[#45][#42]support RBAC and watch (#121)

* [#45 & #42]支持服务中心RBAC,支持watch模式

* [#45 & #42]支持服务中心RBAC,支持watch模式

* [#45 & #42]支持服务中心RBAC，支持watch模式

* [#42 & #45]支持服务中心RBAC,支持watch模式

* [#45][#42]support RBAC and watch

* [#42][#45] support RBAC and watch

* [#42][#45]support RBAC and watch

* [#42][#45] support RBAC and watch

* [#42][#45]support RBAC and watch

common/pom.xml

@@ -35,6 +35,11 @@
       <artifactId>http-client-common</artifactId>
       <version>${servicecomb.version}</version>
     </dependency>
+    <dependency>
+      <groupId>org.apache.servicecomb</groupId>
+      <artifactId>service-center-client</artifactId>
+      <version>${servicecomb.version}</version>
+    </dependency>
     <dependency>
       <groupId>org.apache.dubbo</groupId>
       <artifactId>dubbo-registry-api</artifactId>
@@ -49,7 +54,11 @@
       <groupId>org.apache.dubbo</groupId>
       <artifactId>dubbo-config-spring</artifactId>
     </dependency>
-
+    <dependency>
+      <groupId>org.apache.servicecomb</groupId>
+      <artifactId>foundation-common</artifactId>
+      <version>${servicecomb.version}</version>
+    </dependency>
     <dependency>
       <groupId>junit</groupId>
       <artifactId>junit</artifactId>

common/src/main/java/com/huaweicloud/dubbo/common/DubboRequestAuthHeaderProvider.java → common/src/main/java/com/huaweicloud/dubbo/common/AkSkRequestAuthHeaderProvider.java

@@ -26,10 +26,9 @@
 import javax.crypto.spec.SecretKeySpec;
 
 import org.apache.commons.codec.binary.Hex;
-import org.apache.servicecomb.foundation.auth.SignRequest;
-import org.apache.servicecomb.http.client.auth.RequestAuthHeaderProvider;
+import org.apache.servicecomb.foundation.auth.AuthHeaderProvider;
 
-public class DubboRequestAuthHeaderProvider implements RequestAuthHeaderProvider {
+public class AkSkRequestAuthHeaderProvider implements AuthHeaderProvider {
 
   private boolean enabled;
 
@@ -47,14 +46,6 @@ public class DubboRequestAuthHeaderProvider implements RequestAuthHeaderProvider
 
   public static final String X_SERVICE_PROJECT = "X-Service-Project";
 
-  public DubboRequestAuthHeaderProvider() {
-  }
-
-  @Override
-  public Map<String, String> loadAuthHeader(SignRequest signRequest) {
-    return this.getHeaders();
-  }
-
   public void setEnabled(boolean enabled) {
     this.enabled = enabled;
   }
@@ -69,7 +60,6 @@ public void setAccessKey(String accessKey) {
 
   public String getSecretKey() {
     String decodedSecretKey = new String(findCipher().decrypt(this.secretKey.toCharArray()));
-
     // ShaAKSKCipher 不解密, 认证的时候不处理；其他算法解密为 plain，需要 encode 为 ShaAKSKCipher 去认证。
     if (ShaAKSKCipher.CIPHER_NAME.equalsIgnoreCase(getCipher())) {
       return decodedSecretKey;
@@ -98,7 +88,8 @@ public void setProject(String project) {
     this.project = project;
   }
 
-  public Map<String, String> getHeaders() {
+  @Override
+  public Map<String, String> authHeaders() {
     Map<String, String> headers = new HashMap<>();
     if (enabled) {
       headers.put(X_SERVICE_AK, this.getAccessKey());
@@ -129,4 +120,5 @@ public static String sha256Encode(String key, String data) {
       throw new IllegalArgumentException("Can not encode ak sk. Please check the value is correct.", e);
     }
   }
+
 }

common/src/main/java/com/huaweicloud/dubbo/common/AuthHeaderProviders.java

@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.huaweicloud.dubbo.common;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.servicecomb.foundation.auth.AuthHeaderProvider;
+import org.apache.servicecomb.http.client.auth.RequestAuthHeaderProvider;
+import org.springframework.core.env.Environment;
+
+public class AuthHeaderProviders {
+
+  public static RequestAuthHeaderProvider getRequestAuthHeaderProvider(CommonConfiguration commonConfiguration,
+      Environment environment) {
+    List<AuthHeaderProvider> authHeaderProviders = new ArrayList<>();
+    authHeaderProviders.add(commonConfiguration.createAkSkRequestAuthHeaderProvider());
+    authHeaderProviders.add(new RBACRequestAuthHeaderProvider(commonConfiguration, environment));
+    return getRequestAuthHeaderProvider(authHeaderProviders);
+  }
+
+  private static RequestAuthHeaderProvider getRequestAuthHeaderProvider(List<AuthHeaderProvider> authHeaderProviders) {
+    return signRequest -> {
+      Map<String, String> headers = new HashMap<>();
+      authHeaderProviders.forEach(authHeaderProvider -> headers.putAll(authHeaderProvider.authHeaders()));
+      return headers;
+    };
+  }
+}

common/src/main/java/com/huaweicloud/dubbo/common/CommonConfiguration.java

@@ -19,18 +19,20 @@
 
 import org.apache.servicecomb.foundation.ssl.SSLCustom;
 import org.apache.servicecomb.foundation.ssl.SSLOption;
-import org.apache.servicecomb.http.client.auth.RequestAuthHeaderProvider;
 import org.apache.servicecomb.http.client.common.HttpConfiguration.SSLProperties;
 import org.springframework.core.env.Environment;
 import org.springframework.util.StringUtils;
 
 import java.io.UnsupportedEncodingException;
 import java.net.URLEncoder;
 
+
 public class CommonConfiguration {
   public static final String DEFAULT_CIPHERS = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,"
       + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
 
+  public static final String DEFAULT_PROJECT = "default";
+
   // ###### service configuration ############### //
   public static final String KEY_SERVICE_PROJECT = "dubbo.servicecomb.service.project";
 
@@ -48,6 +50,8 @@ public class CommonConfiguration {
   // ###### service center configuration ############### //
   public static final String KEY_REGISTRY_ADDRESS = "dubbo.servicecomb.registry.address";
 
+  public static final String KEY_REGISTRY_WATCH = "dubbo.servicecomb.registry.watch";
+
   public static final String KEY_SERVICE_IGNORESWAGGERDIFFERENT = "dubbo.servicecomb.registry.ignoreSwaggerDifferent";
 
   // ###### config center configuration ############### //
@@ -70,48 +74,48 @@ public class CommonConfiguration {
 
   public static final String KEY_SERVICE_KIE_FRISTPULLREQUIRED = "dubbo.servicecomb.config.firstPullRequired";
 
-  public static final String KEY_SERVICE_KIE_ENABLEAPPCONFIG= "dubbo.servicecomb.config.enableAppConfig";
+  public static final String KEY_SERVICE_KIE_ENABLEAPPCONFIG = "dubbo.servicecomb.config.enableAppConfig";
 
   public static final String KEY_SERVICE_KIE_ENABLECUSTOMCONFIG = "dubbo.servicecomb.config.enableCustomConfig";
 
-  public static final String KEY_SERVICE_KIE_ENABLESERVICECONFIG  = "dubbo.servicecomb.config.enableServiceConfig";
+  public static final String KEY_SERVICE_KIE_ENABLESERVICECONFIG = "dubbo.servicecomb.config.enableServiceConfig";
 
   // ###### ssl configuration ############### //
-  public static final String KEY_SSL_ENABLED = "dubbo.servicecomb.ssl.enabled";
+  private static final String KEY_SSL_ENABLED = "dubbo.servicecomb.ssl.enabled";
 
-  public static final String KEY_SSL_ENGINE = "dubbo.servicecomb.ssl.engine";
+  private static final String KEY_SSL_ENGINE = "dubbo.servicecomb.ssl.engine";
 
-  public static final String KEY_SSL_PROTOCOLS = "dubbo.servicecomb.ssl.protocols";
+  private static final String KEY_SSL_PROTOCOLS = "dubbo.servicecomb.ssl.protocols";
 
-  public static final String KEY_SSL_CIPHERS = "dubbo.servicecomb.ssl.ciphers";
+  private static final String KEY_SSL_CIPHERS = "dubbo.servicecomb.ssl.ciphers";
 
-  public static final String KEY_SSL_AUTH_PEER = "dubbo.servicecomb.ssl.authPeer";
+  private static final String KEY_SSL_AUTH_PEER = "dubbo.servicecomb.ssl.authPeer";
 
-  public static final String KEY_SSL_CHECKCN_HOST = "dubbo.servicecomb.ssl.checkCNHost";
+  private static final String KEY_SSL_CHECKCN_HOST = "dubbo.servicecomb.ssl.checkCNHost";
 
-  public static final String KEY_SSL_CHECKCN_WHITE = "dubbo.servicecomb.ssl.checkCNWhite";
+  private static final String KEY_SSL_CHECKCN_WHITE = "dubbo.servicecomb.ssl.checkCNWhite";
 
-  public static final String KEY_SSL_CHECKCN_WHITE_FILE = "dubbo.servicecomb.ssl.checkCNWhiteFile";
+  private static final String KEY_SSL_CHECKCN_WHITE_FILE = "dubbo.servicecomb.ssl.checkCNWhiteFile";
 
-  public static final String KEY_SSL_ALLOW_RENEGOTIATE = "dubbo.servicecomb.ssl.allowRenegotiate";
+  private static final String KEY_SSL_ALLOW_RENEGOTIATE = "dubbo.servicecomb.ssl.allowRenegotiate";
 
-  public static final String KEY_SSL_STORE_PATH = "dubbo.servicecomb.ssl.storePath";
+  private static final String KEY_SSL_STORE_PATH = "dubbo.servicecomb.ssl.storePath";
 
-  public static final String KEY_SSL_TRUST_STORE = "dubbo.servicecomb.ssl.trustStore";
+  private static final String KEY_SSL_TRUST_STORE = "dubbo.servicecomb.ssl.trustStore";
 
-  public static final String KEY_SSL_TRUST_STORE_TYPE = "dubbo.servicecomb.ssl.trustStoreType";
+  private static final String KEY_SSL_TRUST_STORE_TYPE = "dubbo.servicecomb.ssl.trustStoreType";
 
-  public static final String KEY_SSL_TRUST_STORE_VALUE = "dubbo.servicecomb.ssl.trustStoreValue";
+  private static final String KEY_SSL_TRUST_STORE_VALUE = "dubbo.servicecomb.ssl.trustStoreValue";
 
-  public static final String KEY_SSL_KEYSTORE = "dubbo.servicecomb.ssl.keyStore";
+  private static final String KEY_SSL_KEYSTORE = "dubbo.servicecomb.ssl.keyStore";
 
-  public static final String KEY_SSL_KEYSTORE_TYPE = "dubbo.servicecomb.ssl.keyStoreType";
+  private static final String KEY_SSL_KEYSTORE_TYPE = "dubbo.servicecomb.ssl.keyStoreType";
 
-  public static final String KEY_SSL_KEYSTORE_VALUE = "dubbo.servicecomb.ssl.keyStoreValue";
+  private static final String KEY_SSL_KEYSTORE_VALUE = "dubbo.servicecomb.ssl.keyStoreValue";
 
-  public static final String KEY_SSL_CRL = "dubbo.servicecomb.ssl.crl";
+  private static final String KEY_SSL_CRL = "dubbo.servicecomb.ssl.crl";
 
-  public static final String KEY_SSL_SSL_CUSTOM_CLASS = "dubbo.servicecomb.ssl.sslCustomClass";
+  private static final String KEY_SSL_SSL_CUSTOM_CLASS = "dubbo.servicecomb.ssl.sslCustomClass";
 
   // ###### ak / ak configuration ############### //
   public static final String KEY_AK_SK_ENABLED = "dubbo.servicecomb.credentials.enabled";
@@ -124,6 +128,12 @@ public class CommonConfiguration {
 
   public static final String KEY_AK_SK_PROJECT = "dubbo.servicecomb.credentials.project";
 
+  // ###### RBAC configuration ############### //
+
+  public static final String KEY_RBAC_NAME = "dubbo.servicecomb.credentials.account.name";
+
+  public static final String KEY_RBAC_PASSWORD = "dubbo.servicecomb.credentials.account.password";
+
   private Environment environment;
 
   public CommonConfiguration(Environment environment) {
@@ -132,17 +142,17 @@ public CommonConfiguration(Environment environment) {
 
   public SSLProperties createSSLProperties() {
     SSLProperties sslProperties = new SSLProperties();
-    sslProperties.setEnabled(Boolean.valueOf(environment.getProperty(KEY_SSL_ENABLED, "false")));
+    sslProperties.setEnabled(Boolean.parseBoolean(environment.getProperty(KEY_SSL_ENABLED, "false")));
     if (sslProperties.isEnabled()) {
       SSLOption option = new SSLOption();
       option.setEngine(environment.getProperty(KEY_SSL_ENGINE, "jdk"));
       option.setProtocols(environment.getProperty(KEY_SSL_PROTOCOLS, "TLSv1.2"));
       option.setCiphers(environment.getProperty(KEY_SSL_CIPHERS, DEFAULT_CIPHERS));
-      option.setAuthPeer(Boolean.valueOf(environment.getProperty(KEY_SSL_AUTH_PEER, "false")));
-      option.setCheckCNHost(Boolean.valueOf(environment.getProperty(KEY_SSL_CHECKCN_HOST, "false")));
-      option.setCheckCNWhite(Boolean.valueOf(environment.getProperty(KEY_SSL_CHECKCN_WHITE, "false")));
+      option.setAuthPeer(Boolean.parseBoolean(environment.getProperty(KEY_SSL_AUTH_PEER, "false")));
+      option.setCheckCNHost(Boolean.parseBoolean(environment.getProperty(KEY_SSL_CHECKCN_HOST, "false")));
+      option.setCheckCNWhite(Boolean.parseBoolean(environment.getProperty(KEY_SSL_CHECKCN_WHITE, "false")));
       option.setCheckCNWhiteFile(environment.getProperty(KEY_SSL_CHECKCN_WHITE_FILE, "white.list"));
-      option.setAllowRenegociate(Boolean.valueOf(environment.getProperty(KEY_SSL_ALLOW_RENEGOTIATE, "false")));
+      option.setAllowRenegociate(Boolean.parseBoolean(environment.getProperty(KEY_SSL_ALLOW_RENEGOTIATE, "false")));
       option.setStorePath(environment.getProperty(KEY_SSL_STORE_PATH, "internal"));
       option.setKeyStore(environment.getProperty(KEY_SSL_KEYSTORE, "server.p12"));
       option.setKeyStoreType(environment.getProperty(KEY_SSL_KEYSTORE_TYPE, "PKCS12"));
@@ -159,9 +169,9 @@ public SSLProperties createSSLProperties() {
     return sslProperties;
   }
 
-  public RequestAuthHeaderProvider createRequestAuthHeaderProvider() {
-    DubboRequestAuthHeaderProvider requestAuthHeaderProvider = new DubboRequestAuthHeaderProvider();
-    requestAuthHeaderProvider.setEnabled(Boolean.valueOf(environment.getProperty(KEY_AK_SK_ENABLED, "false")));
+  public AkSkRequestAuthHeaderProvider createAkSkRequestAuthHeaderProvider() {
+    AkSkRequestAuthHeaderProvider requestAuthHeaderProvider = new AkSkRequestAuthHeaderProvider();
+    requestAuthHeaderProvider.setEnabled(Boolean.parseBoolean(environment.getProperty(KEY_AK_SK_ENABLED, "false")));
     requestAuthHeaderProvider.setAccessKey(environment.getProperty(KEY_AK_SK_ACCESS_KEY, ""));
     requestAuthHeaderProvider.setSecretKey(environment.getProperty(KEY_AK_SK_SECRET_KEY, ""));
     requestAuthHeaderProvider.setCipher(environment.getProperty(KEY_AK_SK_CIPHER, ""));