feat: add blockallowlist rules & remove unused imports (#125)

* feat: add ratelimit spec & remove temporary proto files * Update version to 1.5.3-SNAPSHOT * fix: change maxAmount to max_amount * feat: add lossless rule specification * feat： lossless支持lables过滤 * feat: restore circuitbreaker fallback & ratelimit add custom response * fix: add json_name * fix: customResponse to custom_response * feat: add go compile sources * feat: add extendInfo to FaultDetector * feat: add json name * feat: add blockallowlist rules & remove unused imports
polarismesh · Sep 2, 2024 · afbb921 · afbb921
1 parent 172192b
commit afbb921
Show file tree

Hide file tree

Showing 4 changed files with 97 additions and 5 deletions.
diff --git a/api/v1/security/block_allow_list.proto b/api/v1/security/block_allow_list.proto
@@ -0,0 +1,90 @@
+syntax = "proto3";
+
+package v1;
+
+import "google/protobuf/wrappers.proto";
+import "model.proto";
+
+option go_package = "github.com/polarismesh/specification/source/go/api/v1/security";
+option java_package = "com.tencent.polaris.specification.api.v1.security";
+option java_outer_classname = "BlockAllowListProto";
+
+message BlockAllowListRule {
+
+  // unique rule id
+  string id = 1 [ json_name = "id" ];
+
+  // unique rule name
+  string name = 2 [ json_name = "name" ];
+
+  // metadata for block allow list rules
+  map<string, string> metadata = 3 [ json_name = "metadata" ];
+
+  // service namespace
+  string namespace = 4 [ json_name = "namespace" ];
+
+  // service name
+  string service = 5 [ json_name = "service" ];
+
+  // rule description
+  string description = 6 [ json_name = "description" ];
+
+  // rule priority
+  uint32 priority = 7 [ json_name = "priority" ];
+
+  // rule enable
+  bool enable = 8 [ json_name = "enable" ];
+
+  // ctime create time of the rules
+  string ctime = 9 [ json_name = "ctime" ];
+
+  // mtime modify time of the rules
+  string mtime = 10 [ json_name = "mtime" ];
+
+  // etime enable time of the rules
+  string etime = 11 [ json_name = "etime" ];
+
+  // block or allow configuration
+  repeated BlockAllowConfig blockAllowConfig = 12 [ json_name = "block_allow_config" ];
+
+}
+
+message BlockAllowConfig {
+  // blocking target api
+  API api = 1 [ json_name = "api" ];
+
+  message MatchArgument {
+    // label type for gateway request
+    enum Type {
+      // custom arguments
+      CUSTOM = 0;
+      // header, match the http header, dubbo attachment, grpc header
+      HEADER = 1;
+      // query, match the http query, dubbo argument
+      QUERY = 2;
+      // caller service
+      CALLER_SERVICE = 3;
+      // caller host ip
+      CALLER_IP = 4;
+      // caller instance metadata
+      CALLER_METADATA = 5;
+      // caller instance metadata
+      CALLEE_METADATA = 6;
+    }
+    Type type = 1 [ json_name = "type" ];
+    // header key or query key
+    string key = 2 [ json_name = "key" ];
+    // header value or query value
+    MatchString value = 3 [ json_name = "value" ];
+  }
+  // arguments to match this config
+  repeated MatchArgument arguments = 2 [ json_name = "arguments" ];
+
+  enum BlockAllowPolicy {
+    ALLOW_LIST = 0;
+    BLOCK_LIST = 1;
+  }
+  // block or allow as policy
+  BlockAllowPolicy blockAllowPolicy = 3 [ json_name = "block_allow_policy" ];
+}
+
diff --git a/api/v1/service_manage/request.proto b/api/v1/service_manage/request.proto
@@ -3,7 +3,6 @@ syntax = "proto3";
 package v1;
 
 import "service.proto";
-import "contract.proto";
 
 option go_package = "github.com/polarismesh/specification/source/go/api/v1/service_manage";
 option java_package = "com.tencent.polaris.specification.api.v1.service.manage";
@@ -33,6 +32,8 @@ message DiscoverRequest {
     NEARBY_ROUTE_RULE = 102;
     // 无损上下线规则
     LOSSLESS = 103;
+    // 服务黑白名单规则
+    BLOCK_ALLOW_RULE = 104;
   }
 
   DiscoverRequestType type = 1;

diff --git a/api/v1/service_manage/response.proto b/api/v1/service_manage/response.proto
@@ -17,6 +17,7 @@ import "auth.proto";
 import "contract.proto";
 import "lane.proto";
 import "lossless.proto";
+import "block_allow_list.proto";
 
 option go_package = "github.com/polarismesh/specification/source/go/api/v1/service_manage";
 option java_package = "com.tencent.polaris.specification.api.v1.service.manage";
@@ -104,6 +105,8 @@ message DiscoverResponse {
     NEARBY_ROUTE_RULE = 102;
     // 无损上下线规则
     LOSSLESS = 103;
+    // 服务黑白名单规则
+    BLOCK_ALLOW_RULE = 104;
   }
 
   DiscoverResponseType type = 3;
@@ -124,6 +127,8 @@ message DiscoverResponse {
   repeated RouteRule nearbyRouteRules = 24;
   // 无损上下线规则内容
   repeated LosslessRule losslessRules = 25;
+  // 服务黑白名单鉴权规则
+  repeated BlockAllowListRule blockAllowListRule = 26;
 }
 
 message OptionSwitch { map<string, string> options = 1; }

diff --git a/api/v1/traffic_manage/lossless.proto b/api/v1/traffic_manage/lossless.proto
@@ -2,10 +2,6 @@ syntax = "proto3";
 
 package v1;
 
-import "google/protobuf/wrappers.proto";
-import "google/protobuf/duration.proto";
-import "model.proto";
-
 option go_package = "github.com/polarismesh/specification/source/go/api/v1/traffic_manage";
 option java_package = "com.tencent.polaris.specification.api.v1.traffic.manage";
 option java_outer_classname = "LosslessProto";