sqs access rights: allow tokenless requests if EnforceUserTokenRequirement doesn't specified

[ubyte]

Changelog entry

...

Changelog category

• Not for changelog (changelog entry is not required)

Description for reviewers

LOGBROKER-10209

[github-actions]

⚪ 2026-02-20 07:15:32 UTC Pre-commit check linux-x86_64-relwithdebinfo for 296e04b has started.
⚪ 2026-02-20 07:15:50 UTC Artifacts will be uploaded here
⚪ 2026-02-20 07:18:08 UTC ya make is running...
🟡 2026-02-20 09:18:36 UTC Some tests failed, follow the links below. Going to retry failed tests...

Details

Ya make output | Test bloat

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED?
37570	36068	0	1	1491	10

⚪ 2026-02-20 09:18:52 UTC ya make is running... (failed tests rerun, try 2)
🟢 2026-02-20 09:19:46 UTC Tests successful.

Ya make output | Test bloat | Test bloat

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED?
151 (only retried tests)	151	0	0	0	0

🟢 2026-02-20 09:19:53 UTC Build successful.
🟡 2026-02-20 09:20:15 UTC ydbd size 2.4 GiB changed* by +175.2 KiB, which is >= 100.0 KiB vs main: Warning

ydbd size dash	main: 7962533	merge: 296e04b	diff	diff %
ydbd size	2 575 251 192 Bytes	2 575 430 616 Bytes	+175.2 KiB	+0.007%
ydbd stripped size	542 767 016 Bytes	542 868 392 Bytes	+99.0 KiB	+0.019%

^{*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation}

[github-actions]

🟢 2026-02-24 07:32:15 UTC The validation of the Pull Request description is successful.

[github-actions]

⚪ 2026-02-20 07:15:53 UTC Pre-commit check linux-x86_64-release-asan for 296e04b has started.
⚪ 2026-02-20 07:16:10 UTC Artifacts will be uploaded here
⚪ 2026-02-20 07:18:29 UTC ya make is running...
🟡 2026-02-20 08:59:27 UTC Some tests failed, follow the links below. This fail is not in blocking policy yet

Ya make output | Test bloat

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED?
16318	16273	0	26	10	9

🟢 2026-02-20 08:59:37 UTC Build successful.
🟢 2026-02-20 09:00:11 UTC ydbd size 3.9 GiB changed* by +8.0 KiB, which is < 100.0 KiB vs main: OK

ydbd size dash	main: ce45b85	merge: 296e04b	diff	diff %
ydbd size	4 194 921 608 Bytes	4 194 929 832 Bytes	+8.0 KiB	+0.000%
ydbd stripped size	1 569 519 008 Bytes	1 569 520 256 Bytes	+1.2 KiB	+0.000%

^{*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation}

[ydbot]

Run Extra Tests

Run additional tests for this PR. You can customize:

• Test Size: small, medium, large (default: all)
• Test Targets: any directory path (default: ydb/)
• Sanitizers: ASAN, MSAN, TSAN
• Coredumps: enable for debugging (default: off)
• Additional args: custom ya make arguments

[github-actions]

⚪ 2026-02-24 02:53:35 UTC Pre-commit check linux-x86_64-release-asan for fecf423 has started.
⚪ 2026-02-24 02:54:42 UTC Artifacts will be uploaded here
⚪ 2026-02-24 02:56:32 UTC ya make is running...
🟡 2026-02-24 04:29:00 UTC Some tests failed, follow the links below. This fail is not in blocking policy yet

Ya make output | Test bloat

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED?
16902	16855	0	30	7	10

🟢 2026-02-24 04:29:12 UTC Build successful.
🟢 2026-02-24 04:29:48 UTC ydbd size 3.9 GiB changed* by +10.3 KiB, which is < 100.0 KiB vs main: OK

ydbd size dash	main: 5ff2e03	merge: fecf423	diff	diff %
ydbd size	4 210 459 008 Bytes	4 210 469 600 Bytes	+10.3 KiB	+0.000%
ydbd stripped size	1 576 109 504 Bytes	1 576 113 728 Bytes	+4.1 KiB	+0.000%

^{*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation}

[github-actions]

⚪ 2026-02-24 04:18:03 UTC Pre-commit check linux-x86_64-relwithdebinfo for fecf423 has started.
⚪ 2026-02-24 04:18:36 UTC Artifacts will be uploaded here
⚪ 2026-02-24 04:21:05 UTC ya make is running...
🟡 2026-02-24 06:15:28 UTC Some tests failed, follow the links below. Going to retry failed tests...

Details

Ya make output | Test bloat

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED?
38060	36550	0	3	1495	12

⚪ 2026-02-24 06:15:44 UTC ya make is running... (failed tests rerun, try 2)
🟢 2026-02-24 06:17:34 UTC Tests successful.

Ya make output | Test bloat | Test bloat

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED?
205 (only retried tests)	198	0	0	0	7

🟢 2026-02-24 06:17:41 UTC Build successful.
🟢 2026-02-24 06:18:06 UTC ydbd size 2.4 GiB changed* by +10.6 KiB, which is < 100.0 KiB vs main: OK

ydbd size dash	main: 5ff2e03	merge: fecf423	diff	diff %
ydbd size	2 583 629 112 Bytes	2 583 639 976 Bytes	+10.6 KiB	+0.000%
ydbd stripped size	544 472 040 Bytes	544 475 560 Bytes	+3.4 KiB	+0.001%

^{*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation}

[Copilot]

Pull request overview

This PR improves access control and authentication handling for SQS/Topic services by refactoring token management and adding credential requirements enforcement.

Changes:

• Refactored token handling to use GetInternalToken() instead of manually creating tokens from serialized strings across all SQS/Topic operations
• Added signature validation logic with an Empty() method to detect and handle empty AWS signatures
• Enhanced authentication enforcement by checking RequireCredentialsInNewProtocol configuration in addition to existing checks
• Added comprehensive test coverage for unauthenticated scenarios with new TNoAuthFixture test class

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
ydb/services/sqs_topic/send_message.cpp	Replaced manual token creation with GetInternalToken() for writer settings
ydb/services/sqs_topic/receive_message.cpp	Replaced manual token creation with GetInternalToken() for reader settings
ydb/services/sqs_topic/delete_message.cpp	Replaced manual token creation with GetInternalToken() for committer settings
ydb/services/sqs_topic/change_message_visibility.cpp	Replaced manual token creation with GetInternalToken() for deadline changer settings
ydb/services/sqs_topic/purge_queue.cpp	Replaced manual token creation with GetInternalToken() for purger settings
ydb/services/sqs_topic/list_queues.cpp	Added RequireCredentialsInNewProtocol check for authentication enforcement
ydb/library/http_proxy/authorization/signature.h	Added Empty() method declaration and Empty_ member to track signature presence
ydb/library/http_proxy/authorization/signature.cpp	Implemented Empty() method to detect empty signatures
ydb/core/http_proxy/http_req.cpp	Enhanced authentication logic to handle empty signatures and enforce credential requirements
ydb/core/http_proxy/ut/sqs_topic_ut.cpp	Added comprehensive tests for authenticated and unauthenticated scenarios
ydb/core/http_proxy/ut/datastreams_fixture/datastreams_fixture.h	Added authorization control methods and fixed access specifiers for test fixture classes
ydb/core/http_proxy/ut/datastreams_fixture/datastreams_fixture.cpp	Implemented authorization control and added null checks in TearDown for robustness

[github-actions]

⚪ 2026-02-24 14:43:14 UTC Pre-commit check linux-x86_64-relwithdebinfo for c1ef4b2 has started.
⚪ 2026-02-24 14:43:32 UTC Artifacts will be uploaded here
⚪ 2026-02-24 14:45:44 UTC ya make is running...
🟡 2026-02-24 16:29:09 UTC Some tests failed, follow the links below. Going to retry failed tests...

Details

Ya make output | Test bloat

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED?
38081	36539	0	27	1507	8

⚪ 2026-02-24 16:29:25 UTC ya make is running... (failed tests rerun, try 2)
🟡 2026-02-24 16:31:38 UTC Some tests failed, follow the links below. Going to retry failed tests...

Details

Ya make output | Test bloat | Test bloat

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED?
319 (only retried tests)	292	0	22	0	5

⚪ 2026-02-24 16:31:45 UTC ya make is running... (failed tests rerun, try 3)
🔴 2026-02-24 16:32:42 UTC Some tests failed, follow the links below.

Ya make output | Test bloat | Test bloat | Test bloat

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED?
187 (only retried tests)	160	0	22	0	5

🟢 2026-02-24 16:32:49 UTC Build successful.
🟢 2026-02-24 16:33:15 UTC ydbd size 2.4 GiB changed* by +10.6 KiB, which is < 100.0 KiB vs main: OK

ydbd size dash	main: 8b3f859	merge: c1ef4b2	diff	diff %
ydbd size	2 587 050 248 Bytes	2 587 061 104 Bytes	+10.6 KiB	+0.000%
ydbd stripped size	544 884 744 Bytes	544 888 264 Bytes	+3.4 KiB	+0.001%

^{*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation}

[github-actions]

⚪ 2026-02-24 14:43:39 UTC Pre-commit check linux-x86_64-release-asan for c1ef4b2 has started.
⚪ 2026-02-24 14:43:56 UTC Artifacts will be uploaded here
⚪ 2026-02-24 14:46:11 UTC ya make is running...
🟡 2026-02-24 16:21:07 UTC Some tests failed, follow the links below. This fail is not in blocking policy yet

Ya make output | Test bloat

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED?
16914	16857	0	42	7	8

🟢 2026-02-24 16:21:18 UTC Build successful.
🟢 2026-02-24 16:21:55 UTC ydbd size 3.9 GiB changed* by +14.4 KiB, which is < 100.0 KiB vs main: OK

ydbd size dash	main: 8b3f859	merge: c1ef4b2	diff	diff %
ydbd size	4 215 660 952 Bytes	4 215 675 648 Bytes	+14.4 KiB	+0.000%
ydbd stripped size	1 577 380 992 Bytes	1 577 389 312 Bytes	+8.1 KiB	+0.001%

^{*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation}

[github-actions]

⚪ 2026-02-24 18:18:48 UTC Pre-commit check linux-x86_64-relwithdebinfo for 3ad6ee7 has started.
⚪ 2026-02-24 18:20:17 UTC Artifacts will be uploaded here
⚪ 2026-02-24 18:22:26 UTC ya make is running...
🟡 2026-02-24 20:14:53 UTC Some tests failed, follow the links below. Going to retry failed tests...

Details

Ya make output | Test bloat

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED?
38083	36571	0	2	1495	15

⚪ 2026-02-24 20:15:10 UTC ya make is running... (failed tests rerun, try 2)
🟢 2026-02-24 20:17:38 UTC Tests successful.

Ya make output | Test bloat | Test bloat

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED?
106 (only retried tests)	101	0	0	0	5

🟢 2026-02-24 20:17:45 UTC Build successful.
🟢 2026-02-24 20:18:09 UTC ydbd size 2.4 GiB changed* by +17.0 KiB, which is < 100.0 KiB vs main: OK

ydbd size dash	main: ab67b42	merge: 3ad6ee7	diff	diff %
ydbd size	2 587 225 352 Bytes	2 587 242 784 Bytes	+17.0 KiB	+0.001%
ydbd stripped size	544 886 792 Bytes	544 891 272 Bytes	+4.4 KiB	+0.001%

^{*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation}

[github-actions]

⚪ 2026-02-24 18:20:14 UTC Pre-commit check linux-x86_64-release-asan for 3ad6ee7 has started.
⚪ 2026-02-24 18:20:29 UTC Artifacts will be uploaded here
⚪ 2026-02-24 18:21:48 UTC ya make is running...
🟡 2026-02-24 19:54:28 UTC Some tests failed, follow the links below. This fail is not in blocking policy yet

Ya make output | Test bloat

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED?
16915	16876	0	22	7	10

🟢 2026-02-24 19:54:38 UTC Build successful.
🟢 2026-02-24 19:55:11 UTC ydbd size 3.9 GiB changed* by +21.7 KiB, which is < 100.0 KiB vs main: OK

ydbd size dash	main: ab67b42	merge: 3ad6ee7	diff	diff %
ydbd size	4 215 915 112 Bytes	4 215 937 296 Bytes	+21.7 KiB	+0.001%
ydbd stripped size	1 577 392 928 Bytes	1 577 402 464 Bytes	+9.3 KiB	+0.001%

^{*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation}

[ydbot]

Backport

To backport this PR, click the button next to the target branch and then click "Run workflow" in the Run Actions UI.

Branch	Run
stable-25-4, stable-25-4-1, stable-26-1, stable-26-1-1
stable-26-1, stable-26-1-1
stable-26-1