Changes: Add aliyun ram auth plugin demo and doc (#248)

luoxiner · web-flow · commit f01abed8a884 · 2024-09-20T13:11:56.000+08:00
* chore: Add example for aliyun ram auth plugin and improve the doc.
* fix: remove invalid test case in auth_by_aliyun_ram
diff --git a/README.md b/README.md
@@ -36,10 +36,10 @@ nacos-sdk = { version = "0.4", features = ["default"] }
             // Attention! "public" is "", it is recommended to customize the namespace with clear meaning.
             .namespace("")
             .app_name("simple_app"),
-            // .auth_username("TODO")
-            // .auth_password("TODO")
+            .auth_username("username")
+            .auth_password("password")
     )
-    // .enable_auth_plugin_http()
+    .enable_auth_plugin_http()
     .build()?;
 
     // example get a config
@@ -79,10 +79,10 @@ nacos-sdk = { version = "0.4", features = ["default"] }
             // Attention! "public" is "", it is recommended to customize the namespace with clear meaning.
             .namespace("")
             .app_name("simple_app"),
-            // .auth_username("TODO")
-            // .auth_password("TODO")
+            .auth_username("username")
+            .auth_password("password")
     )
-    // .enable_auth_plugin_http()
+    .enable_auth_plugin_http()
     .build()?;
 
     pub struct ExampleInstanceChangeListener;
@@ -121,6 +121,65 @@ See them in `nacos_sdk::api::props::ClientProps` or `nacos_sdk::api::constants::
 e.g.
 - env `NACOS_CLIENT_COMMON_THREAD_CORES` to set nacos-client-thread-pool num, default 1
 - env `NACOS_CLIENT_NAMING_PUSH_EMPTY_PROTECTION` for naming empty data notify protection, default true
+- env `NACOS_CLIENT_USERNAME` to set http auth username
+- env `NACOS_CLIENT_PASSWORD` to set http auth password
+- env `NACOS_CLIENT_ACCESS_KEY` to set Aliyun ram access-key
+- env `NACOS_CLIENT_SECRET_KEY` to set Aliyun ram access-secret
+
+### AuthPlugin Features
+- > Set access-key, access-secret via Environment variables are recommended.
+- auth-by-http
+  - support http auth via username and password
+  - how to use
+    - enable auth-by-http(default is enabled)
+    ```toml
+    [dependencies]
+    nacos-sdk = { version = "0.4", features = ["default"] }
+    ```
+    - Set username and password via environment variables
+    ```shell
+    export NACOS_CLIENT_USERNAME=you_username
+    export NACOS_CLIENT_PASSWORD=you_password
+    ```
+    - Enable auth-by-http in your code
+    ```rust
+    ConfigServiceBuilder::new(
+     ClientProps::new()
+         .server_addr("localhost:8848"))
+     .enable_auth_plugin_http()
+  
+    NamingServiceBuilder::new(
+     ClientProps::new()
+         .server_addr("localhost:8848"))
+     .enable_auth_plugin_http()
+     .build()
+    ```
+- auth-by-aliyun
+  - support aliyun ram auth via access-key and access-secret
+  - how to use 
+    - enable auth-by-aliyun feature in toml
+    ```toml
+    [dependencies]
+    nacos-sdk = { version = "0.4", features = ["default", "auth-by-aliyun"] }
+    ```
+    - Set accessKey and secretKey via environment variables
+    ```shell
+    export NACOS_CLIENT_ACCESS_KEY=you_access_key
+    export NACOS_CLIENT_SECRET_KEY=you_secret_key
+    ```
+    - Enable aliyun ram auth plugin in code by enable_auth_plugin_aliyun
+    ```rust
+    ConfigServiceBuilder::new(
+     ClientProps::new()
+         .server_addr("localhost:8848"))
+     .enable_auth_plugin_aliyun()
+  
+    NamingServiceBuilder::new(
+     ClientProps::new()
+         .server_addr("localhost:8848"))
+     .enable_auth_plugin_aliyun()
+     .build()
+    ```
 
 ## 开发说明
 - Build with `cargo build`
@@ -181,7 +240,7 @@ gRPC 交互的 Payload 和 Metadata 由 `Protocol Buffers` 序列化，具体的
 #### Common 通用能力
 - [x] 创建参数，自定义传参 + ENV 环境变量读取，后者优先级高；ENV 统一前缀，例如 `NACOS_CLIENT_CONFIG_*` 于配置管理， `NACOS_CLIENT_NAMING_*` 于服务注册
 - [x] 通用客户端请求交互，Request/Response 通用 gRPC 逻辑，提供给 Config/Naming
-- [x] Auth 鉴权；账密登陆 username/password，TODO accessKey/secretKey
+- [x] Auth 鉴权；账密登陆 username/password，阿里云RAM鉴权 accessKey/secretKey
 - [x] 通用日志，`tracing::info!()`
 - [ ] Monitor，`opentelemetry`
 - [ ] 数据落盘与加载（用于服务端宕机弱依赖）
diff --git a/examples/aliyun_ram_app.rs b/examples/aliyun_ram_app.rs
@@ -0,0 +1,107 @@
+use nacos_sdk::api::config::{ConfigService, ConfigServiceBuilder};
+use nacos_sdk::api::naming::{NamingService, NamingServiceBuilder, ServiceInstance};
+use nacos_sdk::api::props::ClientProps;
+use std::time::Duration;
+use tokio::time::sleep;
+
+/// Aliyun Ram plugin support
+///
+/// Notice:
+/// accessKey and secretKey are sensitive data, don't encode them in you code
+/// directly, inject it via environment variables are recommended.
+///
+/// Example run preparations:
+/// 1. inject you accessKey and secretKey via environment variables by following command
+/// export NACOS_CLIENT_ACCESS_KEY=you_access_key
+/// export NACOS_CLIENT_SECRET_KEY=you_secret_key
+///
+/// 2. run command
+/// cargo run --example aliyun_ram_app --features default,auth-by-aliyun
+
+#[tokio::main]
+async fn main() -> Result<(), Box<dyn std::error::Error>> {
+    #[cfg(feature = "auth-by-aliyun")]
+    run_config_demo().await;
+
+    #[cfg(feature = "auth-by-aliyun")]
+    run_naming_demo().await;
+    Ok(())
+}
+
+#[cfg(feature = "auth-by-aliyun")]
+async fn run_naming_demo() {
+    let server_addr = "localhost:8848";
+
+    /// NamingService
+    let mut naming_client = NamingServiceBuilder::new(ClientProps::new().server_addr(server_addr))
+        .enable_auth_plugin_aliyun()
+        .build()
+        .unwrap();
+
+    let mut instance = ServiceInstance::default();
+    instance.ip = "localhost".to_string();
+    instance.port = 8080;
+
+    println!("Register localhost:8080 to service(name: test, group: test)");
+    naming_client
+        .register_instance("test".to_owned(), Some("test".to_owned()), instance)
+        .await
+        .unwrap();
+
+    println!("Get All instance from service(name:test, group: test)");
+    let instances = naming_client
+        .get_all_instances(
+            "test".to_string(),
+            Some("test".to_string()),
+            Vec::new(),
+            false,
+        )
+        .await
+        .unwrap();
+    assert_eq!(1, instances.len());
+    assert_eq!("localhost", instances[0].ip);
+    assert_eq!(8080, instances[0].port);
+}
+
+#[cfg(feature = "auth-by-aliyun")]
+async fn run_config_demo() {
+    let server_addr = "localhost:8848";
+
+    /// Config service
+    let mut config_client = ConfigServiceBuilder::new(ClientProps::new().server_addr(server_addr))
+        .enable_auth_plugin_aliyun()
+        .build()
+        .unwrap();
+
+    println!(
+        "Publish config dataId = {}, group = {}, content = {}",
+        "test", "test", "test=test"
+    );
+    config_client
+        .publish_config(
+            "test".to_string(),
+            "test".to_string(),
+            "test=test".to_string(),
+            Some("properties".to_string()),
+        )
+        .await
+        .unwrap();
+
+    println!("Waiting...");
+    sleep(Duration::from_secs(5)).await;
+
+    let response = config_client
+        .get_config("test".to_string(), "test".to_string())
+        .await
+        .unwrap();
+    println!(
+        "Get config from nacos for dataId = {}, group = {}, content = {}",
+        "test",
+        "test",
+        response.content()
+    );
+    assert_eq!("test=test", response.content());
+    assert_eq!("properties", response.content_type());
+    assert_eq!("test", response.group());
+    assert_eq!("test", response.data_id());
+}
diff --git a/src/api/plugin/auth/auth_by_aliyun_ram.rs b/src/api/plugin/auth/auth_by_aliyun_ram.rs
@@ -495,15 +495,6 @@ mod test {
         );
     }
 
-    #[test]
-    fn test_final_signing_key_string_with_default_info() {
-        let sign_data = calculate_v4_signing_key_util::final_signing_key_string_with_default_info(
-            "test",
-            "cn-hangzhou",
-        );
-        assert_eq!("lHVX6NEPs3+EKxO3g2iklCwbseQnAWz5nLce9Lm0Po4=", sign_data)
-    }
-
     struct TestNamingEventListener {
         instance_now: ArcSwap<Vec<ServiceInstance>>,
     }
@@ -527,8 +518,6 @@ mod test {
         ClientProps::new()
             .namespace(std::env::var("NAMESPACE").unwrap_or("".to_string()))
             .server_addr(std::env::var("SERVER_ADDR").unwrap())
-            .auth_ext(ACCESS_KEY, std::env::var("AK").unwrap())
-            .auth_ext(ACCESS_SECRET, std::env::var("SK").unwrap())
     }
 
     fn make_service_instance(ip: &str, port: i32) -> ServiceInstance {
