-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add more aliyun ram plugin for nacos-client upper 2.1.0. (#17)
* Add more aliyun ram plugin for nacos-client upper 2.1.0. (#14) * Fix KMS Client build frequently problem. (#15) * Add unit test for NamingExtensionResourceInjector. (#16)
- Loading branch information
1 parent
c0e45f3
commit 889d67b
Showing
17 changed files
with
1,005 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -12,12 +12,12 @@ | |
limitations under the License. | ||
--> | ||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
<modelVersion>4.0.0</modelVersion> | ||
<inceptionYear>2018</inceptionYear> | ||
<groupId>com.alibaba.nacos</groupId> | ||
<artifactId>nacos-client-mse-extension</artifactId> | ||
<version>1.0.4</version> | ||
<version>1.0.5</version> | ||
<packaging>jar</packaging> | ||
|
||
<developers> | ||
|
@@ -51,32 +51,32 @@ | |
<name>Aliyun NACOS extension for MSE</name> | ||
<description>Aliyun NACOS extension for MSE</description> | ||
<url>http://nacos.io</url> | ||
|
||
<scm> | ||
<url>[email protected]:nacos-group/nacos-client-mse-extension.git</url> | ||
<connection>scm:[email protected]:nacos-group/nacos-client-mse-extension.git</connection> | ||
<developerConnection>scm:[email protected]:nacos-group/nacos-client-mse-extension.git</developerConnection> | ||
</scm> | ||
|
||
<properties> | ||
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> | ||
<nacos.version>2.2.4</nacos.version> | ||
<nacos.version>2.4.0</nacos.version> | ||
<guava.version>30.1-jre</guava.version> | ||
</properties> | ||
|
||
<dependencies> | ||
<dependency> | ||
<groupId>com.aliyun</groupId> | ||
<artifactId>aliyun-java-sdk-core</artifactId> | ||
<version>4.5.17</version> | ||
</dependency> | ||
|
||
<dependency> | ||
<groupId>com.aliyun</groupId> | ||
<artifactId>aliyun-java-sdk-kms</artifactId> | ||
<version>2.16.3</version> | ||
</dependency> | ||
|
||
<dependency> | ||
<groupId>com.aliyun.kms</groupId> | ||
<artifactId>kms-transfer-client</artifactId> | ||
|
@@ -88,14 +88,26 @@ | |
</exclusions> | ||
<version>0.1.0</version> | ||
</dependency> | ||
|
||
|
||
<dependency> | ||
<groupId>com.aliyun</groupId> | ||
<artifactId>credentials-java</artifactId> | ||
<version>0.3.12</version> | ||
</dependency> | ||
|
||
<dependency> | ||
<groupId>com.aliyun</groupId> | ||
<artifactId>alibabacloud-secretsmanager-client</artifactId> | ||
<version>1.3.7</version> | ||
</dependency> | ||
|
||
<dependency> | ||
<groupId>com.alibaba.nacos</groupId> | ||
<artifactId>nacos-api</artifactId> | ||
<artifactId>nacos-client</artifactId> | ||
<version>${nacos.version}</version> | ||
<optional>true</optional> | ||
</dependency> | ||
|
||
<dependency> | ||
<artifactId>commons-codec</artifactId> | ||
<groupId>commons-codec</groupId> | ||
|
@@ -108,23 +120,17 @@ | |
<version>${guava.version}</version> | ||
<optional>true</optional> | ||
</dependency> | ||
|
||
<!-- for test--> | ||
<dependency> | ||
<groupId>org.junit.jupiter</groupId> | ||
<artifactId>junit-jupiter</artifactId> | ||
<version>RELEASE</version> | ||
<scope>test</scope> | ||
</dependency> | ||
<dependency> | ||
<groupId>com.alibaba.nacos</groupId> | ||
<artifactId>nacos-client</artifactId> | ||
<version>${nacos.version}</version> | ||
<scope>test</scope> | ||
</dependency> | ||
|
||
|
||
</dependencies> | ||
|
||
<build> | ||
<plugins> | ||
<plugin> | ||
|
@@ -136,8 +142,8 @@ | |
<target>8</target> | ||
</configuration> | ||
</plugin> | ||
|
||
|
||
<plugin> | ||
<groupId>org.apache.maven.plugins</groupId> | ||
<artifactId>maven-source-plugin</artifactId> | ||
|
@@ -151,8 +157,8 @@ | |
</execution> | ||
</executions> | ||
</plugin> | ||
|
||
|
||
<plugin> | ||
<groupId>org.apache.maven.plugins</groupId> | ||
<artifactId>maven-javadoc-plugin</artifactId> | ||
|
@@ -168,8 +174,8 @@ | |
</execution> | ||
</executions> | ||
</plugin> | ||
|
||
|
||
<plugin> | ||
<groupId>org.apache.maven.plugins</groupId> | ||
<artifactId>maven-gpg-plugin</artifactId> | ||
|
102 changes: 102 additions & 0 deletions
102
src/main/java/com/alibaba/nacos/client/aliyun/auth/AliyunExtensionClientAuthServiceImpl.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,102 @@ | ||
package com.alibaba.nacos.client.aliyun.auth; | ||
|
||
import com.alibaba.nacos.api.exception.NacosException; | ||
import com.alibaba.nacos.client.aliyun.auth.injector.ConfigExtensionResourceInjector; | ||
import com.alibaba.nacos.client.aliyun.auth.injector.NamingExtensionResourceInjector; | ||
import com.alibaba.nacos.client.aliyun.auth.provider.AutoRotateCredentialsProvider; | ||
import com.alibaba.nacos.client.aliyun.auth.provider.CredentialsUriCredentialsProvider; | ||
import com.alibaba.nacos.client.aliyun.auth.provider.ExtensionCredentialsProvider; | ||
import com.alibaba.nacos.client.aliyun.auth.provider.OidcRoleArnCredentialsProvider; | ||
import com.alibaba.nacos.client.aliyun.auth.provider.RamRoleArnCredentialsProvider; | ||
import com.alibaba.nacos.client.aliyun.auth.provider.StsTokenCredentialsProvider; | ||
import com.alibaba.nacos.client.auth.ram.injector.AbstractResourceInjector; | ||
import com.alibaba.nacos.plugin.auth.api.LoginIdentityContext; | ||
import com.alibaba.nacos.plugin.auth.api.RequestResource; | ||
import com.alibaba.nacos.plugin.auth.constant.SignType; | ||
import com.alibaba.nacos.plugin.auth.spi.client.AbstractClientAuthService; | ||
import org.slf4j.Logger; | ||
import org.slf4j.LoggerFactory; | ||
|
||
import java.util.HashMap; | ||
import java.util.HashSet; | ||
import java.util.Map; | ||
import java.util.Properties; | ||
import java.util.Set; | ||
|
||
/** | ||
* Nacos ClientAuthServiceImpl for aliyun extension auth way. | ||
* | ||
* @author xiweng.yy | ||
*/ | ||
public class AliyunExtensionClientAuthServiceImpl extends AbstractClientAuthService { | ||
|
||
private static final Logger LOGGER = LoggerFactory.getLogger(AliyunExtensionClientAuthServiceImpl.class); | ||
|
||
private final Set<ExtensionCredentialsProvider> credentialsProviders; | ||
|
||
private final Map<String, AbstractResourceInjector> resourceInjectors; | ||
|
||
private ExtensionCredentialsProvider matchedProvider; | ||
|
||
public AliyunExtensionClientAuthServiceImpl() { | ||
this.credentialsProviders = new HashSet<>(); | ||
this.credentialsProviders.add(new CredentialsUriCredentialsProvider()); | ||
this.credentialsProviders.add(new StsTokenCredentialsProvider()); | ||
this.credentialsProviders.add(new OidcRoleArnCredentialsProvider()); | ||
this.credentialsProviders.add(new RamRoleArnCredentialsProvider()); | ||
this.credentialsProviders.add(new AutoRotateCredentialsProvider()); | ||
this.resourceInjectors = new HashMap<>(); | ||
this.resourceInjectors.put(SignType.NAMING, new NamingExtensionResourceInjector()); | ||
this.resourceInjectors.put(SignType.CONFIG, new ConfigExtensionResourceInjector()); | ||
} | ||
|
||
@Override | ||
public Boolean login(Properties properties) { | ||
for (ExtensionCredentialsProvider each : credentialsProviders) { | ||
if (each.matchProvider(properties)) { | ||
LOGGER.info("Match credentials provider: {}", each.getClass().getName()); | ||
matchedProvider = each; | ||
break; | ||
} | ||
} | ||
try { | ||
if (null == matchedProvider) { | ||
return false; | ||
} | ||
matchedProvider.init(properties); | ||
return true; | ||
} catch (Exception e) { | ||
LOGGER.warn("Init for Credential Provider {} failed.", matchedProvider.getClass().getName(), e); | ||
return false; | ||
} | ||
} | ||
|
||
@Override | ||
public LoginIdentityContext getLoginIdentityContext(RequestResource resource) { | ||
LoginIdentityContext result = new LoginIdentityContext(); | ||
if (null == matchedProvider) { | ||
return result; | ||
} | ||
ExtensionRamContext ramContext = matchedProvider.getCredentialsForNacosClient(); | ||
if (!ramContext.validate() || notFountInjector(resource.getType())) { | ||
return result; | ||
} | ||
resourceInjectors.get(resource.getType()).doInject(resource, ramContext, result); | ||
return result; | ||
} | ||
|
||
private boolean notFountInjector(String type) { | ||
if (!resourceInjectors.containsKey(type)) { | ||
LOGGER.warn("Injector for type {} not found, will use default ram identity context.", type); | ||
return true; | ||
} | ||
return false; | ||
} | ||
|
||
@Override | ||
public void shutdown() throws NacosException { | ||
if (null != matchedProvider) { | ||
matchedProvider.shutdown(); | ||
} | ||
} | ||
} |
74 changes: 74 additions & 0 deletions
74
src/main/java/com/alibaba/nacos/client/aliyun/auth/ExtensionAuthConstants.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
package com.alibaba.nacos.client.aliyun.auth; | ||
|
||
/** | ||
* Constants for aliyun extension auth. | ||
* | ||
* @author xiweng.yy | ||
*/ | ||
public class ExtensionAuthConstants { | ||
|
||
/** | ||
* Original signature region id key, added by nacos-client 2.4.0. | ||
*/ | ||
public static final String SIGNATURE_REGION_ID_KEY = "signatureRegionId"; | ||
|
||
public static final String SECURITY_TOKEN_HEADER = "Spas-SecurityToken"; | ||
|
||
public static final String V4_SIGNATURE_UTIL_CLASS = "com.alibaba.nacos.client.auth.ram.utils.CalculateV4SigningKeyUtil"; | ||
|
||
/** | ||
* Nacos properties keys | ||
*/ | ||
private static final String PREFIX = "alibabaCloud"; | ||
|
||
public static final String SECRET_NAME_KEY = PREFIX + "SecretName"; | ||
|
||
public static final String CREDENTIALS_URI_KEY = PREFIX + "CredentialsUri"; | ||
|
||
public static final String OIDC_TOKEN_FILE_PATH_KEY = PREFIX + "OidcTokenFile"; | ||
|
||
public static final String OIDC_PROVIDER_ARN_KEY = PREFIX + "OidcProviderArn"; | ||
|
||
public static final String ROLE_SESSION_EXPIRATION_KEY = PREFIX + "RoleSessionExpiration"; | ||
|
||
public static final String POLICY_KEY = PREFIX + "Policy"; | ||
|
||
public static final String ROLE_SESSION_NAME_KEY = PREFIX + "RoleSessionName"; | ||
|
||
public static final String ROLE_ARN_KEY = PREFIX + "RoleArn"; | ||
|
||
public static final String SECURITY_TOKEN_KEY = PREFIX + "SecurityToken"; | ||
|
||
public static final String ACCESS_KEY_SECRET_KEY = PREFIX + "AccessKeySecret"; | ||
|
||
public static final String ACCESS_KEY_ID_KEY = PREFIX + "AccessKeyId"; | ||
|
||
/** | ||
* Env properties keys. | ||
*/ | ||
private static final String ENV_PREFIX = "ALIBABA_CLOUD_"; | ||
|
||
public static final String ENV_ACCESS_KEY_ID_KEY = ENV_PREFIX + "ACCESS_KEY_ID"; | ||
|
||
public static final String ENV_ACCESS_KEY_SECRET_KEY = ENV_PREFIX + "ACCESS_KEY_SECRET"; | ||
|
||
public static final String ENV_SECURITY_TOKEN_KEY = ENV_PREFIX + "SECURITY_TOKEN"; | ||
|
||
public static final String ENV_SIGNATURE_REGION_ID_KEY = ENV_PREFIX + "SIGNATURE_REGION_ID"; | ||
|
||
public static final String ENV_ROLE_ARN_KEY = ENV_PREFIX + "ROLE_ARN"; | ||
|
||
public static final String ENV_ROLE_SESSION_NAME_KEY = ENV_PREFIX + "ROLE_SESSION_NAME"; | ||
|
||
public static final String ENV_POLICY_KEY = ENV_PREFIX + "POLICY"; | ||
|
||
public static final String ENV_ROLE_SESSION_EXPIRATION_KEY = ENV_PREFIX + "ROLE_SESSION_EXPIRATION"; | ||
|
||
public static final String ENV_OIDC_PROVIDER_ARN_KEY = ENV_PREFIX + "OIDC_PROVIDER_ARN"; | ||
|
||
public static final String ENV_OIDC_TOKEN_FILE_KEY = ENV_PREFIX + "OIDC_TOKEN_FILE"; | ||
|
||
public static final String ENV_CREDENTIALS_URI_KEY = ENV_PREFIX + "CREDENTIALS_URI"; | ||
|
||
public static final String ENV_SECRET_NAME_KEY = ENV_PREFIX + "SECRET_NAME"; | ||
} |
53 changes: 53 additions & 0 deletions
53
src/main/java/com/alibaba/nacos/client/aliyun/auth/ExtensionAuthPropertyKey.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
package com.alibaba.nacos.client.aliyun.auth; | ||
|
||
/** | ||
* Aliyun Extension Auth Property Key. | ||
* | ||
* @author xiweng.yy | ||
*/ | ||
public enum ExtensionAuthPropertyKey { | ||
|
||
ACCESS_KEY_ID(ExtensionAuthConstants.ACCESS_KEY_ID_KEY, ExtensionAuthConstants.ENV_ACCESS_KEY_ID_KEY), | ||
|
||
ACCESS_KEY_SECRET(ExtensionAuthConstants.ACCESS_KEY_SECRET_KEY, ExtensionAuthConstants.ENV_ACCESS_KEY_SECRET_KEY), | ||
|
||
SECURITY_TOKEN(ExtensionAuthConstants.SECURITY_TOKEN_KEY, ExtensionAuthConstants.ENV_SECURITY_TOKEN_KEY), | ||
|
||
SIGNATURE_REGION_ID(ExtensionAuthConstants.SIGNATURE_REGION_ID_KEY, | ||
ExtensionAuthConstants.ENV_SIGNATURE_REGION_ID_KEY), | ||
|
||
ROLE_ARN(ExtensionAuthConstants.ROLE_ARN_KEY, ExtensionAuthConstants.ENV_ROLE_ARN_KEY), | ||
|
||
ROLE_SESSION_NAME(ExtensionAuthConstants.ROLE_SESSION_NAME_KEY, ExtensionAuthConstants.ENV_ROLE_SESSION_NAME_KEY), | ||
|
||
POLICY(ExtensionAuthConstants.POLICY_KEY, ExtensionAuthConstants.ENV_POLICY_KEY), | ||
|
||
ROLE_SESSION_EXPIRATION(ExtensionAuthConstants.ROLE_SESSION_EXPIRATION_KEY, | ||
ExtensionAuthConstants.ENV_ROLE_SESSION_EXPIRATION_KEY), | ||
|
||
OIDC_PROVIDER_ARN(ExtensionAuthConstants.OIDC_PROVIDER_ARN_KEY, ExtensionAuthConstants.ENV_OIDC_PROVIDER_ARN_KEY), | ||
|
||
OIDC_TOKEN_FILE_PATH(ExtensionAuthConstants.OIDC_TOKEN_FILE_PATH_KEY, | ||
ExtensionAuthConstants.ENV_OIDC_TOKEN_FILE_KEY), | ||
|
||
CREDENTIALS_URI(ExtensionAuthConstants.CREDENTIALS_URI_KEY, ExtensionAuthConstants.ENV_CREDENTIALS_URI_KEY), | ||
|
||
SECRET_NAME(ExtensionAuthConstants.SECRET_NAME_KEY, ExtensionAuthConstants.ENV_SECRET_NAME_KEY); | ||
|
||
private final String key; | ||
|
||
private final String envKey; | ||
|
||
ExtensionAuthPropertyKey(String key, String envKey) { | ||
this.key = key; | ||
this.envKey = envKey; | ||
} | ||
|
||
public String getKey() { | ||
return key; | ||
} | ||
|
||
public String getEnvKey() { | ||
return envKey; | ||
} | ||
} |
Oops, something went wrong.