Merge branch 'polarismesh:main' into main

polarismesh · Aug 2, 2023 · e80cd5e · e80cd5e
2 parents a4a6679 + 0c53f9e
commit e80cd5e
Show file tree

Hide file tree

Showing 7 changed files with 35 additions and 47 deletions.
diff --git a/apiserver/eurekaserver/replicate.go b/apiserver/eurekaserver/replicate.go
@@ -245,17 +245,17 @@ func (h *EurekaServer) handleInstanceEvent(ctx context.Context, i interface{}) e
 	}
 	replicateWorker, _ := h.replicateWorkers.Get(namespace)
 	switch e.EType {
-	case model.EventInstanceOnline, model.EventInstanceUpdate:
+	case model.EventInstanceOnline, model.EventInstanceUpdate, model.EventInstanceTurnHealth:
 		instanceInfo := eventToInstance(&e, appName, curTimeMilli)
 		replicateWorker.AddReplicateTask(&ReplicationInstance{
 			AppName:            appName,
 			Id:                 eurekaInstanceId,
 			LastDirtyTimestamp: curTimeMilli,
-			Status:             StatusUp,
+			Status:             instanceInfo.Status,
 			InstanceInfo:       instanceInfo,
 			Action:             actionRegister,
 		})
-	case model.EventInstanceOffline:
+	case model.EventInstanceOffline, model.EventInstanceTurnUnHealth:
 		replicateWorker.AddReplicateTask(&ReplicationInstance{
 			AppName: appName,
 			Id:      eurekaInstanceId,
@@ -266,28 +266,17 @@ func (h *EurekaServer) handleInstanceEvent(ctx context.Context, i interface{}) e
 		rInstance := &ReplicationInstance{
 			AppName:      appName,
 			Id:           eurekaInstanceId,
-			Status:       StatusUp,
+			Status:       instanceInfo.Status,
 			InstanceInfo: instanceInfo,
 			Action:       actionHeartbeat,
 		}
-		if e.Instance.GetIsolate().GetValue() {
-			rInstance.OverriddenStatus = StatusOutOfService
-		}
 		replicateWorker.AddReplicateTask(rInstance)
-	case model.EventInstanceOpenIsolate:
-		replicateWorker.AddReplicateTask(&ReplicationInstance{
-			AppName:            appName,
-			Id:                 eurekaInstanceId,
-			LastDirtyTimestamp: curTimeMilli,
-			Status:             StatusOutOfService,
-			Action:             actionStatusUpdate,
-		})
-	case model.EventInstanceCloseIsolate:
+	case model.EventInstanceOpenIsolate, model.EventInstanceCloseIsolate:
 		replicateWorker.AddReplicateTask(&ReplicationInstance{
 			AppName:            appName,
 			Id:                 eurekaInstanceId,
 			LastDirtyTimestamp: curTimeMilli,
-			Status:             StatusUp,
+			Status:             parseStatus(e.Instance),
 			Action:             actionStatusUpdate,
 		})
 

diff --git a/apiserver/eurekaserver/write.go b/apiserver/eurekaserver/write.go
@@ -152,14 +152,12 @@ func buildHealthCheck(instance *InstanceInfo, targetInstance *apiservice.Instanc
 }
 
 func buildStatus(instance *InstanceInfo, targetInstance *apiservice.Instance) {
-	// 由于eureka的实例都会自动报心跳，心跳由北极星接管，因此客户端报上来的人工状态OUT_OF_SERVICE，通过isolate来进行代替
-	status := instance.Status
-	if status == "OUT_OF_SERVICE" {
+	// eureka注册的实例默认healthy为true，即使设置为false也会被心跳触发变更为true
+	// eureka实例非UP状态设置isolate为true，进行流量隔离
+	targetInstance.Healthy = &wrappers.BoolValue{Value: true}
+	targetInstance.Isolate = &wrappers.BoolValue{Value: false}
+	if instance.Status != "UP" {
 		targetInstance.Isolate = &wrappers.BoolValue{Value: true}
-	} else if status == "UP" {
-		targetInstance.Healthy = &wrappers.BoolValue{Value: true}
-	} else {
-		targetInstance.Healthy = &wrappers.BoolValue{Value: false}
 	}
 }
 

diff --git a/auth/defaultauth/auth_checker.go b/auth/defaultauth/auth_checker.go
@@ -496,13 +496,9 @@ func (d *defaultAuthChecker) checkToken(tokenInfo *OperatorInfo) (string, bool,
 // }
 
 func (d *defaultAuthChecker) isResourceEditable(
-	userid string,
+	principal model.Principal,
 	resourceType apisecurity.ResourceType,
 	resEntries []model.ResourceEntry) bool {
-	principal := model.Principal{
-		PrincipalID:   userid,
-		PrincipalRole: model.PrincipalUser,
-	}
 	for _, entry := range resEntries {
 		if !d.cacheMgn.AuthStrategy().IsResourceEditable(principal, resourceType, entry.ID) {
 			return false
@@ -514,18 +510,22 @@ func (d *defaultAuthChecker) isResourceEditable(
 // doCheckPermission 执行权限检查
 func (d *defaultAuthChecker) doCheckPermission(authCtx *model.AcquireContext) (bool, error) {
 
-	userId := utils.ParseUserID(authCtx.GetRequestContext())
-
 	var checkNamespace, checkSvc, checkCfgGroup bool
 
 	reqRes := authCtx.GetAccessResources()
 	nsResEntries := reqRes[apisecurity.ResourceType_Namespaces]
 	svcResEntries := reqRes[apisecurity.ResourceType_Services]
 	cfgResEntries := reqRes[apisecurity.ResourceType_ConfigGroups]
 
-	checkNamespace = d.isResourceEditable(userId, apisecurity.ResourceType_Namespaces, nsResEntries)
-	checkSvc = d.isResourceEditable(userId, apisecurity.ResourceType_Services, svcResEntries)
-	checkCfgGroup = d.isResourceEditable(userId, apisecurity.ResourceType_ConfigGroups, cfgResEntries)
+	principleID, _ := authCtx.GetAttachment(model.OperatorIDKey).(string)
+	principleType, _ := authCtx.GetAttachment(model.OperatorPrincipalType).(model.PrincipalType)
+	p := model.Principal{
+		PrincipalID:   principleID,
+		PrincipalRole: principleType,
+	}
+	checkNamespace = d.isResourceEditable(p, apisecurity.ResourceType_Namespaces, nsResEntries)
+	checkSvc = d.isResourceEditable(p, apisecurity.ResourceType_Services, svcResEntries)
+	checkCfgGroup = d.isResourceEditable(p, apisecurity.ResourceType_ConfigGroups, cfgResEntries)
 
 	checkAllResEntries := checkNamespace && checkSvc && checkCfgGroup
 

diff --git a/auth/defaultauth/utils.go b/auth/defaultauth/utils.go
@@ -45,7 +45,7 @@ var (
 )
 
 var (
-	regNameStr = regexp.MustCompile("^[\u4E00-\u9FA5A-Za-z0-9_\\-]+$")
+	regNameStr = regexp.MustCompile("^[\u4E00-\u9FA5A-Za-z0-9_\\-.]+$")
 	regEmail   = regexp.MustCompile(`^\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*$`)
 )
 

diff --git a/auth/defaultauth/utils_test.go b/auth/defaultauth/utils_test.go
@@ -127,7 +127,7 @@ func Test_checkName(t *testing.T) {
 		},
 		{
 			args: args{
-				name: utils.NewStringValue("测试鉴-权策略_1"),
+				name: utils.NewStringValue("测试鉴-权策略_1."),
 			},
 			wantErr: false,
 		},

diff --git a/go.mod b/go.mod
@@ -34,7 +34,7 @@ require (
 	golang.org/x/sync v0.1.0
 	golang.org/x/text v0.7.0
 	golang.org/x/time v0.1.1-0.20221020023724-80b9fac54d29
-	google.golang.org/grpc v1.52.0
+	google.golang.org/grpc v1.53.0
 	google.golang.org/protobuf v1.28.1
 	gopkg.in/yaml.v2 v2.4.0
 )
@@ -50,8 +50,8 @@ require (
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
-	github.com/cespare/xxhash/v2 v2.1.2 // indirect
-	github.com/cncf/xds/go v0.0.0-20220314180256-7f1daf1720fc // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/cncf/xds/go v0.0.0-20230105202645-06c439db220b // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/envoyproxy/protoc-gen-validate v0.9.1 // indirect
@@ -76,7 +76,7 @@ require (
 	go.uber.org/goleak v1.1.12 // indirect
 	go.uber.org/multierr v1.8.0 // indirect
 	golang.org/x/sys v0.5.0 // indirect
-	google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6 // indirect
+	google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f // indirect
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

diff --git a/go.sum b/go.sum
@@ -72,17 +72,18 @@ github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA
 github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g=
 github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
 github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
+github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/xds/go v0.0.0-20220314180256-7f1daf1720fc h1:PYXxkRUBGUMa5xgMVMDl62vEklZvKpVaxQeN9ie7Hfk=
-github.com/cncf/xds/go v0.0.0-20220314180256-7f1daf1720fc/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20230105202645-06c439db220b h1:ACGZRIr7HsgBKHsueQ1yM4WaVaXh21ynwqsF8M8tXhA=
+github.com/cncf/xds/go v0.0.0-20230105202645-06c439db220b/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
@@ -721,8 +722,8 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
 google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6 h1:a2S6M0+660BgMNl++4JPlcAO/CjkqYItDEZwkoDQK7c=
-google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg=
+google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f h1:BWUVssLB0HVOSY78gIdvk1dTVYtT1y8SBWtPYuTJ/6w=
+google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -743,8 +744,8 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG
 google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.52.0 h1:kd48UiU7EHsV4rnLyOJRuP/Il/UHE7gdDAQ+SZI7nZk=
-google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY=
+google.golang.org/grpc v1.53.0 h1:LAv2ds7cmFV/XTS3XG1NneeENYrXGmorPxsBbptIjNc=
+google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=