Merge branch 'main' of https://github.com/ydb-platform/ydb into mergelibs-yql

Author: maximyurchuk

.github/config/muted_ya.txt

@@ -24,6 +24,13 @@ ydb/core/kqp/ut/olap KqpOlapBlobsSharing.BlobsSharingSplit1_1_clean_with_restart
 ydb/core/kqp/ut/olap KqpOlapBlobsSharing.TableReshardingConsistency64
 ydb/core/kqp/ut/olap KqpOlapBlobsSharing.TableReshardingModuloN
 ydb/core/kqp/ut/olap KqpOlapBlobsSharing.UpsertWhileSplitTest
+ydb/core/kqp/ut/olap KqpOlapBlobsSharing.MultipleMerge
+ydb/core/kqp/ut/olap KqpOlapBlobsSharing.MultipleSplits
+ydb/core/kqp/ut/olap KqpOlapBlobsSharing.MultipleSplitsThenMerges
+ydb/core/kqp/ut/olap KqpOlapBlobsSharing.MultipleSplitsWithRestartsAfterWait
+ydb/core/kqp/ut/olap KqpOlapBlobsSharing.MultipleSplitsWithRestartsWhenWait
+ydb/core/kqp/ut/olap KqpOlapBlobsSharing.MultipleMergesWithRestartsAfterWait
+ydb/core/kqp/ut/olap KqpOlapBlobsSharing.MultipleMergesWithRestartsWhenWait
 ydb/core/kqp/ut/olap KqpOlapIndexes.IndexesActualization
 ydb/core/kqp/ut/olap KqpOlapIndexes.IndexesInBS
 ydb/core/kqp/ut/olap KqpOlapIndexes.IndexesInLocalMetadata

ydb/core/audit/audit_log_impl.cpp

@@ -93,7 +93,8 @@ TString GetJsonLog(const TEvAuditLog::TEvWriteAuditLog::TPtr& ev) {
 
 TString GetJsonLogCompatibleLog(const TEvAuditLog::TEvWriteAuditLog::TPtr& ev) {
     const auto* msg = ev->Get();
-    NJsonWriter::TBuf json;
+    TStringStream ss;
+    NJsonWriter::TBuf json(NJsonWriter::HEM_DONT_ESCAPE_HTML, &ss);
     {
         auto obj = json.BeginObject();
         obj
@@ -107,7 +108,8 @@ TString GetJsonLogCompatibleLog(const TEvAuditLog::TEvWriteAuditLog::TPtr& ev) {
         }
         json.EndObject();
     }
-    return json.Str();
+    ss << Endl;
+    return ss.Str();
 }
 
 TString GetTxtLog(const TEvAuditLog::TEvWriteAuditLog::TPtr& ev) {

ydb/core/audit/ya.make

@@ -13,8 +13,4 @@ PEERDIR(
     ydb/core/base
 )
 
-RESOURCE(
-    ydb/core/kqp/kqp_default_settings.txt kqp_default_settings.txt
-)
-
 END()

ydb/core/cms/console/console__replace_yaml_config.cpp

@@ -20,7 +20,7 @@ class TConfigsManager::TTxReplaceYamlConfig : public TTransactionBase<TConfigsMa
         , Config(ev->Get()->Record.GetRequest().config())
         , Peer(ev->Get()->Record.GetPeerName())
         , Sender(ev->Sender)
-        , UserSID(NACLib::TUserToken(ev->Get()->Record.GetUserToken()).GetUserSID())
+        , UserToken(ev->Get()->Record.GetUserToken())
         , Force(force)
         , AllowUnknownFields(ev->Get()->Record.GetRequest().allow_unknown_fields())
         , DryRun(ev->Get()->Record.GetRequest().dry_run())
@@ -57,7 +57,7 @@ class TConfigsManager::TTxReplaceYamlConfig : public TTransactionBase<TConfigsMa
             oldVolatileConfig.SetConfig(config);
         }
 
-        Self->Logger.DbLogData(UserSID, logData, txc, ctx);
+        Self->Logger.DbLogData(UserToken.GetUserSID(), logData, txc, ctx);
     }
 
     bool Execute(TTransactionContext &txc, const TActorContext &ctx) override
@@ -190,7 +190,8 @@ class TConfigsManager::TTxReplaceYamlConfig : public TTransactionBase<TConfigsMa
         if (!Error && Modify && !DryRun) {
             AuditLogReplaceConfigTransaction(
                 /* peer = */ Peer,
-                /* userSID = */ UserSID,
+                /* userSID = */ UserToken.GetUserSID(),
+                /* sanitizedToken = */ UserToken.GetSanitizedToken(),
                 /* oldConfig = */ Self->YamlConfig,
                 /* newConfig = */ Config,
                 /* reason = */ {},
@@ -207,7 +208,8 @@ class TConfigsManager::TTxReplaceYamlConfig : public TTransactionBase<TConfigsMa
         } else if (Error && !DryRun) {
             AuditLogReplaceConfigTransaction(
                 /* peer = */ Peer,
-                /* userSID = */ UserSID,
+                /* userSID = */ UserToken.GetUserSID(),
+                /* sanitizedToken = */ UserToken.GetSanitizedToken(),
                 /* oldConfig = */ Self->YamlConfig,
                 /* newConfig = */ Config,
                 /* reason = */ ErrorReason,
@@ -221,7 +223,7 @@ class TConfigsManager::TTxReplaceYamlConfig : public TTransactionBase<TConfigsMa
     const TString Config;
     const TString Peer;
     const TActorId Sender;
-    const TString UserSID;
+    const NACLib::TUserToken UserToken;
     const bool Force = false;
     const bool AllowUnknownFields = false;
     const bool DryRun = false;

ydb/core/cms/console/console_audit.cpp

@@ -8,6 +8,7 @@ namespace NKikimr::NConsole {
 void AuditLogReplaceConfigTransaction(
     const TString& peer,
     const TString& userSID,
+    const TString& sanitizedToken,
     const TString& oldConfig,
     const TString& newConfig,
     const TString& reason,
@@ -23,6 +24,7 @@ void AuditLogReplaceConfigTransaction(
         AUDIT_PART("component", COMPONENT_NAME)
         AUDIT_PART("remote_address", (!peerName.empty() ? peerName : EMPTY_VALUE))
         AUDIT_PART("subject", (!userSID.empty() ? userSID : EMPTY_VALUE))
+        AUDIT_PART("sanitized_token", (!sanitizedToken.empty() ? sanitizedToken : EMPTY_VALUE))
         AUDIT_PART("status", TString(success ? "SUCCESS" : "ERROR"))
         AUDIT_PART("reason", reason, !reason.empty())
         AUDIT_PART("operation", TString("REPLACE DYNCONFIG"))

ydb/core/cms/console/console_audit.h

@@ -7,6 +7,7 @@ namespace NKikimr::NConsole {
 void AuditLogReplaceConfigTransaction(
     const TString& peer,
     const TString& userSID,
+    const TString& sanitizedToken,
     const TString& oldConfig,
     const TString& newConfig,
     const TString& reason,

ydb/core/cms/console/console_configs_manager.cpp

@@ -980,6 +980,7 @@ void TConfigsManager::HandleUnauthorized(TEvConsole::TEvReplaceYamlConfigRequest
     AuditLogReplaceConfigTransaction(
         /* peer = */ ev->Get()->Record.GetPeerName(),
         /* userSID = */ ev->Get()->Record.GetUserToken(),
+        /* sanitizedToken = */ TString(),
         /* oldConfig = */ YamlConfig,
         /* newConfig = */ ev->Get()->Record.GetRequest().config(),
         /* reason = */ "Unauthorized.",
@@ -990,6 +991,7 @@ void TConfigsManager::HandleUnauthorized(TEvConsole::TEvSetYamlConfigRequest::TP
     AuditLogReplaceConfigTransaction(
         /* peer = */ ev->Get()->Record.GetPeerName(),
         /* userSID = */ ev->Get()->Record.GetUserToken(),
+        /* sanitizedToken = */ TString(),
         /* oldConfig = */ YamlConfig,
         /* newConfig = */ ev->Get()->Record.GetRequest().config(),
         /* reason = */ "Unauthorized.",

ydb/core/grpc_services/audit_dml_operations.cpp

@@ -61,9 +61,11 @@ namespace {
 
 namespace NKikimr::NGRpcService {
 
-void AuditContextStart(IAuditCtx* ctx, const TString& database, const TString& userSID, const std::vector<std::pair<TString, TString>>& databaseAttrs) {
+void AuditContextStart(IAuditCtx* ctx, const TString& database, const TString& userSID, const TString& sanitizedToken, const std::vector<std::pair<TString, TString>>& databaseAttrs) {
     ctx->AddAuditLogPart("remote_address", NKikimr::NAddressClassifier::ExtractAddress(ctx->GetPeerName()));
     ctx->AddAuditLogPart("subject", userSID);
+    static const TString EMPTY_VALUE = "{none}";
+    ctx->AddAuditLogPart("sanitized_token", !sanitizedToken.empty() ? sanitizedToken : EMPTY_VALUE);
     ctx->AddAuditLogPart("database", database);
     ctx->AddAuditLogPart("operation", ctx->GetRequestName());
     ctx->AddAuditLogPart("start_time", TInstant::Now().ToString());

ydb/core/grpc_services/audit_dml_operations.h

@@ -45,7 +45,7 @@ class IAuditCtx;
 // AuditContextAppend() specializations extract specific info from request (and result) protos.
 //
 
-void AuditContextStart(IAuditCtx* ctx, const TString& database, const TString& userSID, const std::vector<std::pair<TString, TString>>& databaseAttrs);
+void AuditContextStart(IAuditCtx* ctx, const TString& database, const TString& userSID, const TString& sanitizedToken, const std::vector<std::pair<TString, TString>>& databaseAttrs);
 void AuditContextEnd(IAuditCtx* ctx);
 
 template <class TProtoRequest>

ydb/core/grpc_services/audit_log.cpp

@@ -9,7 +9,10 @@
 namespace NKikimr {
 namespace NGRpcService {
 
-void AuditLogConn(const IRequestProxyCtx* ctx, const TString& database, const TString& userSID)
+//NOTE: EmptyValue couldn't be an empty string as AUDIT_PART() skips parts with an empty values
+static const TString EmptyValue = "{none}";
+
+void AuditLogConn(const IRequestProxyCtx* ctx, const TString& database, const TString& userSID, const TString& sanitizedToken)
 {
     static const TString GrpcConnComponentName = "grpc-conn";
 
@@ -18,6 +21,7 @@ void AuditLogConn(const IRequestProxyCtx* ctx, const TString& database, const TS
 
         AUDIT_PART("remote_address", NKikimr::NAddressClassifier::ExtractAddress(ctx->GetPeerName()))
         AUDIT_PART("subject", userSID)
+        AUDIT_PART("sanitized_token", (!sanitizedToken.empty() ? sanitizedToken : EmptyValue))
         AUDIT_PART("database", database)
         AUDIT_PART("operation", ctx->GetRequestName())
     );
@@ -35,9 +39,6 @@ void AuditLog(ui32 status, const TAuditLogParts& parts)
 {
     static const TString GrpcProxyComponentName = "grpc-proxy";
 
-    //NOTE: EmptyValue couldn't be an empty string as AUDIT_PART() skips parts with an empty values
-    static const TString EmptyValue = "{none}";
-
     AUDIT_LOG(
         AUDIT_PART("component", GrpcProxyComponentName)
 
@@ -56,4 +57,3 @@ void AuditLog(ui32 status, const TAuditLogParts& parts)
 
 }
 }
-