From 0aada300c87037adcf2ab422a92ed794ad0796f6 Mon Sep 17 00:00:00 2001
From: Andrey Molotkov <molotkov-and@ydb.tech>
Date: Fri, 8 Nov 2024 18:32:03 +0300
Subject: [PATCH] ticket parser: Add priority to access service requests
 (#11278)

---
 ydb/core/security/ticket_parser_impl.h              | 8 ++++++++
 ydb/library/grpc/actor_client/grpc_service_client.h | 3 +++
 ydb/library/ncloud/api/events.h                     | 1 +
 ydb/library/ycloud/api/events.h                     | 1 +
 4 files changed, 13 insertions(+)

diff --git a/ydb/core/security/ticket_parser_impl.h b/ydb/core/security/ticket_parser_impl.h
index 085a22c7f74b..1872aadf8c0f 100644
--- a/ydb/core/security/ticket_parser_impl.h
+++ b/ydb/core/security/ticket_parser_impl.h
@@ -142,6 +142,7 @@ class TTicketParserImpl : public TActorBootstrapped<TDerived> {
         TStackVec<TString> AdditionalSIDs;
         bool RefreshRetryableErrorImmediately = false;
         TExternalAuthInfo ExternalAuthInfo;
+        bool IsLowAccessServiceRequestPriority = false;
 
         TTokenRecordBase(const TStringBuf ticket)
             : Ticket(ticket)
@@ -416,6 +417,11 @@ class TTicketParserImpl : public TActorBootstrapped<TDerived> {
             }
         }
 
+        if (record.IsLowAccessServiceRequestPriority) {
+            auto& headers = request->Headers;
+            headers["x-ya-priority"] = "low";
+        }
+
         return request;
     }
 
@@ -1727,6 +1733,7 @@ class TTicketParserImpl : public TActorBootstrapped<TDerived> {
         CounterTicketsBuildTime->Collect((now - record.InitTime).MilliSeconds());
         BLOG_D("Ticket " << record.GetMaskedTicket() << " ("
                     << record.PeerName << ") has now valid token of " << record.Subject);
+        record.IsLowAccessServiceRequestPriority = true;
         RefreshQueue.push({.Key = key, .RefreshTime = record.RefreshTime});
     }
 
@@ -1755,6 +1762,7 @@ class TTicketParserImpl : public TActorBootstrapped<TDerived> {
                         << record.PeerName << ") has now permanent error message '" << error.Message << "'");
         }
         CounterTicketsErrors->Inc();
+        record.IsLowAccessServiceRequestPriority = true;
         RefreshQueue.push({.Key = key, .RefreshTime = record.RefreshTime});
     }
 
diff --git a/ydb/library/grpc/actor_client/grpc_service_client.h b/ydb/library/grpc/actor_client/grpc_service_client.h
index e51d1483f4c5..62ebe7a22652 100644
--- a/ydb/library/grpc/actor_client/grpc_service_client.h
+++ b/ydb/library/grpc/actor_client/grpc_service_client.h
@@ -95,6 +95,9 @@ class TGrpcServiceClient  {
         if (requestId) {
             meta.Aux.push_back({"x-request-id", requestId});
         }
+        for (const auto& [k, v] : ev->Get()->Headers) {
+            meta.Aux.push_back({k, v});
+        }
 
         NYdbGrpc::TResponseCallback<TResponseType> callback =
             [actorSystem = NActors::TActivationContext::ActorSystem(), prefix = Prefix(requestId), request = ev](NYdbGrpc::TGrpcStatus&& status, TResponseType&& response) -> void {
diff --git a/ydb/library/ncloud/api/events.h b/ydb/library/ncloud/api/events.h
index a3a5e68d131a..dd9e71e50045 100644
--- a/ydb/library/ncloud/api/events.h
+++ b/ydb/library/ncloud/api/events.h
@@ -11,6 +11,7 @@ struct TEvGrpcProtoRequest : NActors::TEventLocal<TEv, TEventType> {
     TProtoMessage Request;
     TString Token;
     TString RequestId;
+    std::unordered_map<TString, TString> Headers;
 };
 
 template <typename TEv, ui32 TEventType, typename TProtoMessage>
diff --git a/ydb/library/ycloud/api/events.h b/ydb/library/ycloud/api/events.h
index a69ad5f6a348..5b4c438c2d8f 100644
--- a/ydb/library/ycloud/api/events.h
+++ b/ydb/library/ycloud/api/events.h
@@ -12,6 +12,7 @@ struct TEvGrpcProtoRequest : NActors::TEventLocal<TEv, TEventType> {
     TProtoMessage Request;
     TString Token;
     TString RequestId;
+    std::unordered_map<TString, TString> Headers;
 };
 
 template <typename TEv, ui32 TEventType, typename TProtoMessage>