Skip to content

Remove grpc dependency leak through iam headers #338

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Nov 19, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ endif()
add_subdirectory(tools)
add_subdirectory(contrib/libs)
add_subdirectory(library/cpp)
add_subdirectory(include/ydb-cpp-sdk/client)
add_subdirectory(src)
add_subdirectory(util)

Expand Down
1 change: 1 addition & 0 deletions include/ydb-cpp-sdk/client/CMakeLists.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
add_subdirectory(iam/common)
10 changes: 10 additions & 0 deletions include/ydb-cpp-sdk/client/iam/common/CMakeLists.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
_ydb_sdk_add_library(client-iam-types INTERFACE)

target_link_libraries(client-iam-types
INTERFACE
client-ydb_types-credentials
library-jwt
yutil
)

_ydb_sdk_install_targets(client-iam-types)
53 changes: 53 additions & 0 deletions include/ydb-cpp-sdk/client/iam/common/types.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
#pragma once

#include <ydb-cpp-sdk/client/types/credentials/credentials.h>
#include <ydb-cpp-sdk/library/jwt/jwt.h>

#include <util/datetime/base.h>

#include <fstream>
#include <string>

namespace NYdb {

namespace NIam {

constexpr std::string_view DEFAULT_ENDPOINT = "iam.api.cloud.yandex.net";
constexpr bool DEFAULT_ENABLE_SSL = true;

constexpr std::string_view DEFAULT_HOST = "169.254.169.254";
constexpr uint32_t DEFAULT_PORT = 80;

constexpr TDuration DEFAULT_REFRESH_PERIOD = TDuration::Hours(1);
constexpr TDuration DEFAULT_REQUEST_TIMEOUT = TDuration::Seconds(10);

}

struct TIamHost {
std::string Host = std::string(NIam::DEFAULT_HOST);
uint32_t Port = NIam::DEFAULT_PORT;
TDuration RefreshPeriod = NIam::DEFAULT_REFRESH_PERIOD;
};

struct TIamEndpoint {
std::string Endpoint = std::string(NIam::DEFAULT_ENDPOINT);
TDuration RefreshPeriod = NIam::DEFAULT_REFRESH_PERIOD;
TDuration RequestTimeout = NIam::DEFAULT_REQUEST_TIMEOUT;
bool EnableSsl = NIam::DEFAULT_ENABLE_SSL;
};

struct TIamJwtFilename : TIamEndpoint { std::string JwtFilename; };

struct TIamJwtContent : TIamEndpoint { std::string JwtContent; };

struct TIamJwtParams : TIamEndpoint { TJwtParams JwtParams; };

struct TIamOAuth : TIamEndpoint { std::string OAuthToken; };


inline TJwtParams ReadJwtKeyFile(const std::string& filename) {
std::ifstream input(filename, std::ios::in);
return ParseJwtParams({std::istreambuf_iterator<char>(input), std::istreambuf_iterator<char>()});
}

}
18 changes: 17 additions & 1 deletion include/ydb-cpp-sdk/client/iam/iam.h
Original file line number Diff line number Diff line change
@@ -1,3 +1,19 @@
#pragma once

#include "common/iam.h"
#include "common/types.h"

namespace NYdb {

/// Acquire an IAM token using a local metadata service on a virtual machine.
TCredentialsProviderFactoryPtr CreateIamCredentialsProviderFactory(const TIamHost& params = {});

/// Acquire an IAM token using a JSON Web Token (JWT) file name.
TCredentialsProviderFactoryPtr CreateIamJwtFileCredentialsProviderFactory(const TIamJwtFilename& params);

/// Acquire an IAM token using JSON Web Token (JWT) contents.
TCredentialsProviderFactoryPtr CreateIamJwtParamsCredentialsProviderFactory(const TIamJwtContent& param);

// Acquire an IAM token using a user OAuth token.
TCredentialsProviderFactoryPtr CreateIamOAuthCredentialsProviderFactory(const TIamOAuth& params);

}
2 changes: 1 addition & 1 deletion include/ydb-cpp-sdk/client/iam_private/iam.h
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#pragma once

#include <ydb-cpp-sdk/client/iam/common/iam.h>
#include <ydb-cpp-sdk/client/iam/common/types.h>

namespace NYdb {

Expand Down
2 changes: 1 addition & 1 deletion src/client/helpers/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ target_link_libraries(client-helpers
PUBLIC
yutil
client-ydb_types-credentials-oauth2
client-iam-common
client-iam
client-ydb_types-credentials
)

Expand Down
2 changes: 1 addition & 1 deletion src/client/helpers/helpers.cpp
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#include <ydb-cpp-sdk/client/helpers/helpers.h>

#include <ydb-cpp-sdk/client/iam/common/iam.h>
#include <ydb-cpp-sdk/client/iam/iam.h>
#include <ydb-cpp-sdk/client/resources/ydb_ca.h>
#include <ydb-cpp-sdk/client/types/credentials/oauth2_token_exchange/from_file.h>

Expand Down
17 changes: 11 additions & 6 deletions src/client/iam/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,19 @@ add_subdirectory(common)

_ydb_sdk_add_library(client-iam)

target_link_libraries(client-iam PUBLIC
yutil
api-client-yc_public
client-iam-common
target_link_libraries(client-iam
PUBLIC
client-iam-types
yutil
PRIVATE
api-client-yc_public
client-iam-common
json
http-simple
)

_ydb_sdk_install_targets(TARGETS client-iam)

target_sources(client-iam PRIVATE
iam.cpp
)

_ydb_sdk_make_client_component(Iam client-iam)
22 changes: 8 additions & 14 deletions src/client/iam/common/CMakeLists.txt
Original file line number Diff line number Diff line change
@@ -1,17 +1,11 @@
_ydb_sdk_add_library(client-iam-common)
_ydb_sdk_add_library(client-iam-common INTERFACE)

target_link_libraries(client-iam-common PUBLIC
yutil
grpc-client
http-simple
json
library-jwt
client-ydb_types-credentials
api-client-yc_public
target_link_libraries(client-iam-common
INTERFACE
client-iam-types
grpc-client
threading-future
yutil
)

target_sources(client-iam-common PRIVATE
iam.cpp
)

_ydb_sdk_make_client_component(Iam client-iam-common)
_ydb_sdk_install_targets(client-iam-common)
114 changes: 0 additions & 114 deletions src/client/iam/common/iam.cpp

This file was deleted.

Original file line number Diff line number Diff line change
@@ -1,69 +1,16 @@
#pragma once

#include <ydb-cpp-sdk/client/types/credentials/credentials.h>
#include <ydb-cpp-sdk/client/iam/common/types.h>

#include <ydb-cpp-sdk/library/grpc/client/grpc_client_low.h>
#include <library/cpp/threading/future/future.h>
#include <src/library/grpc/client/grpc_client_low.h>

#include <ydb-cpp-sdk/library/jwt/jwt.h>
#include <util/datetime/base.h>
#include <library/cpp/threading/future/future.h>

#include <util/system/spinlock.h>
#include <util/string/builder.h>

#include <fstream>
#include <util/system/spinlock.h>

namespace NYdb {

namespace NIam {
constexpr std::string_view DEFAULT_ENDPOINT = "iam.api.cloud.yandex.net";
constexpr bool DEFAULT_ENABLE_SSL = true;

constexpr std::string_view DEFAULT_HOST = "169.254.169.254";
constexpr uint32_t DEFAULT_PORT = 80;

constexpr TDuration DEFAULT_REFRESH_PERIOD = TDuration::Hours(1);
constexpr TDuration DEFAULT_REQUEST_TIMEOUT = TDuration::Seconds(10);
}

struct TIamHost {
std::string Host = std::string(NIam::DEFAULT_HOST);
uint32_t Port = NIam::DEFAULT_PORT;
TDuration RefreshPeriod = NIam::DEFAULT_REFRESH_PERIOD;
};

struct TIamEndpoint {
std::string Endpoint = std::string(NIam::DEFAULT_ENDPOINT);
TDuration RefreshPeriod = NIam::DEFAULT_REFRESH_PERIOD;
TDuration RequestTimeout = NIam::DEFAULT_REQUEST_TIMEOUT;
bool EnableSsl = NIam::DEFAULT_ENABLE_SSL;
};

struct TIamJwtFilename : TIamEndpoint { std::string JwtFilename; };

struct TIamJwtContent : TIamEndpoint { std::string JwtContent; };

struct TIamJwtParams : TIamEndpoint { TJwtParams JwtParams; };

inline TJwtParams ReadJwtKeyFile(const std::string& filename) {
std::ifstream input(filename, std::ios::in);
return ParseJwtParams({std::istreambuf_iterator<char>(input), std::istreambuf_iterator<char>()});
}

struct TIamOAuth : TIamEndpoint { std::string OAuthToken; };

/// Acquire an IAM token using a local metadata service on a virtual machine.
TCredentialsProviderFactoryPtr CreateIamCredentialsProviderFactory(const TIamHost& params = {});

/// Acquire an IAM token using a JSON Web Token (JWT) file name.
TCredentialsProviderFactoryPtr CreateIamJwtFileCredentialsProviderFactory(const TIamJwtFilename& params);

/// Acquire an IAM token using JSON Web Token (JWT) contents.
TCredentialsProviderFactoryPtr CreateIamJwtParamsCredentialsProviderFactory(const TIamJwtContent& param);

// Acquire an IAM token using a user OAuth token.
TCredentialsProviderFactoryPtr CreateIamOAuthCredentialsProviderFactory(const TIamOAuth& params);

constexpr TDuration BACKOFF_START = TDuration::MilliSeconds(50);
constexpr TDuration BACKOFF_MAX = TDuration::Seconds(10);

Expand Down
Loading
Loading