changes for certification

ydb/core/viewer/viewer.cpp

@@ -76,6 +76,12 @@ class TViewer : public TActorBootstrapped<TViewer>, public IViewer {
                 .UseAuth = true,
                 .AllowedSIDs = viewerAllowedSIDs,
             });
+            mon->RegisterActorPage({
+                .RelPath = "viewer/capabilities",
+                .ActorSystem = ctx.ActorSystem(),
+                .ActorId = ctx.SelfID,
+                .UseAuth = false,
+            });
             mon->RegisterActorPage({
                 .Title = "Viewer",
                 .RelPath = "viewer/v2",

ydb/core/viewer/viewer_capabilities.h

@@ -21,9 +21,19 @@ class TViewerCapabilities : public TViewerPipeClient {
         ReplyAndPassAway();
     }
 
+    NJson::TJsonValue GetSettings() {
+        NJson::TJsonValue json;
+        NJson::TJsonValue& security(json["Security"]);
+        security["IsTokenRequired"] = AppData()->EnforceUserTokenRequirement;
+        security["UseLoginProvider"] = AppData()->AuthConfig.GetUseLoginProvider();
+        security["DomainLoginOnly"] = AppData()->AuthConfig.GetDomainLoginOnly();
+        return json;
+    }
+
     void ReplyAndPassAway() override {
         NJson::TJsonValue json;
         json["Capabilities"] = Viewer->GetCapabilities();
+        json["Settings"] = GetSettings();
         TBase::ReplyAndPassAway(GetHTTPOKJSON(json));
     }
 };

ydb/core/viewer/viewer_whoami.h

@@ -1,5 +1,6 @@
 #pragma once
 #include "json_handlers.h"
+#include "json_pipe_req.h"
 #include "viewer.h"
 #include <ydb/core/base/appdata_fwd.h>
 #include <ydb/core/base/auth.h>
@@ -12,25 +13,25 @@ namespace NKikimr::NViewer {
 
 using namespace NActors;
 
-class TJsonWhoAmI : public TActorBootstrapped<TJsonWhoAmI> {
-    IViewer* Viewer;
-    NMon::TEvHttpInfo::TPtr Event;
-
+class TJsonWhoAmI : public TViewerPipeClient {
+    using TBase = TViewerPipeClient;
 public:
     static constexpr NKikimrServices::TActivity::EType ActorActivityType() {
         return NKikimrServices::TActivity::VIEWER_HANDLER;
     }
 
     TJsonWhoAmI(IViewer* viewer, NMon::TEvHttpInfo::TPtr& ev)
-        : Viewer(viewer)
-        , Event(ev)
+        : TViewerPipeClient(viewer, ev)
     {}
 
-    void Bootstrap(const TActorContext& ctx) {
-        ReplyAndDie(ctx);
+    void Bootstrap() {
+        if (NeedToRedirect()) {
+            return;
+        }
+        ReplyAndPassAway();
     }
 
-    void ReplyAndDie(const  TActorContext &ctx) {
+    void ReplyAndPassAway() {
         NACLibProto::TUserToken userToken;
         Y_PROTOBUF_SUPPRESS_NODISCARD userToken.ParseFromString(Event->Get()->UserToken);
         NJson::TJsonValue json(NJson::JSON_MAP);
@@ -54,16 +55,11 @@ class TJsonWhoAmI : public TActorBootstrapped<TJsonWhoAmI> {
         }
 
         NACLib::TUserToken token(std::move(userToken));
+        json["IsTokenRequired"] = AppData()->EnforceUserTokenRequirement;
         json["IsViewerAllowed"] = IsTokenAllowed(&token, AppData()->DomainsConfig.GetSecurityConfig().GetViewerAllowedSIDs());
         json["IsMonitoringAllowed"] = IsTokenAllowed(&token, AppData()->DomainsConfig.GetSecurityConfig().GetMonitoringAllowedSIDs());
         json["IsAdministrationAllowed"] = IsTokenAllowed(&token, AppData()->DomainsConfig.GetSecurityConfig().GetAdministrationAllowedSIDs());
-        ctx.Send(Event->Sender, new NMon::TEvHttpInfoRes(Viewer->GetHTTPOKJSON(Event->Get(), NJson::WriteJson(json, false)), 0, NMon::IEvHttpInfoRes::EContentType::Custom));
-        Die(ctx);
-    }
-
-    void HandleTimeout(const TActorContext &ctx) {
-        ctx.Send(Event->Sender, new NMon::TEvHttpInfoRes(Viewer->GetHTTPGATEWAYTIMEOUT(Event->Get()), 0, NMon::IEvHttpInfoRes::EContentType::Custom));
-        Die(ctx);
+        TBase::ReplyAndPassAway(GetHTTPOKJSON(json));
     }
 
     static YAML::Node GetSwaggerSchema() {