feat: dynamic secret (#574)

Co-authored-by: seeflood <[email protected]>
Co-authored-by: Xunzhuo <[email protected]>

Author: 3 people

components/custom/config.go

@@ -13,7 +13,10 @@
 // limitations under the License.
 package custom
 
+import "mosn.io/layotto/components/ref"
+
 type Config struct {
+	ref.Config
 	Type     string            `json:"type"`
 	Version  string            `json:"version"`
 	Metadata map[string]string `json:"metadata"`

components/lock/types.go

@@ -13,10 +13,13 @@
 // limitations under the License.
 package lock
 
+import "mosn.io/layotto/components/ref"
+
 type Feature string
 
 // Lock's metadata
 type Config struct {
+	ref.Config
 	Type     string            `json:"type"`
 	Metadata map[string]string `json:"metadata"`
 }

components/ref/config.go

@@ -0,0 +1,27 @@
+/*
+ * Copyright 2021 Layotto Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ref
+
+//Config is ref json config
+type Config struct {
+	SecretRef []*Item `json:"secret_ref"`
+}
+
+type Item struct {
+	Name string `json:"name"`
+	Key  string `json:"key"`
+}

components/sequencer/types.go

@@ -11,9 +11,13 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
+
 package sequencer
 
+import "mosn.io/layotto/components/ref"
+
 type Config struct {
+	ref.Config
 	Type       string            `json:"type"`
 	BiggerThan map[string]int64  `json:"biggerThan"`
 	Metadata   map[string]string `json:"metadata"`

configs/config_ref_example.json

@@ -0,0 +1,96 @@
+{
+  "servers": [
+    {
+      "default_log_path": "stdout",
+      "default_log_level": "DEBUG",
+      "routers": [
+        {
+          "router_config_name": "actuator_dont_need_router"
+        }
+      ],
+      "listeners": [
+        {
+          "name": "grpc",
+          "address": "127.0.0.1:34904",
+          "bind_port": true,
+          "filter_chains": [
+            {
+              "filters": [
+                {
+                  "type": "grpc",
+                  "config": {
+                    "server_name": "runtime",
+                    "grpc_config": {
+                      "hellos": {
+                        "helloworld": {
+                          "type": "helloworld",
+                          "hello": "greeting"
+                        }
+                      },
+                      "secret_store": {
+                        "local.file": {
+                          "type":"local.file",
+                          "metadata": {
+                            "secretsFile": "../../configs/secret/config_secret_local_file.json"
+                          }
+                        },
+                        "local.env": {
+                          "type":"local.env",
+                          "metadata": {
+                          }
+                        }
+                      },
+                      "sequencer": {
+                        "redis": {
+                          "type":"redis",
+                          "metadata": {
+                            "redisHost": "127.0.0.1:6380",
+                            "redisPassword": ""
+                          },
+                          "secret_ref": [
+                            {
+                              "name": "local.file",
+                              "key": "redisPassword"
+                            }
+                          ]
+                        }
+                      },
+                      "app": {
+                        "app_id": "app1",
+                        "grpc_callback_port": 9999
+                      }
+                    }
+                  }
+                }
+              ]
+            }
+          ]
+        },
+        {
+          "name": "actuator",
+          "address": "127.0.0.1:34999",
+          "bind_port": true,
+          "filter_chains": [
+            {
+              "filters": [
+                {
+                  "type": "proxy",
+                  "config": {
+                    "downstream_protocol": "Http1",
+                    "upstream_protocol": "Http1",
+                    "router_config_name": "actuator_dont_need_router"
+                  }
+                }
+              ]
+            }
+          ],
+          "stream_filters": [
+            {
+              "type": "actuator_filter"
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}

configs/secret/config_secret_local_file.json

@@ -2,5 +2,6 @@
   "db-user-pass": {
     "username": "devuser",
     "password": "S!S*d$zDsb="
-  }
+  },
+  "redisPassword": "redis123"
 }

docs/en/start/secret/secret_ref.md

@@ -0,0 +1,87 @@
+# use Secret Ref to obtain secret
+
+we can inject secrets to other components using secret store.
+
+using `secret_ref` config:
+
+```json
+{
+  "sequencer": {
+    "redis": {
+      "type": "redis",
+      "metadata": {
+        "redisHost": "127.0.0.1:6380",
+        "redisPassword": ""
+      },
+      "secret_ref": [
+        {
+          "name": "local.file",
+          "key": "redisPassword"
+        }
+      ]
+    }
+  }
+}
+```
+
+## Quick start
+
+This example shows how to inject redis password to sequencer component using redis store
+
+### Step 0:  Run Redis with password
+
+```shell
+docker run --name redis -p 6380:6379 -d --restart=always redis:5.0.3 redis-server --appendonly yes --requirepass "redis123"
+```
+
+### Step 1:  Run Layotto
+
+After downloading the project code to the local, switch the code directory and compile:
+
+```shell
+cd ${project_path}/cmd/layotto
+```
+
+build:
+
+```shell @if.not.exist layotto
+go build -o layotto
+```
+
+Once finished, the layotto file will be generated in the directory, run it:
+
+```shell @background
+./layotto start -c ../../configs/config_ref_example.json
+```
+
+### Step 2: Run the client program and call Layotto to get the sequence
+
+```shell
+ cd ${project_path}/demo/sequencer/common/
+```
+
+```shell @if.not.exist client
+ go build -o client
+```
+
+```shell
+ ./client -s "redis"
+```
+
+If the following information is printed, the demo is successful:
+
+```bash
+Try to get next id.Key:key666 
+Next id:next_id:1 
+Next id:next_id:2 
+Next id:next_id:3 
+Next id:next_id:4 
+Next id:next_id:5 
+Next id:next_id:6 
+Next id:next_id:7 
+Next id:next_id:8 
+Next id:next_id:9 
+Next id:next_id:10 
+Demo success!
+
+```

docs/zh/start/secret/secret_ref.md

@@ -0,0 +1,88 @@
+# 使用 Secret Ref 注入secret
+
+我们可以用secret store将secrets注入到其他组件。
+
+用 `secret_ref` 来配置:
+
+```json
+{
+  "sequencer": {
+    "redis": {
+      "type": "redis",
+      "metadata": {
+        "redisHost": "127.0.0.1:6380",
+        "redisPassword": ""
+      },
+      "secret_ref": [
+        {
+          "name": "local.file",
+          "key": "redisPassword"
+        }
+      ]
+    }
+  }
+}
+```
+
+## 快速开始
+
+该示例展示了如何注入redis password到sequencer组件
+
+
+### Step 0:  运行redis并初试密码
+
+```shell
+docker run --name redis -p 6380:6379 -d --restart=always redis:5.0.3 redis-server --appendonly yes --requirepass "redis123"
+```
+
+### Step 1:  运行 Layotto
+
+将项目代码下载到本地后，切换代码目录、编译：
+
+```shell
+cd ${project_path}/cmd/layotto
+```
+
+build:
+
+```shell @if.not.exist layotto
+go build -o layotto
+```
+
+完成后目录下会生成layotto文件，运行它：
+
+```shell @background
+./layotto start -c ../../configs/config_ref_example.json
+```
+
+### 第二步：运行客户端程序，调用 Layotto 获取sequence
+
+```shell
+ cd ${project_path}/demo/sequencer/common/
+```
+
+```shell @if.not.exist client
+ go build -o client
+```
+
+```shell
+ ./client -s "redis"
+```
+
+打印出如下信息则代表调用成功：
+
+```bash
+Try to get next id.Key:key666 
+Next id:next_id:1 
+Next id:next_id:2 
+Next id:next_id:3 
+Next id:next_id:4 
+Next id:next_id:5 
+Next id:next_id:6 
+Next id:next_id:7 
+Next id:next_id:8 
+Next id:next_id:9 
+Next id:next_id:10 
+Demo success!
+
+```

etc/script/test-quickstart.sh

@@ -39,6 +39,8 @@ quickstarts_in_default="docs/en/start/configuration/start.md
   docs/zh/start/wasm/start.md
   docs/en/start/secret/start.md
   docs/zh/start/secret/start.md
+  docs/en/start/secret/secret_ref.md
+  docs/zh/start/secret/secret_ref.md
 "
 
 # In advance mod, we test these docs with golang 1.17

pkg/runtime/bindings/metadata.go

@@ -16,7 +16,10 @@
 
 package bindings
 
+import "mosn.io/layotto/components/ref"
+
 type Metadata struct {
+	ref.Config
 	Type     string `json:"type"`
 	Version  string
 	Metadata map[string]string `json:"metadata"`

pkg/runtime/pubsub/config.go

@@ -16,8 +16,11 @@
 
 package pubsub
 
+import "mosn.io/layotto/components/ref"
+
 // Config wraps configuration for a pubsub implementation
 type Config struct {
+	ref.Config
 	Type     string            `json:"type"`
 	Metadata map[string]string `json:"metadata"`
 }