feat:support rls to push xds client

polarismesh · May 26, 2023 · 15f06fe · 15f06fe
1 parent b976465
commit 15f06fe
Show file tree

Hide file tree

Showing 4 changed files with 76 additions and 74 deletions.
diff --git a/auth/auth.go b/auth/auth.go
@@ -48,21 +48,17 @@ type Config struct {
 	Strategy *StrategyConfig `yaml:"strategy"`
 }
 
-func (c *Config) setDefault() {
+func (c *Config) SetDefault() {
 	if c.User == nil {
 		c.User = &UserConfig{
-			Name: DefaultUserMgnPluginName,
-			Option: map[string]interface{}{
-				"": nil,
-			},
+			Name:   DefaultUserMgnPluginName,
+			Option: map[string]interface{}{},
 		}
 	}
 	if c.Strategy == nil {
 		c.Strategy = &StrategyConfig{
-			Name: DefaultStrategyMgnPluginName,
-			Option: map[string]interface{}{
-				"": nil,
-			},
+			Name:   DefaultStrategyMgnPluginName,
+			Option: map[string]interface{}{},
 		}
 	}
 }
@@ -150,7 +146,7 @@ func Initialize(ctx context.Context, authOpt *Config, storage store.Store, cache
 // initialize 包裹了初始化函数，在 Initialize 的时候会在自动调用，全局初始化一次
 func initialize(_ context.Context, authOpt *Config, storage store.Store,
 	cacheMgn *cache.CacheManager) (UserServer, StrategyServer, error) {
-	authOpt.setDefault()
+	authOpt.SetDefault()
 	name := authOpt.User.Name
 	if name == "" {
 		return nil, nil, errors.New("UserServer Name is empty")

diff --git a/auth/defaultauth/auth_checker.go b/auth/defaultauth/auth_checker.go
@@ -64,7 +64,7 @@ func (d *defaultAuthChecker) Initialize(options *auth.Config, s store.Store, cac
 	if len(options.Strategy.Option) > 0 || len(options.User.Option) > 0 {
 		// 判断auth.option是否还有值，有则不兼容
 		if len(options.Option) > 0 {
-			return errors.New("not allow set auth.option when auth.user.option or auth.strategy.option has set")
+			log.Warn("auth.user.option or auth.strategy.option has set, auth.option will ignore")
 		}
 		strategyContentBytes, err = json.Marshal(options.Strategy.Option)
 		if err != nil {

diff --git a/auth/defaultauth/auth_checker_test.go b/auth/defaultauth/auth_checker_test.go
@@ -1114,15 +1114,16 @@ func Test_defaultAuthChecker_Initialize(t *testing.T) {
 	t.Run("使用未迁移至auth.user.option及auth.strategy.option的配置", func(t *testing.T) {
 		reset(true)
 		authChecker := &defaultAuthChecker{}
-		err := authChecker.Initialize(&auth.Config{
-			Name: "",
-			Option: map[string]interface{}{
-				"consoleOpen": true,
-				"clientOpen":  true,
-				"salt":        "polarismesh@2021",
-				"strict":      false,
-			},
-		}, storage, cacheMgn)
+		cfg := &auth.Config{}
+		cfg.SetDefault()
+		cfg.Name = ""
+		cfg.Option = map[string]interface{}{
+			"consoleOpen": true,
+			"clientOpen":  true,
+			"salt":        "polarismesh@2021",
+			"strict":      false,
+		}
+		err := authChecker.Initialize(cfg, storage, cacheMgn)
 		assert.NoError(t, err)
 		assert.Equal(t, &AuthConfig{
 			ConsoleOpen: true,
@@ -1135,20 +1136,23 @@ func Test_defaultAuthChecker_Initialize(t *testing.T) {
 	t.Run("使用完全迁移至auth.user.option及auth.strategy.option的配置", func(t *testing.T) {
 		reset(true)
 		authChecker := &defaultAuthChecker{}
-		err := authChecker.Initialize(&auth.Config{
-			User: &auth.UserConfig{
-				Name:   "",
-				Option: map[string]interface{}{"salt": "polarismesh@2021"},
-			},
-			Strategy: &auth.StrategyConfig{
-				Name: "",
-				Option: map[string]interface{}{
-					"consoleOpen": true,
-					"clientOpen":  true,
-					"strict":      false,
-				},
+
+		cfg := &auth.Config{}
+		cfg.SetDefault()
+		cfg.User = &auth.UserConfig{
+			Name:   "",
+			Option: map[string]interface{}{"salt": "polarismesh@2021"},
+		}
+		cfg.Strategy = &auth.StrategyConfig{
+			Name: "",
+			Option: map[string]interface{}{
+				"consoleOpen": true,
+				"clientOpen":  true,
+				"strict":      false,
 			},
-		}, storage, cacheMgn)
+		}
+
+		err := authChecker.Initialize(cfg, storage, cacheMgn)
 		assert.NoError(t, err)
 		assert.Equal(t, &AuthConfig{
 			ConsoleOpen: true,
@@ -1161,24 +1165,26 @@ func Test_defaultAuthChecker_Initialize(t *testing.T) {
 	t.Run("使用部分迁移至auth.user.option及auth.strategy.option的配置（应当报错）", func(t *testing.T) {
 		reset(true)
 		authChecker := &defaultAuthChecker{}
-		err := authChecker.Initialize(&auth.Config{
-			User: &auth.UserConfig{
-				Name:   "",
-				Option: map[string]interface{}{"salt": "polarismesh@2021"},
-			},
-			Strategy: &auth.StrategyConfig{
-				Name: "",
-				Option: map[string]interface{}{
-					"consoleOpen": true,
-				},
-			},
+		cfg := &auth.Config{}
+		cfg.SetDefault()
+		cfg.Name = ""
+		cfg.Option = map[string]interface{}{
+			"clientOpen": true,
+			"strict":     false,
+		}
+		cfg.User = &auth.UserConfig{
+			Name:   "",
+			Option: map[string]interface{}{"salt": "polarismesh@2021"},
+		}
+		cfg.Strategy = &auth.StrategyConfig{
 			Name: "",
 			Option: map[string]interface{}{
-				"clientOpen": true,
-				"strict":     false,
+				"consoleOpen": true,
 			},
-		}, storage, cacheMgn)
-		assert.Error(t, err)
+		}
+
+		err := authChecker.Initialize(cfg, storage, cacheMgn)
+		assert.NoError(t, err)
 	})
 
 }
diff --git a/release/conf/polaris-server.yaml b/release/conf/polaris-server.yaml
@@ -285,33 +285,33 @@ apiservers:
   #     listenPort: 7779
   #     clusterName: cl5.discover
 # Core logic configuration
-# auth:
-#   # Inspection plug -in
-#   name: defaultAuth
-#   option:
-#     # Token encrypted SALT, you need to rely on this SALT to decrypt the information of the Token when analyzing the Token
-#     # The length of SALT needs to satisfy the following one：len(salt) in [16, 24, 32]
-#     salt: polarismesh@2021
-#     # Console power switch, open default
-#     consoleOpen: true
-#     # Customer inspection ability switch, default shutdown
-#     clientOpen: false
 auth:
-  # auth's option has migrated to auth.user and auth.strategy
-  # it's still available when filling auth.option, but you will receive warning log that auth.option has deprecated.
-  user:
-    name: defaultUser
-    option:
-      # Token encrypted SALT, you need to rely on this SALT to decrypt the information of the Token when analyzing the Token
-      # The length of SALT needs to satisfy the following one：len(salt) in [16, 24, 32]
-      salt: polarismesh@2021
-  strategy:
-    name: defaultStrategy
-    option:
-      # Console power switch, open default
-      consoleOpen: true
-      # Customer inspection ability switch, default close
-      clientOpen: false
+  # Inspection plug -in
+  name: defaultAuth
+  option:
+    # Token encrypted SALT, you need to rely on this SALT to decrypt the information of the Token when analyzing the Token
+    # The length of SALT needs to satisfy the following one：len(salt) in [16, 24, 32]
+    salt: polarismesh@2021
+    # Console power switch, open default
+    consoleOpen: true
+    # Customer inspection ability switch, default shutdown
+    clientOpen: false
+# auth:
+#   # auth's option has migrated to auth.user and auth.strategy
+#   # it's still available when filling auth.option, but you will receive warning log that auth.option has deprecated.
+#   user:
+#     name: defaultUser
+#     option:
+#       # Token encrypted SALT, you need to rely on this SALT to decrypt the information of the Token when analyzing the Token
+#       # The length of SALT needs to satisfy the following one：len(salt) in [16, 24, 32]
+#       salt: polarismesh@2021
+#   strategy:
+#     name: defaultStrategy
+#     option:
+#       # Console power switch, open default
+#       consoleOpen: true
+#       # Customer inspection ability switch, default close
+#       clientOpen: false
 namespace:
   # Whether to allow automatic creation of naming space
   autoCreate: true