Skip to content

Update objectsid logic 1051#944

Open
Misha-Shvets wants to merge 11 commits intodevfrom
update_objectsid_logic_1051
Open

Update objectsid logic 1051#944
Misha-Shvets wants to merge 11 commits intodevfrom
update_objectsid_logic_1051

Conversation

@Misha-Shvets
Copy link
Collaborator

@Misha-Shvets Misha-Shvets commented Feb 26, 2026
edited
Loading

Задача: https://tracker.yandex.ru/MULTIDIRECTORY-1051
Добавлено:

  • диркетория Rid Manager
  • диркетория Set Rid
  • атрибут rIDAvailablePool
  • атрибут rIDNextRID
  • атрибут objectSid
  • атрибут DomainIdentifier

Изменено:

  • Разделил логику создания базового домена
  • Формирования objectSid
  • Формирование sid префикса(в зависимости от ручного\сетап создания)
  • Вынес из Кербероса создание каталога System(теперь создается по умолчанию

@Misha-Shvets Misha-Shvets force-pushed the update_objectsid_logic_1051 branch from 57d28c6 to 39db0bf Compare February 26, 2026 15:40
@Misha-Shvets Misha-Shvets requested a review from Naksen February 27, 2026 14:20
Naksen
Naksen requested changes Mar 2, 2026
View reviewed changes
Copy link
Collaborator

@Naksen Naksen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Опиши подробно механизмы:

  1. Выдачи нового RID
  2. Как глобальный пул делится на локальные пулы для каждого RID Set
  3. Как происходит обновление локального пула

app/entities.py
id: int = field(init=False)
name: str
is_system: bool = field(default=False)
object_sid: str = field(default="")
Copy link
Collaborator

@Naksen Naksen Mar 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Почему здесь не убран object_sid ?

app/api/main/schema.py
def get_directory_sid(directory: Directory) -> str: # type: ignore
return directory.object_sid
def get_directory_sid(directory: Directory) -> str | None: # type: ignore
for attr in getattr(directory, "attributes", []):
Copy link
Collaborator

@Naksen Naksen Mar 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Сделай property object_sid в классе Directory. Здесь получай его из директории: directory.object_sid.

app/ldap_protocol/ldap_requests/search.py
return string_to_sid(directory.object_sid)
def get_directory_sid(directory: Directory) -> bytes | None:
"""Get objectSid as bytes from directory attributes."""
for attr in directory.attributes:
Copy link
Collaborator

@Naksen Naksen Mar 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Получать из property directory.object_sid

app/ldap_protocol/rid_manager/gateways.py
"""
self._session = session

async def get_rid_available_pool(self, domain: Directory) -> int:
Copy link
Collaborator

@Naksen Naksen Mar 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

domain -> rid_manager

app/ldap_protocol/rid_manager/gateways.py
:param domain: Domain directory object
:return: QWORD value of rIDAvailablePool
"""
query = await self._session.scalar(
Copy link
Collaborator

@Naksen Naksen Mar 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

query -> rid_available_pool

app/ldap_protocol/rid_manager/use_cases.py
class RIDManagerSetupUseCase:
"""RID Manager setup use case."""

RID_SYSTEM_MIN = 1
Copy link
Collaborator

@Naksen Naksen Mar 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Это где всё используется кроме RID_USER_MIN ?

app/ldap_protocol/rid_manager/use_cases.py
from ldap_protocol.roles.ace_dao import AccessControlEntryDAO
from ldap_protocol.roles.role_use_case import RoleUseCase

RID_AVAILABLE_MAX = 1073741822 # 30-bit max (2^30 - 2)
Copy link
Collaborator

@Naksen Naksen Mar 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Откуда это число ?

app/ldap_protocol/rid_manager/use_cases.py
Copy link
Collaborator

@Naksen Naksen Mar 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Где логика деления глобального пула на пулы для каждого RID Set ?

app/ldap_protocol/rid_manager/use_cases.py
Copy link
Collaborator

@Naksen Naksen Mar 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Где наследование прав доступа для rid_set_dir ?

app/ldap_protocol/rid_manager/use_cases.py
)

next_rid = await self._gateway.get_next_rid(rid_set)
rid = next_rid + 1
Copy link
Collaborator

@Naksen Naksen Mar 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Где проверка на превышение пула ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Naksen Naksen Naksen requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Misha-Shvets @Naksen