Skip to content

Commit e42c5ac

Browse files
nshestakovnshestakov
authored
Merge a50155e into 7eb941d 
2 parents 7eb941d + a50155e commit e42c5ac

File tree

1 file changed

+30
-1
lines changed

1 file changed

+30
-1
lines changed

ydb/services/persqueue_v1/topic.cpp

+30-1
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,35 @@ void TGRpcTopicService::DoUpdateOffsetsInTransaction(std::unique_ptr<IRequestOpC
4242
TActivationContext::AsActorContext().Register(new TUpdateOffsetsInTransactionActor(p.release()));
4343
}
4444

45+
namespace {
46+
47+
using namespace NKikimr;
48+
49+
void YdsProcessAttr(const TSchemeBoardEvents::TDescribeSchemeResult& schemeData, NGRpcService::ICheckerIface* checker) {
50+
static const std::vector<TString> allowedAttributes = {"folder_id", "service_account_id", "database_id"};
51+
//full list of permissions for compatibility. remove old permissions later.
52+
static const TVector<TString> permissions = {
53+
"ydb.databases.list",
54+
"ydb.databases.create",
55+
"ydb.databases.connect",
56+
"ydb.tables.select",
57+
"ydb.schemas.getMetadata",
58+
"ydb.streams.write"
59+
};
60+
TVector<std::pair<TString, TString>> attributes;
61+
attributes.reserve(schemeData.GetPathDescription().UserAttributesSize());
62+
for (const auto& attr : schemeData.GetPathDescription().GetUserAttributes()) {
63+
if (std::find(allowedAttributes.begin(), allowedAttributes.end(), attr.GetKey()) != allowedAttributes.end()) {
64+
attributes.emplace_back(attr.GetKey(), attr.GetValue());
65+
}
66+
}
67+
if (!attributes.empty()) {
68+
checker->SetEntries({{permissions, attributes}});
69+
}
70+
}
71+
72+
}
73+
4574
void TGRpcTopicService::SetupIncomingRequests(NYdbGrpc::TLoggerPtr logger) {
4675

4776
using namespace std::placeholders;
@@ -145,7 +174,7 @@ void TGRpcTopicService::SetupIncomingRequests(NYdbGrpc::TLoggerPtr logger) {
145174
})
146175

147176
ADD_REQUEST(DescribePartition, TopicService, DescribePartitionRequest, DescribePartitionResponse, {
148-
ActorSystem_->Send(GRpcRequestProxyId_, new TEvDescribePartitionRequest(ctx, &DoDescribePartitionRequest, TRequestAuxSettings{RLSWITCH(TRateLimiterMode::Rps), nullptr, TAuditMode::Off}));
177+
ActorSystem_->Send(GRpcRequestProxyId_, new TEvDescribePartitionRequest(ctx, &DoDescribePartitionRequest, TRequestAuxSettings{RLSWITCH(TRateLimiterMode::Rps), YdsProcessAttr, TAuditMode::Off}));
149178
})
150179
#undef ADD_REQUEST
151180

0 commit comments

Comments
 (0)