Skip to content
This repository has been archived by the owner on May 10, 2022. It is now read-only.

feat(security): implement AuthProtocol and Credential classes #139

Merged
merged 41 commits into from
Nov 6, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
41 commits
Select commit Hold shift + click to select a range
425c9e4
feat(security): add configurations of keyTab and principal
levy5307 Sep 25, 2020
485375b
fix
levy5307 Sep 25, 2020
a6dda3e
Merge branch 'master' into jaas-config
levy5307 Oct 16, 2020
f7b9c74
fix
levy5307 Oct 28, 2020
d5a59df
fix
levy5307 Oct 28, 2020
b0883f1
fix
levy5307 Nov 2, 2020
3cd6a79
refactor
levy5307 Nov 3, 2020
cc89c4b
fix
levy5307 Nov 3, 2020
44117fd
fix
levy5307 Nov 3, 2020
efad163
fix
levy5307 Nov 3, 2020
ed74c30
add license
levy5307 Nov 3, 2020
5ed212d
fix
levy5307 Nov 3, 2020
ceedd52
fix
levy5307 Nov 3, 2020
651fe2c
fix
levy5307 Nov 3, 2020
4a9f8f9
fix
levy5307 Nov 4, 2020
71e83e6
Revert "fix"
levy5307 Nov 4, 2020
f1fa270
fix
levy5307 Nov 4, 2020
c0ffe87
fix
levy5307 Nov 4, 2020
dabaf81
fix
levy5307 Nov 4, 2020
1cf8f76
fix
levy5307 Nov 4, 2020
e671c2f
fix
levy5307 Nov 4, 2020
24118d7
fix
levy5307 Nov 4, 2020
db021b4
add annotiate
levy5307 Nov 4, 2020
c24b3bf
fix
levy5307 Nov 4, 2020
6d200f8
Revert "fix"
levy5307 Nov 4, 2020
448441c
Revert "add annotiate"
levy5307 Nov 4, 2020
e7a135a
fix by review
levy5307 Nov 5, 2020
91b3379
fix
levy5307 Nov 5, 2020
eeed25e
fix
levy5307 Nov 5, 2020
3d1feb0
fix
levy5307 Nov 5, 2020
cc32925
fix
levy5307 Nov 5, 2020
bc5200f
fix
levy5307 Nov 5, 2020
7d545d7
fix
levy5307 Nov 5, 2020
9a780ec
fix
levy5307 Nov 5, 2020
9a36694
fix
levy5307 Nov 5, 2020
2d80a9a
fix
levy5307 Nov 5, 2020
3fa4d29
fix
levy5307 Nov 5, 2020
c8bfc83
fix
levy5307 Nov 5, 2020
c766389
fix
levy5307 Nov 5, 2020
f099f4a
fix
levy5307 Nov 5, 2020
29186d7
fix
levy5307 Nov 5, 2020
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions configuration/pegasus.properties
Original file line number Diff line number Diff line change
Expand Up @@ -5,5 +5,8 @@ enable_perf_counter = false
perf_counter_tags = cluster=onebox,app=unit_test
push_counter_interval_secs = 10
meta_query_timeout = 5000
service_name = ""
service_fqdn = ""
auth_protocol =
kerberos_service_name =
kerberos_service_fqdn =
kerberos_keytab =
kerberos_principal =
1 change: 1 addition & 0 deletions scripts/format-all.sh
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ SRC_FILES=(src/main/java/com/xiaomi/infra/pegasus/client/*.java
src/main/java/com/xiaomi/infra/pegasus/client/request/*.java
src/main/java/com/xiaomi/infra/pegasus/base/*.java
src/main/java/com/xiaomi/infra/pegasus/example/*.java
src/main/java/com/xiaomi/infra/pegasus/security/*.java
src/test/java/com/xiaomi/infra/pegasus/client/*.java
src/test/java/com/xiaomi/infra/pegasus/metrics/*.java
src/test/java/com/xiaomi/infra/pegasus/rpc/async/*.java
Expand Down
162 changes: 69 additions & 93 deletions src/main/java/com/xiaomi/infra/pegasus/client/ClientOptions.java
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@

import static com.xiaomi.infra.pegasus.client.PConfigUtil.loadConfiguration;

import com.xiaomi.infra.pegasus.security.Credential;
import java.time.Duration;
import org.apache.commons.configuration2.Configuration;
import org.apache.commons.configuration2.ConfigurationConverter;
Expand All @@ -30,7 +31,8 @@
* .falconPerfCounterTags("")
* .falconPushInterval(Duration.ofSeconds(10))
* .metaQueryTimeout(Duration.ofMillis(5000))
* .enableAuth(false)
* .authProtocol("")
* .credential(null)
* .build();
* }</pre>
*/
Expand All @@ -45,9 +47,7 @@ public class ClientOptions {
public static final String PEGASUS_PERF_COUNTER_TAGS_KEY = "perf_counter_tags";
public static final String PEGASUS_PUSH_COUNTER_INTERVAL_SECS_KEY = "push_counter_interval_secs";
public static final String PEGASUS_META_QUERY_TIMEOUT_KEY = "meta_query_timeout";
public static final String PEGASUS_ENABLE_AUTH_KEY = "enable_auth";
public static final String PEGASUS_SERVICE_NAME_KEY = "service_name";
public static final String PEGASUS_SERVICE_FQDN_KEY = "service_fqdn";
public static final String PEGASUS_AUTH_PROTOCOL_KEY = "auth_protocol";

public static final String DEFAULT_META_SERVERS =
"127.0.0.1:34601,127.0.0.1:34602,127.0.0.1:34603";
Expand All @@ -58,9 +58,7 @@ public class ClientOptions {
public static final Duration DEFAULT_FALCON_PUSH_INTERVAL = Duration.ofSeconds(10);
public static final boolean DEFAULT_ENABLE_WRITE_LIMIT = true;
public static final Duration DEFAULT_META_QUERY_TIMEOUT = Duration.ofMillis(5000);
public static final boolean DEFAULT_ENABLE_AUTH = false;
neverchanje marked this conversation as resolved.
Show resolved Hide resolved
public static final String DEFAULT_SERVICE_NAME = "";
public static final String DEFAULT_SERVICE_FQDN = "";
public static final String DEFAULT_AUTH_PROTOCOL = "";

private final String metaServers;
private final Duration operationTimeout;
Expand All @@ -70,9 +68,8 @@ public class ClientOptions {
private final Duration falconPushInterval;
private final boolean enableWriteLimit;
private final Duration metaQueryTimeout;
private final boolean enableAuth;
private final String serviceName;
private final String serviceFQDN;
private final String authProtocol;
private final Credential credential;

protected ClientOptions(Builder builder) {
this.metaServers = builder.metaServers;
Expand All @@ -83,9 +80,8 @@ protected ClientOptions(Builder builder) {
this.falconPushInterval = builder.falconPushInterval;
this.enableWriteLimit = builder.enableWriteLimit;
this.metaQueryTimeout = builder.metaQueryTimeout;
this.enableAuth = builder.enableAuth;
this.serviceName = builder.serviceName;
this.serviceFQDN = builder.serviceFQDN;
this.authProtocol = builder.authProtocol;
this.credential = builder.credential;
}

protected ClientOptions(ClientOptions original) {
Expand All @@ -97,9 +93,8 @@ protected ClientOptions(ClientOptions original) {
this.falconPushInterval = original.getFalconPushInterval();
this.enableWriteLimit = original.isWriteLimitEnabled();
this.metaQueryTimeout = original.getMetaQueryTimeout();
this.enableAuth = original.isEnableAuth();
this.serviceName = original.getServiceName();
this.serviceFQDN = original.getServiceFQDN();
this.authProtocol = original.getAuthProtocol();
this.credential = original.getCredential();
}

/**
Expand Down Expand Up @@ -159,9 +154,8 @@ public static ClientOptions create(String configPath) throws PException {
Duration metaQueryTimeout =
Duration.ofMillis(
config.getLong(PEGASUS_META_QUERY_TIMEOUT_KEY, DEFAULT_META_QUERY_TIMEOUT.toMillis()));
boolean enableAuth = config.getBoolean(PEGASUS_ENABLE_AUTH_KEY, DEFAULT_ENABLE_AUTH);
String serviceName = config.getString(PEGASUS_SERVICE_NAME_KEY, DEFAULT_SERVICE_NAME);
String serviceFQDN = config.getString(PEGASUS_SERVICE_FQDN_KEY, DEFAULT_SERVICE_FQDN);
String authProtocol = config.getString(PEGASUS_AUTH_PROTOCOL_KEY, DEFAULT_AUTH_PROTOCOL);
Credential credential = Credential.create(authProtocol, config);

return ClientOptions.builder()
.metaServers(metaList)
Expand All @@ -171,9 +165,8 @@ public static ClientOptions create(String configPath) throws PException {
.falconPerfCounterTags(perfCounterTags)
.falconPushInterval(pushIntervalSecs)
.metaQueryTimeout(metaQueryTimeout)
.enableAuth(enableAuth)
.serviceName(serviceName)
.serviceFQDN(serviceFQDN)
.authProtocol(authProtocol)
.credential(credential)
.build();
}

Expand All @@ -192,41 +185,40 @@ public boolean equals(Object options) {
&& this.falconPushInterval.toMillis() == clientOptions.falconPushInterval.toMillis()
&& this.enableWriteLimit == clientOptions.enableWriteLimit
&& this.metaQueryTimeout.toMillis() == clientOptions.metaQueryTimeout.toMillis()
&& this.enableAuth == clientOptions.enableAuth
&& this.serviceName == clientOptions.serviceName
&& this.serviceFQDN == clientOptions.serviceFQDN;
&& this.authProtocol == clientOptions.authProtocol
&& this.credential == clientOptions.credential;
}
return false;
}

@Override
public String toString() {
return "ClientOptions{"
+ "metaServers='"
+ metaServers
+ '\''
+ ", operationTimeout(ms)="
+ operationTimeout.toMillis()
+ ", asyncWorkers="
+ asyncWorkers
+ ", enablePerfCounter="
+ enablePerfCounter
+ ", falconPerfCounterTags='"
+ falconPerfCounterTags
+ '\''
+ ", falconPushInterval(s)="
+ falconPushInterval.getSeconds()
+ ",enableWriteLimit="
+ enableWriteLimit
+ ", metaQueryTimeout(ms)="
+ metaQueryTimeout.toMillis()
+ ", enableAuth="
+ enableAuth
+ ", serviceName="
+ serviceName
+ ", serviceFQDN="
+ serviceFQDN
+ '}';
String res =
"ClientOptions{"
+ "metaServers='"
+ metaServers
+ '\''
+ ", operationTimeout(ms)="
+ operationTimeout.toMillis()
+ ", asyncWorkers="
+ asyncWorkers
+ ", enablePerfCounter="
+ enablePerfCounter
+ ", falconPerfCounterTags='"
+ falconPerfCounterTags
+ '\''
+ ", falconPushInterval(s)="
+ falconPushInterval.getSeconds()
+ ",enableWriteLimit="
+ enableWriteLimit
+ ", metaQueryTimeout(ms)="
+ metaQueryTimeout.toMillis()
+ ", authProtocol="
+ authProtocol;
if (credential != null) {
res += ", credential=" + credential.toString();
}
return res + '}';
}

/** Builder for {@link ClientOptions}. */
Expand All @@ -239,9 +231,8 @@ public static class Builder {
private Duration falconPushInterval = DEFAULT_FALCON_PUSH_INTERVAL;
private boolean enableWriteLimit = DEFAULT_ENABLE_WRITE_LIMIT;
private Duration metaQueryTimeout = DEFAULT_META_QUERY_TIMEOUT;
private boolean enableAuth = DEFAULT_ENABLE_AUTH;
private String serviceName = DEFAULT_SERVICE_NAME;
private String serviceFQDN = DEFAULT_SERVICE_FQDN;
private String authProtocol = DEFAULT_AUTH_PROTOCOL;
private Credential credential = null;

protected Builder() {}

Expand Down Expand Up @@ -345,37 +336,28 @@ public Builder metaQueryTimeout(Duration metaQueryTimeout) {
}

/**
* Whether to enable authentication. Defaults to {@literal false}, see {@link
* #DEFAULT_ENABLE_AUTH}.
* The authentiation protocol to use. Available protocols are: 1. kerberos; 2.""
*
* @param enableAuth
* @return {@code this}
*/
public Builder enableAuth(boolean enableAuth) {
this.enableAuth = enableAuth;
return this;
}

/**
* service name. Defaults to {@literal ""}, see {@link #DEFAULT_SERVICE_NAME}.
* <p>"" means the authentiation is disabled
*
* @param serviceName
* <p>Defaults to {@literal ""}, See {@link #DEFAULT_AUTH_PROTOCOL}
*
* @param authProtocol authentiation protocol.
* @return {@code this}
*/
public Builder serviceName(String serviceName) {
this.serviceName = serviceName;
public Builder authProtocol(String authProtocol) {
this.authProtocol = authProtocol;
return this;
}

/**
* service full qualified domain name. Defaults to {@literal ""}, see {@link
* #DEFAULT_SERVICE_FQDN}.
* credential info. Defaults to {@literal null}
*
* @param serviceFQDN
* @param credential credential
* @return {@code this}
*/
public Builder serviceFQDN(String serviceFQDN) {
this.serviceFQDN = serviceFQDN;
public Builder credential(Credential credential) {
this.credential = credential;
return this;
}

Expand Down Expand Up @@ -407,9 +389,8 @@ public ClientOptions.Builder mutate() {
.falconPushInterval(getFalconPushInterval())
.enableWriteLimit(isWriteLimitEnabled())
.metaQueryTimeout(getMetaQueryTimeout())
.enableAuth(isEnableAuth())
.serviceName(getServiceName())
.serviceFQDN(getServiceFQDN());
.authProtocol(getAuthProtocol())
.credential(getCredential());
return builder;
}

Expand Down Expand Up @@ -491,29 +472,24 @@ public Duration getMetaQueryTimeout() {
}

/**
* Whether to enable authentication. Defaults to {@literal false}.
* The authentiation protocol to use. Available protocols are: 1. kerberos; 2.""
*
* @return whether to enable authentication.
*/
public boolean isEnableAuth() {
return enableAuth;
}

/**
* service name. Defaults to {@literal ""}.
* <p>"" means the authentiation is disabled
*
* <p>Defaults to {@literal ""}, See {@link #DEFAULT_AUTH_PROTOCOL}
*
* @return service name.
* @return authentiation protocol.
*/
public String getServiceName() {
return serviceName;
public String getAuthProtocol() {
return authProtocol;
}

/**
* service full qualified domain name. Defaults to {@literal ""}.
* credential info. Defaults to {@literal null}
*
* @return service full qualified domain name.
* @return credential
*/
public String getServiceFQDN() {
return serviceFQDN;
public Credential getCredential() {
return credential;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -20,17 +20,17 @@

import com.xiaomi.infra.pegasus.client.ClientOptions;
import com.xiaomi.infra.pegasus.rpc.async.ReplicaSession;
import com.xiaomi.infra.pegasus.security.AuthReplicaSessionInterceptor;
import java.util.ArrayList;
import java.util.List;

public class ReplicaSessionInterceptorManager {
private List<ReplicaSessionInterceptor> interceptors = new ArrayList<>();

public ReplicaSessionInterceptorManager(ClientOptions options) {
if (options.isEnableAuth()) {
ReplicaSessionInterceptor securityInterceptor =
new SecurityReplicaSessionInterceptor(options.getServiceName(), options.getServiceFQDN());
interceptors.add(securityInterceptor);
if (!options.getAuthProtocol().isEmpty()) {
ReplicaSessionInterceptor authInterceptor = new AuthReplicaSessionInterceptor(options);
interceptors.add(authInterceptor);
}
}

Expand Down

This file was deleted.

Loading