From f01abed8a8849a1821d0a5b35317f3d504178049 Mon Sep 17 00:00:00 2001 From: Xin Luo <65529035+luoxiner@users.noreply.github.com> Date: Fri, 20 Sep 2024 13:11:56 +0800 Subject: [PATCH] Changes: Add aliyun ram auth plugin demo and doc (#248) * chore: Add example for aliyun ram auth plugin and improve the doc. * fix: remove invalid test case in auth_by_aliyun_ram --- README.md | 73 +++++++++++++-- examples/aliyun_ram_app.rs | 107 ++++++++++++++++++++++ src/api/plugin/auth/auth_by_aliyun_ram.rs | 11 --- 3 files changed, 173 insertions(+), 18 deletions(-) create mode 100644 examples/aliyun_ram_app.rs diff --git a/README.md b/README.md index 1570dc2..99095a1 100644 --- a/README.md +++ b/README.md @@ -36,10 +36,10 @@ nacos-sdk = { version = "0.4", features = ["default"] } // Attention! "public" is "", it is recommended to customize the namespace with clear meaning. .namespace("") .app_name("simple_app"), - // .auth_username("TODO") - // .auth_password("TODO") + .auth_username("username") + .auth_password("password") ) - // .enable_auth_plugin_http() + .enable_auth_plugin_http() .build()?; // example get a config @@ -79,10 +79,10 @@ nacos-sdk = { version = "0.4", features = ["default"] } // Attention! "public" is "", it is recommended to customize the namespace with clear meaning. .namespace("") .app_name("simple_app"), - // .auth_username("TODO") - // .auth_password("TODO") + .auth_username("username") + .auth_password("password") ) - // .enable_auth_plugin_http() + .enable_auth_plugin_http() .build()?; pub struct ExampleInstanceChangeListener; @@ -121,6 +121,65 @@ See them in `nacos_sdk::api::props::ClientProps` or `nacos_sdk::api::constants:: e.g. - env `NACOS_CLIENT_COMMON_THREAD_CORES` to set nacos-client-thread-pool num, default 1 - env `NACOS_CLIENT_NAMING_PUSH_EMPTY_PROTECTION` for naming empty data notify protection, default true +- env `NACOS_CLIENT_USERNAME` to set http auth username +- env `NACOS_CLIENT_PASSWORD` to set http auth password +- env `NACOS_CLIENT_ACCESS_KEY` to set Aliyun ram access-key +- env `NACOS_CLIENT_SECRET_KEY` to set Aliyun ram access-secret + +### AuthPlugin Features +- > Set access-key, access-secret via Environment variables are recommended. +- auth-by-http + - support http auth via username and password + - how to use + - enable auth-by-http(default is enabled) + ```toml + [dependencies] + nacos-sdk = { version = "0.4", features = ["default"] } + ``` + - Set username and password via environment variables + ```shell + export NACOS_CLIENT_USERNAME=you_username + export NACOS_CLIENT_PASSWORD=you_password + ``` + - Enable auth-by-http in your code + ```rust + ConfigServiceBuilder::new( + ClientProps::new() + .server_addr("localhost:8848")) + .enable_auth_plugin_http() + + NamingServiceBuilder::new( + ClientProps::new() + .server_addr("localhost:8848")) + .enable_auth_plugin_http() + .build() + ``` +- auth-by-aliyun + - support aliyun ram auth via access-key and access-secret + - how to use + - enable auth-by-aliyun feature in toml + ```toml + [dependencies] + nacos-sdk = { version = "0.4", features = ["default", "auth-by-aliyun"] } + ``` + - Set accessKey and secretKey via environment variables + ```shell + export NACOS_CLIENT_ACCESS_KEY=you_access_key + export NACOS_CLIENT_SECRET_KEY=you_secret_key + ``` + - Enable aliyun ram auth plugin in code by enable_auth_plugin_aliyun + ```rust + ConfigServiceBuilder::new( + ClientProps::new() + .server_addr("localhost:8848")) + .enable_auth_plugin_aliyun() + + NamingServiceBuilder::new( + ClientProps::new() + .server_addr("localhost:8848")) + .enable_auth_plugin_aliyun() + .build() + ``` ## 开发说明 - Build with `cargo build` @@ -181,7 +240,7 @@ gRPC 交互的 Payload 和 Metadata 由 `Protocol Buffers` 序列化,具体的 #### Common 通用能力 - [x] 创建参数,自定义传参 + ENV 环境变量读取,后者优先级高;ENV 统一前缀,例如 `NACOS_CLIENT_CONFIG_*` 于配置管理, `NACOS_CLIENT_NAMING_*` 于服务注册 - [x] 通用客户端请求交互,Request/Response 通用 gRPC 逻辑,提供给 Config/Naming -- [x] Auth 鉴权;账密登陆 username/password,TODO accessKey/secretKey +- [x] Auth 鉴权;账密登陆 username/password,阿里云RAM鉴权 accessKey/secretKey - [x] 通用日志,`tracing::info!()` - [ ] Monitor,`opentelemetry` - [ ] 数据落盘与加载(用于服务端宕机弱依赖) diff --git a/examples/aliyun_ram_app.rs b/examples/aliyun_ram_app.rs new file mode 100644 index 0000000..068d667 --- /dev/null +++ b/examples/aliyun_ram_app.rs @@ -0,0 +1,107 @@ +use nacos_sdk::api::config::{ConfigService, ConfigServiceBuilder}; +use nacos_sdk::api::naming::{NamingService, NamingServiceBuilder, ServiceInstance}; +use nacos_sdk::api::props::ClientProps; +use std::time::Duration; +use tokio::time::sleep; + +/// Aliyun Ram plugin support +/// +/// Notice: +/// accessKey and secretKey are sensitive data, don't encode them in you code +/// directly, inject it via environment variables are recommended. +/// +/// Example run preparations: +/// 1. inject you accessKey and secretKey via environment variables by following command +/// export NACOS_CLIENT_ACCESS_KEY=you_access_key +/// export NACOS_CLIENT_SECRET_KEY=you_secret_key +/// +/// 2. run command +/// cargo run --example aliyun_ram_app --features default,auth-by-aliyun + +#[tokio::main] +async fn main() -> Result<(), Box> { + #[cfg(feature = "auth-by-aliyun")] + run_config_demo().await; + + #[cfg(feature = "auth-by-aliyun")] + run_naming_demo().await; + Ok(()) +} + +#[cfg(feature = "auth-by-aliyun")] +async fn run_naming_demo() { + let server_addr = "localhost:8848"; + + /// NamingService + let mut naming_client = NamingServiceBuilder::new(ClientProps::new().server_addr(server_addr)) + .enable_auth_plugin_aliyun() + .build() + .unwrap(); + + let mut instance = ServiceInstance::default(); + instance.ip = "localhost".to_string(); + instance.port = 8080; + + println!("Register localhost:8080 to service(name: test, group: test)"); + naming_client + .register_instance("test".to_owned(), Some("test".to_owned()), instance) + .await + .unwrap(); + + println!("Get All instance from service(name:test, group: test)"); + let instances = naming_client + .get_all_instances( + "test".to_string(), + Some("test".to_string()), + Vec::new(), + false, + ) + .await + .unwrap(); + assert_eq!(1, instances.len()); + assert_eq!("localhost", instances[0].ip); + assert_eq!(8080, instances[0].port); +} + +#[cfg(feature = "auth-by-aliyun")] +async fn run_config_demo() { + let server_addr = "localhost:8848"; + + /// Config service + let mut config_client = ConfigServiceBuilder::new(ClientProps::new().server_addr(server_addr)) + .enable_auth_plugin_aliyun() + .build() + .unwrap(); + + println!( + "Publish config dataId = {}, group = {}, content = {}", + "test", "test", "test=test" + ); + config_client + .publish_config( + "test".to_string(), + "test".to_string(), + "test=test".to_string(), + Some("properties".to_string()), + ) + .await + .unwrap(); + + println!("Waiting..."); + sleep(Duration::from_secs(5)).await; + + let response = config_client + .get_config("test".to_string(), "test".to_string()) + .await + .unwrap(); + println!( + "Get config from nacos for dataId = {}, group = {}, content = {}", + "test", + "test", + response.content() + ); + assert_eq!("test=test", response.content()); + assert_eq!("properties", response.content_type()); + assert_eq!("test", response.group()); + assert_eq!("test", response.data_id()); +} diff --git a/src/api/plugin/auth/auth_by_aliyun_ram.rs b/src/api/plugin/auth/auth_by_aliyun_ram.rs index 79b254b..c6b3f57 100644 --- a/src/api/plugin/auth/auth_by_aliyun_ram.rs +++ b/src/api/plugin/auth/auth_by_aliyun_ram.rs @@ -495,15 +495,6 @@ mod test { ); } - #[test] - fn test_final_signing_key_string_with_default_info() { - let sign_data = calculate_v4_signing_key_util::final_signing_key_string_with_default_info( - "test", - "cn-hangzhou", - ); - assert_eq!("lHVX6NEPs3+EKxO3g2iklCwbseQnAWz5nLce9Lm0Po4=", sign_data) - } - struct TestNamingEventListener { instance_now: ArcSwap>, } @@ -527,8 +518,6 @@ mod test { ClientProps::new() .namespace(std::env::var("NAMESPACE").unwrap_or("".to_string())) .server_addr(std::env::var("SERVER_ADDR").unwrap()) - .auth_ext(ACCESS_KEY, std::env::var("AK").unwrap()) - .auth_ext(ACCESS_SECRET, std::env::var("SK").unwrap()) } fn make_service_instance(ip: &str, port: i32) -> ServiceInstance {