Merge pull request #513 from ydb-platform/static

Added `credentials.NewStaticCredentials()` static credentials constructor + Changed `internal/credentials.NewStaticCredentials()` signature and behaviour for create grpc connection on each call to auth service

Author: asmyasnikov

CHANGELOG.md

@@ -1,3 +1,5 @@
+* Added `credentials.NewStaticCredentials()` static credentials constructor
+* Changed `internal/credentials.NewStaticCredentials()` signature and behaviour for create grpc connection on each call to auth service 
 * Downgrade `google.golang.org/grpc` to `v1.49.0`
 
 ## v3.42.2

connection.go

@@ -18,7 +18,6 @@ import (
 	"github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials"
 	discoveryConfig "github.com/ydb-platform/ydb-go-sdk/v3/internal/discovery/config"
 	"github.com/ydb-platform/ydb-go-sdk/v3/internal/dsn"
-	"github.com/ydb-platform/ydb-go-sdk/v3/internal/endpoint"
 	internalRatelimiter "github.com/ydb-platform/ydb-go-sdk/v3/internal/ratelimiter"
 	ratelimiterConfig "github.com/ydb-platform/ydb-go-sdk/v3/internal/ratelimiter/config"
 	internalScheme "github.com/ydb-platform/ydb-go-sdk/v3/internal/scheme"
@@ -428,7 +427,8 @@ func connect(ctx context.Context, c *connection) error {
 		c.config = c.config.With(config.WithCredentials(
 			credentials.NewStaticCredentials(
 				c.userInfo.User, c.userInfo.Password,
-				c.pool.Get(endpoint.New(c.config.Endpoint())),
+				c.config.Endpoint(),
+				c.config.GrpcDialOptions()...,
 			),
 		))
 	}

connection_e2e_test.go

@@ -7,25 +7,31 @@ import (
 	"context"
 	"crypto/tls"
 	"fmt"
+	"net/url"
 	"os"
 	"testing"
 	"time"
 
 	"github.com/ydb-platform/ydb-go-genproto/Ydb_Discovery_V1"
 	"github.com/ydb-platform/ydb-go-genproto/Ydb_Export_V1"
+	"github.com/ydb-platform/ydb-go-genproto/Ydb_Monitoring_V1"
 	"github.com/ydb-platform/ydb-go-genproto/Ydb_Scripting_V1"
 	"github.com/ydb-platform/ydb-go-genproto/protos/Ydb"
 	"github.com/ydb-platform/ydb-go-genproto/protos/Ydb_Discovery"
 	"github.com/ydb-platform/ydb-go-genproto/protos/Ydb_Export"
+	"github.com/ydb-platform/ydb-go-genproto/protos/Ydb_Monitoring"
 	"github.com/ydb-platform/ydb-go-genproto/protos/Ydb_Operations"
 	"github.com/ydb-platform/ydb-go-genproto/protos/Ydb_Scripting"
 	"google.golang.org/grpc"
+	grpcCredentials "google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/credentials/insecure"
 	"google.golang.org/grpc/metadata"
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/types/known/durationpb"
 
 	"github.com/ydb-platform/ydb-go-sdk/v3"
 	"github.com/ydb-platform/ydb-go-sdk/v3/config"
+	"github.com/ydb-platform/ydb-go-sdk/v3/credentials"
 	"github.com/ydb-platform/ydb-go-sdk/v3/internal/meta"
 	"github.com/ydb-platform/ydb-go-sdk/v3/log"
 	"github.com/ydb-platform/ydb-go-sdk/v3/retry"
@@ -314,3 +320,107 @@ func TestConnection(t *testing.T) {
 		}
 	})
 }
+
+func TestStaticCredentials(t *testing.T) {
+	t.Skip("wait for newest cr.yandex/yc/yandex-docker-local-ydb:latest was published")
+
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second*10)
+	defer cancel()
+
+	var dsn string
+	if v, has := os.LookupEnv("YDB_CONNECTION_STRING"); !has {
+		t.Fatal("env YDB_CONNECTION_STRING required")
+	} else {
+		dsn = v
+	}
+
+	url, err := url.Parse(dsn)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	staticCredentials := credentials.NewStaticCredentials("root", "", url.Host, func() grpc.DialOption {
+		if url.Scheme == "grpcs" {
+			transportCredentials, transportCredentialsErr := grpcCredentials.NewClientTLSFromFile(
+				os.Getenv("YDB_SSL_ROOT_CERTIFICATES_FILE"), url.Hostname(),
+			)
+			if err != nil {
+				t.Fatalf("cannot create transport credentials: %v", transportCredentialsErr)
+			}
+			return grpc.WithTransportCredentials(transportCredentials)
+		}
+		return grpc.WithTransportCredentials(insecure.NewCredentials())
+	}())
+
+	token, err := staticCredentials.Token(ctx)
+	if err != nil {
+		t.Fatalf("get token failed: %v", err)
+	} else {
+		fmt.Printf("token: %s\n", token)
+	}
+
+	db, err := ydb.Open(
+		ctx,
+		"", // corner case for check replacement of endpoint+database+secure
+		ydb.WithConnectionString(os.Getenv("YDB_CONNECTION_STRING")),
+		ydb.WithCredentials(staticCredentials),
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		// cleanup connection
+		if e := db.Close(ctx); e != nil {
+			t.Fatalf("close failed: %+v", e)
+		}
+	}()
+	_, err = db.Discovery().WhoAmI(ctx)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestMonitoring(t *testing.T) {
+	t.Skip("wait for newest cr.yandex/yc/yandex-docker-local-ydb:latest was published")
+
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second*10)
+	defer cancel()
+
+	db, err := ydb.Open(
+		ctx,
+		"", // corner case for check replacement of endpoint+database+secure
+		ydb.WithConnectionString(os.Getenv("YDB_CONNECTION_STRING")),
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		// cleanup connection
+		if e := db.Close(ctx); e != nil {
+			t.Fatalf("close failed: %+v", e)
+		}
+	}()
+	t.Run("monitoring.SelfCheck", func(t *testing.T) {
+		if err = retry.Retry(ctx, func(ctx context.Context) (err error) {
+			client := Ydb_Monitoring_V1.NewMonitoringServiceClient(ydb.GRPCConn(db))
+			response, err := client.SelfCheck(ctx, &Ydb_Monitoring.SelfCheckRequest{
+				OperationParams:     nil,
+				ReturnVerboseStatus: false,
+				MinimumStatus:       0,
+				MaximumLevel:        0,
+			})
+			if err != nil {
+				return err
+			}
+			var result Ydb_Monitoring.SelfCheckResult
+			err = response.Operation.Result.UnmarshalTo(&result)
+			if err != nil {
+				return err
+			}
+			fmt.Printf("%+v\n", &result)
+			return nil
+		}, retry.WithIdempotent(true)); err != nil {
+			t.Fatalf("Execute failed: %v", err)
+		}
+	})
+}

credentials/credentials.go

@@ -3,6 +3,8 @@ package credentials
 import (
 	"context"
 
+	"google.golang.org/grpc"
+
 	"github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials"
 )
 
@@ -48,3 +50,8 @@ func NewAnonymousCredentials(opts ...option) Credentials {
 	}
 	return credentials.NewAnonymousCredentials(h.sourceInfo)
 }
+
+// NewStaticCredentials makes static credentials object
+func NewStaticCredentials(user, password string, authEndpoint string, opts ...grpc.DialOption) Credentials {
+	return credentials.NewStaticCredentials(user, password, authEndpoint, opts...)
+}

internal/credentials/static.go

@@ -16,11 +16,12 @@ import (
 	"github.com/ydb-platform/ydb-go-sdk/v3/internal/xerrors"
 )
 
-func NewStaticCredentials(user, password string, cc grpc.ClientConnInterface) Credentials {
+func NewStaticCredentials(user, password string, authEndpoint string, opts ...grpc.DialOption) Credentials {
 	return &staticCredentials{
 		user:     user,
 		password: password,
-		client:   Ydb_Auth_V1.NewAuthServiceClient(cc),
+		endpoint: authEndpoint,
+		opts:     opts,
 	}
 }
 
@@ -29,32 +30,46 @@ func NewStaticCredentials(user, password string, cc grpc.ClientConnInterface) Cr
 type staticCredentials struct {
 	user      string
 	password  string
-	client    Ydb_Auth_V1.AuthServiceClient
+	endpoint  string
+	opts      []grpc.DialOption
 	token     string
 	requestAt time.Time
 	mu        sync.Mutex
 }
 
-func (lp *staticCredentials) Token(ctx context.Context) (token string, err error) {
-	lp.mu.Lock()
-	defer lp.mu.Unlock()
-	if time.Until(lp.requestAt) > 0 {
-		return lp.token, nil
+func (c *staticCredentials) Token(ctx context.Context) (token string, err error) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	if time.Until(c.requestAt) > 0 {
+		return c.token, nil
 	}
-	response, err := lp.client.Login(ctx, &Ydb_Auth.LoginRequest{
+	cc, err := grpc.DialContext(ctx, c.endpoint, c.opts...)
+	if err != nil {
+		return "", xerrors.WithStackTrace(
+			fmt.Errorf("dial failed: %w", err),
+		)
+	}
+	defer func() {
+		_ = cc.Close()
+	}()
+
+	client := Ydb_Auth_V1.NewAuthServiceClient(cc)
+
+	response, err := client.Login(ctx, &Ydb_Auth.LoginRequest{
 		OperationParams: &Ydb_Operations.OperationParams{
 			OperationMode:    0,
 			OperationTimeout: nil,
 			CancelAfter:      nil,
 			Labels:           nil,
 			ReportCostInfo:   0,
 		},
-		User:     lp.user,
-		Password: lp.password,
+		User:     c.user,
+		Password: c.password,
 	})
 	if err != nil {
 		return "", xerrors.WithStackTrace(err)
 	}
+
 	switch {
 	case !response.GetOperation().GetReady():
 		return "", xerrors.WithStackTrace(
@@ -77,13 +92,16 @@ func (lp *staticCredentials) Token(ctx context.Context) (token string, err error
 	if err = response.GetOperation().GetResult().UnmarshalTo(&result); err != nil {
 		return "", xerrors.WithStackTrace(err)
 	}
+
 	expiresAt, err := parseExpiresAt(result.GetToken())
 	if err != nil {
 		return "", xerrors.WithStackTrace(err)
 	}
-	lp.requestAt = time.Now().Add(time.Until(expiresAt) / 2)
-	lp.token = result.GetToken()
-	return lp.token, nil
+
+	c.requestAt = time.Now().Add(time.Until(expiresAt) / 2)
+	c.token = result.GetToken()
+
+	return c.token, nil
 }
 
 func parseExpiresAt(raw string) (expiresAt time.Time, err error) {