Config option for node registration token (#7754)

UgnineSirdis · UgnineSirdis · commit 1060128d4c06 · 2024-08-16T14:00:41.000Z
(cherry picked from commit 0ce24a5)
diff --git a/ydb/core/driver_lib/cli_utils/cli_cmds_server.cpp b/ydb/core/driver_lib/cli_utils/cli_cmds_server.cpp
@@ -944,7 +944,8 @@ class TClientCommandServerBase : public TClientCommand {
             const TString &nodeHost,
             const TString &nodeAddress,
             const TString &nodeResolveHost,
-            const TMaybe<TString>& path) {
+            const TMaybe<TString>& path,
+            const TString& nodeRegistrationToken) {
         TCommandConfig::TServerEndpoint endpoint = TCommandConfig::ParseServerAddress(addr);
         NYdb::TDriverConfig config;
         if (endpoint.EnableSsl.Defined()) {
@@ -957,7 +958,9 @@ class TClientCommandServerBase : public TClientCommand {
                 config.UseClientCertificate(certificate.c_str(), privateKey.c_str());
             }
         }
-        config.SetAuthToken(BUILTIN_ACL_ROOT);
+        if (nodeRegistrationToken) {
+            config.SetAuthToken(nodeRegistrationToken);
+        }
         config.SetEndpoint(endpoint.Address);
         auto connection = NYdb::TDriver(config);
 
@@ -1028,13 +1031,13 @@ class TClientCommandServerBase : public TClientCommand {
         return {};
     }
 
-    NYdb::NDiscovery::TNodeRegistrationResult RegisterDynamicNodeViaDiscoveryService(const TVector<TString>& addrs, const TString& domainName) {
+    NYdb::NDiscovery::TNodeRegistrationResult RegisterDynamicNodeViaDiscoveryService(const TVector<TString>& addrs, const TString& domainName, const TString& nodeRegistrationToken) {
         NYdb::NDiscovery::TNodeRegistrationResult result;
         const size_t maxNumberRecivedCallUnimplemented = 5;
         size_t currentNumberRecivedCallUnimplemented = 0;
         while (!result.IsSuccess() && currentNumberRecivedCallUnimplemented < maxNumberRecivedCallUnimplemented) {
             for (const auto& addr : addrs) {
-                result = TryToRegisterDynamicNodeViaDiscoveryService(addr, domainName, NodeHost, NodeAddress, NodeResolveHost, GetSchemePath());
+                result = TryToRegisterDynamicNodeViaDiscoveryService(addr, domainName, NodeHost, NodeAddress, NodeResolveHost, GetSchemePath(), nodeRegistrationToken);
                 if (result.IsSuccess()) {
                     Cout << "Success. Registered via discovery service as " << result.GetNodeId() << Endl;
                     Cout << "Node name: ";
@@ -1217,7 +1220,7 @@ class TClientCommandServerBase : public TClientCommand {
         if (!NodeResolveHost)
             NodeResolveHost = NodeHost;
 
-        NYdb::NDiscovery::TNodeRegistrationResult result = RegisterDynamicNodeViaDiscoveryService(addrs, domainName);
+        NYdb::NDiscovery::TNodeRegistrationResult result = RegisterDynamicNodeViaDiscoveryService(addrs, domainName, AppConfig.GetAuthConfig().GetNodeRegistrationToken());
         if (result.IsSuccess()) {
             ProcessRegistrationDynamicNodeResult(result);
         } else {
diff --git a/ydb/core/protos/auth.proto b/ydb/core/protos/auth.proto
@@ -52,6 +52,7 @@ message TAuthConfig {
     optional bool UseBuiltinDomain = 78 [default = true];
     optional string CertificateAuthenticationDomain = 80 [default = "cert"];
     optional bool EnableLoginAuthentication = 81 [default = true];
+    optional string NodeRegistrationToken = 82 [default = "root@builtin", (Ydb.sensitive) = true];
 }
 
 message TUserRegistryConfig {

Original file line number	Diff line number	Diff line change
`@@ -52,6 +52,7 @@ message TAuthConfig {`
`52`	`52`	`optional bool UseBuiltinDomain = 78 [default = true];`
`53`	`53`	`optional string CertificateAuthenticationDomain = 80 [default = "cert"];`
`54`	`54`	`optional bool EnableLoginAuthentication = 81 [default = true];`
	`55`	`+ optional string NodeRegistrationToken = 82 [default = "root@builtin", (Ydb.sensitive) = true];`
`55`	`56`	`}`
`56`	`57`
`57`	`58`	`message TUserRegistryConfig {`