From afbb921e8bc08a09243882282449bc9010a663fb Mon Sep 17 00:00:00 2001 From: andrew shan <45474304+andrewshan@users.noreply.github.com> Date: Mon, 2 Sep 2024 11:48:10 +0800 Subject: [PATCH] feat: add blockallowlist rules & remove unused imports (#125) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: add ratelimit spec & remove temporary proto files * Update version to 1.5.3-SNAPSHOT * fix: change maxAmount to max_amount * feat: add lossless rule specification * feat: lossless支持lables过滤 * feat: restore circuitbreaker fallback & ratelimit add custom response * fix: add json_name * fix: customResponse to custom_response * feat: add go compile sources * feat: add extendInfo to FaultDetector * feat: add json name * feat: add blockallowlist rules & remove unused imports --- api/v1/security/block_allow_list.proto | 90 ++++++++++++++++++++++++++ api/v1/service_manage/request.proto | 3 +- api/v1/service_manage/response.proto | 5 ++ api/v1/traffic_manage/lossless.proto | 4 -- 4 files changed, 97 insertions(+), 5 deletions(-) create mode 100644 api/v1/security/block_allow_list.proto diff --git a/api/v1/security/block_allow_list.proto b/api/v1/security/block_allow_list.proto new file mode 100644 index 0000000..f21c50a --- /dev/null +++ b/api/v1/security/block_allow_list.proto @@ -0,0 +1,90 @@ +syntax = "proto3"; + +package v1; + +import "google/protobuf/wrappers.proto"; +import "model.proto"; + +option go_package = "github.com/polarismesh/specification/source/go/api/v1/security"; +option java_package = "com.tencent.polaris.specification.api.v1.security"; +option java_outer_classname = "BlockAllowListProto"; + +message BlockAllowListRule { + + // unique rule id + string id = 1 [ json_name = "id" ]; + + // unique rule name + string name = 2 [ json_name = "name" ]; + + // metadata for block allow list rules + map metadata = 3 [ json_name = "metadata" ]; + + // service namespace + string namespace = 4 [ json_name = "namespace" ]; + + // service name + string service = 5 [ json_name = "service" ]; + + // rule description + string description = 6 [ json_name = "description" ]; + + // rule priority + uint32 priority = 7 [ json_name = "priority" ]; + + // rule enable + bool enable = 8 [ json_name = "enable" ]; + + // ctime create time of the rules + string ctime = 9 [ json_name = "ctime" ]; + + // mtime modify time of the rules + string mtime = 10 [ json_name = "mtime" ]; + + // etime enable time of the rules + string etime = 11 [ json_name = "etime" ]; + + // block or allow configuration + repeated BlockAllowConfig blockAllowConfig = 12 [ json_name = "block_allow_config" ]; + +} + +message BlockAllowConfig { + // blocking target api + API api = 1 [ json_name = "api" ]; + + message MatchArgument { + // label type for gateway request + enum Type { + // custom arguments + CUSTOM = 0; + // header, match the http header, dubbo attachment, grpc header + HEADER = 1; + // query, match the http query, dubbo argument + QUERY = 2; + // caller service + CALLER_SERVICE = 3; + // caller host ip + CALLER_IP = 4; + // caller instance metadata + CALLER_METADATA = 5; + // caller instance metadata + CALLEE_METADATA = 6; + } + Type type = 1 [ json_name = "type" ]; + // header key or query key + string key = 2 [ json_name = "key" ]; + // header value or query value + MatchString value = 3 [ json_name = "value" ]; + } + // arguments to match this config + repeated MatchArgument arguments = 2 [ json_name = "arguments" ]; + + enum BlockAllowPolicy { + ALLOW_LIST = 0; + BLOCK_LIST = 1; + } + // block or allow as policy + BlockAllowPolicy blockAllowPolicy = 3 [ json_name = "block_allow_policy" ]; +} + diff --git a/api/v1/service_manage/request.proto b/api/v1/service_manage/request.proto index bc4bb3e..dc059df 100644 --- a/api/v1/service_manage/request.proto +++ b/api/v1/service_manage/request.proto @@ -3,7 +3,6 @@ syntax = "proto3"; package v1; import "service.proto"; -import "contract.proto"; option go_package = "github.com/polarismesh/specification/source/go/api/v1/service_manage"; option java_package = "com.tencent.polaris.specification.api.v1.service.manage"; @@ -33,6 +32,8 @@ message DiscoverRequest { NEARBY_ROUTE_RULE = 102; // 无损上下线规则 LOSSLESS = 103; + // 服务黑白名单规则 + BLOCK_ALLOW_RULE = 104; } DiscoverRequestType type = 1; diff --git a/api/v1/service_manage/response.proto b/api/v1/service_manage/response.proto index 66bf7df..70dc6be 100644 --- a/api/v1/service_manage/response.proto +++ b/api/v1/service_manage/response.proto @@ -17,6 +17,7 @@ import "auth.proto"; import "contract.proto"; import "lane.proto"; import "lossless.proto"; +import "block_allow_list.proto"; option go_package = "github.com/polarismesh/specification/source/go/api/v1/service_manage"; option java_package = "com.tencent.polaris.specification.api.v1.service.manage"; @@ -104,6 +105,8 @@ message DiscoverResponse { NEARBY_ROUTE_RULE = 102; // 无损上下线规则 LOSSLESS = 103; + // 服务黑白名单规则 + BLOCK_ALLOW_RULE = 104; } DiscoverResponseType type = 3; @@ -124,6 +127,8 @@ message DiscoverResponse { repeated RouteRule nearbyRouteRules = 24; // 无损上下线规则内容 repeated LosslessRule losslessRules = 25; + // 服务黑白名单鉴权规则 + repeated BlockAllowListRule blockAllowListRule = 26; } message OptionSwitch { map options = 1; } diff --git a/api/v1/traffic_manage/lossless.proto b/api/v1/traffic_manage/lossless.proto index 3b96d32..c885e5c 100644 --- a/api/v1/traffic_manage/lossless.proto +++ b/api/v1/traffic_manage/lossless.proto @@ -2,10 +2,6 @@ syntax = "proto3"; package v1; -import "google/protobuf/wrappers.proto"; -import "google/protobuf/duration.proto"; -import "model.proto"; - option go_package = "github.com/polarismesh/specification/source/go/api/v1/traffic_manage"; option java_package = "com.tencent.polaris.specification.api.v1.traffic.manage"; option java_outer_classname = "LosslessProto";