You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@linkis.apache.org by ca...@apache.org on 2023/03/22 07:04:34 UTC
[linkis] branch dev-1.3.2 updated: [feat-4348]change the default token to a random number (#4349)
This is an automated email from the ASF dual-hosted git repository.
casion pushed a commit to branch dev-1.3.2
in repository https://gitbox.apache.org/repos/asf/linkis.git
The following commit(s) were added to refs/heads/dev-1.3.2 by this push:
new 1bf673851 [feat-4348]change the default token to a random number (#4349)
1bf673851 is described below
commit 1bf673851b257d3e0a25360eda44251270533323
Author: aiceflower <ki...@gmail.com>
AuthorDate: Wed Mar 22 15:04:27 2023 +0800
[feat-4348]change the default token to a random number (#4349)
* Change the default token to a random number
* replace token to random
* update token
* update token
* update token
* update token
* update token
* fix build error
* update token
* update token
* update token
* update token
---------
Co-authored-by: aiceflower <ki...@sina.com>
---
.../application/operator/ujes/UJESClientFactory.java | 6 ++++--
.../cli/application/LinkisClientApplicationTest.java | 6 +++++-
.../linkis/computation/client/LinkisJobBuilder.scala | 8 +++++---
.../linkis/ujes/client/JobObserveActionTest.scala | 7 +++++--
linkis-dist/bin/install.sh | 17 +++++++++++++++++
linkis-dist/package/conf/linkis.properties | 13 ++++++++++++-
linkis-dist/package/db/linkis_dml.sql | 10 +++++-----
.../linkis/cs/client/utils/ContextClientConf.scala | 6 +++++-
.../linkis/cs/client/utils/ContextClientConfTest.java | 4 ----
.../linkis/gateway/authentication/dao/TokenDaoTest.java | 5 ++++-
.../authentication/service/CachedTokenServiceTest.java | 4 +++-
11 files changed, 65 insertions(+), 21 deletions(-)
diff --git a/linkis-computation-governance/linkis-client/linkis-cli/linkis-cli-application/src/main/java/org/apache/linkis/cli/application/operator/ujes/UJESClientFactory.java b/linkis-computation-governance/linkis-client/linkis-cli/linkis-cli-application/src/main/java/org/apache/linkis/cli/application/operator/ujes/UJESClientFactory.java
index 2767929e8..c234403c5 100644
--- a/linkis-computation-governance/linkis-client/linkis-cli/linkis-cli-application/src/main/java/org/apache/linkis/cli/application/operator/ujes/UJESClientFactory.java
+++ b/linkis-computation-governance/linkis-client/linkis-cli/linkis-cli-application/src/main/java/org/apache/linkis/cli/application/operator/ujes/UJESClientFactory.java
@@ -131,6 +131,8 @@ public class UJESClientFactory {
}
DWSClientConfigBuilder builder = DWSClientConfigBuilder.newBuilder();
+ String authKey = stdVarAccess.getVar(String.class, AppKeys.LINKIS_COMMON_TOKEN_KEY);
+ String authValue = stdVarAccess.getVar(String.class, AppKeys.LINKIS_COMMON_TOKEN_VALUE);
DWSClientConfig config =
((DWSClientConfigBuilder)
(builder
@@ -143,8 +145,8 @@ public class UJESClientFactory {
.retryEnabled(false)
.readTimeout(context.getReadTimeoutMills())
.setAuthenticationStrategy(authenticationStrategy)
- .setAuthTokenKey("BML-AUTH")
- .setAuthTokenValue("BML-AUTH")))
+ .setAuthTokenKey(authKey)
+ .setAuthTokenValue(authValue)))
.setDWSVersion(context.getDwsVersion())
.build();
diff --git a/linkis-computation-governance/linkis-client/linkis-cli/linkis-cli-application/src/test/java/org/apache/linkis/cli/application/LinkisClientApplicationTest.java b/linkis-computation-governance/linkis-client/linkis-cli/linkis-cli-application/src/test/java/org/apache/linkis/cli/application/LinkisClientApplicationTest.java
index 0af222666..bdacb4f09 100644
--- a/linkis-computation-governance/linkis-client/linkis-cli/linkis-cli-application/src/test/java/org/apache/linkis/cli/application/LinkisClientApplicationTest.java
+++ b/linkis-computation-governance/linkis-client/linkis-cli/linkis-cli-application/src/test/java/org/apache/linkis/cli/application/LinkisClientApplicationTest.java
@@ -17,6 +17,8 @@
package org.apache.linkis.cli.application;
+import org.apache.linkis.common.conf.CommonVars;
+
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
@@ -26,6 +28,8 @@ import org.slf4j.LoggerFactory;
public class LinkisClientApplicationTest {
private static final Logger logger = LoggerFactory.getLogger(LinkisClientApplicationTest.class);
+ String bmlToken = CommonVars.apply("wds.linkis.bml.auth.token.value", "BML-AUTH").getValue();
+
String[] cmdStr;
String[] cmdStr2;
@@ -58,7 +62,7 @@ public class LinkisClientApplicationTest {
"--authKey",
"Validation-Code",
"--authVal",
- "BML-AUTH",
+ bmlToken,
// "--help",
// "--kill", "8249",
// "--status", "379",
diff --git a/linkis-computation-governance/linkis-client/linkis-computation-client/src/main/scala/org/apache/linkis/computation/client/LinkisJobBuilder.scala b/linkis-computation-governance/linkis-client/linkis-computation-client/src/main/scala/org/apache/linkis/computation/client/LinkisJobBuilder.scala
index 3daba1941..9cc286355 100644
--- a/linkis-computation-governance/linkis-client/linkis-computation-client/src/main/scala/org/apache/linkis/computation/client/LinkisJobBuilder.scala
+++ b/linkis-computation-governance/linkis-client/linkis-computation-client/src/main/scala/org/apache/linkis/computation/client/LinkisJobBuilder.scala
@@ -17,7 +17,7 @@
package org.apache.linkis.computation.client
-import org.apache.linkis.common.conf.Configuration
+import org.apache.linkis.common.conf.{CommonVars, Configuration}
import org.apache.linkis.common.exception.LinkisRetryException
import org.apache.linkis.common.utils.{RetryHandler, Utils}
import org.apache.linkis.httpclient.dws.authentication.TokenAuthenticationStrategy
@@ -174,8 +174,10 @@ object LinkisJobBuilder {
private var threadPool: ScheduledThreadPoolExecutor = Utils.defaultScheduler
private var serverUrl: String = _
- private var authTokenValue: String =
- "LINKIS_CLI_TEST" // This is the default authToken, we usually suggest set different ones for users.
+ private var authTokenValue: String = CommonVars[String](
+ "wds.linkis.client.test.common.tokenValue",
+ "LINKIS_CLI_TEST"
+ ).getValue // This is the default authToken, we usually suggest set different ones for users.
def setDefaultClientConfig(clientConfig: DWSClientConfig): Unit = this.clientConfig = clientConfig
diff --git a/linkis-computation-governance/linkis-client/linkis-computation-client/src/test/java/org/apache/linkis/ujes/client/JobObserveActionTest.scala b/linkis-computation-governance/linkis-client/linkis-computation-client/src/test/java/org/apache/linkis/ujes/client/JobObserveActionTest.scala
index 683b9b47b..b55f42159 100644
--- a/linkis-computation-governance/linkis-client/linkis-computation-client/src/test/java/org/apache/linkis/ujes/client/JobObserveActionTest.scala
+++ b/linkis-computation-governance/linkis-client/linkis-computation-client/src/test/java/org/apache/linkis/ujes/client/JobObserveActionTest.scala
@@ -18,6 +18,7 @@
package org.apache.linkis.ujes.client
import org.apache.commons.io.IOUtils
+import org.apache.linkis.common.conf.CommonVars
import org.apache.linkis.httpclient.dws.authentication.{StaticAuthenticationStrategy, TokenAuthenticationStrategy}
import org.apache.linkis.httpclient.dws.config.{DWSClientConfig, DWSClientConfigBuilder}
import org.apache.linkis.ujes.client.request.{EmsListAction, JobExecuteAction, JobObserveAction, ResultSetAction}
@@ -28,6 +29,8 @@ import java.util.concurrent.TimeUnit
@Deprecated
object JobObserveActionTest extends App {
+ val bmlToken = CommonVars("wds.linkis.bml.auth.token.value", "BML-AUTH").getValue
+
val clientConfig = DWSClientConfigBuilder.newBuilder()
.addServerUrl("127.0.0.1:9001") // Change to test gateway address
.connectionTimeout(30000)
@@ -38,8 +41,8 @@ object JobObserveActionTest extends App {
.retryEnabled(false)
.readTimeout(30000)
.setAuthenticationStrategy(new TokenAuthenticationStrategy())
- .setAuthTokenKey("BML-AUTH")
- .setAuthTokenValue("BML-AUTH")
+ .setAuthTokenKey("Validation-Code")
+ .setAuthTokenValue(bmlToken)
.setDWSVersion("v1")
.build()
val client = new UJESClientImpl(clientConfig)
diff --git a/linkis-dist/bin/install.sh b/linkis-dist/bin/install.sh
index 934d1d0a7..4a2479137 100644
--- a/linkis-dist/bin/install.sh
+++ b/linkis-dist/bin/install.sh
@@ -106,6 +106,16 @@ cp ${LINKIS_DB_CONFIG_PATH} $LINKIS_HOME/conf
common_conf=$LINKIS_HOME/conf/linkis.properties
+RANDOM_BML_TOKEN="BML-`cat /proc/sys/kernel/random/uuid | awk -F- '{print $1$2$3$4$5}'`"
+RANDOM_LINKIS_CLI_TEST_TOKEN="LINKIS_CLI-`cat /proc/sys/kernel/random/uuid | awk -F- '{print $1$2$3$4$5}'`"
+RANDOM_WS_TOKEN="WS-`cat /proc/sys/kernel/random/uuid | awk -F- '{print $1$2$3$4$5}'`"
+RANDOM_DSM_TOKEN="DSM-`cat /proc/sys/kernel/random/uuid | awk -F- '{print $1$2$3$4$5}'`"
+sed -i ${txt} "s#BML-AUTH#$RANDOM_BML_TOKEN#g" $LINKIS_HOME/conf/linkis-cli/linkis-cli.properties
+sed -i ${txt} "s#BML-AUTH#$RANDOM_BML_TOKEN#g" $common_conf
+sed -i ${txt} "s#LINKIS_CLI_TEST#$RANDOM_LINKIS_CLI_TEST_TOKEN#g" $common_conf
+sed -i ${txt} "s#WS-AUTH#$RANDOM_WS_TOKEN#g" $common_conf
+sed -i ${txt} "s#DSM-AUTH#$RANDOM_DSM_TOKEN#g" $common_conf
+
echo "======= Step 3: Create necessary directory =========="
echo "[WORKSPACE_USER_ROOT_PATH] try to create directory"
@@ -184,6 +194,13 @@ echo "[RESULT_SET_ROOT_PATH] try to create directory"
echo "======= Step 4: Create linkis table =========="
## sql init
+# replace token
+sed -i ${txt} "s#BML-AUTH#$RANDOM_BML_TOKEN#g" $LINKIS_HOME/db/linkis_dml.sql
+sed -i ${txt} "s#LINKIS_CLI_TEST#$RANDOM_LINKIS_CLI_TEST_TOKEN#g" $LINKIS_HOME/db/linkis_dml.sql
+sed -i ${txt} "s#WS-AUTH#$RANDOM_WS_TOKEN#g" $LINKIS_HOME/db/linkis_dml.sql
+sed -i ${txt} "s#DSM-AUTH#$RANDOM_DSM_TOKEN#g" $LINKIS_HOME/db/linkis_dml.sql
+
+
if [ "$YARN_RESTFUL_URL" != "" ]
then
sed -i ${txt} "s#@YARN_RESTFUL_URL#$YARN_RESTFUL_URL#g" $LINKIS_HOME/db/linkis_dml.sql
diff --git a/linkis-dist/package/conf/linkis.properties b/linkis-dist/package/conf/linkis.properties
index 66ed15cba..5448aa9b4 100644
--- a/linkis-dist/package/conf/linkis.properties
+++ b/linkis-dist/package/conf/linkis.properties
@@ -89,4 +89,15 @@ linkis.session.redis.password=test123
# redis sso switch
linkis.session.redis.cache.enabled=false
wds.linkis.workspace.filesystem.owner.check=true
-wds.linkis.workspace.filesystem.path.check=true
\ No newline at end of file
+wds.linkis.workspace.filesystem.path.check=true
+
+#linkis token
+linkis.configuration.linkisclient.auth.token.value=BML-AUTH
+wds.linkis.client.common.tokenValue=BML-AUTH
+wds.linkis.bml.auth.token.value=BML-AUTH
+wds.linkis.context.client.auth.value=BML-AUTH
+wds.linkis.errorcode.auth.token=BML-AUTH
+wds.linkis.client.test.common.tokenValue=LINKIS_CLI_TEST
+wds.linkis.filesystem.token.value=WS-AUTH
+wds.linkis.gateway.access.token=WS-AUTH
+wds.linkis.server.dsm.auth.token.value=DSM-AUTH
\ No newline at end of file
diff --git a/linkis-dist/package/db/linkis_dml.sql b/linkis-dist/package/db/linkis_dml.sql
index facbf3260..c0738d10f 100644
--- a/linkis-dist/package/db/linkis_dml.sql
+++ b/linkis-dist/package/db/linkis_dml.sql
@@ -528,13 +528,13 @@ INSERT INTO linkis_ps_error_code (error_code,error_desc,error_regex,error_type)
-- ----------------------------
-- Default Tokens
-- ----------------------------
-INSERT INTO `linkis_mg_gateway_auth_token`(`token_name`,`legal_users`,`legal_hosts`,`business_owner`,`create_time`,`update_time`,`elapse_day`,`update_by`) VALUES ('QML-AUTH','*','*','BDP',curdate(),curdate(),-1,'LINKIS');
+INSERT INTO `linkis_mg_gateway_auth_token`(`token_name`,`legal_users`,`legal_hosts`,`business_owner`,`create_time`,`update_time`,`elapse_day`,`update_by`) VALUES (concat('QML-', MD5(RAND())),'*','*','BDP',curdate(),curdate(),-1,'LINKIS');
INSERT INTO `linkis_mg_gateway_auth_token`(`token_name`,`legal_users`,`legal_hosts`,`business_owner`,`create_time`,`update_time`,`elapse_day`,`update_by`) VALUES ('BML-AUTH','*','*','BDP',curdate(),curdate(),-1,'LINKIS');
INSERT INTO `linkis_mg_gateway_auth_token`(`token_name`,`legal_users`,`legal_hosts`,`business_owner`,`create_time`,`update_time`,`elapse_day`,`update_by`) VALUES ('WS-AUTH','*','*','BDP',curdate(),curdate(),-1,'LINKIS');
-INSERT INTO `linkis_mg_gateway_auth_token`(`token_name`,`legal_users`,`legal_hosts`,`business_owner`,`create_time`,`update_time`,`elapse_day`,`update_by`) VALUES ('dss-AUTH','*','*','BDP',curdate(),curdate(),-1,'LINKIS');
-INSERT INTO `linkis_mg_gateway_auth_token`(`token_name`,`legal_users`,`legal_hosts`,`business_owner`,`create_time`,`update_time`,`elapse_day`,`update_by`) VALUES ('QUALITIS-AUTH','*','*','BDP',curdate(),curdate(),-1,'LINKIS');
-INSERT INTO `linkis_mg_gateway_auth_token`(`token_name`,`legal_users`,`legal_hosts`,`business_owner`,`create_time`,`update_time`,`elapse_day`,`update_by`) VALUES ('VALIDATOR-AUTH','*','*','BDP',curdate(),curdate(),-1,'LINKIS');
-INSERT INTO `linkis_mg_gateway_auth_token`(`token_name`,`legal_users`,`legal_hosts`,`business_owner`,`create_time`,`update_time`,`elapse_day`,`update_by`) VALUES ('LINKISCLI-AUTH','*','*','BDP',curdate(),curdate(),-1,'LINKIS');
+INSERT INTO `linkis_mg_gateway_auth_token`(`token_name`,`legal_users`,`legal_hosts`,`business_owner`,`create_time`,`update_time`,`elapse_day`,`update_by`) VALUES (concat('DSS-', MD5(RAND())),'*','*','BDP',curdate(),curdate(),-1,'LINKIS');
+INSERT INTO `linkis_mg_gateway_auth_token`(`token_name`,`legal_users`,`legal_hosts`,`business_owner`,`create_time`,`update_time`,`elapse_day`,`update_by`) VALUES (concat('QUALITIS-', MD5(RAND())),'*','*','BDP',curdate(),curdate(),-1,'LINKIS');
+INSERT INTO `linkis_mg_gateway_auth_token`(`token_name`,`legal_users`,`legal_hosts`,`business_owner`,`create_time`,`update_time`,`elapse_day`,`update_by`) VALUES (concat('VALIDATOR-', MD5(RAND())),'*','*','BDP',curdate(),curdate(),-1,'LINKIS');
+INSERT INTO `linkis_mg_gateway_auth_token`(`token_name`,`legal_users`,`legal_hosts`,`business_owner`,`create_time`,`update_time`,`elapse_day`,`update_by`) VALUES (concat('LINKISCLI-', MD5(RAND())),'*','*','BDP',curdate(),curdate(),-1,'LINKIS');
INSERT INTO `linkis_mg_gateway_auth_token`(`token_name`,`legal_users`,`legal_hosts`,`business_owner`,`create_time`,`update_time`,`elapse_day`,`update_by`) VALUES ('DSM-AUTH','*','*','BDP',curdate(),curdate(),-1,'LINKIS');
INSERT INTO `linkis_mg_gateway_auth_token`(`token_name`,`legal_users`,`legal_hosts`,`business_owner`,`create_time`,`update_time`,`elapse_day`,`update_by`) VALUES ('LINKIS_CLI_TEST','*','*','BDP',curdate(),curdate(),-1,'LINKIS');
diff --git a/linkis-public-enhancements/linkis-context-service/linkis-cs-client/src/main/scala/org/apache/linkis/cs/client/utils/ContextClientConf.scala b/linkis-public-enhancements/linkis-context-service/linkis-cs-client/src/main/scala/org/apache/linkis/cs/client/utils/ContextClientConf.scala
index e8de9dce4..c472a1add 100644
--- a/linkis-public-enhancements/linkis-context-service/linkis-cs-client/src/main/scala/org/apache/linkis/cs/client/utils/ContextClientConf.scala
+++ b/linkis-public-enhancements/linkis-context-service/linkis-cs-client/src/main/scala/org/apache/linkis/cs/client/utils/ContextClientConf.scala
@@ -28,7 +28,11 @@ object ContextClientConf {
CommonVars[String]("wds.linkis.context.client.auth.value", "BML-AUTH")
val URL_PREFIX: CommonVars[String] =
- CommonVars[String]("wds.linkis.cs.url.prefix", "/api/rest_j/v1/contextservice", "cs服务的url前缀")
+ CommonVars[String](
+ "wds.linkis.cs.url.prefix",
+ "/api/rest_j/v1/contextservice",
+ "The url prefix of the cs service."
+ )
val HEART_BEAT_ENABLED: CommonVars[String] =
CommonVars[String]("wds.linkis.cs.heartbeat.enabled", "true")
diff --git a/linkis-public-enhancements/linkis-context-service/linkis-cs-client/src/test/java/org/apache/linkis/cs/client/utils/ContextClientConfTest.java b/linkis-public-enhancements/linkis-context-service/linkis-cs-client/src/test/java/org/apache/linkis/cs/client/utils/ContextClientConfTest.java
index 951cab617..2c1bd3be9 100644
--- a/linkis-public-enhancements/linkis-context-service/linkis-cs-client/src/test/java/org/apache/linkis/cs/client/utils/ContextClientConfTest.java
+++ b/linkis-public-enhancements/linkis-context-service/linkis-cs-client/src/test/java/org/apache/linkis/cs/client/utils/ContextClientConfTest.java
@@ -27,13 +27,9 @@ public class ContextClientConfTest {
@DisplayName("constTest")
public void constTest() {
- String contextClientAuthKey = ContextClientConf.CONTEXT_CLIENT_AUTH_KEY().getValue();
- String contextClientAuthValue = ContextClientConf.CONTEXT_CLIENT_AUTH_VALUE().getValue();
String urlPrefix = ContextClientConf.URL_PREFIX().getValue();
String hearBeatEnabled = ContextClientConf.HEART_BEAT_ENABLED().getValue();
- Assertions.assertEquals("Token-Code", contextClientAuthKey);
- Assertions.assertEquals("BML-AUTH", contextClientAuthValue);
Assertions.assertEquals("/api/rest_j/v1/contextservice", urlPrefix);
Assertions.assertEquals("true", hearBeatEnabled);
}
diff --git a/linkis-spring-cloud-services/linkis-service-gateway/linkis-gateway-authentication/src/test/java/org/apache/linkis/gateway/authentication/dao/TokenDaoTest.java b/linkis-spring-cloud-services/linkis-service-gateway/linkis-gateway-authentication/src/test/java/org/apache/linkis/gateway/authentication/dao/TokenDaoTest.java
index c2f9eed53..2c9523023 100644
--- a/linkis-spring-cloud-services/linkis-service-gateway/linkis-gateway-authentication/src/test/java/org/apache/linkis/gateway/authentication/dao/TokenDaoTest.java
+++ b/linkis-spring-cloud-services/linkis-service-gateway/linkis-gateway-authentication/src/test/java/org/apache/linkis/gateway/authentication/dao/TokenDaoTest.java
@@ -17,6 +17,7 @@
package org.apache.linkis.gateway.authentication.dao;
+import org.apache.linkis.common.conf.CommonVars;
import org.apache.linkis.gateway.authentication.entity.TokenEntity;
import org.springframework.beans.factory.annotation.Autowired;
@@ -33,7 +34,9 @@ class TokenDaoTest extends BaseDaoTest {
private static final Logger logger = LoggerFactory.getLogger(BaseDaoTest.class);
- private static String TokenName = "BML-AUTH";
+ private static String TokenName =
+ CommonVars.apply("wds.linkis.bml.auth.token.value", "BML-AUTH").getValue();
+
@Autowired TokenDao tokenDao;
@Test
diff --git a/linkis-spring-cloud-services/linkis-service-gateway/linkis-gateway-authentication/src/test/java/org/apache/linkis/gateway/authentication/service/CachedTokenServiceTest.java b/linkis-spring-cloud-services/linkis-service-gateway/linkis-gateway-authentication/src/test/java/org/apache/linkis/gateway/authentication/service/CachedTokenServiceTest.java
index 0412197a0..6f111352e 100644
--- a/linkis-spring-cloud-services/linkis-service-gateway/linkis-gateway-authentication/src/test/java/org/apache/linkis/gateway/authentication/service/CachedTokenServiceTest.java
+++ b/linkis-spring-cloud-services/linkis-service-gateway/linkis-gateway-authentication/src/test/java/org/apache/linkis/gateway/authentication/service/CachedTokenServiceTest.java
@@ -17,6 +17,7 @@
package org.apache.linkis.gateway.authentication.service;
+import org.apache.linkis.common.conf.CommonVars;
import org.apache.linkis.gateway.authentication.Scan;
import org.apache.linkis.gateway.authentication.WebApplicationServer;
import org.apache.linkis.gateway.authentication.exception.TokenAuthException;
@@ -37,7 +38,8 @@ import static org.junit.jupiter.api.Assertions.*;
public class CachedTokenServiceTest {
private static final Logger logger = LoggerFactory.getLogger(CachedTokenServiceTest.class);
- private static String TokenName = "BML-AUTH";
+ private static String TokenName =
+ CommonVars.apply("wds.linkis.bml.auth.token.value", "BML-AUTH").getValue();
@Autowired CachedTokenService tokenService;
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@linkis.apache.org
For additional commands, e-mail: commits-help@linkis.apache.org