diff options
| -rw-r--r-- | docs/grootstream-config.md | 18 | ||||
| -rw-r--r-- | docs/grootstream-design-cn.md | 38 |
2 files changed, 35 insertions, 21 deletions
diff --git a/docs/grootstream-config.md b/docs/grootstream-config.md index 5526037..b7fd037 100644 --- a/docs/grootstream-config.md +++ b/docs/grootstream-config.md @@ -103,21 +103,21 @@ Key Management System(KMS). It is a service that provides a secure way to create ## SSL -Client enabled SSL configuration. It is used to client SSL mutual authentication with Vault. +The client SSL configuration. | Name | Type | Required | Default | Description | |:-----| :----- | :------- | :-- ---- |:------------------------------------------------ | -| enabled | Boolean | Yes | false | Enable SSL configuration. | -| cert_file | String | Yes | (none) | The path of the certificate file. | -| key_file | String | Yes | (none) | The path of the private key file. | -| require_client_auth | Boolean | Yes | false | Enable client authentication | +| skip_verification | Boolean | Yes | true | Ignore SSL certificate verification | +| certificate_path | String | Yes | (none) | Path to the client's private key file | +| private_key_path | String | Yes | (none) | Path to the client's certificate file | +| ca_certificate_path | Boolean | Yes | false | Path to the root CA certificate for server verification | ```yaml ssl: - enabled: true - cert_file: /path/to/cert.pem - key_file: /path/to/key.pem - require_client_auth: true + skip_verification: true + private_key_path: /path/to/certs/worker.key + certificate_path: /path/to/certs/worker.pem + ca_certificate_path: /path/to/certs/root.pem ``` diff --git a/docs/grootstream-design-cn.md b/docs/grootstream-design-cn.md index 7021e8e..c38ef53 100644 --- a/docs/grootstream-design-cn.md +++ b/docs/grootstream-design-cn.md @@ -117,11 +117,11 @@ grootstream: token: <vault-token> default_key_path: <default-vault-key-path> plugin_key_path: <plugin-vault-key-path> - ssl: - enabled: false - cert_file: <certificate-file> - key_file: <private-key-file> - require_client_auth: false + ssl: ## SSL/TLS 客户端链接配置 + skip_verification: true # 忽略SSL证书校验 + private_key_path: /path/to/certs/worker.key # 客户端私钥文件路径 + certificate_path: /path/to/certs/worker.pem # 客户端证书文件路径 + ca_certificate_path: /path/to/certs/root.pem # CA 根证书路径 properties: # 用户自定义属性的支持从函数中获取,使用方式见函数定义 hos.path: http://127.0.0.1:9093 @@ -130,12 +130,12 @@ grootstream: scheduler.knowledge_base.update.interval.minutes: 1 #知识库文件定时更新时间 ``` -| 属性名 | 必填 | 默认值 | 类型 | 描述 | -|----------------| ---- | ------ | ------------------ | ---------------------------------------------- | -| knowledge_base | Y | - | Object | 知识库配置 | -| kms | N | - | Object | kms (key management system, 密钥管理系统) 配置 | -| ssl | N | - | Object | 客户端启用SSL双向认证 | -| properties | N | - | Map(String,Object) | 自定义属性配置:key-value 格式 | +| 属性名 | 必填 | 默认值 | 类型 | 描述 | +| -------------- | ---- | ------ | ------------------- | ---------------------------------------------- | +| knowledge_base | Y | - | Object | 知识库配置 | +| kms | N | - | Object | kms (key management system, 密钥管理系统) 配置 | +| ssl | N | - | Object | ssl配置 | +| properties | N | - | Map(String, Object) | 自定义属性配置:key-value 格式 | @@ -1467,13 +1467,16 @@ Parameters: Parameters: - identifier = `<string>` 加密算法唯一标识。支持:aes-128-gcm96, aes-256-gcm96, sm4-gcm96 -- default_val= `<string>` 加密失败输出该值,默认将输出原值。 +- default_val= `<string>` 加密失败输出该值,默认将输出原值 +- reference_uri = <string> 可选,Restful API 获取需要加密的字段,返回数据类型为Array ``` - function: ENCRYPT lookup_fields: [ phone_number ] + output_fields: [ phone_number ] parameters: identifier: aes-128-gcm96 + reference_uri: 127.0.0.1:9999/v1/database/session_record/schema?option=encrypt_fields ``` #### Eval @@ -1617,6 +1620,17 @@ Parameters: - algorithm= `<string>` 用于生成MAC的HASH算法。默认是`sha256` - output_format = `<string>` 输出MAC的格式。默认为`'hex'` 。支持:`base64` | `hex `。 +``` +- function: HMAC + lookup_fields: [ phone_number ] + output_fields: [ phone_number_hmac ] + parameters: + secret_key: ****** + output_format: base64 +``` + + + #### JSON Extract 解析JSON字段,通过表达式抽取json部分内容。 |