Issue-932 update notify (#939)

* #932 notify update

notify now can use iam client to autorize

cloud/blockstore/config/notify.proto

@@ -14,4 +14,7 @@ message TNotifyConfig
 
     // TLS details.
     optional string CaCertFilename = 3;
+
+    // Version number.
+    optional uint32 Version = 4;
 }

cloud/blockstore/libs/daemon/ydb/bootstrap.cpp

@@ -481,7 +481,7 @@ void TBootstrapYdb::InitKikimrService()
     STORAGE_INFO("LogbrokerService initialized");
 
     NotifyService = Configs->NotifyConfig->GetEndpoint()
-        ? NNotify::CreateService(Configs->NotifyConfig)
+        ? NNotify::CreateService(Configs->NotifyConfig, IamTokenClient)
         : NNotify::CreateNullService(logging);
 
     STORAGE_INFO("NotifyService initialized");

cloud/blockstore/libs/notify/config.cpp

@@ -9,8 +9,10 @@ namespace {
 ////////////////////////////////////////////////////////////////////////////////
 
 #define BLOCKSTORE_NOTIFY_CONFIG(xxx)                                          \
-    xxx(Endpoint,       TString,   "")                                         \
-    xxx(CaCertFilename, TString,   "")                                         \
+    xxx(Endpoint,       TString,            "")                                \
+    xxx(CaCertFilename, TString,            "")                                \
+    xxx(Version,        ui32,               1 )                                \
+
 // BLOCKSTORE_NOTIFY_CONFIG
 
 #define BLOCKSTORE_DECLARE_CONFIG(name, type, value)                           \

cloud/blockstore/libs/notify/config.h

@@ -22,6 +22,7 @@ class TNotifyConfig
 
     TString GetEndpoint() const;
     TString GetCaCertFilename() const;
+    ui32 GetVersion() const;
 
     void Dump(IOutputStream& out) const;
     void DumpHtml(IOutputStream& out) const;

cloud/blockstore/libs/notify/https.cpp

@@ -939,10 +939,14 @@ void THttpsClient::Post(
     const TString& endpoint,
     const TString& data,
     const TString& contentType,
+    const TString& iamToken,
     const THttpsCallback& callback)
 {
     THttpHeaders headers;
     headers.AddHeader(THttpInputHeader("Content-Type", contentType));
+    if (!iamToken.empty()) {
+        headers.AddHeader(THttpInputHeader("Authorization", "Bearer " + iamToken));
+    }
     Impl->SendRequest(
         EHttpMethod::Post,
         endpoint,

cloud/blockstore/libs/notify/https.h

@@ -1,5 +1,7 @@
 #pragma once
 
+#include <cloud/storage/core/libs/common/error.h>
+#include <cloud/storage/core/libs/iam/iface/client.h>
 #include <util/generic/string.h>
 
 #include <functional>
@@ -24,6 +26,7 @@ class THttpsClient
         const TString& endpoint,
         const TString& data,
         const TString& contentType,
+        const TString& iamToken,
         const THttpsCallback& callback);
 
 private:

cloud/blockstore/libs/notify/notify.cpp

@@ -4,6 +4,8 @@
 #include "https.h"
 
 #include <cloud/storage/core/libs/diagnostics/logging.h>
+#include <cloud/storage/core/libs/iam/iface/client.h>
+#include <cloud/storage/core/libs/iam/iface/public.h>
 
 #include <library/cpp/json/writer/json_value.h>
 
@@ -107,11 +109,16 @@ class TService final
 {
 private:
     const TNotifyConfigPtr Config;
+    NCloud::NIamClient::IIamTokenClientPtr IamClient;
     THttpsClient HttpsClient;
+    TLog Log;
 
 public:
-    explicit TService(TNotifyConfigPtr config)
+    explicit TService(
+        TNotifyConfigPtr config,
+        NCloud::NIamClient::IIamTokenClientPtr iamClient)
         : Config(std::move(config))
+        , IamClient(std::move(iamClient))
     {}
 
     void Start() override
@@ -124,6 +131,40 @@ class TService final
     void Stop() override
     {}
 
+    auto GetIamToken()
+    {
+        if (Config->GetVersion() == 2) {
+            if (!IamClient) {
+                STORAGE_WARN(
+                    "missing iam-client "
+                    << "Got error while requesting token: "
+                    << "IAM client is missing");
+            } else {
+                return IamClient->GetTokenAsync().Apply(
+                    [this](const auto& future) -> TResultOrError<TString>
+                    {
+                        auto response = future.GetValue();
+
+                        if (HasError(response)) {
+                            return response.GetError();
+                        }
+
+                        auto tokenInfo = response.GetResult();
+                        if (tokenInfo.Token.empty()) {
+                            STORAGE_WARN(
+                                "missing iam-token "
+                                << "Got error while requesting token: "
+                                << "iam token is empty");
+                            return MakeError(E_ARGUMENT, "empty iam token");
+                        };
+
+                        return std::move(tokenInfo.Token);
+                    });
+            }
+        }
+        return MakeFuture(TResultOrError<TString>(TString()));
+    }
+
     TFuture<NProto::TError> Notify(const TNotification& data) override
     {
         // TODO: Add Timestamp when time formatting will be supported
@@ -153,22 +194,35 @@ class TService final
 
         auto p = NewPromise<NProto::TError>();
 
-        HttpsClient.Post(
-            Config->GetEndpoint(),
-            v.GetStringRobust(),
-            "application/json",
-            [p, event = data.Event] (int code, const TString& message) mutable {
-                const bool isSuccess = code >= 200 && code < 300;
-
-                if (isSuccess) {
-                    p.SetValue(MakeError(S_OK, TStringBuilder()
-                        << "HTTP code: " << code));
+        GetIamToken().Subscribe(
+            [this, p, event = data.Event, v = std::move(v)](
+                TFuture<TResultOrError<TString>> future) mutable
+            {
+                auto [token, error] = future.ExtractValue();
+                if (HasError(error)) {
+                    p.SetValue(error);
                     return;
                 }
 
-                p.SetValue(MakeError(E_REJECTED, TStringBuilder()
-                    << "Couldn't send notification " << event
-                    << ". HTTP error: " << code << " " << message));
+                HttpsClient.Post(
+                    Config->GetEndpoint(),
+                    v.GetStringRobust(),
+                    "application/json",
+                    token,
+                    [p, event](int code, const TString& message) mutable
+                    {
+                        const bool isSuccess = code >= 200 && code < 300;
+
+                        if (isSuccess) {
+                            p.SetValue(MakeError(S_OK, TStringBuilder()
+                                << "HTTP code: " << code));
+                            return;
+                        }
+
+                        p.SetValue(MakeError(E_REJECTED, TStringBuilder()
+                                << "Couldn't send notification " << event
+                                << ". HTTP error: " << code << " " << message));
+                    });
             });
 
         return p.GetFuture();
@@ -179,9 +233,13 @@ class TService final
 
 ////////////////////////////////////////////////////////////////////////////////
 
-IServicePtr CreateService(TNotifyConfigPtr config)
+IServicePtr CreateService(
+    TNotifyConfigPtr config,
+    NCloud::NIamClient::IIamTokenClientPtr iamTokenClientPtr)
 {
-    return std::make_shared<TService>(std::move(config));
+    return std::make_shared<TService>(
+        std::move(config),
+        std::move(iamTokenClientPtr));
 }
 
 IServicePtr CreateServiceStub()

cloud/blockstore/libs/notify/notify.h

@@ -1,5 +1,6 @@
 #pragma once
 
+#include <cloud/storage/core/libs/iam/iface/public.h>
 #include "public.h"
 
 #include <cloud/blockstore/libs/diagnostics/public.h>
@@ -57,7 +58,9 @@ struct IService
 
 ////////////////////////////////////////////////////////////////////////////////
 
-IServicePtr CreateService(TNotifyConfigPtr config);
+IServicePtr CreateService(
+    TNotifyConfigPtr config,
+    NCloud::NIamClient::IIamTokenClientPtr iamTokenClientPtr);
 
 IServicePtr CreateNullService(ILoggingServicePtr logging);