[Improve][docs] Define ssl config skip_verification

author: doufenghu <[email protected]> 2024-10-18 20:28:58 +0800
committer: doufenghu <[email protected]> 2024-10-18 20:28:58 +0800
commit: 688018ae7d6aa080fdfb2b99db52112663987651 (patch)
tree: 996fd4baf41e81d5addaa8c2c17b9c70ccb70725
parent: fd54e003f5e852ad6735e400d3feca024dc5e5f3 (diff)
2 files changed, 35 insertions, 21 deletions
diff --git a/docs/grootstream-config.md b/docs/grootstream-config.md
index 5526037..b7fd037 100644
--- a/docs/grootstream-config.md
+++ b/docs/grootstream-config.md
@@ -103,21 +103,21 @@ Key Management System(KMS). It is a service that provides a secure way to create
 
 ## SSL
 
-Client enabled SSL configuration. It is used to client SSL mutual authentication with Vault.
+The client SSL configuration.
 
 | Name | Type   | Required | Default | Description                                      |
 |:-----| :----- | :------- | :-- ---- |:------------------------------------------------  |
-| enabled | Boolean | Yes | false | Enable SSL configuration. |
-| cert_file | String | Yes | (none) | The path of the certificate file. |
-| key_file | String | Yes | (none) | The path of the private key file. |
-| require_client_auth | Boolean | Yes | false |  Enable client authentication  |
+| skip_verification | Boolean | Yes | true | Ignore SSL certificate verification |
+| certificate_path | String | Yes | (none) | Path to the client's private key file |
+| private_key_path | String | Yes | (none) | Path to the client's certificate file |
+| ca_certificate_path | Boolean | Yes | false | Path to the root CA certificate for server verification |
 
 ```yaml
     ssl:
-        enabled: true
-        cert_file: /path/to/cert.pem
-        key_file: /path/to/key.pem
-        require_client_auth: true
+        skip_verification: true
+        private_key_path: /path/to/certs/worker.key  
+        certificate_path: /path/to/certs/worker.pem   
+        ca_certificate_path: /path/to/certs/root.pem 
 ```
 
 
diff --git a/docs/grootstream-design-cn.md b/docs/grootstream-design-cn.md
index 7021e8e..c38ef53 100644
--- a/docs/grootstream-design-cn.md
+++ b/docs/grootstream-design-cn.md
@@ -117,11 +117,11 @@ grootstream:
       token: <vault-token>
       default_key_path: <default-vault-key-path>
       plugin_key_path: <plugin-vault-key-path>
-  ssl:
-    enabled: false
-    cert_file: <certificate-file>
-    key_file: <private-key-file>
-    require_client_auth: false
+  ssl: ## SSL/TLS 客户端链接配置
+    skip_verification: true                      # 忽略SSL证书校验
+    private_key_path: /path/to/certs/worker.key   # 客户端私钥文件路径
+    certificate_path: /path/to/certs/worker.pem   # 客户端证书文件路径
+    ca_certificate_path: /path/to/certs/root.pem  # CA 根证书路径
    
   properties:   # 用户自定义属性的支持从函数中获取，使用方式见函数定义
     hos.path: http://127.0.0.1:9093
@@ -130,12 +130,12 @@ grootstream:
     scheduler.knowledge_base.update.interval.minutes: 1  #知识库文件定时更新时间
 ```
 
-| 属性名            | 必填 | 默认值 | 类型               | 描述                                           |
-|----------------| ---- | ------ | ------------------ | ---------------------------------------------- |
-| knowledge_base | Y    | -      | Object             | 知识库配置                                     |
-| kms            | N    | -      | Object             | kms (key management system, 密钥管理系统) 配置 |
-| ssl            | N    | -      | Object             | 客户端启用SSL双向认证                          |
-| properties     | N    | -      | Map(String,Object) | 自定义属性配置：key-value 格式                 |
+| 属性名         | 必填 | 默认值 | 类型                | 描述                                           |
+| -------------- | ---- | ------ | ------------------- | ---------------------------------------------- |
+| knowledge_base | Y    | -      | Object              | 知识库配置                                     |
+| kms            | N    | -      | Object              | kms (key management system, 密钥管理系统) 配置 |
+| ssl            | N    | -      | Object              | ssl配置                                        |
+| properties     | N    | -      | Map(String, Object) | 自定义属性配置：key-value 格式                 |
 
 
 
@@ -1467,13 +1467,16 @@ Parameters：
 Parameters:
 
 - identifier = `<string>`  加密算法唯一标识。支持：aes-128-gcm96, aes-256-gcm96, sm4-gcm96
-- default_val= `<string>` 加密失败输出该值，默认将输出原值。
+- default_val= `<string>` 加密失败输出该值，默认将输出原值
+- reference_uri = <string> 可选，Restful API 获取需要加密的字段，返回数据类型为Array
 
 ```
 - function: ENCRYPT
   lookup_fields: [ phone_number ]
+  output_fields: [ phone_number ]
   parameters:
     identifier: aes-128-gcm96
+    reference_uri: 127.0.0.1:9999/v1/database/session_record/schema?option=encrypt_fields
 ```
 
  #### Eval
@@ -1617,6 +1620,17 @@ Parameters:
 - algorithm=  `<string>`  用于生成MAC的HASH算法。默认是`sha256` 
 - output_format = `<string>` 输出MAC的格式。默认为`'hex'` 。支持：`base64` | `hex `。
 
+```
+- function: HMAC
+  lookup_fields: [ phone_number ]
+  output_fields: [ phone_number_hmac ]
+  parameters:
+    secret_key: ******
+    output_format: base64
+```
+
+
+
  #### JSON Extract
 
 解析JSON字段，通过表达式抽取json部分内容。
author	doufenghu <[email protected]>	2024-10-18 20:28:58 +0800
committer	doufenghu <[email protected]>	2024-10-18 20:28:58 +0800
commit	688018ae7d6aa080fdfb2b99db52112663987651 (patch)
tree	996fd4baf41e81d5addaa8c2c17b9c70ccb70725
parent	fd54e003f5e852ad6735e400d3feca024dc5e5f3 (diff)