Refactor control plugin (alibaba#11174)

* Refactor control plugin and add default implementation.

* Move auth default plugin into other modules.

* Fix control plugin config not effect problem.

* Fix UT error.

console/pom.xml

@@ -41,7 +41,7 @@
 
         <dependency>
             <groupId>com.alibaba.nacos</groupId>
-            <artifactId>nacos-plugin-default-impl</artifactId>
+            <artifactId>nacos-default-plugin-all</artifactId>
             <version>${project.version}</version>
         </dependency>
         <dependency>

console/src/main/resources/application.properties

@@ -144,19 +144,30 @@ nacos.core.auth.plugin.nacos.token.secret.key=
 #nacos.core.auth.ldap.case.sensitive=true
 #nacos.core.auth.ldap.ignore.partial.result.exception=false
 
+#*************** Control Plugin Related Configurations ***************#
+# plugin type
+#nacos.plugin.control.manager.type=nacos
+
+# local control rule storage dir, default ${nacos.home}/data/connection and ${nacos.home}/data/tps
+#nacos.plugin.control.rule.local.basedir=${nacos.home}
+
+# external control rule storage type, if exist
+#nacos.plugin.control.rule.external.storage=
+
 #*************** Config Change Plugin Related Configurations ***************#
 # webhook
-nacos.core.config.plugin.webhook.enabled=false
+#nacos.core.config.plugin.webhook.enabled=false
 # It is recommended to use EB https://help.aliyun.com/document_detail/413974.html
-nacos.core.config.plugin.webhook.url=http://localhost:8080/webhook/send?token=***
+#nacos.core.config.plugin.webhook.url=http://localhost:8080/webhook/send?token=***
 # The content push max capacity ,byte
-nacos.core.config.plugin.webhook.contentMaxCapacity=102400
+#nacos.core.config.plugin.webhook.contentMaxCapacity=102400
+
 # whitelist
-nacos.core.config.plugin.whitelist.enabled=false
+#nacos.core.config.plugin.whitelist.enabled=false
 # The import file suffixs
-nacos.core.config.plugin.whitelist.suffixs=xml,text,properties,yaml,html
+#nacos.core.config.plugin.whitelist.suffixs=xml,text,properties,yaml,html
 # fileformatcheck,which validate the import file of type and content
-nacos.core.config.plugin.fileformatcheck.enabled=false
+#nacos.core.config.plugin.fileformatcheck.enabled=false
 
 #*************** Istio Related Configurations ***************#
 ### If turn on the MCP server:

core/src/main/java/com/alibaba/nacos/core/control/SpringValueConfigsInitializer.java

@@ -20,57 +20,37 @@
 import com.alibaba.nacos.plugin.control.configs.ControlConfigs;
 import com.alibaba.nacos.plugin.control.configs.ControlConfigsInitializer;
 import com.alibaba.nacos.sys.env.EnvUtil;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.stereotype.Component;
 
 /**
  * spring value for control configs.
  *
  * @author shiyiyue
  */
-@Component
 public class SpringValueConfigsInitializer implements ControlConfigsInitializer {
 
-    @Value("${nacos.plugin.control.tps.barrier.creator:nacos}")
-    private String tpsBarrierCreator = "nacos";
+    private static final String PREFIX = "nacos.plugin.control.";
 
-    @Value("${nacos.plugin.control.tps.barrier.rule.creator:nacos}")
-    private String tpsRuleBarrierCreator = "nacos";
+    private static final String CONNECTION_RUNTIME_EJECTOR = PREFIX + "connection.runtime.ejector";
 
-    @Value("${nacos.plugin.control.connection.runtime.ejector:nacos}")
-    private String connectionRuntimeEjector = "nacos";
+    private static final String CONTROL_MANAGER_TYPE = PREFIX + "manager.type";
 
-    @Value("${nacos.plugin.control.connection.manager:nacos}")
-    private String connectionManager = "nacos";
+    private static final String RULE_EXTERNAL_STORAGE = PREFIX + "rule.external.storage";
 
-    @Value("${nacos.plugin.control.tps.manager:nacos}")
-    private String tpsManager = "nacos";
+    private static final String LOCAL_RULE_STORAGE_BASE_DIR = PREFIX + "rule.local.basedir";
 
-    @Value("${nacos.plugin.control.rule.external.storage:}")
-    private String ruleExternalStorage = "";
-
-    @Value("${nacos.plugin.control.rule.parser:nacos}")
-    private String ruleParser = "nacos";
-
-    @Value("${nacos.plugin.control.rule.local.basedir:}")
-    private String localRuleStorageBaseDir = "";
+    private static final String DEFAULT_CONNECTION_RUNTIME_EJECTOR = "nacos";
 
     @Override
     public void initialize(ControlConfigs controlConfigs) {
-        controlConfigs.setTpsManager(tpsManager);
-        controlConfigs.setTpsBarrierCreator(tpsBarrierCreator);
-        controlConfigs.setTpsRuleBarrierCreator(tpsRuleBarrierCreator);
-
-        controlConfigs.setConnectionRuntimeEjector(connectionRuntimeEjector);
-        controlConfigs.setConnectionManager(connectionManager);
-
-        controlConfigs.setRuleParser(ruleParser);
+        controlConfigs.setConnectionRuntimeEjector(
+                EnvUtil.getProperty(CONNECTION_RUNTIME_EJECTOR, DEFAULT_CONNECTION_RUNTIME_EJECTOR));
+        String localRuleStorageBaseDir = EnvUtil.getProperty(LOCAL_RULE_STORAGE_BASE_DIR);
         if (StringUtils.isNotBlank(localRuleStorageBaseDir)) {
             controlConfigs.setLocalRuleStorageBaseDir(localRuleStorageBaseDir);
         } else {
             controlConfigs.setLocalRuleStorageBaseDir(EnvUtil.getNacosHome());
         }
-        controlConfigs.setRuleExternalStorage(ruleExternalStorage);
-
+        controlConfigs.setRuleExternalStorage(EnvUtil.getProperty(RULE_EXTERNAL_STORAGE));
+        controlConfigs.setControlManagerType(EnvUtil.getProperty(CONTROL_MANAGER_TYPE));
     }
 }

core/src/main/java/com/alibaba/nacos/core/control/TpsControlConfig.java

@@ -30,7 +30,7 @@ public class TpsControlConfig {
      * tps control is enabled.
      * @return true/false.
      */
-    public static final boolean isTpsControlEnabled() {
+    public static boolean isTpsControlEnabled() {
         return true;
     }
 }

core/src/main/resources/META-INF/services/com.alibaba.nacos.plugin.control.configs.ControlConfigsInitializer

@@ -0,0 +1,17 @@
+#
+# Copyright 1999-2023 Alibaba Group Holding Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+com.alibaba.nacos.core.control.SpringValueConfigsInitializer

distribution/conf/application.properties

@@ -172,6 +172,30 @@ nacos.core.auth.plugin.nacos.token.secret.key=
 #nacos.core.auth.ldap.case.sensitive=true
 #nacos.core.auth.ldap.ignore.partial.result.exception=false
 
+#*************** Control Plugin Related Configurations ***************#
+# plugin type
+#nacos.plugin.control.manager.type=nacos
+
+# local control rule storage dir, default ${nacos.home}/data/connection and ${nacos.home}/data/tps
+#nacos.plugin.control.rule.local.basedir=${nacos.home}
+
+# external control rule storage type, if exist
+#nacos.plugin.control.rule.external.storage=
+
+#*************** Config Change Plugin Related Configurations ***************#
+# webhook
+#nacos.core.config.plugin.webhook.enabled=false
+# It is recommended to use EB https://help.aliyun.com/document_detail/413974.html
+#nacos.core.config.plugin.webhook.url=http://localhost:8080/webhook/send?token=***
+# The content push max capacity ,byte
+#nacos.core.config.plugin.webhook.contentMaxCapacity=102400
+
+# whitelist
+#nacos.core.config.plugin.whitelist.enabled=false
+# The import file suffixs
+#nacos.core.config.plugin.whitelist.suffixs=xml,text,properties,yaml,html
+# fileformatcheck,which validate the import file of type and content
+#nacos.core.config.plugin.fileformatcheck.enabled=false
 
 #*************** Istio Related Configurations ***************#
 ### If turn on the MCP server:

naming/src/test/java/com/alibaba/nacos/naming/push/v2/hook/NacosMonitorPushResultHookTest.java

@@ -21,13 +21,15 @@
 import com.alibaba.nacos.naming.monitor.MetricsMonitor;
 import com.alibaba.nacos.naming.pojo.Subscriber;
 import com.alibaba.nacos.plugin.control.tps.TpsControlManager;
+import com.alibaba.nacos.sys.env.EnvUtil;
 import com.alibaba.nacos.sys.utils.ApplicationUtils;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.mock.env.MockEnvironment;
 
 import java.util.ArrayList;
 
@@ -63,6 +65,7 @@ public class NacosMonitorPushResultHookTest {
 
     @Before
     public void setUp() {
+        EnvUtil.setEnvironment(new MockEnvironment());
         MetricsMonitor.resetAll();
         serviceInfo.setHosts(new ArrayList<>());
         subscriber.setIp("0.0.0.0");

naming/src/test/java/com/alibaba/nacos/naming/push/v2/task/PushExecuteTaskTest.java

@@ -26,13 +26,15 @@
 import com.alibaba.nacos.naming.monitor.MetricsMonitor;
 import com.alibaba.nacos.naming.pojo.Subscriber;
 import com.alibaba.nacos.naming.push.v2.NoRequiredRetryException;
+import com.alibaba.nacos.sys.env.EnvUtil;
 import com.alibaba.nacos.sys.utils.ApplicationUtils;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.mock.env.MockEnvironment;
 
 import java.util.Collections;
 import java.util.Optional;
@@ -79,6 +81,7 @@ public class PushExecuteTaskTest {
 
     @Before
     public void setUp() {
+        EnvUtil.setEnvironment(new MockEnvironment());
         MetricsMonitor.resetAll();
         when(indexesManager.getAllClientsSubscribeService(service)).thenReturn(Collections.singletonList(clientId));
         when(clientManager.getClient(clientId)).thenReturn(client);

plugin-default-impl/nacos-default-auth-plugin/pom.xml

@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 1999-2023 Alibaba Group Holding Ltd.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~      http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>nacos-plugin-default-impl</artifactId>
+        <groupId>com.alibaba.nacos</groupId>
+        <version>${revision}</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>default-auth-plugin</artifactId>
+    <name>nacos-default-auth-plugin ${project.version}</name>
+
+    <dependencies>
+        <dependency>
+            <groupId>com.alibaba.nacos</groupId>
+            <artifactId>nacos-auth-plugin</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.alibaba.nacos</groupId>
+            <artifactId>nacos-common</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>com.alibaba.nacos</groupId>
+            <artifactId>nacos-sys</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>com.alibaba.nacos</groupId>
+            <artifactId>nacos-config</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.ldap</groupId>
+            <artifactId>spring-ldap-core</artifactId>
+        </dependency>
+    </dependencies>
+</project>

plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/LdapAuthConfig.java → plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/LdapAuthConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2018 Alibaba Group Holding Ltd.
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/NacosAuthConfig.java → plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/NacosAuthConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2021 Alibaba Group Holding Ltd.
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/users/NacosUserDetailsServiceImpl.java → plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/users/NacosUserDetailsServiceImpl.java

@@ -77,7 +77,7 @@ public UserDetails loadUserByUsername(String username) throws UsernameNotFoundEx
         }
 
         if (user == null) {
-            throw new UsernameNotFoundException(username);
+            throw new UsernameNotFoundException(String.format("User %s not found", username));
         }
         return new NacosUserDetails(user);
     }

plugin-default-impl/src/main/resources/META-INF/services/com.alibaba.nacos.plugin.auth.spi.server.AuthPluginService → plugin-default-impl/nacos-default-auth-plugin/src/main/resources/META-INF/services/com.alibaba.nacos.plugin.auth.spi.server.AuthPluginService

@@ -1,5 +1,5 @@
 #
-# Copyright 1999-2021 Alibaba Group Holding Ltd.
+# Copyright 1999-2023 Alibaba Group Holding Ltd.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

plugin-default-impl/src/test/java/com/alibaba/nacos/plugin/auth/impl/LdapAuthenticationProviderTest.java → plugin-default-impl/nacos-default-auth-plugin/src/test/java/com/alibaba/nacos/plugin/auth/impl/LdapAuthenticationProviderTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2021 Alibaba Group Holding Ltd.
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

plugin-default-impl/src/test/java/com/alibaba/nacos/plugin/auth/impl/persistence/ExternalRolePersistServiceImplTest.java → plugin-default-impl/nacos-default-auth-plugin/src/test/java/com/alibaba/nacos/plugin/auth/impl/persistence/ExternalRolePersistServiceImplTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2021 Alibaba Group Holding Ltd.
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

plugin-default-impl/src/test/java/com/alibaba/nacos/plugin/auth/impl/persistence/ExternalUserPersistServiceImplTest.java → plugin-default-impl/nacos-default-auth-plugin/src/test/java/com/alibaba/nacos/plugin/auth/impl/persistence/ExternalUserPersistServiceImplTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2021 Alibaba Group Holding Ltd.
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

plugin-default-impl/src/test/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManagerTest.java → plugin-default-impl/nacos-default-auth-plugin/src/test/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManagerTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2021 Alibaba Group Holding Ltd.
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -50,10 +50,10 @@ public void setUp() {
         when(authConfigs.isAuthEnabled()).thenReturn(true);
         MockEnvironment mockEnvironment = new MockEnvironment();
         mockEnvironment.setProperty(AuthConstants.TOKEN_SECRET_KEY, Base64.getEncoder().encodeToString(
-                "SecretKey0123$567890$234567890123456789012345678901234567890123456789".getBytes(
-                        StandardCharsets.UTF_8)));
-        mockEnvironment.setProperty(AuthConstants.TOKEN_EXPIRE_SECONDS,
-                AuthConstants.DEFAULT_TOKEN_EXPIRE_SECONDS.toString());
+                "SecretKey0123$567890$234567890123456789012345678901234567890123456789"
+                        .getBytes(StandardCharsets.UTF_8)));
+        mockEnvironment
+                .setProperty(AuthConstants.TOKEN_EXPIRE_SECONDS, AuthConstants.DEFAULT_TOKEN_EXPIRE_SECONDS.toString());
 
         EnvUtil.setEnvironment(mockEnvironment);
         jwtTokenManager = new JwtTokenManager(authConfigs);
@@ -73,8 +73,8 @@ private void createToken(String secretKey) throws AccessException {
         MockEnvironment mockEnvironment = new MockEnvironment();
         mockEnvironment.setProperty(AuthConstants.TOKEN_SECRET_KEY,
                 Base64.getEncoder().encodeToString(secretKey.getBytes(StandardCharsets.UTF_8)));
-        mockEnvironment.setProperty(AuthConstants.TOKEN_EXPIRE_SECONDS,
-                AuthConstants.DEFAULT_TOKEN_EXPIRE_SECONDS.toString());
+        mockEnvironment
+                .setProperty(AuthConstants.TOKEN_EXPIRE_SECONDS, AuthConstants.DEFAULT_TOKEN_EXPIRE_SECONDS.toString());
 
         EnvUtil.setEnvironment(mockEnvironment);
 
@@ -119,8 +119,8 @@ public void testNacosJwtParser() throws AccessException {
         MockEnvironment mockEnvironment = new MockEnvironment();
         mockEnvironment.setProperty(AuthConstants.TOKEN_SECRET_KEY,
                 Base64.getEncoder().encodeToString(secretKey.getBytes(StandardCharsets.UTF_8)));
-        mockEnvironment.setProperty(AuthConstants.TOKEN_EXPIRE_SECONDS,
-                AuthConstants.DEFAULT_TOKEN_EXPIRE_SECONDS.toString());
+        mockEnvironment
+                .setProperty(AuthConstants.TOKEN_EXPIRE_SECONDS, AuthConstants.DEFAULT_TOKEN_EXPIRE_SECONDS.toString());
 
         EnvUtil.setEnvironment(mockEnvironment);