You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@rocketmq.apache.org by sh...@apache.org on 2023/03/22 07:44:24 UTC
[rocketmq-eventbridge] branch main updated: Update secret value (#61)
This is an automated email from the ASF dual-hosted git repository.
shenlin pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/rocketmq-eventbridge.git
The following commit(s) were added to refs/heads/main by this push:
new 06cadd7 Update secret value (#61)
06cadd7 is described below
commit 06cadd7588dd47e30ecad630fa854053aa838ae8
Author: zhaohai <33...@users.noreply.github.com>
AuthorDate: Wed Mar 22 15:44:19 2023 +0800
Update secret value (#61)
add private network param check
---
.../mybatis/mapper/EventConnectionMapper.java | 4 +-
.../repository/MybatisConnectRepository.java | 6 +-
.../resources/mybatis/EventConnectionMapper.xml | 15 ++-
.../domain/model/connection/ConnectionService.java | 132 +++++++++++++++------
.../domain/repository/ConnectionRepository.java | 4 +-
5 files changed, 114 insertions(+), 47 deletions(-)
diff --git a/adapter/persistence/src/main/java/org/apache/rocketmq/eventbridge/adapter/persistence/connect/mybatis/mapper/EventConnectionMapper.java b/adapter/persistence/src/main/java/org/apache/rocketmq/eventbridge/adapter/persistence/connect/mybatis/mapper/EventConnectionMapper.java
index f784ee1..19a2064 100644
--- a/adapter/persistence/src/main/java/org/apache/rocketmq/eventbridge/adapter/persistence/connect/mybatis/mapper/EventConnectionMapper.java
+++ b/adapter/persistence/src/main/java/org/apache/rocketmq/eventbridge/adapter/persistence/connect/mybatis/mapper/EventConnectionMapper.java
@@ -58,7 +58,7 @@ public interface EventConnectionMapper {
*/
ConnectionDO selectByPrimaryKey(Integer id);
- ConnectionDO selectByName(String name);
+ ConnectionDO selectByNameAccountId(@Param("name") String name, @Param("accountId") String accountId);
/**
* List connection by page.
@@ -70,7 +70,7 @@ public interface EventConnectionMapper {
* @return
*/
List<ConnectionDO> listConnections(@Param("accountId") String accountId, @Param("name") String name,
- @Param("nextToken") int nextToken, @Param("maxResults") int maxResults);
+ @Param("nextToken") int nextToken, @Param("maxResults") int maxResults);
/**
* This method was generated by MyBatis Generator. This method corresponds to the database table event_connection
diff --git a/adapter/persistence/src/main/java/org/apache/rocketmq/eventbridge/adapter/persistence/connect/mybatis/repository/MybatisConnectRepository.java b/adapter/persistence/src/main/java/org/apache/rocketmq/eventbridge/adapter/persistence/connect/mybatis/repository/MybatisConnectRepository.java
index f7137e2..1a8e12b 100644
--- a/adapter/persistence/src/main/java/org/apache/rocketmq/eventbridge/adapter/persistence/connect/mybatis/repository/MybatisConnectRepository.java
+++ b/adapter/persistence/src/main/java/org/apache/rocketmq/eventbridge/adapter/persistence/connect/mybatis/repository/MybatisConnectRepository.java
@@ -65,7 +65,7 @@ public class MybatisConnectRepository implements ConnectionRepository {
@Override
public List<ConnectionDTO> listConnections(String accountId, String connectionName, String nextToken,
- int maxResults) {
+ int maxResults) {
List<ConnectionDO> connectionDOS = eventConnectionMapper.listConnections(accountId, connectionName, Integer.parseInt(nextToken), maxResults);
return ConnectConverter.doListConvertDtoList(connectionDOS);
}
@@ -82,7 +82,7 @@ public class MybatisConnectRepository implements ConnectionRepository {
}
@Override
- public ConnectionDTO getConnectionByName(String name) {
- return ConnectConverter.doConvertDto(eventConnectionMapper.selectByName(name));
+ public ConnectionDTO getConnectionByNameAccountId(String name, String accountId) {
+ return ConnectConverter.doConvertDto(eventConnectionMapper.selectByNameAccountId(name, accountId));
}
}
diff --git a/adapter/persistence/src/main/resources/mybatis/EventConnectionMapper.xml b/adapter/persistence/src/main/resources/mybatis/EventConnectionMapper.xml
index 394ffe9..604a065 100644
--- a/adapter/persistence/src/main/resources/mybatis/EventConnectionMapper.xml
+++ b/adapter/persistence/src/main/resources/mybatis/EventConnectionMapper.xml
@@ -63,17 +63,20 @@
from event_connection
where id = #{id,jdbcType=INTEGER}
</select>
- <select id="selectByName" resultMap="ResultMapWithBLOBs" parameterType="java.lang.String">
- <!--
- WARNING - @mbggenerated
- This element is automatically generated by MyBatis Generator, do not modify.
- -->
+ <select id="selectByNameAccountId" resultMap="ResultMapWithBLOBs" parameterType="java.util.Map">
select
<include refid="Base_Column_List"/>
,
<include refid="Blob_Column_List"/>
from event_connection
- where name = #{name,jdbcType=VARCHAR}
+ <where>
+ <if test="accountId != null and accountId != ''">
+ account_id = #{accountId}
+ </if>
+ <if test="name != null and name != ''">
+ and name = #{name}
+ </if>
+ </where>
</select>
<select id="listConnections" resultMap="ResultMapWithBLOBs" parameterType="java.util.Map">
select
diff --git a/domain/src/main/java/org/apache/rocketmq/eventbridge/domain/model/connection/ConnectionService.java b/domain/src/main/java/org/apache/rocketmq/eventbridge/domain/model/connection/ConnectionService.java
index d0ebad5..369694c 100644
--- a/domain/src/main/java/org/apache/rocketmq/eventbridge/domain/model/connection/ConnectionService.java
+++ b/domain/src/main/java/org/apache/rocketmq/eventbridge/domain/model/connection/ConnectionService.java
@@ -18,7 +18,9 @@
package org.apache.rocketmq.eventbridge.domain.model.connection;
import com.google.gson.Gson;
+
import java.util.List;
+
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.apache.rocketmq.eventbridge.domain.common.EventBridgeConstants;
@@ -56,8 +58,8 @@ public class ConnectionService extends AbstractResourceService {
protected ApiDestinationRepository apiDestinationRepository;
public ConnectionService(ConnectionRepository connectionRepository,
- SecretManagerAPI secretManagerAPI, NetworkServiceAPI networkServiceAPI,
- ApiDestinationRepository apiDestinationRepository) {
+ SecretManagerAPI secretManagerAPI, NetworkServiceAPI networkServiceAPI,
+ ApiDestinationRepository apiDestinationRepository) {
this.connectionRepository = connectionRepository;
this.secretManagerAPI = secretManagerAPI;
this.networkServiceAPI = networkServiceAPI;
@@ -96,6 +98,14 @@ public class ConnectionService extends AbstractResourceService {
}
}
+ private void updateCheckAuthParameters(AuthParameters authParameters) {
+ if (authParameters != null) {
+ updateCheckBasicAuthParameters(authParameters);
+ updateCheckApiKeyAuthParameters(authParameters);
+ checkOAuthParameters(authParameters);
+ }
+ }
+
private void checkOAuthParameters(AuthParameters authParameters) {
OAuthParameters oauthParameters = authParameters.getOauthParameters();
if (AuthorizationTypeEnum.OAUTH_AUTH.getType().equals(authParameters.getAuthorizationType()) && oauthParameters == null) {
@@ -144,6 +154,24 @@ public class ConnectionService extends AbstractResourceService {
}
}
+ private void updateCheckApiKeyAuthParameters(AuthParameters authParameters) {
+ ApiKeyAuthParameters apiKeyAuthParameters = authParameters.getApiKeyAuthParameters();
+ if (apiKeyAuthParameters != null && AuthorizationTypeEnum.API_KEY_AUTH.getType().equals(authParameters.getAuthorizationType())) {
+ String apiKeyName = apiKeyAuthParameters.getApiKeyName();
+ String apiKeyValue = apiKeyAuthParameters.getApiKeyValue();
+ if (StringUtils.isNotBlank(apiKeyName)
+ && (apiKeyName.length() > EventBridgeConstants.MAX_LENGTH_CONSTANT
+ || apiKeyName.length() < EventBridgeConstants.MIN_LENGTH_CONSTANT)) {
+ throw new EventBridgeException(EventBridgeErrorCode.ApiKeyNameLengthExceed);
+ }
+ if (StringUtils.isNotBlank(apiKeyValue)
+ && (apiKeyValue.length() > EventBridgeConstants.MAX_LENGTH_CONSTANT
+ || apiKeyValue.length() < EventBridgeConstants.MIN_LENGTH_CONSTANT)) {
+ throw new EventBridgeException(EventBridgeErrorCode.ApiKeyValueLengthExceed);
+ }
+ }
+ }
+
private void checkBasicAuthParameters(AuthParameters authParameters) {
BasicAuthParameters basicAuthParameters = authParameters.getBasicAuthParameters();
if (AuthorizationTypeEnum.BASIC_AUTH.getType().equals(authParameters.getAuthorizationType()) && basicAuthParameters == null) {
@@ -164,6 +192,24 @@ public class ConnectionService extends AbstractResourceService {
}
}
+ private void updateCheckBasicAuthParameters(AuthParameters authParameters) {
+ BasicAuthParameters basicAuthParameters = authParameters.getBasicAuthParameters();
+ if (AuthorizationTypeEnum.BASIC_AUTH.getType().equals(authParameters.getAuthorizationType()) && basicAuthParameters != null) {
+ String username = basicAuthParameters.getUsername();
+ String password = basicAuthParameters.getPassword();
+ if (StringUtils.isNotBlank(username) &&
+ (username.length() > EventBridgeConstants.MAX_LENGTH_CONSTANT
+ || username.length() < EventBridgeConstants.MIN_LENGTH_CONSTANT)) {
+ throw new EventBridgeException(EventBridgeErrorCode.BasicUserNameLengthExceed);
+ }
+ if (StringUtils.isNotBlank(password)
+ && (password.length() > EventBridgeConstants.MAX_LENGTH_CONSTANT
+ || password.length() < EventBridgeConstants.MIN_LENGTH_CONSTANT)) {
+ throw new EventBridgeException(EventBridgeErrorCode.BasicPassWordLengthExceed);
+ }
+ }
+ }
+
@Transactional(rollbackFor = Exception.class, propagation = Propagation.REQUIRED)
public void deleteConnection(String accountId, String connectionName) {
if (CollectionUtils.isEmpty(checkConnection(accountId, connectionName))) {
@@ -189,21 +235,25 @@ public class ConnectionService extends AbstractResourceService {
throw new EventBridgeException(EventBridgeErrorCode.ConnectionNotExist, connectionDTO.getConnectionName());
}
checkNetworkType(connectionDTO.getNetworkParameters());
+ ConnectionDTO oldConnection = connectionRepository.getConnectionByNameAccountId(connectionDTO.getConnectionName(), accountId);
+ if (connectionDTO.getAuthParameters() == null
+ && oldConnection.getAuthParameters() != null
+ && StringUtils.isNotBlank(oldConnection.getAuthParameters().getAuthorizationType())) {
+ secretManagerAPI.deleteSecretName(secretManagerAPI.getSecretName(accountId, oldConnection.getConnectionName()));
+ }
if (connectionDTO.getAuthParameters() != null) {
- checkAuthParameters(connectionDTO.getAuthParameters());
- connectionDTO.setAuthParameters(updateSecretData(connectionDTO.getAuthParameters(), accountId, connectionDTO.getConnectionName(), connectionDTO.getConnectionName()));
+ updateCheckAuthParameters(connectionDTO.getAuthParameters());
+ connectionDTO.setAuthParameters(updateSecretData(connectionDTO.getAuthParameters(), accountId, connectionDTO.getConnectionName(), oldConnection));
}
- List<ConnectionDTO> connection = getConnection(connectionDTO.getAccountId(), connectionDTO.getConnectionName());
- if (!CollectionUtils.isEmpty(connection)) {
- ConnectionDTO dto = connection.get(0);
- if (NetworkTypeEnum.PRIVATE_NETWORK.getNetworkType().equals(dto.getNetworkParameters().getNetworkType())) {
- networkServiceAPI.deletePrivateNetwork(connectionDTO.getAccountId(), Integer.toString(dto.getId()));
- }
- if (NetworkTypeEnum.PRIVATE_NETWORK.getNetworkType().equals(connectionDTO.getNetworkParameters().getNetworkType())) {
- NetworkParameters networkParameters = connectionDTO.getNetworkParameters();
- networkServiceAPI.createPrivateNetwork(connectionDTO.getAccountId(), Integer.toString(dto.getId()), networkParameters.getVpcId(), networkParameters.getVswitcheId(), networkParameters.getSecurityGroupId());
- }
+
+ if (NetworkTypeEnum.PRIVATE_NETWORK.getNetworkType().equals(oldConnection.getNetworkParameters().getNetworkType())) {
+ networkServiceAPI.deletePrivateNetwork(connectionDTO.getAccountId(), Integer.toString(oldConnection.getId()));
}
+ if (NetworkTypeEnum.PRIVATE_NETWORK.getNetworkType().equals(connectionDTO.getNetworkParameters().getNetworkType())) {
+ NetworkParameters networkParameters = connectionDTO.getNetworkParameters();
+ networkServiceAPI.createPrivateNetwork(connectionDTO.getAccountId(), Integer.toString(oldConnection.getId()), networkParameters.getVpcId(), networkParameters.getVswitcheId(), networkParameters.getSecurityGroupId());
+ }
+
connectionRepository.updateConnection(connectionDTO);
}
@@ -263,57 +313,71 @@ public class ConnectionService extends AbstractResourceService {
}
}
- private AuthParameters updateSecretData(AuthParameters authParameters, String accountId, String connectionName, String name) {
- ConnectionDTO connection = connectionRepository.getConnectionByName(name);
+ private AuthParameters updateSecretData(AuthParameters authParameters, String accountId, String connectionName, ConnectionDTO oldConnection) {
if (authParameters == null) {
return null;
}
final BasicAuthParameters basicAuthParameters = authParameters.getBasicAuthParameters();
- final ApiKeyAuthParameters apiKeyAuthParameters = authParameters.getApiKeyAuthParameters();
- final OAuthParameters oauthParameters = authParameters.getOauthParameters();
if (basicAuthParameters != null) {
String secretName = null;
- if (connection.getAuthParameters() != null && connection.getAuthParameters().getBasicAuthParameters() != null) {
- BasicAuthParameters oldBasicAuthParameters = connection.getAuthParameters().getBasicAuthParameters();
- secretName = secretManagerAPI.updateSecretValue(oldBasicAuthParameters.getPassword(), accountId, connectionName, basicAuthParameters.getUsername(), basicAuthParameters.getPassword());
+ if (oldConnection.getAuthParameters() != null
+ && oldConnection.getAuthParameters().getBasicAuthParameters() != null) {
+ if (StringUtils.isBlank(basicAuthParameters.getUsername())
+ || StringUtils.isBlank(basicAuthParameters.getPassword())) {
+ secretName = oldConnection.getAuthParameters().getBasicAuthParameters().getPassword();
+ } else {
+ BasicAuthParameters oldBasicAuthParameters = oldConnection.getAuthParameters().getBasicAuthParameters();
+ secretName = secretManagerAPI.updateSecretValue(oldBasicAuthParameters.getPassword(), accountId, connectionName, basicAuthParameters.getUsername(), basicAuthParameters.getPassword());
+ }
} else {
+ // old auth not basic
secretName = secretManagerAPI.createSecretName(accountId, connectionName, new Gson().toJson(basicAuthParameters));
}
-
basicAuthParameters.setPassword(secretName);
return authParameters;
}
+ final ApiKeyAuthParameters apiKeyAuthParameters = authParameters.getApiKeyAuthParameters();
if (apiKeyAuthParameters != null) {
String secretName = null;
- if (connection.getAuthParameters() != null && connection.getAuthParameters().getApiKeyAuthParameters() != null) {
- ApiKeyAuthParameters oldApiKeyAuthParameters = connection.getAuthParameters().getApiKeyAuthParameters();
- secretName = secretManagerAPI.updateSecretValue(oldApiKeyAuthParameters.getApiKeyValue(), accountId, connectionName, apiKeyAuthParameters.getApiKeyName(), apiKeyAuthParameters.getApiKeyValue());
+ if (oldConnection.getAuthParameters() != null
+ && oldConnection.getAuthParameters().getApiKeyAuthParameters() != null) {
+ if (StringUtils.isBlank(apiKeyAuthParameters.getApiKeyName()) || StringUtils.isBlank(apiKeyAuthParameters.getApiKeyValue())) {
+ secretName = oldConnection.getAuthParameters().getApiKeyAuthParameters().getApiKeyValue();
+ } else {
+ ApiKeyAuthParameters oldApiKeyAuthParameters = oldConnection.getAuthParameters().getApiKeyAuthParameters();
+ secretName = secretManagerAPI.updateSecretValue(oldApiKeyAuthParameters.getApiKeyValue(), accountId, connectionName, apiKeyAuthParameters.getApiKeyName(), apiKeyAuthParameters.getApiKeyValue());
+ }
} else {
+ // old auth not api key
secretName = secretManagerAPI.createSecretName(accountId, connectionName, new Gson().toJson(apiKeyAuthParameters));
}
apiKeyAuthParameters.setApiKeyValue(secretName);
return authParameters;
}
+ final OAuthParameters oauthParameters = authParameters.getOauthParameters();
if (oauthParameters == null) {
return authParameters;
}
- updateClientByKms(accountId, connectionName, oauthParameters, connection);
+ updateClientByKms(accountId, connectionName, oauthParameters, oldConnection);
return authParameters;
}
- private void updateClientByKms(String accountId, String connectionName, OAuthParameters oauthParameters, ConnectionDTO connection) {
+ private void updateClientByKms(String accountId, String connectionName, OAuthParameters oauthParameters, ConnectionDTO oldConnection) {
OAuthParameters.ClientParameters clientParameters = oauthParameters.getClientParameters();
if (clientParameters == null) {
return;
}
String clientSecretSecretValue = null;
- if (connection.getAuthParameters() != null
- && connection.getAuthParameters().getOauthParameters() != null
- && connection.getAuthParameters().getOauthParameters().getClientParameters() != null) {
- OAuthParameters.ClientParameters oldClientParameters = connection.getAuthParameters().getOauthParameters().getClientParameters();
- clientSecretSecretValue = secretManagerAPI.updateSecretValue(oldClientParameters.getClientSecret(),
- accountId, connectionName, connection.getAuthParameters().getOauthParameters().getClientParameters().getClientID(),
- connection.getAuthParameters().getOauthParameters().getClientParameters().getClientSecret());
+ if (oldConnection.getAuthParameters() != null
+ && oldConnection.getAuthParameters().getOauthParameters() != null
+ && oldConnection.getAuthParameters().getOauthParameters().getClientParameters() != null) {
+ if (StringUtils.isBlank(clientParameters.getClientID()) || StringUtils.isBlank(clientParameters.getClientSecret())) {
+ clientSecretSecretValue = oldConnection.getAuthParameters().getOauthParameters().getClientParameters().getClientSecret();
+ } else {
+ OAuthParameters.ClientParameters oldClientParameters = oldConnection.getAuthParameters().getOauthParameters().getClientParameters();
+ clientSecretSecretValue = secretManagerAPI.updateSecretValue(oldClientParameters.getClientSecret(),
+ accountId, connectionName, clientParameters.getClientID(), clientParameters.getClientSecret());
+ }
} else {
clientSecretSecretValue = secretManagerAPI.createSecretName(accountId, connectionName, new Gson().toJson(clientParameters));
}
diff --git a/domain/src/main/java/org/apache/rocketmq/eventbridge/domain/repository/ConnectionRepository.java b/domain/src/main/java/org/apache/rocketmq/eventbridge/domain/repository/ConnectionRepository.java
index 851d207..575199b 100644
--- a/domain/src/main/java/org/apache/rocketmq/eventbridge/domain/repository/ConnectionRepository.java
+++ b/domain/src/main/java/org/apache/rocketmq/eventbridge/domain/repository/ConnectionRepository.java
@@ -31,11 +31,11 @@ public interface ConnectionRepository {
List<ConnectionDTO> getConnection(String accountId, String connectionName);
List<ConnectionDTO> listConnections(String accountId, String connectionName, String nextToken,
- int maxResults);
+ int maxResults);
int getConnectionCount(String accountId);
ConnectionDTO getConnectionById(Integer id);
- ConnectionDTO getConnectionByName(String name);
+ ConnectionDTO getConnectionByNameAccountId(String name, String accountId);
}