts.AddLongOption("ca-file", "Path to a file containing the PEM encoding of the server root certificates for tls connections.\n").RequiredArgument("PATH");`
	`93`	`+ opts.AddLongOption("client-cert-file", "Path to a file containing the PEM encoding of the client certificate for tls connections.\n").RequiredArgument("PATH");`
	`94`	`+ opts.AddLongOption("client-cert-key-file", "Path to a file containing the PEM encoding of the client certificate private key for tls connections.\n").RequiredArgument("PATH");`
`93`	`95`	`NDriverClient::HideOptions(opts);`
`94`	`96`	`opts.AddLongOption('s', "server", "Server address to connect (default $KIKIMR_SERVER)").RequiredArgument("ADDR[:NUM]");`
`95`	`97`	`opts.AddLongOption('k', "token", "Security token").RequiredArgument("TOKEN");`
`@@ -205,4 +207,3 @@ int ParameterizedMain(int argc, char **argv, std::shared_ptr<NKikimr::TModuleFac`
`205`	`207`	`return 1;`
`206`	`208`	`}`
`207`	`209`	`}`
`208`		`-`