Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: dynamic secret #574

Merged
merged 34 commits into from
Jul 9, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
b258038
dynamic secret&config
ZLBer May 17, 2022
dcc4629
add licence
ZLBer May 17, 2022
dabb78a
add licence
ZLBer May 17, 2022
5133b60
add licence
ZLBer May 17, 2022
7c575c5
add licence
ZLBer May 17, 2022
52762a0
Merge branch 'main' into dynamic_secret&config
seeflood May 17, 2022
79e1220
move
ZLBer May 17, 2022
3432aa1
Merge remote-tracking branch 'origin/dynamic_secret&config' into dyna…
ZLBer May 17, 2022
a301016
move
ZLBer May 17, 2022
2379a79
fix
ZLBer May 17, 2022
c59d519
Merge branch 'main' into dynamic_secret&config
ZLBer May 21, 2022
b1437e4
fix format
ZLBer May 21, 2022
cbb9818
Merge branch 'main' into dynamic_secret&config
ZLBer May 29, 2022
6ba84df
Merge branch 'main' into dynamic_secret&config
Xunzhuo Jun 3, 2022
a2eb044
Merge branch 'main' into dynamic_secret&config
seeflood Jun 4, 2022
747b08f
Merge branch 'main' into dynamic_secret&config
seeflood Jun 11, 2022
63d4d1b
Merge branch 'main' into dynamic_secret&config
seeflood Jun 18, 2022
93ccb23
Merge branch 'main' into dynamic_secret&config
seeflood Jun 29, 2022
7f27f2f
Merge branch 'main' into dynamic_secret&config
seeflood Jun 30, 2022
d98b8aa
Merge branch 'main' into dynamic_secret&config
seeflood Jul 1, 2022
8babbcf
secret ref
ZLBer Jul 3, 2022
30e07da
Merge remote-tracking branch 'origin/dynamic_secret&config' into dyna…
ZLBer Jul 3, 2022
a67ecdc
secret ref
ZLBer Jul 3, 2022
df7ec41
secret ref
ZLBer Jul 3, 2022
94217f8
secret ref
ZLBer Jul 3, 2022
ac48b26
Merge branch 'main' into dynamic_secret&config
Xunzhuo Jul 4, 2022
448174a
add TODO comment
seeflood Jul 5, 2022
08cb6f5
secret ref
ZLBer Jul 6, 2022
4b169d7
secret ref
ZLBer Jul 6, 2022
0b86e35
secret ref
ZLBer Jul 6, 2022
070b1cf
secret ref
ZLBer Jul 6, 2022
f6529eb
Merge branch 'main' into dynamic_secret&config
seeflood Jul 7, 2022
5140183
check nil in InjectSecretRef
seeflood Jul 7, 2022
9e04c75
Merge branch 'main' into dynamic_secret&config
seeflood Jul 8, 2022
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions components/custom/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,10 @@
// limitations under the License.
package custom

import "mosn.io/layotto/components/ref"

type Config struct {
ref.Config
Type string `json:"type"`
Version string `json:"version"`
Metadata map[string]string `json:"metadata"`
Expand Down
3 changes: 3 additions & 0 deletions components/lock/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,13 @@
// limitations under the License.
package lock

import "mosn.io/layotto/components/ref"

type Feature string

// Lock's metadata
type Config struct {
ref.Config
Type string `json:"type"`
Metadata map[string]string `json:"metadata"`
}
Expand Down
27 changes: 27 additions & 0 deletions components/ref/config.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
/*
* Copyright 2021 Layotto Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package ref

//Config is ref json config
type Config struct {
SecretRef []*Item `json:"secret_ref"`
}

type Item struct {
Name string `json:"name"`
Key string `json:"key"`
}
4 changes: 4 additions & 0 deletions components/sequencer/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,13 @@
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package sequencer

import "mosn.io/layotto/components/ref"

type Config struct {
ref.Config
Type string `json:"type"`
BiggerThan map[string]int64 `json:"biggerThan"`
Metadata map[string]string `json:"metadata"`
Expand Down
96 changes: 96 additions & 0 deletions configs/config_ref_example.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
{
"servers": [
{
"default_log_path": "stdout",
"default_log_level": "DEBUG",
"routers": [
{
"router_config_name": "actuator_dont_need_router"
}
],
"listeners": [
{
"name": "grpc",
"address": "127.0.0.1:34904",
"bind_port": true,
"filter_chains": [
{
"filters": [
{
"type": "grpc",
"config": {
"server_name": "runtime",
"grpc_config": {
"hellos": {
"helloworld": {
"type": "helloworld",
"hello": "greeting"
}
},
"secret_store": {
"local.file": {
ZLBer marked this conversation as resolved.
Show resolved Hide resolved
"type":"local.file",
"metadata": {
"secretsFile": "../../configs/secret/config_secret_local_file.json"
}
},
"local.env": {
"type":"local.env",
"metadata": {
}
}
},
"sequencer": {
"redis": {
"type":"redis",
"metadata": {
"redisHost": "127.0.0.1:6380",
"redisPassword": ""
},
"secret_ref": [
{
"name": "local.file",
"key": "redisPassword"
seeflood marked this conversation as resolved.
Show resolved Hide resolved
}
]
}
},
"app": {
"app_id": "app1",
"grpc_callback_port": 9999
}
}
}
}
]
}
]
},
{
"name": "actuator",
"address": "127.0.0.1:34999",
"bind_port": true,
"filter_chains": [
{
"filters": [
{
"type": "proxy",
"config": {
"downstream_protocol": "Http1",
"upstream_protocol": "Http1",
"router_config_name": "actuator_dont_need_router"
}
}
]
}
],
"stream_filters": [
{
"type": "actuator_filter"
}
]
}
]
}
]
}
3 changes: 2 additions & 1 deletion configs/secret/config_secret_local_file.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,6 @@
"db-user-pass": {
"username": "devuser",
"password": "S!S*d$zDsb="
}
},
"redisPassword": "redis123"
}
87 changes: 87 additions & 0 deletions docs/en/start/secret/secret_ref.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
# use Secret Ref to obtain secret

we can inject secrets to other components using secret store.

using `secret_ref` config:

```json
{
"sequencer": {
"redis": {
"type": "redis",
"metadata": {
"redisHost": "127.0.0.1:6380",
"redisPassword": ""
},
"secret_ref": [
{
"name": "local.file",
"key": "redisPassword"
}
]
}
}
}
```

## Quick start

This example shows how to inject redis password to sequencer component using redis store

### Step 0: Run Redis with password

```shell
docker run --name redis -p 6380:6379 -d --restart=always redis:5.0.3 redis-server --appendonly yes --requirepass "redis123"
```

### Step 1: Run Layotto

After downloading the project code to the local, switch the code directory and compile:

```shell
cd ${project_path}/cmd/layotto
```

build:

```shell @if.not.exist layotto
go build -o layotto
```

Once finished, the layotto file will be generated in the directory, run it:

```shell @background
./layotto start -c ../../configs/config_ref_example.json
```

### Step 2: Run the client program and call Layotto to get the sequence

```shell
cd ${project_path}/demo/sequencer/common/
```

```shell @if.not.exist client
go build -o client
```

```shell
./client -s "redis"
```

If the following information is printed, the demo is successful:

```bash
Try to get next id.Key:key666
Next id:next_id:1
Next id:next_id:2
Next id:next_id:3
Next id:next_id:4
Next id:next_id:5
Next id:next_id:6
Next id:next_id:7
Next id:next_id:8
Next id:next_id:9
Next id:next_id:10
Demo success!

```
88 changes: 88 additions & 0 deletions docs/zh/start/secret/secret_ref.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
# 使用 Secret Ref 注入secret

我们可以用secret store将secrets注入到其他组件。

用 `secret_ref` 来配置:

```json
{
"sequencer": {
"redis": {
"type": "redis",
"metadata": {
"redisHost": "127.0.0.1:6380",
"redisPassword": ""
},
"secret_ref": [
{
"name": "local.file",
"key": "redisPassword"
}
]
}
}
}
```

## 快速开始

该示例展示了如何注入redis password到sequencer组件


### Step 0: 运行redis并初试密码

```shell
docker run --name redis -p 6380:6379 -d --restart=always redis:5.0.3 redis-server --appendonly yes --requirepass "redis123"
```

### Step 1: 运行 Layotto

将项目代码下载到本地后,切换代码目录、编译:

```shell
cd ${project_path}/cmd/layotto
```

build:

```shell @if.not.exist layotto
go build -o layotto
```

完成后目录下会生成layotto文件,运行它:

```shell @background
./layotto start -c ../../configs/config_ref_example.json
```

### 第二步:运行客户端程序,调用 Layotto 获取sequence

```shell
cd ${project_path}/demo/sequencer/common/
```

```shell @if.not.exist client
go build -o client
```

```shell
./client -s "redis"
```

打印出如下信息则代表调用成功:

```bash
Try to get next id.Key:key666
Next id:next_id:1
Next id:next_id:2
Next id:next_id:3
Next id:next_id:4
Next id:next_id:5
Next id:next_id:6
Next id:next_id:7
Next id:next_id:8
Next id:next_id:9
Next id:next_id:10
Demo success!

```
2 changes: 2 additions & 0 deletions etc/script/test-quickstart.sh
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@ quickstarts_in_default="docs/en/start/configuration/start.md
docs/zh/start/wasm/start.md
docs/en/start/secret/start.md
docs/zh/start/secret/start.md
docs/en/start/secret/secret_ref.md
docs/zh/start/secret/secret_ref.md
"

# In advance mod, we test these docs with golang 1.17
Expand Down
3 changes: 3 additions & 0 deletions pkg/runtime/bindings/metadata.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,10 @@

package bindings

import "mosn.io/layotto/components/ref"

type Metadata struct {
ref.Config
Type string `json:"type"`
Version string
Metadata map[string]string `json:"metadata"`
Expand Down
3 changes: 3 additions & 0 deletions pkg/runtime/pubsub/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,11 @@

package pubsub

import "mosn.io/layotto/components/ref"

// Config wraps configuration for a pubsub implementation
type Config struct {
ref.Config
Type string `json:"type"`
Metadata map[string]string `json:"metadata"`
}
Loading