NBS-4456: use iam-token-client in blockstore-client

cloud/blockstore/apps/client/lib/app.cpp

@@ -1,4 +1,5 @@
 #include "app.h"
+#include "bootstrap.h"
 
 #include <library/cpp/getopt/small/last_getopt.h>
 
@@ -30,7 +31,10 @@ void TApp::Shutdown()
     }
 }
 
-int TApp::Run(int argc, const char* argv[])
+int TApp::Run(
+    std::shared_ptr<TClientFactories> clientFactories,
+    int argc,
+    const char* argv[])
 {
     TOpts opts;
     opts.AddHelpOption('h');
@@ -66,6 +70,8 @@ int TApp::Run(int argc, const char* argv[])
             ythrow yexception() << "unknown command: " << command;
         }
 
+        Handler->SetClientFactories(clientFactories);
+
         bool res = Handler->Run(argc, argv);
         if (!res) {
             return 1;

cloud/blockstore/apps/client/lib/app.h

@@ -12,7 +12,10 @@ class TApp
 public:
     static TApp& Instance();
     void Shutdown();
-    int Run(int argc, const char* argv[]);
+    int Run(
+        std::shared_ptr<TClientFactories> clientFactories,
+        int argc,
+        const char* argv[]);
 };
 
 void Shutdown(int signum);

cloud/blockstore/apps/client/lib/bootstrap.cpp

@@ -0,0 +1 @@
+#include "bootstrap.h"

cloud/blockstore/apps/client/lib/bootstrap.h

@@ -0,0 +1,20 @@
+#pragma once
+
+#include <cloud/storage/core/libs/common/public.h>
+#include <cloud/storage/core/libs/diagnostics/public.h>
+#include <cloud/storage/core/libs/iam/iface/public.h>
+
+namespace NCloud::NBlockStore::NClient {
+
+////////////////////////////////////////////////////////////////////////////////
+
+struct TClientFactories
+{
+    std::function<NIamClient::IIamTokenClientPtr(
+        NIamClient::TIamClientConfigPtr config,
+        ILoggingServicePtr logging,
+        ISchedulerPtr scheduler,
+        ITimerPtr timer)> IamClientFactory;
+};
+
+}   // namespace NCloud::NBlockStore::NClient

cloud/blockstore/apps/client/lib/command.cpp

@@ -1,3 +1,4 @@
+#include "bootstrap.h"
 #include "command.h"
 #include "factory.h"
 
@@ -53,6 +54,7 @@ namespace {
 ////////////////////////////////////////////////////////////////////////////////
 
 const TString DefaultConfigFile = "/Berkanavt/nbs-server/cfg/nbs-client.txt";
+const TString DefaultIamConfigFile = "/Berkanavt/nbs-server/cfg/nbs-iam.txt";
 const TString DefaultIamTokenFile = "~/.nbs-client/iam-token";
 
 ////////////////////////////////////////////////////////////////////////////////
@@ -122,6 +124,13 @@ TCommand::TCommand(IBlockStorePtr client)
         .RequiredArgument("STR")
         .StoreResult(&ConfigFile);
 
+    Opts.AddLongOption("iam-config")
+        .Help(TStringBuilder()
+            << "iam-config file name. Default is "
+            << DefaultIamConfigFile)
+        .RequiredArgument("STR")
+        .StoreResult(&IamConfigFile);
+
     Opts.AddLongOption("host", "connect host")
         .RequiredArgument("STR")
         .StoreResult(&Host);
@@ -284,6 +293,12 @@ void TCommand::SetOutputStream(std::shared_ptr<IOutputStream> os)
     OutputStream = std::move(os);
 }
 
+void TCommand::SetClientFactories(
+    std::shared_ptr<TClientFactories> clientFactories)
+{
+    ClientFactories = std::move(clientFactories);
+}
+
 TString TCommand::NormalizeCommand(TString command)
 {
     command.to_lower();
@@ -420,11 +435,12 @@ void TCommand::Parse(const int argc, const char* argv[])
 void TCommand::Init()
 {
     InitLWTrace();
-    InitClientConfig();
 
     Timer = CreateWallClockTimer();
     Scheduler = CreateScheduler();
 
+    InitClientConfig(InitIamTokenClient());
+
     const auto& logConfig = ClientConfig->GetLogConfig();
     const auto& monConfig = ClientConfig->GetMonitoringConfig();
 
@@ -549,7 +565,39 @@ void TCommand::InitLWTrace()
     probes.AddProbesList(LWTRACE_GET_PROBES(BLOCKSTORE_SERVER_PROVIDER));
 }
 
-void TCommand::InitClientConfig()
+TString TCommand::InitIamTokenClient()
+{
+    NProto::TIamClientConfig iamConfig;
+    if (IamConfigFile) {
+        ParseFromTextFormat(IamConfigFile, iamConfig);
+    } else if (NFs::Exists(DefaultIamConfigFile)) {
+        ParseFromTextFormat(DefaultIamConfigFile, iamConfig);
+    }
+
+    auto IamClientConfigPtr =
+        std::make_shared<NCloud::NIamClient::TIamClientConfig>(iamConfig);
+
+    IamClient = ClientFactories->IamClientFactory(
+        IamClientConfigPtr,
+        CreateLoggingService("console"),
+        Scheduler,
+        Timer);
+    IamClient->Start();
+
+    TString iamToken;
+    try {
+        auto tokenInfo = IamClient->GetTokenAsync().GetValue(WaitTimeout);
+        if (!HasError(tokenInfo)) {
+            iamToken = tokenInfo.GetResult().Token;
+        }
+    } catch (...) {
+        STORAGE_ERROR(CurrentExceptionMessage());
+    }
+
+    return iamToken;
+}
+
+void TCommand::InitClientConfig(TString IamTokenFromClient)
 {
     NProto::TClientAppConfig appConfig;
     if (ConfigFile) {
@@ -627,6 +675,9 @@ void TCommand::InitClientConfig()
         if (!iamToken) {
             iamToken = GetIamTokenFromFile(IamTokenFile);
         }
+        if (!iamToken) {
+            iamToken = std::move(IamTokenFromClient);
+        }
         clientConfig.SetAuthToken(std::move(iamToken));
     }
 
@@ -666,6 +717,10 @@ void TCommand::Start()
 
 void TCommand::Stop()
 {
+    if (IamClient) {
+        IamClient->Stop();
+    }
+
     if (Scheduler) {
         Scheduler->Stop();
     }

cloud/blockstore/apps/client/lib/command.h

@@ -1,5 +1,7 @@
 #pragma once
 
+#include "bootstrap.h"
+
 #include <cloud/blockstore/config/client.pb.h>
 #include <cloud/blockstore/public/api/protos/mount.pb.h>
 
@@ -10,6 +12,7 @@
 #include <cloud/blockstore/libs/service/public.h>
 #include <cloud/blockstore/libs/throttling/throttler.h>
 #include <cloud/storage/core/libs/common/error.h>
+#include <cloud/storage/core/libs/iam/iface/client.h>
 
 #include <library/cpp/actors/util/should_continue.h>
 #include <library/cpp/getopt/small/last_getopt.h>
@@ -36,6 +39,7 @@ class TCommand
     const ui64 BatchBlocksCount = 1024;
 
     TString ConfigFile;
+    TString IamConfigFile;
 
     TString Host;
     ui32 InsecurePort = 0;
@@ -52,6 +56,8 @@ class TCommand
     ILoggingServicePtr Logging;
     IEncryptionClientFactoryPtr EncryptionClientFactory;
 
+    NCloud::NIamClient::IIamTokenClientPtr IamClient;
+
     mutable TLog GrpcLog;
     mutable TLog Log;
 
@@ -93,6 +99,8 @@ class TCommand
 
     TProgramShouldContinue ShouldContinue;
 
+    std::shared_ptr<TClientFactories> ClientFactories;
+
     static constexpr TDuration WaitTimeout = TDuration::MilliSeconds(100);
 
 public:
@@ -120,6 +128,7 @@ class TCommand
     IOutputStream& GetOutputStream();
 
     void SetOutputStream(std::shared_ptr<IOutputStream> os);
+    void SetClientFactories(std::shared_ptr<TClientFactories> clientFactories);
 
     static TString NormalizeCommand(TString command);
 
@@ -164,7 +173,8 @@ class TCommand
 
     void Init();
     void InitLWTrace();
-    void InitClientConfig();
+    TString InitIamTokenClient();
+    void InitClientConfig(TString IamTokenFromClient);
 
     void Start();
     void Stop();

cloud/blockstore/apps/client/lib/command_ut.cpp

@@ -1,3 +1,4 @@
+#include "bootstrap.h"
 #include "factory.h"
 
 #include <cloud/blockstore/libs/client/client.h>
@@ -26,6 +27,25 @@ static const ui64 DefaultBlocksCount = 4096;
 
 ////////////////////////////////////////////////////////////////////////////////
 
+std::shared_ptr<TClientFactories> MakeClientFactories()
+{
+    auto clientFactories = std::make_shared<TClientFactories>();
+
+    clientFactories->IamClientFactory = [] (
+        NCloud::NIamClient::TIamClientConfigPtr config,
+        NCloud::ILoggingServicePtr logging,
+        NCloud::ISchedulerPtr scheduler,
+        NCloud::ITimerPtr timer)
+    {
+        Y_UNUSED(config);
+        Y_UNUSED(logging);
+        Y_UNUSED(scheduler);
+        Y_UNUSED(timer);
+        return NCloud::NIamClient::CreateIamTokenClientStub();
+    };
+    return clientFactories;
+}
+
 bool ExecuteRequest(
     const char* command,
     const TVector<TString>& argv,
@@ -43,6 +63,7 @@ bool ExecuteRequest(
         Cerr << "Failed to find handler for command " << command << Endl;
         return false;
     }
+    handler->SetClientFactories(MakeClientFactories());
 
     return handler->Run(args.size(), &args[0]);
 }

cloud/blockstore/apps/client/lib/ut/ya.make

@@ -8,6 +8,7 @@ SRCS(
 
 PEERDIR(
     cloud/blockstore/apps/client/lib
+    cloud/storage/core/libs/iam/iface
 )
 
 END()

cloud/blockstore/apps/client/lib/ya.make

@@ -1,11 +1,14 @@
 LIBRARY()
 
+OWNER(g:cloud-nbs)
+
 SRCS(
     alter_placement_group_membership.cpp
     alter_volume.cpp
     app.cpp
     assign_volume.cpp
     backup_volume.cpp
+    bootstrap.cpp
     command.cpp
     create_checkpoint.cpp
     create_placement_group.cpp

cloud/blockstore/apps/client/main.cpp

@@ -1,11 +1,27 @@
 #include <cloud/blockstore/apps/client/lib/app.h>
+#include <cloud/blockstore/apps/client/lib/bootstrap.h>
 
 ////////////////////////////////////////////////////////////////////////////////
 
 int main(int argc, const char* argv[])
 {
     using namespace NCloud::NBlockStore::NClient;
 
+    auto clientFactories = std::make_shared<TClientFactories>();
+
+    clientFactories->IamClientFactory = [] (
+        NCloud::NIamClient::TIamClientConfigPtr config,
+        NCloud::ILoggingServicePtr logging,
+        NCloud::ISchedulerPtr scheduler,
+        NCloud::ITimerPtr timer)
+    {
+        Y_UNUSED(config);
+        Y_UNUSED(logging);
+        Y_UNUSED(scheduler);
+        Y_UNUSED(timer);
+        return NCloud::NIamClient::CreateIamTokenClientStub();
+    };
+
     ConfigureSignals();
-    return TApp::Instance().Run(argc, argv);
+    return TApp::Instance().Run(clientFactories, argc, argv);
 }

cloud/blockstore/apps/client/ya.make

@@ -9,6 +9,7 @@ SRCS(
 PEERDIR(
     library/cpp/getopt
     cloud/blockstore/apps/client/lib
+    cloud/storage/core/libs/iam/iface
 )
 
 END()

cloud/blockstore/config/client.proto

@@ -2,6 +2,8 @@ syntax = "proto2";
 
 import "cloud/blockstore/public/api/protos/mount.proto";
 
+import "cloud/storage/core/config/iam.proto";
+
 import "cloud/storage/core/protos/trace.proto";
 
 package NCloud.NBlockStore.NProto;
@@ -228,4 +230,5 @@ message TClientAppConfig
     optional TLogConfig LogConfig = 2;
     optional TMonitoringConfig MonitoringConfig = 3;
     optional TAuthConfig AuthConfig = 4;
+    optional NCloud.NProto.TIamClientConfig IamConfig = 5;
 }

cloud/blockstore/libs/client/config.cpp

@@ -131,6 +131,7 @@ TClientAppConfig::TClientAppConfig(NProto::TClientAppConfig appConfig)
     , ClientConfig(AppConfig.GetClientConfig())
     , LogConfig(AppConfig.GetLogConfig())
     , MonitoringConfig(AppConfig.GetMonitoringConfig())
+    , IamConfig(AppConfig.GetIamConfig())
 {}
 
 #define BLOCKSTORE_CONFIG_GETTER(name, type, ...)                              \

cloud/blockstore/libs/client/config.h

@@ -7,6 +7,7 @@
 #include <cloud/blockstore/libs/diagnostics/dumpable.h>
 
 #include <cloud/storage/core/libs/diagnostics/trace_processor.h>
+#include <cloud/storage/core/libs/iam/iface/config.h>
 
 #include <util/datetime/base.h>
 #include <util/generic/string.h>
@@ -25,6 +26,7 @@ class TClientAppConfig
     const NProto::TClientConfig& ClientConfig;
     const NProto::TLogConfig& LogConfig;
     const NProto::TMonitoringConfig& MonitoringConfig;
+    const NCloud::NProto::TIamClientConfig& IamConfig;
 
 public:
     TClientAppConfig(NProto::TClientAppConfig appConfig = {});

cloud/blockstore/tools/testing/eternal_tests/checkpoint-validator/bin/ya.make

@@ -8,7 +8,8 @@ PEERDIR(
     cloud/blockstore/apps/client/lib
 
     cloud/blockstore/tools/testing/eternal_tests/checkpoint-validator/lib
+
+    cloud/storage/core/libs/iam/iface
 )
 
 END()
-