From ceeb35d90c06f899bdcc6c8c1d2d7be8da2a616a Mon Sep 17 00:00:00 2001
From: Alexey Efimov <xeno@ydb.tech>
Date: Mon, 19 Feb 2024 11:55:30 +0000
Subject: [PATCH] fix iam monitoring

---
 ydb/core/mon/mon.cpp | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/ydb/core/mon/mon.cpp b/ydb/core/mon/mon.cpp
index 4d31af077a91..8acaa51baf8b 100644
--- a/ydb/core/mon/mon.cpp
+++ b/ydb/core/mon/mon.cpp
@@ -6,15 +6,19 @@
 namespace NActors {
 
 using namespace NMonitoring;
+using namespace NKikimr;
 
 namespace {
 
 const std::vector<NKikimr::TEvTicketParser::TEvAuthorizeTicket::TEntry>& GetEntries(const TString& ticket) {
     if (ticket.StartsWith("Bearer")) {
-        static std::vector<NKikimr::TEvTicketParser::TEvAuthorizeTicket::TEntry> entries = {
-            {NKikimr::TEvTicketParser::TEvAuthorizeTicket::ToPermissions({"ydb.developerApi.get", "ydb.developerApi.update"}), {{"gizmo_id", "gizmo"}}}
-        };
-        return entries;
+        if (AppData()->AuthConfig.GetUseAccessService()
+            && (AppData()->DomainsConfig.GetSecurityConfig().ViewerAllowedSIDsSize() > 0 || AppData()->DomainsConfig.GetSecurityConfig().MonitoringAllowedSIDsSize() > 0)) {
+            static std::vector<NKikimr::TEvTicketParser::TEvAuthorizeTicket::TEntry> entries = {
+                {NKikimr::TEvTicketParser::TEvAuthorizeTicket::ToPermissions({"ydb.developerApi.get", "ydb.developerApi.update"}), {{"gizmo_id", "gizmo"}}}
+            };
+            return entries;
+        }
     }
     static std::vector<NKikimr::TEvTicketParser::TEvAuthorizeTicket::TEntry> emptyEntries = {};
     return emptyEntries;