diff --git a/polaris-assembly/polaris-assembly-client/src/main/java/com/tencent/polaris/assembly/client/flow/DefaultAssemblyFlow.java b/polaris-assembly/polaris-assembly-client/src/main/java/com/tencent/polaris/assembly/client/flow/DefaultAssemblyFlow.java index 2fc6a559e..b8d7315a1 100644 --- a/polaris-assembly/polaris-assembly-client/src/main/java/com/tencent/polaris/assembly/client/flow/DefaultAssemblyFlow.java +++ b/polaris-assembly/polaris-assembly-client/src/main/java/com/tencent/polaris/assembly/client/flow/DefaultAssemblyFlow.java @@ -17,21 +17,13 @@ package com.tencent.polaris.assembly.client.flow; -import java.util.Collections; -import java.util.List; - import com.tencent.polaris.api.config.Configuration; import com.tencent.polaris.api.config.global.FlowConfig; import com.tencent.polaris.api.plugin.compose.Extensions; import com.tencent.polaris.api.plugin.loadbalance.LoadBalancer; import com.tencent.polaris.api.plugin.route.RouteInfo; import com.tencent.polaris.api.plugin.stat.TraceReporter; -import com.tencent.polaris.api.pojo.Instance; -import com.tencent.polaris.api.pojo.ServiceEventKey; -import com.tencent.polaris.api.pojo.ServiceInfo; -import com.tencent.polaris.api.pojo.ServiceInstances; -import com.tencent.polaris.api.pojo.ServiceKey; -import com.tencent.polaris.api.pojo.SourceService; +import com.tencent.polaris.api.pojo.*; import com.tencent.polaris.api.rpc.RequestBaseEntity; import com.tencent.polaris.api.rpc.ServiceCallResult; import com.tencent.polaris.api.utils.CollectionUtils; @@ -46,6 +38,9 @@ import com.tencent.polaris.client.flow.ResourcesResponse; import com.tencent.polaris.discovery.client.flow.CommonInstancesRequest; +import java.util.Collections; +import java.util.List; + public class DefaultAssemblyFlow implements AssemblyFlow { private SDKContext sdkContext; diff --git a/polaris-assembly/polaris-assembly-factory/pom.xml b/polaris-assembly/polaris-assembly-factory/pom.xml index d0daa3357..b962e1545 100644 --- a/polaris-assembly/polaris-assembly-factory/pom.xml +++ b/polaris-assembly/polaris-assembly-factory/pom.xml @@ -84,6 +84,11 @@ event-logger ${project.version} + + com.tencent.polaris + event-tsf + ${project.version} + diff --git a/polaris-auth/polaris-auth-factory/pom.xml b/polaris-auth/polaris-auth-factory/pom.xml index 22bbf7fe0..e3d60ce4c 100644 --- a/polaris-auth/polaris-auth-factory/pom.xml +++ b/polaris-auth/polaris-auth-factory/pom.xml @@ -20,6 +20,11 @@ polaris-auth-client ${project.version} + + com.tencent.polaris + auth-block-allow-list + ${project.version} + com.tencent.polaris polaris-client diff --git a/polaris-circuitbreaker/polaris-circuitbreaker-factory/pom.xml b/polaris-circuitbreaker/polaris-circuitbreaker-factory/pom.xml index 6ee389974..30bd2bfa4 100644 --- a/polaris-circuitbreaker/polaris-circuitbreaker-factory/pom.xml +++ b/polaris-circuitbreaker/polaris-circuitbreaker-factory/pom.xml @@ -106,6 +106,11 @@ event-logger ${project.version} + + com.tencent.polaris + event-tsf + ${project.version} + diff --git a/polaris-common/polaris-client/src/main/java/com/tencent/polaris/client/flow/BaseFlow.java b/polaris-common/polaris-client/src/main/java/com/tencent/polaris/client/flow/BaseFlow.java index 0bab28256..3aadf48bb 100644 --- a/polaris-common/polaris-client/src/main/java/com/tencent/polaris/client/flow/BaseFlow.java +++ b/polaris-common/polaris-client/src/main/java/com/tencent/polaris/client/flow/BaseFlow.java @@ -297,7 +297,7 @@ private static boolean loadLocalResources(ServiceEventKey svcEventKey, Resources } public static Instance processLoadBalance(LoadBalancer loadBalancer, Criteria criteria, - ServiceInstances dstInstances, List weightAdjusters) throws PolarisException { + ServiceInstances dstInstances, List weightAdjusters) throws PolarisException { if (criteria == null) { criteria = new Criteria(); } @@ -357,6 +357,9 @@ public static void reportFlowEvent(Extensions extensions, FlowEvent flowEvent) { } for (EventReporter eventReporter : eventReporterList) { try { + if (!eventReporter.isEnabled()) { + continue; + } if (!eventReporter.reportEvent(flowEvent)) { LOG.warn("Report event by {} failed. Flow event detail: {}", eventReporter.getName(), flowEvent); } diff --git a/polaris-common/polaris-config-default/src/main/resources/conf/default-config.yml b/polaris-common/polaris-config-default/src/main/resources/conf/default-config.yml index c52f22391..396042b68 100644 --- a/polaris-common/polaris-config-default/src/main/resources/conf/default-config.yml +++ b/polaris-common/polaris-config-default/src/main/resources/conf/default-config.yml @@ -86,6 +86,12 @@ global: #描述: 事件上报插件名列表 reporters: - logger + # 描述:事件上报插件配置 + plugin: + # 描述:TSF 事件上报插件配置 + tsf: + # 描述:TSF 事件上报开关 + enable: false # 描述:Admin相关的配置 admin: # 描述:Admin的监听的IP @@ -286,7 +292,7 @@ consumer: weightAdjust: enable: true chain: - # 开启了服务预热插件,可以支持多个动态权重调整插件同时生效 + # 开启了服务预热插件,可以支持多个动态权重调整插件同时生效 # - warmup # 被调方配置 provider: diff --git a/polaris-common/polaris-encrypt/pom.xml b/polaris-common/polaris-encrypt/pom.xml new file mode 100644 index 000000000..541a5738e --- /dev/null +++ b/polaris-common/polaris-encrypt/pom.xml @@ -0,0 +1,35 @@ + + + + polaris-common + com.tencent.polaris + ${revision} + ../pom.xml + + 4.0.0 + + polaris-encrypt + Polaris Common Encrypt + Polaris Common Encrypt JAR + + + + com.tencent.polaris + polaris-model + ${project.version} + + + org.slf4j + slf4j-api + ${slf4j.version} + provided + + + org.bouncycastle + bcpkix-jdk15to18 + ${bouncycastle.version} + + + \ No newline at end of file diff --git a/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/ConfigEncryptProvider.java b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/ConfigEncryptProvider.java new file mode 100644 index 000000000..b7c0af543 --- /dev/null +++ b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/ConfigEncryptProvider.java @@ -0,0 +1,44 @@ +/* + * Tencent is pleased to support the open source community by making Polaris available. + * + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * + * Licensed under the BSD 3-Clause License (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://opensource.org/licenses/BSD-3-Clause + * + * Unless required by applicable law or agreed to in writing, software distributed + * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR + * CONDITIONS OF ANY KIND, either express or implied. See the License for the + * specific language governing permissions and limitations under the License. + */ + +package com.tencent.polaris.encrypt; + +/** + * TSF 配置加密提供器接口 + * + * @author hongweizhu + */ +public abstract class ConfigEncryptProvider { + + /** + * 加密 + * + * @param content 明文 + * @param password 密码 + * @return 密文 + */ + public abstract String encrypt(String content, String password); + + /** + * 解密 + * + * @param encryptedContent 密文 + * @param password 密码 + * @return 明文 + */ + public abstract String decrypt(String encryptedContent, String password); +} diff --git a/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/ConfigEncryptProviderFactory.java b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/ConfigEncryptProviderFactory.java new file mode 100644 index 000000000..278910a9a --- /dev/null +++ b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/ConfigEncryptProviderFactory.java @@ -0,0 +1,40 @@ +/* + * Tencent is pleased to support the open source community by making Polaris available. + * + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * + * Licensed under the BSD 3-Clause License (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://opensource.org/licenses/BSD-3-Clause + * + * Unless required by applicable law or agreed to in writing, software distributed + * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR + * CONDITIONS OF ANY KIND, either express or implied. See the License for the + * specific language governing permissions and limitations under the License. + */ + +package com.tencent.polaris.encrypt; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class ConfigEncryptProviderFactory { + + private static final Logger log = LoggerFactory.getLogger(ConfigEncryptProviderFactory.class); + + private static ConfigEncryptProvider configEncryptProvider = null; + + public static ConfigEncryptProvider getInstance() { + if (null == configEncryptProvider) { + try { + Class providerClass = Class.forName(EncryptConfig.getProviderClass()); + configEncryptProvider = (ConfigEncryptProvider) providerClass.newInstance(); + } catch (ClassNotFoundException | InstantiationException | IllegalAccessException e) { + log.error("get config encrypt provider error", e); + } + } + return configEncryptProvider; + } +} diff --git a/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/EncryptConfig.java b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/EncryptConfig.java new file mode 100644 index 000000000..1bc02b58e --- /dev/null +++ b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/EncryptConfig.java @@ -0,0 +1,122 @@ +/* + * Tencent is pleased to support the open source community by making Polaris available. + * + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * + * Licensed under the BSD 3-Clause License (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://opensource.org/licenses/BSD-3-Clause + * + * Unless required by applicable law or agreed to in writing, software distributed + * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR + * CONDITIONS OF ANY KIND, either express or implied. See the License for the + * specific language governing permissions and limitations under the License. + */ + +package com.tencent.polaris.encrypt; + +import com.tencent.polaris.api.utils.ClassUtils; +import com.tencent.polaris.api.utils.StringUtils; + +public class EncryptConfig { + + private static final String TSF_PASSWORD_KEY = "tsf_config_encrypt_password"; + + private static final String PASSWORD_KEY = "config_encrypt_password"; + + static { + // TSF 环境变量 + if (null != System.getenv(TSF_PASSWORD_KEY)) { + password = System.getenv(TSF_PASSWORD_KEY); + } + // TSF JVM参数 + if (null != System.getProperty(TSF_PASSWORD_KEY)) { + password = System.getProperty(TSF_PASSWORD_KEY); + } + // 环境变量 + if (null != System.getenv(PASSWORD_KEY)) { + password = System.getenv(PASSWORD_KEY); + } + // JVM参数 + if (null != System.getProperty(PASSWORD_KEY)) { + password = System.getProperty(PASSWORD_KEY); + } + } + + /** + * 加密前缀 + */ + public static String ENCRYPT_PREFIX = "ENC("; + /** + * 加密后缀 + */ + public static String ENCRYPT_SUFFIX = ")"; + + /** + * 密码 + */ + private static String password; + + /** + * 加解密提供器类名 + */ + private static String providerClass = "com.tencent.polaris.encrypt.impl.ConfigEncryptAESProvider"; + + /** + * 是否开启配置,判断 password 是否为空 + */ + public static Boolean getEnabled() { + return StringUtils.isNotBlank(password); + } + + public static String getPassword() { + return EncryptConfig.password; + } + + public static void setPassword(String password) { + EncryptConfig.password = password; + } + + public static ConfigEncryptProvider getProvider() { + return ConfigEncryptProviderFactory.getInstance(); + } + + public static String getProviderClass() { + return providerClass; + } + + public static void setProviderClass(String providerClass) { + EncryptConfig.providerClass = providerClass; + } + + /** + * 是否需要进行解密 + * + * @param content 判断对象 + * @return true:需要解密;false:不需要解密 + */ + public static Boolean needDecrypt(Object content) { + if (null == content || !ClassUtils.isClassPresent("org.bouncycastle.jce.provider.BouncyCastleProvider")) { + return false; + } else { + String stringValue = String.valueOf(content); + return stringValue.startsWith(ENCRYPT_PREFIX) && stringValue.endsWith(ENCRYPT_SUFFIX); + } + } + + /** + * 获取真实密文 + * + * @param content 原始配置值 + * @return 真实密文 + */ + public static String realContent(Object content) { + if (null != content) { + String stringValue = String.valueOf(content); + return stringValue.substring(ENCRYPT_PREFIX.length(), stringValue.length() - ENCRYPT_SUFFIX.length()); + } + return null; + } +} diff --git a/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/impl/ConfigEncryptAESProvider.java b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/impl/ConfigEncryptAESProvider.java new file mode 100644 index 000000000..25ebbe463 --- /dev/null +++ b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/impl/ConfigEncryptAESProvider.java @@ -0,0 +1,48 @@ +/* + * Tencent is pleased to support the open source community by making Polaris available. + * + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * + * Licensed under the BSD 3-Clause License (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://opensource.org/licenses/BSD-3-Clause + * + * Unless required by applicable law or agreed to in writing, software distributed + * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR + * CONDITIONS OF ANY KIND, either express or implied. See the License for the + * specific language governing permissions and limitations under the License. + */ + +package com.tencent.polaris.encrypt.impl; + +import com.tencent.polaris.encrypt.ConfigEncryptProvider; +import com.tencent.polaris.encrypt.util.AESUtil; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class ConfigEncryptAESProvider extends ConfigEncryptProvider { + + private static final Logger log = LoggerFactory.getLogger(ConfigEncryptAESProvider.class); + + @Override + public String encrypt(String content, String password) { + try { + return AESUtil.encrypt(content, password); + } catch (Exception e) { + log.error("[TSF SDK] Error on encrypting.", e); + return content; + } + } + + @Override + public String decrypt(String encryptedContent, String password) { + try { + return AESUtil.decrypt(encryptedContent, password); + } catch (Exception e) { + log.error("[TSF SDK] Error on decrypting.", e); + return encryptedContent; + } + } +} diff --git a/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/util/AESUtil.java b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/util/AESUtil.java new file mode 100644 index 000000000..b97b380e9 --- /dev/null +++ b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/util/AESUtil.java @@ -0,0 +1,174 @@ +/* + * Tencent is pleased to support the open source community by making Polaris available. + * + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * + * Licensed under the BSD 3-Clause License (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://opensource.org/licenses/BSD-3-Clause + * + * Unless required by applicable law or agreed to in writing, software distributed + * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR + * CONDITIONS OF ANY KIND, either express or implied. See the License for the + * specific language governing permissions and limitations under the License. + */ + +package com.tencent.polaris.encrypt.util; + +import com.tencent.polaris.api.exception.ErrorCode; +import com.tencent.polaris.api.exception.PolarisException; +import com.tencent.polaris.api.utils.StringUtils; +import org.bouncycastle.jce.provider.BouncyCastleProvider; + +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; +import java.nio.charset.StandardCharsets; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.security.Security; +import java.util.Base64; + +/** + * @author fabian4, Haotian Zhang + */ +public class AESUtil { + + static { + Security.addProvider(new BouncyCastleProvider()); + } + + /** + * 生成AES128密钥 + */ + public static byte[] generateAesKey() { + KeyGenerator keyGenerator; + try { + keyGenerator = KeyGenerator.getInstance("AES"); + } catch (NoSuchAlgorithmException e) { + throw new PolarisException(ErrorCode.AES_KEY_GENERATE_ERROR, e.getMessage()); + } + SecureRandom secureRandom = new SecureRandom(); + keyGenerator.init(128, secureRandom); + SecretKey secretKey = keyGenerator.generateKey(); + return secretKey.getEncoded(); + } + + /** + * 生成AES256密钥 + * + * @param seed 随机数种子 + */ + public static byte[] generateAesKey(String seed) { + KeyGenerator keyGenerator; + try { + keyGenerator = KeyGenerator.getInstance("AES"); + SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG"); + secureRandom.setSeed(SHA256.encode(seed)); + keyGenerator.init(256, secureRandom); + } catch (NoSuchAlgorithmException e) { + throw new PolarisException(ErrorCode.AES_KEY_GENERATE_ERROR, e.getMessage()); + } + SecretKey secretKey = keyGenerator.generateKey(); + return secretKey.getEncoded(); + } + + /** + * AES加密,AES/CBC/PKCS7Padding + * + * @param content 需要加密的内容 + * @param password 加密密码 + */ + public static String encrypt(String content, byte[] password) { + try { + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC"); + byte[] iv = new byte[cipher.getBlockSize()]; + System.arraycopy(password, 0, iv, 0, cipher.getBlockSize()); + cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(password, "AES"), new IvParameterSpec(iv)); + byte[] bytes = cipher.doFinal(content.getBytes()); + return Base64.getEncoder().encodeToString(bytes); + } catch (Exception e) { + throw new PolarisException(ErrorCode.AES_ENCRYPT_ERROR, e.getMessage(), e); + } + } + + /** + * AES加密,AES/ECB/PKCS7Padding + * + * @param content 明文 + * @param password 密钥 + * @return 密文 + */ + public static String encrypt(String content, String password) { + if (StringUtils.isBlank(password)) { + throw new PolarisException(ErrorCode.AES_ENCRYPT_ERROR, "Password not found."); + } + try { + byte[] enCodeFormat = generateAesKey(password); + // 根据给定的字节数组构造一个密钥。enCodeFormat:密钥内容;"AES":与给定的密钥内容相关联的密钥算法的名称 + SecretKeySpec skSpec = new SecretKeySpec(enCodeFormat, "AES"); + // 创建一个实现指定转换的 Cipher对象,该转换由指定的提供程序提供。 + // "AES/ECB/PKCS7Padding":转换的名称;"BC":提供程序的名称 + Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "BC"); + // 初始化cipher:加密模式 + cipher.init(Cipher.ENCRYPT_MODE, skSpec); + byte[] byteContent = content.getBytes(StandardCharsets.UTF_8); + byte[] cryptograph = cipher.doFinal(byteContent); + byte[] enryptedContent = org.bouncycastle.util.encoders.Base64.encode(cryptograph); + return new String(enryptedContent); + } catch (Exception e) { + throw new PolarisException(ErrorCode.AES_ENCRYPT_ERROR, "Failed encrypt.", e); + } + } + + /** + * AES解密,AES/CBC/PKCS7Padding + * + * @param content 待解密内容 + * @param password 解密密钥 + */ + public static String decrypt(String content, byte[] password) { + try { + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC"); + byte[] iv = new byte[cipher.getBlockSize()]; + System.arraycopy(password, 0, iv, 0, cipher.getBlockSize()); + cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(password, "AES"), new IvParameterSpec(iv)); + byte[] paddingPlaintext = cipher.doFinal(Base64.getDecoder().decode(content)); + return new String(paddingPlaintext); + } catch (Exception e) { + throw new PolarisException(ErrorCode.AES_DECRYPT_ERROR, e.getMessage(), e); + } + } + + /** + * AES解密,AES/ECB/PKCS7Padding + * + * @param encryptedContent 密文 + * @param password 密钥 + * @return 明文 + */ + public static String decrypt(String encryptedContent, String password) { + if (StringUtils.isBlank(password)) { + throw new PolarisException(ErrorCode.AES_DECRYPT_ERROR, "Password not found."); + } + try { + byte[] enCodeFormat = generateAesKey(password); + // 根据给定的字节数组构造一个密钥。enCodeFormat:密钥内容;"AES":与给定的密钥内容相关联的密钥算法的名称 + SecretKeySpec skSpec = new SecretKeySpec(enCodeFormat, "AES"); + // 创建一个实现指定转换的 Cipher对象,该转换由指定的提供程序提供。 + // "AES/ECB/PKCS7Padding":转换的名称;"BC":提供程序的名称 + Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "BC"); + // 初始化cipher:解密模式 + cipher.init(Cipher.DECRYPT_MODE, skSpec); + byte[] result = cipher.doFinal(org.bouncycastle.util.encoders.Base64.decode(encryptedContent.getBytes(StandardCharsets.UTF_8))); + return new String(result); + } catch (Exception e) { + throw new PolarisException(ErrorCode.AES_DECRYPT_ERROR, "Failed decrypt.", e); + } + } + +} diff --git a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/util/RSAUtil.java b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/util/RSAUtil.java similarity index 89% rename from polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/util/RSAUtil.java rename to polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/util/RSAUtil.java index bf6a0068a..b361371ee 100644 --- a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/util/RSAUtil.java +++ b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/util/RSAUtil.java @@ -15,7 +15,7 @@ * specific language governing permissions and limitations under the License. */ -package com.tencent.polaris.plugins.configfilefilter.util; +package com.tencent.polaris.encrypt.util; import com.tencent.polaris.api.exception.ErrorCode; import com.tencent.polaris.api.exception.PolarisException; @@ -24,16 +24,10 @@ import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; -import java.security.InvalidKeyException; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.PublicKey; +import java.security.*; /** - * @author fabian4 - * @date 2023/6/14 + * @author fabian4, Haotian Zhang */ public class RSAUtil { diff --git a/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/util/SHA256.java b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/util/SHA256.java new file mode 100644 index 000000000..b26fe19f4 --- /dev/null +++ b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/util/SHA256.java @@ -0,0 +1,43 @@ +/* + * Tencent is pleased to support the open source community by making Polaris available. + * + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * + * Licensed under the BSD 3-Clause License (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://opensource.org/licenses/BSD-3-Clause + * + * Unless required by applicable law or agreed to in writing, software distributed + * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR + * CONDITIONS OF ANY KIND, either express or implied. See the License for the + * specific language governing permissions and limitations under the License. + */ + +package com.tencent.polaris.encrypt.util; + +import java.nio.charset.StandardCharsets; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; + +/** + * SHA-256摘要算法 + * + * @author hongweizhu + */ +public class SHA256 { + + /** + * 计算SHA-256摘要 + * + * @param content 原文 + * @return 摘要 + * @throws NoSuchAlgorithmException 算法不存在时抛出 + */ + public static byte[] encode(String content) throws NoSuchAlgorithmException { + MessageDigest digester = MessageDigest.getInstance("SHA-256"); + digester.update(content.getBytes(StandardCharsets.UTF_8)); + return digester.digest(); + } +} diff --git a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/test/java/com/tencent/polaris/plugins/configfilefilter/util/AESUtilTest.java b/polaris-common/polaris-encrypt/src/test/java/com/tencent/polaris/encrypt/util/AESUtilTest.java similarity index 58% rename from polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/test/java/com/tencent/polaris/plugins/configfilefilter/util/AESUtilTest.java rename to polaris-common/polaris-encrypt/src/test/java/com/tencent/polaris/encrypt/util/AESUtilTest.java index 53e8ce6d7..100d2ddbd 100644 --- a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/test/java/com/tencent/polaris/plugins/configfilefilter/util/AESUtilTest.java +++ b/polaris-common/polaris-encrypt/src/test/java/com/tencent/polaris/encrypt/util/AESUtilTest.java @@ -15,32 +15,16 @@ * specific language governing permissions and limitations under the License. */ -/* - * Tencent is pleased to support the open source community by making Polaris available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * Licensed under the BSD 3-Clause License (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://opensource.org/licenses/BSD-3-Clause - * - * Unless required by applicable law or agreed to in writing, software distributed - * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR - * CONDITIONS OF ANY KIND, either express or implied. See the License for the - * specific language governing permissions and limitations under the License. - */ - -package com.tencent.polaris.plugins.configfilefilter.util; +package com.tencent.polaris.encrypt.util; import org.junit.Test; import static org.junit.Assert.assertEquals; /** - * @author fabian4 - * @date 2023/6/14 + * Test for {@link AESUtil}. + * + * @author fabian4, Haotian Zhang */ public class AESUtilTest { @@ -52,4 +36,13 @@ public void testAes() { String decrypted = AESUtil.decrypt(encrypted, aesKey); assertEquals(content, decrypted); } + + @Test + public void testAesECB() { + String content = "test content"; + String password = "test password"; + String encrypted = AESUtil.encrypt(content, password); + String decrypted = AESUtil.decrypt(encrypted, password); + assertEquals(content, decrypted); + } } diff --git a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/test/java/com/tencent/polaris/plugins/configfilefilter/util/RSAUtilTest.java b/polaris-common/polaris-encrypt/src/test/java/com/tencent/polaris/encrypt/util/RSAUtilTest.java similarity index 95% rename from polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/test/java/com/tencent/polaris/plugins/configfilefilter/util/RSAUtilTest.java rename to polaris-common/polaris-encrypt/src/test/java/com/tencent/polaris/encrypt/util/RSAUtilTest.java index 3f912fb1f..e030adf5a 100644 --- a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/test/java/com/tencent/polaris/plugins/configfilefilter/util/RSAUtilTest.java +++ b/polaris-common/polaris-encrypt/src/test/java/com/tencent/polaris/encrypt/util/RSAUtilTest.java @@ -15,7 +15,7 @@ * specific language governing permissions and limitations under the License. */ -package com.tencent.polaris.plugins.configfilefilter.util; +package com.tencent.polaris.encrypt.util; import org.junit.Test; diff --git a/polaris-common/pom.xml b/polaris-common/pom.xml index f3c37e929..10f3f44f4 100644 --- a/polaris-common/pom.xml +++ b/polaris-common/pom.xml @@ -24,5 +24,6 @@ polaris-logging polaris-metadata polaris-threadlocal + polaris-encrypt \ No newline at end of file diff --git a/polaris-configuration/polaris-configuration-client/pom.xml b/polaris-configuration/polaris-configuration-client/pom.xml index 481ed1cfd..5c3770358 100644 --- a/polaris-configuration/polaris-configuration-client/pom.xml +++ b/polaris-configuration/polaris-configuration-client/pom.xml @@ -1,7 +1,7 @@ + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> polaris-configuration com.tencent.polaris @@ -20,6 +20,11 @@ polaris-configuration-api ${revision} + + com.tencent.polaris + polaris-encrypt + ${project.version} + com.tencent.polaris polaris-client diff --git a/polaris-configuration/polaris-configuration-client/src/main/java/com/tencent/polaris/configuration/client/internal/ConfigPropertiesFile.java b/polaris-configuration/polaris-configuration-client/src/main/java/com/tencent/polaris/configuration/client/internal/ConfigPropertiesFile.java index 543078c00..839aae94d 100644 --- a/polaris-configuration/polaris-configuration-client/src/main/java/com/tencent/polaris/configuration/client/internal/ConfigPropertiesFile.java +++ b/polaris-configuration/polaris-configuration-client/src/main/java/com/tencent/polaris/configuration/client/internal/ConfigPropertiesFile.java @@ -26,6 +26,7 @@ import com.tencent.polaris.configuration.api.core.*; import com.tencent.polaris.configuration.client.util.ConfigFileUtils; import com.tencent.polaris.configuration.client.util.ConvertFunctions; +import com.tencent.polaris.encrypt.EncryptConfig; import com.tencent.polaris.logging.LoggerFactory; import org.slf4j.Logger; @@ -369,12 +370,15 @@ protected Properties convertToProperties(String content) { } //默认用 properties 格式解析 - convertToProperties(properties, content); + properties = convertToProperties(properties, content); + + // 解密 + decryptProperties(properties); return properties; } - protected void convertToProperties(Properties properties, String content) { + protected Properties convertToProperties(Properties properties, String content) { try { properties.load(new InputStreamReader(new ByteArrayInputStream(content.getBytes()))); } catch (IOException e) { @@ -384,6 +388,26 @@ protected void convertToProperties(Properties properties, String content) { LOGGER.error(msg, e); throw new IllegalStateException(msg); } + return properties; + } + + protected void decryptProperties(Properties properties) { + if (EncryptConfig.getEnabled()) { + // 启用加解密 + for (Map.Entry entry : properties.entrySet()) { + if (EncryptConfig.needDecrypt(entry.getValue())) { + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("Need Decrypt {}: {}", entry.getKey(), entry.getValue()); + } + // 解密配置值 + String decryptedValue = EncryptConfig.getProvider() + .decrypt(EncryptConfig.realContent(entry.getValue()), EncryptConfig.getPassword()); + properties.put(entry.getKey().toString(), decryptedValue); + } else { + properties.put(entry.getKey().toString(), entry.getValue()); + } + } + } } private void fireChangeEvent(ConfigKVFileChangeEvent event) { diff --git a/polaris-configuration/polaris-configuration-client/src/main/java/com/tencent/polaris/configuration/client/internal/ConfigYamlFile.java b/polaris-configuration/polaris-configuration-client/src/main/java/com/tencent/polaris/configuration/client/internal/ConfigYamlFile.java index cd9af6a54..82b1c393a 100644 --- a/polaris-configuration/polaris-configuration-client/src/main/java/com/tencent/polaris/configuration/client/internal/ConfigYamlFile.java +++ b/polaris-configuration/polaris-configuration-client/src/main/java/com/tencent/polaris/configuration/client/internal/ConfigYamlFile.java @@ -20,9 +20,10 @@ import com.tencent.polaris.api.config.configuration.ConfigFileConfig; import com.tencent.polaris.configuration.client.util.YamlParser; import com.tencent.polaris.logging.LoggerFactory; -import java.util.Properties; import org.slf4j.Logger; +import java.util.Properties; + /** * The yaml/yml file. * @@ -36,18 +37,13 @@ public class ConfigYamlFile extends ConfigPropertiesFile { public ConfigYamlFile(String namespace, String fileGroup, String fileName, - ConfigFileRepo configFileRepo, - ConfigFileConfig configFileConfig) { + ConfigFileRepo configFileRepo, + ConfigFileConfig configFileConfig) { super(namespace, fileGroup, fileName, configFileRepo, configFileConfig); } @Override - protected Properties convertToProperties(String content) { - Properties properties = new Properties(); - if (content == null) { - return properties; - } - + protected Properties convertToProperties(Properties properties, String content) { try { properties = YAML_PARSER.yamlToProperties(content); } catch (Throwable t) { @@ -57,7 +53,6 @@ protected Properties convertToProperties(String content) { LOGGER.error(msg, t); throw new IllegalStateException(msg); } - return properties; } } diff --git a/polaris-configuration/polaris-configuration-factory/pom.xml b/polaris-configuration/polaris-configuration-factory/pom.xml index 7593fd776..88fd8f59c 100644 --- a/polaris-configuration/polaris-configuration-factory/pom.xml +++ b/polaris-configuration/polaris-configuration-factory/pom.xml @@ -126,6 +126,11 @@ event-logger ${project.version} + + com.tencent.polaris + event-tsf + ${project.version} + com.tencent.polaris diff --git a/polaris-dependencies/pom.xml b/polaris-dependencies/pom.xml index b24b6434a..ea89e61cd 100644 --- a/polaris-dependencies/pom.xml +++ b/polaris-dependencies/pom.xml @@ -52,6 +52,11 @@ polaris-threadlocal ${project.version} + + com.tencent.polaris + polaris-encrypt + ${project.version} + diff --git a/polaris-discovery/polaris-discovery-factory/pom.xml b/polaris-discovery/polaris-discovery-factory/pom.xml index 84ebe762d..29b7b47b3 100644 --- a/polaris-discovery/polaris-discovery-factory/pom.xml +++ b/polaris-discovery/polaris-discovery-factory/pom.xml @@ -164,6 +164,11 @@ lossless-deregister ${project.version} + + com.tencent.polaris + lossless-warmup + ${project.version} + @@ -178,6 +183,11 @@ event-logger ${project.version} + + com.tencent.polaris + event-tsf + ${project.version} + diff --git a/polaris-factory/pom.xml b/polaris-factory/pom.xml index 5cbea4320..760731276 100644 --- a/polaris-factory/pom.xml +++ b/polaris-factory/pom.xml @@ -1,7 +1,7 @@ + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> polaris-parent com.tencent.polaris @@ -53,6 +53,11 @@ polaris-assembly-factory ${project.version} + + com.tencent.polaris + polaris-auth-factory + ${project.version} + diff --git a/polaris-plugins/polaris-plugin-api/src/main/java/com/tencent/polaris/api/plugin/event/EventReporter.java b/polaris-plugins/polaris-plugin-api/src/main/java/com/tencent/polaris/api/plugin/event/EventReporter.java index aa3a832ed..737001d2a 100644 --- a/polaris-plugins/polaris-plugin-api/src/main/java/com/tencent/polaris/api/plugin/event/EventReporter.java +++ b/polaris-plugins/polaris-plugin-api/src/main/java/com/tencent/polaris/api/plugin/event/EventReporter.java @@ -26,5 +26,7 @@ */ public interface EventReporter extends Plugin { + boolean isEnabled(); + boolean reportEvent(FlowEvent flowEvent); } diff --git a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/CryptoConfigFileFilter.java b/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/CryptoConfigFileFilter.java index 07a267abb..c87faae42 100644 --- a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/CryptoConfigFileFilter.java +++ b/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/CryptoConfigFileFilter.java @@ -17,6 +17,7 @@ package com.tencent.polaris.plugins.configfilefilter; +import com.tencent.polaris.annonation.JustForTest; import com.tencent.polaris.api.config.configuration.ConfigFilterConfig; import com.tencent.polaris.api.config.configuration.CryptoConfig; import com.tencent.polaris.api.exception.PolarisException; @@ -29,7 +30,7 @@ import com.tencent.polaris.api.plugin.configuration.ConfigFileResponse; import com.tencent.polaris.api.plugin.filter.ConfigFileFilter; import com.tencent.polaris.api.plugin.filter.Crypto; -import com.tencent.polaris.annonation.JustForTest; +import com.tencent.polaris.api.utils.ClassUtils; import com.tencent.polaris.factory.config.configuration.CryptoConfigImpl; import com.tencent.polaris.logging.LoggerFactory; import com.tencent.polaris.plugins.configfilefilter.service.RSAService; @@ -61,27 +62,31 @@ public Function doFilter(ConfigFile configFile, return new Function() { @Override public ConfigFileResponse apply(ConfigFile configFile) { - // do before - // Design doc: https://github.com/polarismesh/polaris/issues/966 - configFile.setEncrypted(Boolean.TRUE); - configFile.setPublicKey(rsaService.getPKCS1PublicKey()); - - ConfigFileResponse response = next.apply(configFile); - - // do after - ConfigFile configFileResponse = response.getConfigFile(); - if (response.getCode() == ServerCodes.EXECUTE_SUCCESS) { - String dataKey = configFileResponse.getDataKey(); - if (dataKey == null) { - LOG.info("ConfigFile [namespace: {}, file group: {}, file name: {}] does not have data key. " - + "Return original response.", - configFile.getNamespace(), configFile.getFileGroup(), configFile.getFileName()); - return response; + if (ClassUtils.isClassPresent("org.bouncycastle.asn1.x509.SubjectPublicKeyInfo")) { + // do before + // Design doc: https://github.com/polarismesh/polaris/issues/966 + configFile.setEncrypted(Boolean.TRUE); + configFile.setPublicKey(rsaService.getPKCS1PublicKey()); + + ConfigFileResponse response = next.apply(configFile); + + // do after + ConfigFile configFileResponse = response.getConfigFile(); + if (response.getCode() == ServerCodes.EXECUTE_SUCCESS) { + String dataKey = configFileResponse.getDataKey(); + if (dataKey == null) { + LOG.info("ConfigFile [namespace: {}, file group: {}, file name: {}] does not have data key. " + + "Return original response.", + configFile.getNamespace(), configFile.getFileGroup(), configFile.getFileName()); + return response; + } + byte[] password = rsaService.decrypt(dataKey); + crypto.doDecrypt(configFileResponse, password); } - byte[] password = rsaService.decrypt(dataKey); - crypto.doDecrypt(configFileResponse, password); + return response; + } else { + return next.apply(configFile); } - return response; } }; } diff --git a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/crypto/AESCrypto.java b/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/crypto/AESCrypto.java index 3d19c0600..aaaa69179 100644 --- a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/crypto/AESCrypto.java +++ b/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/crypto/AESCrypto.java @@ -25,7 +25,7 @@ import com.tencent.polaris.api.plugin.compose.Extensions; import com.tencent.polaris.api.plugin.configuration.ConfigFile; import com.tencent.polaris.api.plugin.filter.Crypto; -import com.tencent.polaris.plugins.configfilefilter.util.AESUtil; +import com.tencent.polaris.encrypt.util.AESUtil; /** * AES Crypto 加密 diff --git a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/service/RSAService.java b/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/service/RSAService.java index 16afd880e..b90f66c4c 100644 --- a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/service/RSAService.java +++ b/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/service/RSAService.java @@ -19,7 +19,7 @@ import com.tencent.polaris.api.exception.ErrorCode; import com.tencent.polaris.api.exception.PolarisException; -import com.tencent.polaris.plugins.configfilefilter.util.RSAUtil; +import com.tencent.polaris.encrypt.util.RSAUtil; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; @@ -59,7 +59,7 @@ public String getPKCS1PublicKey() { try { primitive = spkInfo.parsePublicKey(); byte[] publicKeyPKCS1 = primitive.getEncoded(); - return Base64.getEncoder().encodeToString(publicKeyPKCS1); + return Base64.getEncoder().encodeToString(publicKeyPKCS1); } catch (IOException e) { throw new PolarisException(ErrorCode.RSA_KEY_GENERATE_ERROR, e.getMessage()); } diff --git a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/util/AESUtil.java b/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/util/AESUtil.java deleted file mode 100644 index 114019bc5..000000000 --- a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/util/AESUtil.java +++ /dev/null @@ -1,96 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making Polaris available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * Licensed under the BSD 3-Clause License (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://opensource.org/licenses/BSD-3-Clause - * - * Unless required by applicable law or agreed to in writing, software distributed - * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR - * CONDITIONS OF ANY KIND, either express or implied. See the License for the - * specific language governing permissions and limitations under the License. - */ - -package com.tencent.polaris.plugins.configfilefilter.util; - -import com.tencent.polaris.api.exception.ErrorCode; -import com.tencent.polaris.api.exception.PolarisException; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -import javax.crypto.*; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.SecretKeySpec; -import java.security.NoSuchAlgorithmException; -import java.security.SecureRandom; -import java.security.Security; -import java.util.Base64; - -/** - * @author fabian4 - * @date 2023/6/14 - */ -public class AESUtil { - - static { - Security.addProvider(new BouncyCastleProvider()); - } - - /** - * 生成AES密钥 - */ - public static byte[] generateAesKey() { - KeyGenerator keyGenerator; - try { - keyGenerator = KeyGenerator.getInstance("AES"); - } catch (NoSuchAlgorithmException e) { - throw new PolarisException(ErrorCode.AES_KEY_GENERATE_ERROR, e.getMessage()); - } - SecureRandom secureRandom = new SecureRandom(); - keyGenerator.init(128, secureRandom); - SecretKey secretKey = keyGenerator.generateKey(); - return secretKey.getEncoded(); - } - - /** - * AES加密 - * - * @param content 需要加密的内容 - * @param password 加密密码 - */ - public static String encrypt(String content, byte[] password) { - try { - Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC"); - byte[] iv = new byte[cipher.getBlockSize()]; - System.arraycopy(password, 0, iv, 0, cipher.getBlockSize()); - cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(password, "AES"), new IvParameterSpec(iv)); - byte[] bytes = cipher.doFinal(content.getBytes()); - return Base64.getEncoder().encodeToString(bytes); - } catch (Exception e) { - throw new PolarisException(ErrorCode.AES_ENCRYPT_ERROR, e.getMessage(), e); - } - } - - /** - * AES解密 - * - * @param content 待解密内容 - * @param password 解密密钥 - */ - public static String decrypt(String content, byte[] password) { - try { - Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC"); - byte[] iv = new byte[cipher.getBlockSize()]; - System.arraycopy(password, 0, iv, 0, cipher.getBlockSize()); - cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(password, "AES"), new IvParameterSpec(iv)); - byte[] paddingPlaintext = cipher.doFinal(Base64.getDecoder().decode(content)); - return new String(paddingPlaintext); - } catch (Exception e) { - throw new PolarisException(ErrorCode.AES_DECRYPT_ERROR, e.getMessage(), e); - } - } - -} diff --git a/polaris-plugins/polaris-plugins-connector/connector-consul/src/main/java/com/tencent/polaris/plugins/connector/consul/service/router/RoutingService.java b/polaris-plugins/polaris-plugins-connector/connector-consul/src/main/java/com/tencent/polaris/plugins/connector/consul/service/router/RoutingService.java index 3bbd0cd15..af03bba48 100644 --- a/polaris-plugins/polaris-plugins-connector/connector-consul/src/main/java/com/tencent/polaris/plugins/connector/consul/service/router/RoutingService.java +++ b/polaris-plugins/polaris-plugins-connector/connector-consul/src/main/java/com/tencent/polaris/plugins/connector/consul/service/router/RoutingService.java @@ -201,31 +201,66 @@ private List parseResponse(final HttpResponse response, Stri RoutingProto.Route.Builder routeBuilder = RoutingProto.Route.newBuilder(); routeBuilder.putExtendInfo(ROUTER_FAULT_TOLERANCE_ENABLE, String.valueOf(routeRuleGroup.getFallbackStatus())); // parse sources - List sources = Lists.newArrayList(); - RoutingProto.Source.Builder sourceBuilder = RoutingProto.Source.newBuilder(); - sourceBuilder.setNamespace(StringValue.of("*")); - sourceBuilder.setService(StringValue.of("*")); + List sources = new ArrayList<>(); + List sourceBuilders = new ArrayList<>(); + List metadataSourceBuilders = new ArrayList<>(); if (CollectionUtils.isNotEmpty(routeRule.getTagList())) { for (RouteTag routeTag : routeRule.getTagList()) { if (StringUtils.equals(routeTag.getTagField(), TagConstant.SYSTEM_FIELD.SOURCE_SERVICE_NAME)) { - sourceBuilder.setService(StringValue.of(routeTag.getTagValue())); + String[] tagValues = routeTag.getTagValue().split(","); + for (String tagValue : tagValues) { + if (StringUtils.isNotEmpty(tagValue)) { + RoutingProto.Source.Builder sourceBuilder = RoutingProto.Source.newBuilder(); + sourceBuilder.setNamespace(StringValue.of("*")); + String serviceName = tagValue; + if (routeTag.getTagOperator().equals(TagConstant.OPERATOR.NOT_EQUAL) || routeTag.getTagOperator().equals(TagConstant.OPERATOR.NOT_IN)) { + serviceName = "!" + serviceName; + } + sourceBuilder.setService(StringValue.of(serviceName)); + sourceBuilders.add(sourceBuilder); + } + } } else if (StringUtils.equals(routeTag.getTagField(), TagConstant.SYSTEM_FIELD.SOURCE_NAMESPACE_SERVICE_NAME)) { - String[] split = routeTag.getTagValue().split("/"); - if (split.length == 2) { - sourceBuilder.setNamespace(StringValue.of(split[0])); - sourceBuilder.setService(StringValue.of(split[1])); + String[] tagValues = routeTag.getTagValue().split(","); + for (String tagValue : tagValues) { + if (StringUtils.isNotEmpty(tagValue)) { + String[] split = tagValue.split("/"); + RoutingProto.Source.Builder sourceBuilder = RoutingProto.Source.newBuilder(); + sourceBuilder.setNamespace(StringValue.of("*")); + String serviceName = tagValue; + if (split.length == 2) { + serviceName = split[1]; + } + if (routeTag.getTagOperator().equals(TagConstant.OPERATOR.NOT_EQUAL) || routeTag.getTagOperator().equals(TagConstant.OPERATOR.NOT_IN)) { + serviceName = "!" + serviceName; + } else if (routeTag.getTagOperator().equals(TagConstant.OPERATOR.REGEX)) { + serviceName = "*" + serviceName; + } + sourceBuilder.setService(StringValue.of(serviceName)); + sourceBuilders.add(sourceBuilder); + } } } else { + RoutingProto.Source.Builder metadataSourceBuilder = RoutingProto.Source.newBuilder(); + metadataSourceBuilder.setNamespace(StringValue.of("*")); + metadataSourceBuilder.setService(StringValue.of("*")); ModelProto.MatchString.Builder matchStringBuilder = ModelProto.MatchString.newBuilder(); matchStringBuilder.setType(parseMatchStringType(routeTag)); matchStringBuilder.setValue(StringValue.of(routeTag.getTagValue())); matchStringBuilder.setValueType(ModelProto.MatchString.ValueType.TEXT); String metadataKey = routeTag.getTagField(); - sourceBuilder.putMetadata(parseMetadataKey(metadataKey), matchStringBuilder.build()); + metadataSourceBuilder.putMetadata(parseMetadataKey(metadataKey), matchStringBuilder.build()); + metadataSourceBuilders.add(metadataSourceBuilder); + } + } + for (RoutingProto.Source.Builder sourceBuilder : sourceBuilders) { + for (RoutingProto.Source.Builder metadataSourceBuilder : metadataSourceBuilders) { + sourceBuilder.putAllMetadata(metadataSourceBuilder.getMetadataMap()); } + sources.add(sourceBuilder.build()); } } - sources.add(sourceBuilder.build()); + // parse destinations List destinations = Lists.newArrayList(); for (RouteDest routeDest : routeRule.getDestList()) { diff --git a/polaris-plugins/polaris-plugins-observability/event-logger/src/main/java/com/tencent/polaris/plugins/event/logger/LoggerEventReporter.java b/polaris-plugins/polaris-plugins-observability/event-logger/src/main/java/com/tencent/polaris/plugins/event/logger/LoggerEventReporter.java index a1dd2ea2c..b296cb4be 100644 --- a/polaris-plugins/polaris-plugins-observability/event-logger/src/main/java/com/tencent/polaris/plugins/event/logger/LoggerEventReporter.java +++ b/polaris-plugins/polaris-plugins-observability/event-logger/src/main/java/com/tencent/polaris/plugins/event/logger/LoggerEventReporter.java @@ -41,6 +41,11 @@ public class LoggerEventReporter implements EventReporter { private static final Logger EVENT_LOG = LoggerFactory.getLogger(LOGGING_EVENT); private static final Logger LOG = LoggerFactory.getLogger(LoggerEventReporter.class); + @Override + public boolean isEnabled() { + return true; + } + @Override public boolean reportEvent(FlowEvent flowEvent) { try { diff --git a/polaris-plugins/polaris-plugins-observability/event-tsf/src/main/java/com/tencent/polaris/plugins/event/tsf/TsfEventReporter.java b/polaris-plugins/polaris-plugins-observability/event-tsf/src/main/java/com/tencent/polaris/plugins/event/tsf/TsfEventReporter.java index 30c693dca..439022bee 100644 --- a/polaris-plugins/polaris-plugins-observability/event-tsf/src/main/java/com/tencent/polaris/plugins/event/tsf/TsfEventReporter.java +++ b/polaris-plugins/polaris-plugins-observability/event-tsf/src/main/java/com/tencent/polaris/plugins/event/tsf/TsfEventReporter.java @@ -21,6 +21,8 @@ import com.google.gson.GsonBuilder; import com.tencent.polaris.api.config.global.EventReporterConfig; import com.tencent.polaris.api.config.plugin.DefaultPlugins; +import com.tencent.polaris.api.config.plugin.PluginConfigProvider; +import com.tencent.polaris.api.config.verify.Verifier; import com.tencent.polaris.api.exception.PolarisException; import com.tencent.polaris.api.plugin.PluginType; import com.tencent.polaris.api.plugin.common.InitContext; @@ -66,7 +68,7 @@ /** * @author Haotian Zhang */ -public class TsfEventReporter implements EventReporter { +public class TsfEventReporter implements EventReporter, PluginConfigProvider { private static final Logger LOG = LoggerFactory.getLogger(TsfEventReporter.class); @@ -90,6 +92,11 @@ public class TsfEventReporter implements EventReporter { protected ScheduledExecutorService reportEventExecutors = Executors.newScheduledThreadPool(1, new NamedThreadFactory("event-tsf-report")); + @Override + public boolean isEnabled() { + return tsfEventReporterConfig.isEnable(); + } + @Override public boolean reportEvent(FlowEvent flowEvent) { if (flowEvent.getEventType().equals(ServiceEventKey.EventType.CIRCUIT_BREAKING)) { @@ -220,6 +227,11 @@ public String getName() { return DefaultPlugins.TSF_EVENT_REPORTER_TYPE; } + @Override + public Class getPluginConfigClazz() { + return TsfEventReporterConfig.class; + } + @Override public PluginType getType() { return PluginTypes.EVENT_REPORTER.getBaseType(); @@ -233,7 +245,10 @@ public void init(InitContext ctx) throws PolarisException { if (StringUtils.equals(getName(), reporter)) { this.tsfEventReporterConfig = ctx.getConfig().getGlobal().getEventReporter() .getPluginConfig(getName(), TsfEventReporterConfig.class); - init = false; + if (tsfEventReporterConfig.isEnable()) { + init = false; + } + return; } } } diff --git a/polaris-plugins/polaris-plugins-observability/event-tsf/src/main/java/com/tencent/polaris/plugins/event/tsf/TsfEventReporterConfig.java b/polaris-plugins/polaris-plugins-observability/event-tsf/src/main/java/com/tencent/polaris/plugins/event/tsf/TsfEventReporterConfig.java index c473ec0ae..2254d330b 100644 --- a/polaris-plugins/polaris-plugins-observability/event-tsf/src/main/java/com/tencent/polaris/plugins/event/tsf/TsfEventReporterConfig.java +++ b/polaris-plugins/polaris-plugins-observability/event-tsf/src/main/java/com/tencent/polaris/plugins/event/tsf/TsfEventReporterConfig.java @@ -10,6 +10,9 @@ */ public class TsfEventReporterConfig implements Verifier { + @JsonProperty + private Boolean enable; + @JsonProperty private String eventMasterIp; @@ -39,21 +42,28 @@ public class TsfEventReporterConfig implements Verifier { @Override public void verify() { - ConfigUtils.validateString(eventMasterIp, "global.eventReporter.plugins.tsf.eventMasterIp"); - ConfigUtils.validatePositiveInteger(eventMasterPort, "global.eventReporter.plugins.tsf.eventMasterPort"); - ConfigUtils.validateString(appId, "global.eventReporter.plugins.tsf.appId"); - ConfigUtils.validateString(region, "global.eventReporter.plugins.tsf.region"); - ConfigUtils.validateString(instanceId, "global.eventReporter.plugins.tsf.instanceId"); - ConfigUtils.validateString(tsfNamespaceId, "global.eventReporter.plugins.tsf.tsfNamespaceId"); - ConfigUtils.validateString(serviceName, "global.eventReporter.plugins.tsf.serviceName"); - ConfigUtils.validateString(token, "global.eventReporter.plugins.tsf.token"); - ConfigUtils.validateString(applicationId, "global.eventReporter.plugins.tsf.applicationId"); + ConfigUtils.validateNull(enable, "global.eventReporter.plugin.tsf.enable"); + if (!enable) { + return; + } + ConfigUtils.validateString(eventMasterIp, "global.eventReporter.plugin.tsf.eventMasterIp"); + ConfigUtils.validatePositiveInteger(eventMasterPort, "global.eventReporter.plugin.tsf.eventMasterPort"); + ConfigUtils.validateString(appId, "global.eventReporter.plugin.tsf.appId"); + ConfigUtils.validateString(region, "global.eventReporter.plugin.tsf.region"); + ConfigUtils.validateString(instanceId, "global.eventReporter.plugin.tsf.instanceId"); + ConfigUtils.validateString(tsfNamespaceId, "global.eventReporter.plugin.tsf.tsfNamespaceId"); + ConfigUtils.validateString(serviceName, "global.eventReporter.plugin.tsf.serviceName"); + ConfigUtils.validateString(token, "global.eventReporter.plugin.tsf.token"); + ConfigUtils.validateString(applicationId, "global.eventReporter.plugin.tsf.applicationId"); } @Override public void setDefault(Object defaultObject) { if (defaultObject instanceof TsfEventReporterConfig) { TsfEventReporterConfig tsfEventReporterConfig = (TsfEventReporterConfig) defaultObject; + if (null == enable) { + setEnable(tsfEventReporterConfig.isEnable()); + } if (StringUtils.isBlank(eventMasterIp)) { setEventMasterIp(tsfEventReporterConfig.getEventMasterIp()); } @@ -84,6 +94,17 @@ public void setDefault(Object defaultObject) { } } + public boolean isEnable() { + if (null == enable) { + enable = false; + } + return enable; + } + + public void setEnable(boolean enable) { + this.enable = enable; + } + public String getEventMasterIp() { return eventMasterIp; } @@ -155,4 +176,20 @@ public String getApplicationId() { public void setApplicationId(String applicationId) { this.applicationId = applicationId; } + + @Override + public String toString() { + return "TsfEventReporterConfig{" + + "enable=" + enable + + ", eventMasterIp='" + eventMasterIp + '\'' + + ", eventMasterPort=" + eventMasterPort + + ", appId='" + appId + '\'' + + ", region='" + region + '\'' + + ", instanceId='" + instanceId + '\'' + + ", tsfNamespaceId='" + tsfNamespaceId + '\'' + + ", serviceName='" + serviceName + '\'' + + ", token='" + token + '\'' + + ", applicationId='" + applicationId + '\'' + + '}'; + } } diff --git a/polaris-plugins/polaris-plugins-observability/trace-otel/src/main/java/com/tencent/polaris/plugins/stat/otel/OtelTraceReporter.java b/polaris-plugins/polaris-plugins-observability/trace-otel/src/main/java/com/tencent/polaris/plugins/stat/otel/OtelTraceReporter.java index 41488f955..3daf45241 100644 --- a/polaris-plugins/polaris-plugins-observability/trace-otel/src/main/java/com/tencent/polaris/plugins/stat/otel/OtelTraceReporter.java +++ b/polaris-plugins/polaris-plugins-observability/trace-otel/src/main/java/com/tencent/polaris/plugins/stat/otel/OtelTraceReporter.java @@ -17,8 +17,6 @@ package com.tencent.polaris.plugins.stat.otel; -import java.util.Map; - import com.tencent.polaris.api.config.global.TraceReporterConfig; import com.tencent.polaris.api.exception.PolarisException; import com.tencent.polaris.api.plugin.PluginType; @@ -34,6 +32,8 @@ import io.opentelemetry.api.trace.Span; import org.slf4j.Logger; +import java.util.Map; + public class OtelTraceReporter implements TraceReporter { private static final Logger LOGGER = LoggerFactory.getLogger(PolarisLogging.class); diff --git a/polaris-plugins/polaris-plugins-router/router-rule/src/main/java/com/tencent/polaris/plugins/router/rule/RuleBasedRouter.java b/polaris-plugins/polaris-plugins-router/router-rule/src/main/java/com/tencent/polaris/plugins/router/rule/RuleBasedRouter.java index fa7a8c029..572060d32 100644 --- a/polaris-plugins/polaris-plugins-router/router-rule/src/main/java/com/tencent/polaris/plugins/router/rule/RuleBasedRouter.java +++ b/polaris-plugins/polaris-plugins-router/router-rule/src/main/java/com/tencent/polaris/plugins/router/rule/RuleBasedRouter.java @@ -44,6 +44,7 @@ import org.slf4j.Logger; import java.util.*; +import java.util.regex.Pattern; import static com.tencent.polaris.api.plugin.cache.CacheConstants.API_ID; import static com.tencent.polaris.api.plugin.route.RouterConstants.ROUTER_FAULT_TOLERANCE_ENABLE; @@ -133,11 +134,28 @@ private boolean matchSource(List sources, Service sourceSer continue; } - if (!RuleUtils.MATCH_ALL.equals(source.getService().getValue()) && !source.getService() - .getValue().equals(sourceService.getService())) { + String service = source.getService().getValue(); + if (!RuleUtils.MATCH_ALL.equals(service) && !StringUtils.startsWith(service, "!") + && !StringUtils.startsWith(service, "*") + && !StringUtils.equals(service, sourceService.getService())) { matched = false; continue; } + if (!RuleUtils.MATCH_ALL.equals(service) && StringUtils.startsWith(service, "!")) { + String realService = StringUtils.substring(service, 1); + if (StringUtils.equals(realService, sourceService.getService())) { + matched = false; + continue; + } + } + if (!RuleUtils.MATCH_ALL.equals(service) && StringUtils.startsWith(service, "*")) { + String regex = StringUtils.substring(service, 1); + Pattern pattern = Pattern.compile(regex); + if (!pattern.matcher(sourceService.getService()).find()) { + matched = false; + continue; + } + } } } diff --git a/polaris-ratelimit/polaris-ratelimit-factory/pom.xml b/polaris-ratelimit/polaris-ratelimit-factory/pom.xml index 207c768ed..10f673240 100644 --- a/polaris-ratelimit/polaris-ratelimit-factory/pom.xml +++ b/polaris-ratelimit/polaris-ratelimit-factory/pom.xml @@ -113,6 +113,11 @@ event-logger ${project.version} + + com.tencent.polaris + event-tsf + ${project.version} + com.tencent.polaris