Skip to content

Commit

Permalink
Add more aliyun ram plugin for nacos-client upper 2.1.0. (#17)
Browse files Browse the repository at this point in the history
* Add more aliyun ram plugin for nacos-client upper 2.1.0. (#14)

* Fix KMS Client build frequently problem. (#15)

* Add unit test for NamingExtensionResourceInjector. (#16)
  • Loading branch information
KomachiSion authored Nov 13, 2024
1 parent c0e45f3 commit 889d67b
Show file tree
Hide file tree
Showing 17 changed files with 1,005 additions and 26 deletions.
58 changes: 32 additions & 26 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,12 @@
limitations under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<inceptionYear>2018</inceptionYear>
<groupId>com.alibaba.nacos</groupId>
<artifactId>nacos-client-mse-extension</artifactId>
<version>1.0.4</version>
<version>1.0.5</version>
<packaging>jar</packaging>

<developers>
Expand Down Expand Up @@ -51,32 +51,32 @@
<name>Aliyun NACOS extension for MSE</name>
<description>Aliyun NACOS extension for MSE</description>
<url>http://nacos.io</url>

<scm>
<url>[email protected]:nacos-group/nacos-client-mse-extension.git</url>
<connection>scm:[email protected]:nacos-group/nacos-client-mse-extension.git</connection>
<developerConnection>scm:[email protected]:nacos-group/nacos-client-mse-extension.git</developerConnection>
</scm>

<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<nacos.version>2.2.4</nacos.version>
<nacos.version>2.4.0</nacos.version>
<guava.version>30.1-jre</guava.version>
</properties>

<dependencies>
<dependency>
<groupId>com.aliyun</groupId>
<artifactId>aliyun-java-sdk-core</artifactId>
<version>4.5.17</version>
</dependency>

<dependency>
<groupId>com.aliyun</groupId>
<artifactId>aliyun-java-sdk-kms</artifactId>
<version>2.16.3</version>
</dependency>

<dependency>
<groupId>com.aliyun.kms</groupId>
<artifactId>kms-transfer-client</artifactId>
Expand All @@ -88,14 +88,26 @@
</exclusions>
<version>0.1.0</version>
</dependency>


<dependency>
<groupId>com.aliyun</groupId>
<artifactId>credentials-java</artifactId>
<version>0.3.12</version>
</dependency>

<dependency>
<groupId>com.aliyun</groupId>
<artifactId>alibabacloud-secretsmanager-client</artifactId>
<version>1.3.7</version>
</dependency>

<dependency>
<groupId>com.alibaba.nacos</groupId>
<artifactId>nacos-api</artifactId>
<artifactId>nacos-client</artifactId>
<version>${nacos.version}</version>
<optional>true</optional>
</dependency>

<dependency>
<artifactId>commons-codec</artifactId>
<groupId>commons-codec</groupId>
Expand All @@ -108,23 +120,17 @@
<version>${guava.version}</version>
<optional>true</optional>
</dependency>

<!-- for test-->
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter</artifactId>
<version>RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.alibaba.nacos</groupId>
<artifactId>nacos-client</artifactId>
<version>${nacos.version}</version>
<scope>test</scope>
</dependency>


</dependencies>

<build>
<plugins>
<plugin>
Expand All @@ -136,8 +142,8 @@
<target>8</target>
</configuration>
</plugin>


<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
Expand All @@ -151,8 +157,8 @@
</execution>
</executions>
</plugin>


<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
Expand All @@ -168,8 +174,8 @@
</execution>
</executions>
</plugin>


<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
package com.alibaba.nacos.client.aliyun.auth;

import com.alibaba.nacos.api.exception.NacosException;
import com.alibaba.nacos.client.aliyun.auth.injector.ConfigExtensionResourceInjector;
import com.alibaba.nacos.client.aliyun.auth.injector.NamingExtensionResourceInjector;
import com.alibaba.nacos.client.aliyun.auth.provider.AutoRotateCredentialsProvider;
import com.alibaba.nacos.client.aliyun.auth.provider.CredentialsUriCredentialsProvider;
import com.alibaba.nacos.client.aliyun.auth.provider.ExtensionCredentialsProvider;
import com.alibaba.nacos.client.aliyun.auth.provider.OidcRoleArnCredentialsProvider;
import com.alibaba.nacos.client.aliyun.auth.provider.RamRoleArnCredentialsProvider;
import com.alibaba.nacos.client.aliyun.auth.provider.StsTokenCredentialsProvider;
import com.alibaba.nacos.client.auth.ram.injector.AbstractResourceInjector;
import com.alibaba.nacos.plugin.auth.api.LoginIdentityContext;
import com.alibaba.nacos.plugin.auth.api.RequestResource;
import com.alibaba.nacos.plugin.auth.constant.SignType;
import com.alibaba.nacos.plugin.auth.spi.client.AbstractClientAuthService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Properties;
import java.util.Set;

/**
* Nacos ClientAuthServiceImpl for aliyun extension auth way.
*
* @author xiweng.yy
*/
public class AliyunExtensionClientAuthServiceImpl extends AbstractClientAuthService {

private static final Logger LOGGER = LoggerFactory.getLogger(AliyunExtensionClientAuthServiceImpl.class);

private final Set<ExtensionCredentialsProvider> credentialsProviders;

private final Map<String, AbstractResourceInjector> resourceInjectors;

private ExtensionCredentialsProvider matchedProvider;

public AliyunExtensionClientAuthServiceImpl() {
this.credentialsProviders = new HashSet<>();
this.credentialsProviders.add(new CredentialsUriCredentialsProvider());
this.credentialsProviders.add(new StsTokenCredentialsProvider());
this.credentialsProviders.add(new OidcRoleArnCredentialsProvider());
this.credentialsProviders.add(new RamRoleArnCredentialsProvider());
this.credentialsProviders.add(new AutoRotateCredentialsProvider());
this.resourceInjectors = new HashMap<>();
this.resourceInjectors.put(SignType.NAMING, new NamingExtensionResourceInjector());
this.resourceInjectors.put(SignType.CONFIG, new ConfigExtensionResourceInjector());
}

@Override
public Boolean login(Properties properties) {
for (ExtensionCredentialsProvider each : credentialsProviders) {
if (each.matchProvider(properties)) {
LOGGER.info("Match credentials provider: {}", each.getClass().getName());
matchedProvider = each;
break;
}
}
try {
if (null == matchedProvider) {
return false;
}
matchedProvider.init(properties);
return true;
} catch (Exception e) {
LOGGER.warn("Init for Credential Provider {} failed.", matchedProvider.getClass().getName(), e);
return false;
}
}

@Override
public LoginIdentityContext getLoginIdentityContext(RequestResource resource) {
LoginIdentityContext result = new LoginIdentityContext();
if (null == matchedProvider) {
return result;
}
ExtensionRamContext ramContext = matchedProvider.getCredentialsForNacosClient();
if (!ramContext.validate() || notFountInjector(resource.getType())) {
return result;
}
resourceInjectors.get(resource.getType()).doInject(resource, ramContext, result);
return result;
}

private boolean notFountInjector(String type) {
if (!resourceInjectors.containsKey(type)) {
LOGGER.warn("Injector for type {} not found, will use default ram identity context.", type);
return true;
}
return false;
}

@Override
public void shutdown() throws NacosException {
if (null != matchedProvider) {
matchedProvider.shutdown();
}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
package com.alibaba.nacos.client.aliyun.auth;

/**
* Constants for aliyun extension auth.
*
* @author xiweng.yy
*/
public class ExtensionAuthConstants {

/**
* Original signature region id key, added by nacos-client 2.4.0.
*/
public static final String SIGNATURE_REGION_ID_KEY = "signatureRegionId";

public static final String SECURITY_TOKEN_HEADER = "Spas-SecurityToken";

public static final String V4_SIGNATURE_UTIL_CLASS = "com.alibaba.nacos.client.auth.ram.utils.CalculateV4SigningKeyUtil";

/**
* Nacos properties keys
*/
private static final String PREFIX = "alibabaCloud";

public static final String SECRET_NAME_KEY = PREFIX + "SecretName";

public static final String CREDENTIALS_URI_KEY = PREFIX + "CredentialsUri";

public static final String OIDC_TOKEN_FILE_PATH_KEY = PREFIX + "OidcTokenFile";

public static final String OIDC_PROVIDER_ARN_KEY = PREFIX + "OidcProviderArn";

public static final String ROLE_SESSION_EXPIRATION_KEY = PREFIX + "RoleSessionExpiration";

public static final String POLICY_KEY = PREFIX + "Policy";

public static final String ROLE_SESSION_NAME_KEY = PREFIX + "RoleSessionName";

public static final String ROLE_ARN_KEY = PREFIX + "RoleArn";

public static final String SECURITY_TOKEN_KEY = PREFIX + "SecurityToken";

public static final String ACCESS_KEY_SECRET_KEY = PREFIX + "AccessKeySecret";

public static final String ACCESS_KEY_ID_KEY = PREFIX + "AccessKeyId";

/**
* Env properties keys.
*/
private static final String ENV_PREFIX = "ALIBABA_CLOUD_";

public static final String ENV_ACCESS_KEY_ID_KEY = ENV_PREFIX + "ACCESS_KEY_ID";

public static final String ENV_ACCESS_KEY_SECRET_KEY = ENV_PREFIX + "ACCESS_KEY_SECRET";

public static final String ENV_SECURITY_TOKEN_KEY = ENV_PREFIX + "SECURITY_TOKEN";

public static final String ENV_SIGNATURE_REGION_ID_KEY = ENV_PREFIX + "SIGNATURE_REGION_ID";

public static final String ENV_ROLE_ARN_KEY = ENV_PREFIX + "ROLE_ARN";

public static final String ENV_ROLE_SESSION_NAME_KEY = ENV_PREFIX + "ROLE_SESSION_NAME";

public static final String ENV_POLICY_KEY = ENV_PREFIX + "POLICY";

public static final String ENV_ROLE_SESSION_EXPIRATION_KEY = ENV_PREFIX + "ROLE_SESSION_EXPIRATION";

public static final String ENV_OIDC_PROVIDER_ARN_KEY = ENV_PREFIX + "OIDC_PROVIDER_ARN";

public static final String ENV_OIDC_TOKEN_FILE_KEY = ENV_PREFIX + "OIDC_TOKEN_FILE";

public static final String ENV_CREDENTIALS_URI_KEY = ENV_PREFIX + "CREDENTIALS_URI";

public static final String ENV_SECRET_NAME_KEY = ENV_PREFIX + "SECRET_NAME";
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
package com.alibaba.nacos.client.aliyun.auth;

/**
* Aliyun Extension Auth Property Key.
*
* @author xiweng.yy
*/
public enum ExtensionAuthPropertyKey {

ACCESS_KEY_ID(ExtensionAuthConstants.ACCESS_KEY_ID_KEY, ExtensionAuthConstants.ENV_ACCESS_KEY_ID_KEY),

ACCESS_KEY_SECRET(ExtensionAuthConstants.ACCESS_KEY_SECRET_KEY, ExtensionAuthConstants.ENV_ACCESS_KEY_SECRET_KEY),

SECURITY_TOKEN(ExtensionAuthConstants.SECURITY_TOKEN_KEY, ExtensionAuthConstants.ENV_SECURITY_TOKEN_KEY),

SIGNATURE_REGION_ID(ExtensionAuthConstants.SIGNATURE_REGION_ID_KEY,
ExtensionAuthConstants.ENV_SIGNATURE_REGION_ID_KEY),

ROLE_ARN(ExtensionAuthConstants.ROLE_ARN_KEY, ExtensionAuthConstants.ENV_ROLE_ARN_KEY),

ROLE_SESSION_NAME(ExtensionAuthConstants.ROLE_SESSION_NAME_KEY, ExtensionAuthConstants.ENV_ROLE_SESSION_NAME_KEY),

POLICY(ExtensionAuthConstants.POLICY_KEY, ExtensionAuthConstants.ENV_POLICY_KEY),

ROLE_SESSION_EXPIRATION(ExtensionAuthConstants.ROLE_SESSION_EXPIRATION_KEY,
ExtensionAuthConstants.ENV_ROLE_SESSION_EXPIRATION_KEY),

OIDC_PROVIDER_ARN(ExtensionAuthConstants.OIDC_PROVIDER_ARN_KEY, ExtensionAuthConstants.ENV_OIDC_PROVIDER_ARN_KEY),

OIDC_TOKEN_FILE_PATH(ExtensionAuthConstants.OIDC_TOKEN_FILE_PATH_KEY,
ExtensionAuthConstants.ENV_OIDC_TOKEN_FILE_KEY),

CREDENTIALS_URI(ExtensionAuthConstants.CREDENTIALS_URI_KEY, ExtensionAuthConstants.ENV_CREDENTIALS_URI_KEY),

SECRET_NAME(ExtensionAuthConstants.SECRET_NAME_KEY, ExtensionAuthConstants.ENV_SECRET_NAME_KEY);

private final String key;

private final String envKey;

ExtensionAuthPropertyKey(String key, String envKey) {
this.key = key;
this.envKey = envKey;
}

public String getKey() {
return key;
}

public String getEnvKey() {
return envKey;
}
}
Loading

0 comments on commit 889d67b

Please sign in to comment.