Merge branch 'refs/heads/upstream-develop' into v3.0-develop-sync

alibaba · Nov 4, 2024 · 8aab967 · 8aab967
2 parents 5bdb5c1 + e2d44f2
commit 8aab967
Show file tree

Hide file tree

Showing 51 changed files with 4,811 additions and 947 deletions.
diff --git a/auth/src/main/java/com/alibaba/nacos/auth/AbstractProtocolAuthService.java b/auth/src/main/java/com/alibaba/nacos/auth/AbstractProtocolAuthService.java
@@ -29,6 +29,7 @@
 import com.alibaba.nacos.plugin.auth.spi.server.AuthPluginService;
 
 import java.util.Optional;
+import java.util.Properties;
 
 /**
  * Abstract protocol auth service.
@@ -84,7 +85,11 @@ public boolean validateAuthority(IdentityContext identityContext, Permission per
      * @return resource
      */
     protected Resource parseSpecifiedResource(Secured secured) {
-        return new Resource(null, null, secured.resource(), SignType.SPECIFIED, null);
+        Properties properties = new Properties();
+        for (String each : secured.tags()) {
+            properties.put(each, each);
+        }
+        return new Resource(null, null, secured.resource(), SignType.SPECIFIED, properties);
     }
 
     /**

diff --git a/auth/src/test/java/com/alibaba/nacos/auth/GrpcProtocolAuthServiceTest.java b/auth/src/test/java/com/alibaba/nacos/auth/GrpcProtocolAuthServiceTest.java
@@ -21,6 +21,7 @@
 import com.alibaba.nacos.auth.annotation.Secured;
 import com.alibaba.nacos.auth.config.AuthConfigs;
 import com.alibaba.nacos.auth.mock.MockAuthPluginService;
+import com.alibaba.nacos.auth.mock.MockResourceParser;
 import com.alibaba.nacos.plugin.auth.api.IdentityContext;
 import com.alibaba.nacos.plugin.auth.api.Permission;
 import com.alibaba.nacos.plugin.auth.api.Resource;
@@ -85,7 +86,8 @@ void testParseResourceWithSpecifiedResource() throws NoSuchMethodException {
         assertEquals(SignType.SPECIFIED, actual.getType());
         assertNull(actual.getNamespaceId());
         assertNull(actual.getGroup());
-        assertNull(actual.getProperties());
+        assertNotNull(actual.getProperties());
+        assertTrue(actual.getProperties().isEmpty());
     }
 
     @Test
@@ -96,6 +98,14 @@ void testParseResourceWithNonExistType() throws NoSuchMethodException {
         assertEquals(Resource.EMPTY_RESOURCE, actual);
     }
 
+    @Test
+    @Secured(signType = "non-exist", parser = MockResourceParser.class)
+    void testParseResourceWithNonExistTypeException() throws NoSuchMethodException {
+        Secured secured = getMethodSecure("testParseResourceWithNonExistTypeException");
+        Resource actual = protocolAuthService.parseResource(namingRequest, secured);
+        assertEquals(Resource.EMPTY_RESOURCE, actual);
+    }
+
     @Test
     @Secured()
     void testParseResourceWithNamingType() throws NoSuchMethodException {
@@ -152,6 +162,22 @@ void testValidateAuthorityWithPlugin() throws AccessException {
                 new Permission(Resource.EMPTY_RESOURCE, "")));
     }
 
+    @Test
+    @Secured(signType = SignType.CONFIG)
+    void testEnabledAuthWithPlugin() throws NoSuchMethodException {
+        Mockito.when(authConfigs.getNacosAuthSystemType()).thenReturn(MockAuthPluginService.TEST_PLUGIN);
+        Secured secured = getMethodSecure("testEnabledAuthWithPlugin");
+        assertTrue(protocolAuthService.enableAuth(secured));
+    }
+
+    @Test
+    @Secured(signType = SignType.CONFIG)
+    void testEnabledAuthWithoutPlugin() throws NoSuchMethodException {
+        Mockito.when(authConfigs.getNacosAuthSystemType()).thenReturn("non-exist-plugin");
+        Secured secured = getMethodSecure("testEnabledAuthWithoutPlugin");
+        assertFalse(protocolAuthService.enableAuth(secured));
+    }
+
     private Secured getMethodSecure(String methodName) throws NoSuchMethodException {
         Method method = GrpcProtocolAuthServiceTest.class.getDeclaredMethod(methodName);
         return method.getAnnotation(Secured.class);

diff --git a/auth/src/test/java/com/alibaba/nacos/auth/HttpProtocolAuthServiceTest.java b/auth/src/test/java/com/alibaba/nacos/auth/HttpProtocolAuthServiceTest.java
@@ -21,6 +21,7 @@
 import com.alibaba.nacos.auth.annotation.Secured;
 import com.alibaba.nacos.auth.config.AuthConfigs;
 import com.alibaba.nacos.auth.mock.MockAuthPluginService;
+import com.alibaba.nacos.auth.mock.MockResourceParser;
 import com.alibaba.nacos.plugin.auth.api.IdentityContext;
 import com.alibaba.nacos.plugin.auth.api.Permission;
 import com.alibaba.nacos.plugin.auth.api.Resource;
@@ -56,12 +57,12 @@ class HttpProtocolAuthServiceTest {
     @Mock
     private HttpServletRequest request;
 
-    private HttpProtocolAuthService httpProtocolAuthService;
+    private HttpProtocolAuthService protocolAuthService;
 
     @BeforeEach
     void setUp() throws Exception {
-        httpProtocolAuthService = new HttpProtocolAuthService(authConfigs);
-        httpProtocolAuthService.initialize();
+        protocolAuthService = new HttpProtocolAuthService(authConfigs);
+        protocolAuthService.initialize();
         Mockito.when(request.getParameter(eq(CommonParams.NAMESPACE_ID))).thenReturn("testNNs");
         Mockito.when(request.getParameter(eq(CommonParams.GROUP_NAME))).thenReturn("testNG");
         Mockito.when(request.getParameter(eq(CommonParams.SERVICE_NAME))).thenReturn("testS");
@@ -71,30 +72,40 @@ void setUp() throws Exception {
     }
 
     @Test
-    @Secured(resource = "testResource")
+    @Secured(resource = "testResource", tags = {"testTag"})
     void testParseResourceWithSpecifiedResource() throws NoSuchMethodException {
         Secured secured = getMethodSecure("testParseResourceWithSpecifiedResource");
-        Resource actual = httpProtocolAuthService.parseResource(request, secured);
+        Resource actual = protocolAuthService.parseResource(request, secured);
         assertEquals("testResource", actual.getName());
         assertEquals(SignType.SPECIFIED, actual.getType());
         assertNull(actual.getNamespaceId());
         assertNull(actual.getGroup());
-        assertNull(actual.getProperties());
+        assertNotNull(actual.getProperties());
+        assertEquals(1, actual.getProperties().size());
+        assertEquals("testTag", actual.getProperties().get("testTag"));
     }
 
     @Test
     @Secured(signType = "non-exist")
     void testParseResourceWithNonExistType() throws NoSuchMethodException {
         Secured secured = getMethodSecure("testParseResourceWithNonExistType");
-        Resource actual = httpProtocolAuthService.parseResource(request, secured);
+        Resource actual = protocolAuthService.parseResource(request, secured);
+        assertEquals(Resource.EMPTY_RESOURCE, actual);
+    }
+
+    @Test
+    @Secured(signType = "non-exist", parser = MockResourceParser.class)
+    void testParseResourceWithNonExistTypeException() throws NoSuchMethodException {
+        Secured secured = getMethodSecure("testParseResourceWithNonExistTypeException");
+        Resource actual = protocolAuthService.parseResource(request, secured);
         assertEquals(Resource.EMPTY_RESOURCE, actual);
     }
 
     @Test
     @Secured()
     void testParseResourceWithNamingType() throws NoSuchMethodException {
         Secured secured = getMethodSecure("testParseResourceWithNamingType");
-        Resource actual = httpProtocolAuthService.parseResource(request, secured);
+        Resource actual = protocolAuthService.parseResource(request, secured);
         assertEquals(SignType.NAMING, actual.getType());
         assertEquals("testS", actual.getName());
         assertEquals("testNNs", actual.getNamespaceId());
@@ -106,7 +117,7 @@ void testParseResourceWithNamingType() throws NoSuchMethodException {
     @Secured(signType = SignType.CONFIG)
     void testParseResourceWithConfigType() throws NoSuchMethodException {
         Secured secured = getMethodSecure("testParseResourceWithConfigType");
-        Resource actual = httpProtocolAuthService.parseResource(request, secured);
+        Resource actual = protocolAuthService.parseResource(request, secured);
         assertEquals(SignType.CONFIG, actual.getType());
         assertEquals("testD", actual.getName());
         assertEquals("testNNs", actual.getNamespaceId());
@@ -116,36 +127,52 @@ void testParseResourceWithConfigType() throws NoSuchMethodException {
 
     @Test
     void testParseIdentity() {
-        IdentityContext actual = httpProtocolAuthService.parseIdentity(request);
+        IdentityContext actual = protocolAuthService.parseIdentity(request);
         assertNotNull(actual);
     }
 
     @Test
     void testValidateIdentityWithoutPlugin() throws AccessException {
         IdentityContext identityContext = new IdentityContext();
-        assertTrue(httpProtocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE));
+        assertTrue(protocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE));
     }
 
     @Test
     void testValidateIdentityWithPlugin() throws AccessException {
         Mockito.when(authConfigs.getNacosAuthSystemType()).thenReturn(MockAuthPluginService.TEST_PLUGIN);
         IdentityContext identityContext = new IdentityContext();
-        assertFalse(httpProtocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE));
+        assertFalse(protocolAuthService.validateIdentity(identityContext, Resource.EMPTY_RESOURCE));
     }
 
     @Test
     void testValidateAuthorityWithoutPlugin() throws AccessException {
-        assertTrue(httpProtocolAuthService.validateAuthority(new IdentityContext(),
+        assertTrue(protocolAuthService.validateAuthority(new IdentityContext(),
                 new Permission(Resource.EMPTY_RESOURCE, "")));
     }
 
     @Test
     void testValidateAuthorityWithPlugin() throws AccessException {
         Mockito.when(authConfigs.getNacosAuthSystemType()).thenReturn(MockAuthPluginService.TEST_PLUGIN);
-        assertFalse(httpProtocolAuthService.validateAuthority(new IdentityContext(),
+        assertFalse(protocolAuthService.validateAuthority(new IdentityContext(),
                 new Permission(Resource.EMPTY_RESOURCE, "")));
     }
 
+    @Test
+    @Secured(signType = SignType.CONFIG)
+    void testEnabledAuthWithPlugin() throws NoSuchMethodException {
+        Mockito.when(authConfigs.getNacosAuthSystemType()).thenReturn(MockAuthPluginService.TEST_PLUGIN);
+        Secured secured = getMethodSecure("testEnabledAuthWithPlugin");
+        assertTrue(protocolAuthService.enableAuth(secured));
+    }
+
+    @Test
+    @Secured(signType = SignType.CONFIG)
+    void testEnabledAuthWithoutPlugin() throws NoSuchMethodException {
+        Mockito.when(authConfigs.getNacosAuthSystemType()).thenReturn("non-exist-plugin");
+        Secured secured = getMethodSecure("testEnabledAuthWithoutPlugin");
+        assertFalse(protocolAuthService.enableAuth(secured));
+    }
+
     private Secured getMethodSecure(String methodName) throws NoSuchMethodException {
         Method method = HttpProtocolAuthServiceTest.class.getDeclaredMethod(methodName);
         return method.getAnnotation(Secured.class);

diff --git a/auth/src/test/java/com/alibaba/nacos/auth/mock/MockResourceParser.java b/auth/src/test/java/com/alibaba/nacos/auth/mock/MockResourceParser.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.auth.mock;
+
+import com.alibaba.nacos.api.exception.runtime.NacosRuntimeException;
+import com.alibaba.nacos.auth.annotation.Secured;
+import com.alibaba.nacos.auth.parser.ResourceParser;
+import com.alibaba.nacos.plugin.auth.api.Resource;
+
+public class MockResourceParser implements ResourceParser<Object> {
+
+    @Override
+    public Resource parse(Object request, Secured secured) {
+        throw new NacosRuntimeException(500);
+    }
+}
diff --git a/auth/src/test/java/com/alibaba/nacos/auth/parser/grpc/ConfigGrpcResourceParserTest.java b/auth/src/test/java/com/alibaba/nacos/auth/parser/grpc/ConfigGrpcResourceParserTest.java
@@ -18,6 +18,7 @@
 
 import com.alibaba.nacos.api.common.Constants;
 import com.alibaba.nacos.api.config.remote.request.ConfigBatchListenRequest;
+import com.alibaba.nacos.api.config.remote.request.ConfigChangeNotifyRequest;
 import com.alibaba.nacos.api.config.remote.request.ConfigPublishRequest;
 import com.alibaba.nacos.api.remote.request.Request;
 import com.alibaba.nacos.auth.annotation.Secured;
@@ -98,6 +99,23 @@ void testParseWithConfigBatchListenRequest() throws NoSuchMethodException {
         assertEquals(StringUtils.EMPTY, actual.getGroup());
         assertEquals(StringUtils.EMPTY, actual.getName());
         assertEquals(Constants.Config.CONFIG_MODULE, actual.getType());
+        request.getConfigListenContexts().clear();
+        actual = resourceParser.parse(request, secured);
+        assertEquals(StringUtils.EMPTY, actual.getNamespaceId());
+        assertEquals(StringUtils.EMPTY, actual.getGroup());
+        assertEquals(StringUtils.EMPTY, actual.getName());
+        assertEquals(Constants.Config.CONFIG_MODULE, actual.getType());
+    }
+
+    @Test
+    @Secured(signType = Constants.Config.CONFIG_MODULE)
+    void testParseWithReflectionRequest() throws NoSuchMethodException {
+        Secured secured = getMethodSecure();
+        Request request = ConfigChangeNotifyRequest.build("rTestD", "rTestG", "rTestNs");
+        Resource actual = resourceParser.parse(request, secured);
+        assertEquals("rTestNs", actual.getNamespaceId());
+        assertEquals("rTestG", actual.getGroup());
+        assertEquals("rTestD", actual.getName());
     }
 
     private Request mockConfigRequest(String tenant, String group, String dataId) {

diff --git a/client/src/main/java/com/alibaba/nacos/client/config/impl/ConfigHttpClientManager.java b/client/src/main/java/com/alibaba/nacos/client/config/impl/ConfigHttpClientManager.java
@@ -56,7 +56,7 @@ public class ConfigHttpClientManager implements Closeable {
 
     private static final int CON_TIME_OUT_MILLIS = ParamUtil.getConnectTimeout();
 
-    private static final int READ_TIME_OUT_MILLIS = 3000;
+    private static final int READ_TIME_OUT_MILLIS = ParamUtil.getReadTimeout();
 
     private final LimiterHttpClientRequestInterceptor limiterHttpClientRequestInterceptor = new LimiterHttpClientRequestInterceptor();
 

diff --git a/client/src/main/java/com/alibaba/nacos/client/utils/ParamUtil.java b/client/src/main/java/com/alibaba/nacos/client/utils/ParamUtil.java
@@ -58,6 +58,8 @@ public class ParamUtil {
 
     private static int connectTimeout;
 
+    private static int readTimeout;
+
     private static double perTaskConfigSize = 3000;
 
     private static final String NACOS_CLIENT_APP_KEY = "nacos.client.appKey";
@@ -72,8 +74,12 @@ public class ParamUtil {
 
     private static final String NACOS_CONNECT_TIMEOUT_KEY = "NACOS.CONNECT.TIMEOUT";
 
+    private static final String NACOS_READ_TIMEOUT_KEY = "NACOS.READ.TIMEOUT";
+
     private static final String DEFAULT_NACOS_CONNECT_TIMEOUT = "1000";
 
+    private static final String DEFAULT_NACOS_READ_TIMEOUT = "3000";
+
     private static final String PER_TASK_CONFIG_SIZE_KEY = "PER_TASK_CONFIG_SIZE";
 
     private static final String DEFAULT_PER_TASK_CONFIG_SIZE_KEY = "3000";
@@ -97,6 +103,9 @@ public class ParamUtil {
         connectTimeout = initConnectionTimeout();
         LOGGER.info("[settings] [http-client] connect timeout:{}", connectTimeout);
 
+        readTimeout = initReadTimeout();
+        LOGGER.info("[settings] [http-client] read timeout:{}", readTimeout);
+
         clientVersion = VersionUtils.version;
 
         perTaskConfigSize = initPerTaskConfigSize();
@@ -115,6 +124,18 @@ private static int initConnectionTimeout() {
         }
     }
 
+    private static int initReadTimeout() {
+        String tmp = DEFAULT_NACOS_READ_TIMEOUT;
+        try {
+            tmp = NacosClientProperties.PROTOTYPE.getProperty(NACOS_READ_TIMEOUT_KEY, DEFAULT_NACOS_READ_TIMEOUT);
+            return Integer.parseInt(tmp);
+        } catch (NumberFormatException e) {
+            final String msg = "[http-client] invalid read timeout:" + tmp;
+            LOGGER.error("[settings] " + msg, e);
+            throw new IllegalArgumentException(msg, e);
+        }
+    }
+
     private static double initPerTaskConfigSize() {
         try {
             return Double.parseDouble(NacosClientProperties.PROTOTYPE.getProperty(PER_TASK_CONFIG_SIZE_KEY,
@@ -165,6 +186,14 @@ public static void setConnectTimeout(int connectTimeout) {
         ParamUtil.connectTimeout = connectTimeout;
     }
 
+    public static int getReadTimeout() {
+        return readTimeout;
+    }
+
+    public static void setReadTimeout(int readTimeout) {
+        ParamUtil.readTimeout = readTimeout;
+    }
+
     public static double getPerTaskConfigSize() {
         return perTaskConfigSize;
     }