Add sentinel-datasource-xds module for supporting zero-trust with xDS

RockyYu · Aug 16, 2023 · e1c5582 · e1c5582
1 parent d270fda
commit e1c5582
Show file tree

Hide file tree

Showing 73 changed files with 7,819 additions and 0 deletions.
diff --git a/sentinel-extension/pom.xml b/sentinel-extension/pom.xml
@@ -26,6 +26,7 @@
         <module>sentinel-annotation-cdi-interceptor</module>
         <module>sentinel-metric-exporter</module>
         <module>sentinel-datasource-opensergo</module>
+        <module>sentinel-datasource-xds</module>
     </modules>
 
 </project>
diff --git a/sentinel-extension/sentinel-datasource-xds/.gitignore b/sentinel-extension/sentinel-datasource-xds/.gitignore
@@ -0,0 +1,38 @@
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### IntelliJ IDEA ###
+.idea/modules.xml
+.idea/jarRepositories.xml
+.idea/compiler.xml
+.idea/libraries/
+*.iws
+*.iml
+*.ipr
+
+### Eclipse ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
+
+### Mac OS ###
+.DS_Store
diff --git a/sentinel-extension/sentinel-datasource-xds/README.md b/sentinel-extension/sentinel-datasource-xds/README.md
@@ -0,0 +1,60 @@
+# Sentinel DataSource xds
+
+Sentinel DataSource xds provides integration with xds.
+
+This data now only provides access to zero-trust underlying data (certificates and authentication rules).
+
+The module requires JDK 1.8 or later.
+
+> **NOTE**: Currently we do only support xds for istio 15 and 16 versions
+
+## Usage
+
+To use Sentinel DataSource xds, you should add the following dependency:
+
+```xml
+
+<dependency>
+    <groupId>com.alibaba.csp</groupId>
+    <artifactId>sentinel-datasource-xds</artifactId>
+    <version>x.y.z</version>
+</dependency>
+
+```
+
+Then you can create an `RedisDataSource` and register the TrustManager.
+For instance:
+
+```java
+Converter<XdsProperty, CertPair> parser=source->source.getCertPairRepository().getInstance();
+        XdsConfigProperties xdsConfigProperties=TestUtil.createConfig();
+        XdsDataSource<CertPair> xdsDataSource=new XdsDataSource<>(xdsConfigProperties,parser);
+        xdsDataSource.registerTrustManager(TrustManager.getInstance());
+```
+
+- `xdsConfigProperties`: use `XdsConfigProperties` class to build your xds config
+- `parser`: The parser doesn't really work because the XdsDataSource relies on a registration to pass data
+
+You can also create multi data sources to subscribe for different rule type.
+
+## How to build XdsConfigProperties
+
+### Build default XdsConfigProperties
+
+```java
+XdsConfigProperties config=XdsConfigProperties.getXdsDefaultXdsProperties();
+
+```
+
+### Build XdsConfigProperties from env
+
+```java
+XdsConfigProperties config=XdsConfigProperties.getFromXdsPropertiesEnv();
+```
+
+### Build Custom XdsConfigProperties
+
+```java
+XdsConfigProperties config=new XdsConfigProperties();
+        config.setXXX(xxx);
+```
diff --git a/sentinel-extension/sentinel-datasource-xds/pom.xml b/sentinel-extension/sentinel-datasource-xds/pom.xml
@@ -0,0 +1,128 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xmlns="http://maven.apache.org/POM/4.0.0"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>sentinel-extension</artifactId>
+        <groupId>com.alibaba.csp</groupId>
+        <version>2.0.0-alpha2-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>sentinel-datasource-xds</artifactId>
+    <packaging>jar</packaging>
+
+    <properties>
+        <java.source.version>1.8</java.source.version>
+        <java.target.version>1.8</java.target.version>
+
+        <!-- Envoy Api Versions -->
+        <envoy-api.version>0.1.32</envoy-api.version>
+
+        <grpc.version>1.34.1</grpc.version>
+        <protobuf.version>3.14.0</protobuf.version>
+        <os-plugin.version>1.6.2</os-plugin.version>
+        <pb-plugin.version>0.6.1</pb-plugin.version>
+
+
+        <slf4j.version>1.7.30</slf4j.version>
+        <logback.version>1.2.3</logback.version>
+
+        <io.grpc.version>1.34.1</io.grpc.version>
+
+        <bouncycastle_version>1.70</bouncycastle_version>
+        <com.google.protobuf.version>3.14.0</com.google.protobuf.version>
+        <jose4j.version>0.8.0</jose4j.version>
+        <httpclient.version>4.5.13</httpclient.version>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>com.alibaba.csp</groupId>
+            <artifactId>sentinel-datasource-extension</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.alibaba.csp</groupId>
+            <artifactId>sentinel-security-core</artifactId>
+        </dependency>
+
+
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.awaitility</groupId>
+            <artifactId>awaitility</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.alibaba</groupId>
+            <artifactId>fastjson</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpclient</artifactId>
+            <version>${httpclient.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.bitbucket.b_c</groupId>
+            <artifactId>jose4j</artifactId>
+            <version>${jose4j.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.google.protobuf</groupId>
+            <artifactId>protobuf-java-util</artifactId>
+            <version>${com.google.protobuf.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>io.grpc</groupId>
+            <artifactId>grpc-protobuf</artifactId>
+            <version>${io.grpc.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>io.grpc</groupId>
+            <artifactId>grpc-stub</artifactId>
+            <version>${io.grpc.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>io.grpc</groupId>
+            <artifactId>grpc-netty-shaded</artifactId>
+            <version>${io.grpc.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>io.envoyproxy.controlplane</groupId>
+            <artifactId>api</artifactId>
+            <version>${envoy-api.version}</version>
+        </dependency>
+
+
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcpkix-jdk15on</artifactId>
+            <version>${bouncycastle_version}</version>
+        </dependency>
+
+
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+            <version>${slf4j.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+            <version>${logback.version}</version>
+        </dependency>
+
+
+    </dependencies>
+</project>
diff --git a/...l-datasource-xds/src/main/java/com/alibaba/csp/sentinel/datasource/xds/XdsDataSource.java b/...l-datasource-xds/src/main/java/com/alibaba/csp/sentinel/datasource/xds/XdsDataSource.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright 1999-2019 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alibaba.csp.sentinel.datasource.xds;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.atomic.AtomicBoolean;
+
+import com.alibaba.csp.sentinel.datasource.AbstractDataSource;
+import com.alibaba.csp.sentinel.datasource.xds.client.XdsClient;
+import com.alibaba.csp.sentinel.datasource.xds.client.filiter.XdsFilter;
+import com.alibaba.csp.sentinel.datasource.xds.client.filiter.lds.AuthLdsFilter;
+import com.alibaba.csp.sentinel.datasource.xds.client.filiter.lds.TlsModeLdsFilter;
+import com.alibaba.csp.sentinel.datasource.xds.config.XdsConfigProperties;
+import com.alibaba.csp.sentinel.datasource.xds.property.XdsProperty;
+import com.alibaba.csp.sentinel.log.RecordLog;
+import com.alibaba.csp.sentinel.trust.TrustManager;
+
+/**
+ * @author lwj
+ * @since 2.0.0
+ */
+public class XdsDataSource<Void> extends AbstractDataSource<XdsProperty, Void> {
+    private final AtomicBoolean running = new AtomicBoolean(false);
+    private final AtomicBoolean registerTrustManagerOnce = new AtomicBoolean(false);
+    private XdsProperty xdsProperty;
+    private XdsClient xdsClient;
+    private XdsConfigProperties xdsConfigProperties;
+    private List<XdsFilter> xdsFilterList = new ArrayList<>();
+
+    public XdsDataSource(XdsConfigProperties xdsConfigProperties) {
+        super(source -> null);
+        this.xdsProperty = new XdsProperty();
+        this.xdsConfigProperties = xdsConfigProperties;
+    }
+
+    public void start() {
+        if (running.compareAndSet(false, true)) {
+            xdsClient = new XdsClient(xdsConfigProperties, xdsFilterList, xdsProperty.getCertPairRepository());
+            xdsClient.start();
+        } else {
+            RecordLog.error("[XdsDataSource] XdsDataSource is running");
+        }
+    }
+
+    public void registerTrustManager(TrustManager trustManager) {
+        if (registerTrustManagerOnce.compareAndSet(false, true)) {
+            AuthLdsFilter authLdsFilter = new AuthLdsFilter(xdsProperty.getAuthRepository());
+            TlsModeLdsFilter tlsModeLdsFilter = new TlsModeLdsFilter(xdsProperty.getTlsModeRepository());
+            xdsFilterList.add(authLdsFilter);
+            xdsFilterList.add(tlsModeLdsFilter);
+            xdsProperty.getCertPairRepository().registryRepositoryUpdateCallback(
+                (cert) -> trustManager.storeCertPair(cert));
+            xdsProperty.getAuthRepository().registryRepositoryUpdateCallback((rules) -> trustManager.storeRules(rules));
+            xdsProperty.getTlsModeRepository().registryRepositoryUpdateCallback(
+                (tlsMode) -> trustManager.storeTlsMode(tlsMode));
+        } else {
+            RecordLog.error("[XdsDataSource] TrustManager has already registered");
+        }
+
+    }
+
+    @Override
+    public Void loadConfig() throws Exception {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public XdsProperty readSource() throws Exception {
+        return xdsProperty;
+    }
+
+    @Override
+    public void close() throws Exception {
+        if (running.compareAndSet(true, false)) {
+            xdsClient.close();
+        } else {
+            RecordLog.error("[XdsDataSource] XdsDataSource is not running");
+        }
+
+    }
+}