[Feature][Common] Add SSL configuration options for secure API/UI access to the vault system.

author: doufenghu <[email protected]> 2024-09-26 11:52:43 +0800
committer: doufenghu <[email protected]> 2024-09-26 11:52:43 +0800
commit: f5381de61ece2697082a8eead7b00601108bde2c (patch)
tree: 3d04a44d5164d3676661996c4430721bff73c70c
parent: 2a7fe1b1b17c65d21b798cbf6a3d18f2c67baadc (diff)
7 files changed, 96 insertions, 10 deletions
diff --git a/config/grootstream.yaml b/config/grootstream.yaml
index e01fda3..d78376d 100644
--- a/config/grootstream.yaml
+++ b/config/grootstream.yaml
@@ -11,6 +11,21 @@ grootstream:
       files:
         - 64af7077-eb9b-4b8f-80cf-2ceebc89bea9
         - 004390bc-3135-4a6f-a492-3662ecb9e289
+  kms:
+    local:
+      type: local
+    vault:
+      type: vault
+      url: <vault-url>
+      token: <vault-token>
+      key_path: <vault-key-path>
+
+  ssl:
+    disabled: true
+    cert_path: ./config/ssl/cert.pem
+    private_key_path: ./config/ssl/key.pem
+
+
   properties:
     hos.path: http://192.168.44.12:9098/hos
     hos.bucket.name.traffic_file: traffic_file_bucket
diff --git a/docs/grootstream-design-cn.md b/docs/grootstream-design-cn.md
index e9b6fa6..253f95d 100644
--- a/docs/grootstream-design-cn.md
+++ b/docs/grootstream-design-cn.md
@@ -115,7 +115,12 @@ grootstream:
       type: vault
       url: <vault-url>
       token: <vault-token>
-      keyPath: <vault-key-path>
+      default_key_path: <default-vault-key-path>
+      plugin_key_path: <plugin-vault-key-path>
+  ssl:
+    disabled: true
+    cert_path: <certificate-path>
+    private_key_path: <private-key-path>
    
   properties:   # 用户自定义属性的支持从函数中获取，使用方式见函数定义
     hos.path: http://127.0.0.1:9093
@@ -124,11 +129,12 @@ grootstream:
     scheduler.knowledge_base.update.interval.minutes: 1  #知识库文件定时更新时间
 ```
 
-| 属性名            | 必填 | 默认值 | 类型                 | 描述                                     |
-|----------------|----|-----|--------------------|----------------------------------------|
-| knowledge_base | Y  | -   | Object             | 知识库配置                                  |
-| kms            | N  | -   | Object             | kms (key management system, 密钥管理系统) 配置 |
-| properties     | N  | -   | Map(String,Object) | 自定义属性配置：key-value 格式                   |
+| 属性名         | 必填 | 默认值 | 类型               | 描述                                           |
+| -------------- | ---- | ------ | ------------------ | ---------------------------------------------- |
+| knowledge_base | Y    | -      | Object             | 知识库配置                                     |
+| kms            | N    | -      | Object             | kms (key management system, 密钥管理系统) 配置 |
+| tls            | N    | -      | Object             | 客户端启用SSL双向认证                          |
+| properties     | N    | -      | Map(String,Object) | 自定义属性配置：key-value 格式                 |
 
 
 
@@ -1606,7 +1612,7 @@ Example 2: 会话日志字段encapsulation(JsonString格式)嵌套结构进行�
 
 Parameters:
 
-- secret =  `<string>` 用于生成MAC的密钥。
+- secret_key =  `<string>` 用于生成MAC的密钥。
 - algorithm=  `<string>`  用于生成MAC的HASH算法。默认是`sha256` 
 - output_format = `<string>` 输出MAC的格式。默认为`'hex'` 。支持：`base64` | `hex `。
 
@@ -1803,8 +1809,6 @@ Parameters
     precision: 2
 ```
 
- #### 
-
  #### Number Sum
 
 在时间窗口内对指定数字类型字段进行求和：支持 int，long，double，float类型。
@@ -2072,7 +2076,7 @@ Parameters：
 
 [CN函数库](https://docs.geedge.net/pages/viewpage.action?pageId=129087866)
 
-用户自定义插件
+用户自定义插件(IN Progress)
 
 | 名称                   | 描述      | 类型            | 必填 | 约束      |
 |----------------------|---------|---------------|----|---------|
diff --git a/groot-common/src/main/java/com/geedgenetworks/common/config/CommonConfig.java b/groot-common/src/main/java/com/geedgenetworks/common/config/CommonConfig.java
index 5212137..aeda71d 100644
--- a/groot-common/src/main/java/com/geedgenetworks/common/config/CommonConfig.java
+++ b/groot-common/src/main/java/com/geedgenetworks/common/config/CommonConfig.java
@@ -18,6 +18,8 @@ public class CommonConfig implements Serializable {
 
     private Map<String,KmsConfig> kmsConfig = CommonConfigOptions.KMS.defaultValue();
 
+    private SSLConfig sslConfig = CommonConfigOptions.SSL.defaultValue();
+
     private Map<String,String> propertiesConfig = CommonConfigOptions.PROPERTIES.defaultValue();
 
     public void setKnowledgeBaseConfig(List<KnowledgeBaseConfig> knowledgeBaseConfig) {
@@ -30,6 +32,11 @@ public class CommonConfig implements Serializable {
        this.kmsConfig = kmsConfig;
    }
 
+   public void setSslConfig(SSLConfig sslConfig) {
+       checkNotNull(sslConfig, CommonConfigOptions.SSL + " sslConfig should not be null");
+       this.sslConfig = sslConfig;
+   }
+
 
 
 
diff --git a/groot-common/src/main/java/com/geedgenetworks/common/config/CommonConfigDomProcessor.java b/groot-common/src/main/java/com/geedgenetworks/common/config/CommonConfigDomProcessor.java
index 4a3425d..249033d 100644
--- a/groot-common/src/main/java/com/geedgenetworks/common/config/CommonConfigDomProcessor.java
+++ b/groot-common/src/main/java/com/geedgenetworks/common/config/CommonConfigDomProcessor.java
@@ -30,6 +30,8 @@ public class CommonConfigDomProcessor extends AbstractDomConfigProcessor {
                  commonConfig.setKnowledgeBaseConfig(parseKnowledgeBaseConfig(node));
             } else if (CommonConfigOptions.KMS.key().equals(name)) {
                  commonConfig.setKmsConfig(parseKmsConfig(node));
+             } else if (CommonConfigOptions.SSL.key().equals(name)) {
+                 commonConfig.setSslConfig(parseSSLConfig(node));
              } else if (CommonConfigOptions.PROPERTIES.key().equals(name)) {
                  commonConfig.setPropertiesConfig(parsePropertiesConfig(node));
             } else {
@@ -82,6 +84,23 @@ public class CommonConfigDomProcessor extends AbstractDomConfigProcessor {
         return knowledgeBaseConfig;
     }
 
+    private SSLConfig parseSSLConfig (Node sslRootNode) {
+        SSLConfig sslConfig = new SSLConfig();
+        for (Node node : childElements(sslRootNode)) {
+            String name = cleanNodeName(node);
+            if (CommonConfigOptions.SSL_DISABLED.key().equals(name)) {
+                sslConfig.setDisabled(getBooleanValue(getTextContent(node)));
+            } else if (CommonConfigOptions.SSL_CERT_PATH.key().equals(name)) {
+                sslConfig.setCertPath(getTextContent(node));
+            } else if (CommonConfigOptions.SSL_PRIVATE_KEY_PATH.key().equals(name)) {
+                sslConfig.setPrivateKeyPath(getTextContent(node));
+            } else {
+                log.warn("Unrecognized SSL configuration element: {}", name);
+            }
+        }
+        return sslConfig;
+    }
+
     private Map<String, KmsConfig> parseKmsConfig(Node kmsRootNode) {
         Map<String, KmsConfig> kmsConfigMap = new HashMap<>();
         for (Node node : childElements(kmsRootNode)) {
diff --git a/groot-common/src/main/java/com/geedgenetworks/common/config/CommonConfigOptions.java b/groot-common/src/main/java/com/geedgenetworks/common/config/CommonConfigOptions.java
index 701ffc3..48a99ba 100644
--- a/groot-common/src/main/java/com/geedgenetworks/common/config/CommonConfigOptions.java
+++ b/groot-common/src/main/java/com/geedgenetworks/common/config/CommonConfigOptions.java
@@ -83,6 +83,25 @@ public class CommonConfigOptions {
             .defaultValue("")
             .withDescription("The key path of KMS.");
 
+    public static final Option<SSLConfig> SSL = Options.key("ssl")
+            .type(new TypeReference<SSLConfig>() {})
+            .noDefaultValue()
+            .withDescription("The ssl configuration.");
+
+    public static final Option<Boolean> SSL_DISABLED = Options.key("disabled")
+            .booleanType()
+            .defaultValue(true)
+            .withDescription("The disabled flag of the configuration.");
+
+    public static final Option<String> SSL_CERT_PATH = Options.key("cert_path")
+            .stringType()
+            .defaultValue("")
+            .withDescription("The certificate path of the configuration.");
+
+    public static final Option<String> SSL_PRIVATE_KEY_PATH = Options.key("private_key_path")
+            .stringType()
+            .defaultValue("")
+            .withDescription("The private key path of the configuration.");
 
 
 
diff --git a/groot-common/src/main/java/com/geedgenetworks/common/config/SSLConfig.java b/groot-common/src/main/java/com/geedgenetworks/common/config/SSLConfig.java
new file mode 100644
index 0000000..0759711
--- /dev/null
+++ b/groot-common/src/main/java/com/geedgenetworks/common/config/SSLConfig.java
@@ -0,0 +1,17 @@
+package com.geedgenetworks.common.config;
+
+import lombok.Data;
+
+import java.io.Serializable;
+
+@Data
+public class SSLConfig implements Serializable {
+
+    private Boolean disabled = CommonConfigOptions.SSL_DISABLED.defaultValue();
+
+    private String certPath = CommonConfigOptions.SSL_CERT_PATH.defaultValue();
+
+    private String privateKeyPath = CommonConfigOptions.SSL_PRIVATE_KEY_PATH.defaultValue();
+
+
+}
diff --git a/groot-examples/end-to-end-example/src/main/resources/grootstream.yaml b/groot-examples/end-to-end-example/src/main/resources/grootstream.yaml
index cc670b7..20c71f5 100644
--- a/groot-examples/end-to-end-example/src/main/resources/grootstream.yaml
+++ b/groot-examples/end-to-end-example/src/main/resources/grootstream.yaml
@@ -19,6 +19,11 @@ grootstream:
       token: <vault-token>
       key_path: <vault-key-path>
 
+  ssl:
+    disabled: false
+    cert_path: ./config/ssl/cert.pem
+    private_key_path: ./config/ssl/key.pem
+
   properties:
     hos.path: http://192.168.44.12:9098/hos
     hos.bucket.name.traffic_file: traffic_file_bucket
author	doufenghu <[email protected]>	2024-09-26 11:52:43 +0800
committer	doufenghu <[email protected]>	2024-09-26 11:52:43 +0800
commit	f5381de61ece2697082a8eead7b00601108bde2c (patch)
tree	3d04a44d5164d3676661996c4430721bff73c70c
parent	2a7fe1b1b17c65d21b798cbf6a3d18f2c67baadc (diff)