optimize: support authentication of MSE-Nacos with ak/sk (apache#4284)

Signed-off-by: slievrly <[email protected]>

changes/1.5.0.md

@@ -155,6 +155,7 @@ Seata 是一款开源的分布式事务解决方案，提供高性能和简单
   - [[#4251](https://github.com/seata/seata/pull/4251)] 优化部分代码处理
   - [[#4262](https://github.com/seata/seata/pull/4262)] 优化 tcc 模块代码处理
   - [[#4235](https://github.com/seata/seata/pull/4235)] 优化eureka注册中心保存实例信息
+  - [[#4284](https://github.com/seata/seata/pull/4284)] 支持MSE-Nacos 的 ak/sk 鉴权方式
 
 
 ### test：

changes/en-us/1.5.0.md

@@ -155,6 +155,7 @@
   - [[#4251](https://github.com/seata/seata/pull/4251)] optimize partial code handling
   - [[#4262](https://github.com/seata/seata/pull/4262)] optimize tcc module code handling
   - [[#4235](https://github.com/seata/seata/pull/4235)] optimize instance saved in eureka
+  - [[#4284](https://github.com/seata/seata/pull/4284)] support authentication of MSE-Nacos with ak/sk
 
 
   ### test:	

config/seata-config-nacos/src/main/java/io/seata/config/nacos/NacosConfiguration.java

@@ -18,7 +18,6 @@
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Map;
-import java.util.Objects;
 import java.util.Properties;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
@@ -206,8 +205,6 @@ private static Properties getConfigProperties() {
         Properties properties = new Properties();
         if (System.getProperty(ENDPOINT_KEY) != null) {
             properties.setProperty(ENDPOINT_KEY, System.getProperty(ENDPOINT_KEY));
-            properties.put(ACCESS_KEY, Objects.toString(System.getProperty(ACCESS_KEY), ""));
-            properties.put(SECRET_KEY, Objects.toString(System.getProperty(SECRET_KEY), ""));
         } else if (System.getProperty(PRO_SERVER_ADDR_KEY) != null) {
             properties.setProperty(PRO_SERVER_ADDR_KEY, System.getProperty(PRO_SERVER_ADDR_KEY));
         } else {
@@ -226,14 +223,25 @@ private static Properties getConfigProperties() {
             }
             properties.setProperty(PRO_NAMESPACE_KEY, namespace);
         }
-        String userName = StringUtils.isNotBlank(System.getProperty(USER_NAME)) ? System.getProperty(USER_NAME)
-                : FILE_CONFIG.getConfig(getNacosUserName());
+        String userName = StringUtils.isNotBlank(System.getProperty(USER_NAME)) ? System.getProperty(USER_NAME) : FILE_CONFIG.getConfig(getNacosUserName());
         if (StringUtils.isNotBlank(userName)) {
-            String password = StringUtils.isNotBlank(System.getProperty(PASSWORD)) ? System.getProperty(PASSWORD)
-                    : FILE_CONFIG.getConfig(getNacosPassword());
+            String password = StringUtils.isNotBlank(System.getProperty(PASSWORD)) ? System.getProperty(PASSWORD) : FILE_CONFIG.getConfig(getNacosPassword());
             if (StringUtils.isNotBlank(password)) {
                 properties.setProperty(USER_NAME, userName);
                 properties.setProperty(PASSWORD, password);
+                LOGGER.info("Nacos check auth with userName/password.");
+            }
+        } else {
+            String accessKey = StringUtils.isNotBlank(System.getProperty(ACCESS_KEY)) ?
+                System.getProperty(ACCESS_KEY) : FILE_CONFIG.getConfig(getNacosAccessKey());
+            if (StringUtils.isNotBlank(accessKey)) {
+                String secretKey = StringUtils.isNotBlank(System.getProperty(SECRET_KEY)) ?
+                    System.getProperty(SECRET_KEY) : FILE_CONFIG.getConfig(getNacosSecretKey());
+                if (StringUtils.isNotBlank(secretKey)) {
+                    properties.put(ACCESS_KEY, accessKey);
+                    properties.put(SECRET_KEY, secretKey);
+                    LOGGER.info("Nacos check auth with ak/sk.");
+                }
             }
         }
         return properties;
@@ -265,6 +273,14 @@ public static String getNacosPassword() {
                 PASSWORD);
     }
 
+    public static String getNacosAccessKey() {
+        return String.join(ConfigurationKeys.FILE_CONFIG_SPLIT_CHAR, ConfigurationKeys.FILE_ROOT_CONFIG, CONFIG_TYPE, ACCESS_KEY);
+    }
+
+    public static String getNacosSecretKey() {
+        return String.join(ConfigurationKeys.FILE_CONFIG_SPLIT_CHAR, ConfigurationKeys.FILE_ROOT_CONFIG, CONFIG_TYPE, SECRET_KEY);
+    }
+
     private static String getNacosGroup() {
         return FILE_CONFIG.getConfig(getNacosGroupKey(), DEFAULT_GROUP);
     }

discovery/seata-discovery-nacos/src/main/java/io/seata/discovery/registry/nacos/NacosRegistryServiceImpl.java

@@ -15,33 +15,38 @@
  */
 package io.seata.discovery.registry.nacos;
 
+import java.net.InetSocketAddress;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Properties;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+import java.util.stream.Collectors;
+
 import com.alibaba.nacos.api.NacosFactory;
 import com.alibaba.nacos.api.naming.NamingService;
 import com.alibaba.nacos.api.naming.listener.EventListener;
 import com.alibaba.nacos.api.naming.listener.NamingEvent;
 import com.alibaba.nacos.api.naming.pojo.Instance;
+
 import io.seata.common.util.CollectionUtils;
 import io.seata.common.util.NetUtil;
 import io.seata.common.util.StringUtils;
 import io.seata.config.Configuration;
 import io.seata.config.ConfigurationFactory;
 import io.seata.config.ConfigurationKeys;
 import io.seata.discovery.registry.RegistryService;
-
-import java.net.InetSocketAddress;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Properties;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.ConcurrentMap;
-import java.util.stream.Collectors;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * The type Nacos registry service.
  *
  * @author slievrly
  */
 public class NacosRegistryServiceImpl implements RegistryService<EventListener> {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(NacosRegistryServiceImpl.class);
     private static final String DEFAULT_NAMESPACE = "";
     private static final String DEFAULT_CLUSTER = "default";
     private static final String DEFAULT_GROUP = "DEFAULT_GROUP";
@@ -54,6 +59,9 @@ public class NacosRegistryServiceImpl implements RegistryService<EventListener>
     private static final String PRO_GROUP_KEY = "group";
     private static final String USER_NAME = "username";
     private static final String PASSWORD = "password";
+    private static final String ENDPOINT_KEY = "endpoint";
+    private static final String ACCESS_KEY = "accessKey";
+    private static final String SECRET_KEY = "secretKey";
     private static final Configuration FILE_CONFIG = ConfigurationFactory.CURRENT_FILE_INSTANCE;
     private static volatile NamingService naming;
     private static final ConcurrentMap<String, List<EventListener>> LISTENER_SERVICE_MAP = new ConcurrentHashMap<>();
@@ -176,7 +184,9 @@ public static NamingService getNamingInstance() throws Exception {
 
     private static Properties getNamingProperties() {
         Properties properties = new Properties();
-        if (System.getProperty(PRO_SERVER_ADDR_KEY) != null) {
+        if (System.getProperty(ENDPOINT_KEY) != null) {
+            properties.setProperty(ENDPOINT_KEY, System.getProperty(ENDPOINT_KEY));
+        } else if (System.getProperty(PRO_SERVER_ADDR_KEY) != null) {
             properties.setProperty(PRO_SERVER_ADDR_KEY, System.getProperty(PRO_SERVER_ADDR_KEY));
         } else {
             String address = FILE_CONFIG.getConfig(getNacosAddrFileKey());
@@ -193,15 +203,23 @@ private static Properties getNamingProperties() {
             }
             properties.setProperty(PRO_NAMESPACE_KEY, namespace);
         }
-        String userName = StringUtils.isNotBlank(System.getProperty(USER_NAME)) ? System.getProperty(USER_NAME)
-                : FILE_CONFIG.getConfig(getNacosUserName());
+        String userName = StringUtils.isNotBlank(System.getProperty(USER_NAME)) ? System.getProperty(USER_NAME) : FILE_CONFIG.getConfig(getNacosUserName());
         if (StringUtils.isNotBlank(userName)) {
-            String password = StringUtils.isNotBlank(System.getProperty(PASSWORD)) ? System.getProperty(PASSWORD)
-                    : FILE_CONFIG.getConfig(getNacosPassword());
+            String password = StringUtils.isNotBlank(System.getProperty(PASSWORD)) ? System.getProperty(PASSWORD) : FILE_CONFIG.getConfig(getNacosPassword());
             if (StringUtils.isNotBlank(password)) {
                 properties.setProperty(USER_NAME, userName);
                 properties.setProperty(PASSWORD, password);
             }
+        } else {
+            String accessKey = StringUtils.isNotBlank(System.getProperty(ACCESS_KEY)) ? System.getProperty(ACCESS_KEY) : FILE_CONFIG.getConfig(getNacosAccessKey());
+            if (StringUtils.isNotBlank(accessKey)) {
+                String secretKey = StringUtils.isNotBlank(System.getProperty(SECRET_KEY)) ? System.getProperty(SECRET_KEY) : FILE_CONFIG.getConfig(getNacosSecretKey());
+                if (StringUtils.isNotBlank(secretKey)) {
+                    properties.put(ACCESS_KEY, accessKey);
+                    properties.put(SECRET_KEY, secretKey);
+                    LOGGER.info("Nacos check auth with ak/sk.");
+                }
+            }
         }
         return properties;
     }
@@ -245,4 +263,12 @@ private static String getNacosUserName() {
     private static String getNacosPassword() {
         return String.join(ConfigurationKeys.FILE_CONFIG_SPLIT_CHAR, ConfigurationKeys.FILE_ROOT_REGISTRY, REGISTRY_TYPE, PASSWORD);
     }
+
+    public static String getNacosAccessKey() {
+        return String.join(ConfigurationKeys.FILE_CONFIG_SPLIT_CHAR, ConfigurationKeys.FILE_ROOT_REGISTRY, REGISTRY_TYPE, ACCESS_KEY);
+    }
+
+    public static String getNacosSecretKey() {
+        return String.join(ConfigurationKeys.FILE_CONFIG_SPLIT_CHAR, ConfigurationKeys.FILE_ROOT_REGISTRY, REGISTRY_TYPE, SECRET_KEY);
+    }
 }

script/client/conf/registry.conf

@@ -9,6 +9,9 @@ registry {
     namespace = ""
     username = ""
     password = ""
+    ##if use MSE Nacos with auth, mutex with username/password attribute
+    #accessKey = ""
+    #secretKey = ""
   }
   eureka {
     serviceUrl = "http://localhost:8761/eureka"
@@ -59,6 +62,9 @@ config {
     group = "SEATA_GROUP"
     username = ""
     password = ""
+    ##if use MSE Nacos with auth, mutex with username/password attribute
+    #accessKey = ""
+    #secretKey = ""
     dataId = "seata.properties"
   }
   consul {

script/client/spring/application.properties

@@ -94,6 +94,9 @@ seata.config.nacos.server-addr=127.0.0.1:8848
 seata.config.nacos.group=SEATA_GROUP
 seata.config.nacos.username=
 seata.config.nacos.password=
+##if use MSE Nacos with auth, mutex with username/password attribute
+#seata.config.nacos.access-key=
+#seata.config.nacos.secret-key=
 seata.config.nacos.data-id=seata.properties
 
 seata.config.zk.server-addr=127.0.0.1:2181
@@ -120,6 +123,9 @@ seata.registry.nacos.group=SEATA_GROUP
 seata.registry.nacos.namespace=
 seata.registry.nacos.username=
 seata.registry.nacos.password=
+##if use MSE Nacos with auth, mutex with username/password attribute
+#seata.registry.nacos.access-key=
+#seata.registry.nacos.secret-key=
 
 seata.registry.redis.server-addr=localhost:6379
 seata.registry.redis.db=0

script/client/spring/application.yml

@@ -90,6 +90,9 @@ seata:
       group: SEATA_GROUP
       username: ""
       password: ""
+      ##if use MSE Nacos with auth, mutex with username/password attribute
+      #access-key: ""
+      #secret-key: ""
       data-id: seata.properties
     zk:
       server-addr: 127.0.0.1:2181
@@ -119,6 +122,9 @@ seata:
       namespace: ""
       username: ""
       password: ""
+      ##if use MSE Nacos with auth, mutex with username/password attribute
+      #access-key: ""
+      #secret-key: ""
     redis:
       server-addr: localhost:6379
       db: 0

seata-spring-autoconfigure/seata-spring-autoconfigure-core/src/main/java/io/seata/spring/boot/autoconfigure/properties/config/ConfigNacosProperties.java

@@ -31,6 +31,8 @@ public class ConfigNacosProperties {
     private String group = "SEATA_GROUP";
     private String username = "";
     private String password = "";
+    private String accessKey = "";
+    private String secretKey = "";
     private String dataId = "seata.properties";
 
     public String getServerAddr() {
@@ -86,4 +88,22 @@ public ConfigNacosProperties setDataId(String dataId) {
         this.dataId = dataId;
         return this;
     }
+
+    public String getAccessKey() {
+        return accessKey;
+    }
+
+    public ConfigNacosProperties setAccessKey(String accessKey) {
+        this.accessKey = accessKey;
+        return this;
+    }
+
+    public String getSecretKey() {
+        return secretKey;
+    }
+
+    public ConfigNacosProperties setSecretKey(String secretKey) {
+        this.secretKey = secretKey;
+        return this;
+    }
 }

seata-spring-autoconfigure/seata-spring-autoconfigure-core/src/main/java/io/seata/spring/boot/autoconfigure/properties/registry/RegistryNacosProperties.java

@@ -32,6 +32,8 @@ public class RegistryNacosProperties {
     private String cluster = "default";
     private String username = "";
     private String password = "";
+    private String accessKey = "";
+    private String secretKey = "";
     private String application = "seata-server";
 
     public String getServerAddr() {
@@ -94,4 +96,22 @@ public RegistryNacosProperties setApplication(String application) {
         this.application = application;
         return this;
     }
+
+    public String getAccessKey() {
+        return accessKey;
+    }
+
+    public RegistryNacosProperties setAccessKey(String accessKey) {
+        this.accessKey = accessKey;
+        return this;
+    }
+
+    public String getSecretKey() {
+        return secretKey;
+    }
+
+    public RegistryNacosProperties setSecretKey(String secretKey) {
+        this.secretKey = secretKey;
+        return this;
+    }
 }

server/src/main/resources/application.example.yml

@@ -26,6 +26,9 @@ seata:
       group: SEATA_GROUP
       username:
       password:
+      ##if use MSE Nacos with auth, mutex with username/password attribute
+      #access-key: ""
+      #secret-key: ""
       data-id: seataServer.properties
     consul:
       server-addr: 127.0.0.1:8500
@@ -60,6 +63,9 @@ seata:
       cluster: default
       username:
       password:
+      ##if use MSE Nacos with auth, mutex with username/password attribute
+      #access-key: ""
+      #secret-key: ""
     eureka:
       service-url: http://localhost:8761/eureka
       application: default