-
Notifications
You must be signed in to change notification settings - Fork 37
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(controller): add domain names for object storage (#3029)
- Loading branch information
Showing
22 changed files
with
969 additions
and
65 deletions.
There are no files selected for viewing
77 changes: 77 additions & 0 deletions
77
...main/java/ai/starwhale/mlops/configuration/security/ObjectStoreDomainDetectionFilter.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
/* | ||
* Copyright 2022 Starwhale, Inc. All Rights Reserved. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package ai.starwhale.mlops.configuration.security; | ||
|
||
import ai.starwhale.mlops.storage.configuration.StorageProperties; | ||
import ai.starwhale.mlops.storage.domain.DomainAwareStorageAccessService; | ||
import ai.starwhale.mlops.storage.s3.S3Config; | ||
import java.io.IOException; | ||
import java.net.URI; | ||
import java.net.URISyntaxException; | ||
import java.util.HashMap; | ||
import java.util.Map; | ||
import java.util.Map.Entry; | ||
import java.util.regex.Pattern; | ||
import java.util.stream.Collectors; | ||
import javax.servlet.FilterChain; | ||
import javax.servlet.ServletException; | ||
import javax.servlet.http.HttpServletRequest; | ||
import javax.servlet.http.HttpServletResponse; | ||
import org.jetbrains.annotations.NotNull; | ||
import org.springframework.stereotype.Component; | ||
import org.springframework.web.filter.OncePerRequestFilter; | ||
|
||
@Component | ||
public class ObjectStoreDomainDetectionFilter extends OncePerRequestFilter { | ||
|
||
public static final String HEADER_NAME = "SW_CLIENT_FAVORED_OSS_DOMAIN_ALIAS"; | ||
|
||
final Map<String, Pattern> domainAliasMap; | ||
|
||
public ObjectStoreDomainDetectionFilter(StorageProperties storageProperties) { | ||
S3Config s3Config = storageProperties.getS3Config(); | ||
if (null == s3Config) { | ||
domainAliasMap = new HashMap<>(); | ||
return; | ||
} | ||
Map<String, String> endpointEquivalentsMap = s3Config.getEndpointEquivalentsMap(); | ||
domainAliasMap = endpointEquivalentsMap.entrySet().stream().collect(Collectors.toMap(Entry::getKey, (entry) -> { | ||
URI uri = null; | ||
try { | ||
uri = new URI(entry.getValue()); | ||
} catch (URISyntaxException e) { | ||
throw new RuntimeException(e); | ||
} | ||
return Pattern.compile(uri.getHost().replace(".", "\\.")); | ||
})); | ||
|
||
} | ||
|
||
@Override | ||
protected void doFilterInternal( | ||
HttpServletRequest request, | ||
@NotNull HttpServletResponse response, | ||
FilterChain filterChain | ||
) throws ServletException, IOException { | ||
Pattern hostPattern = domainAliasMap.get(request.getHeader(HEADER_NAME)); | ||
if (null != hostPattern) { | ||
request.setAttribute(DomainAwareStorageAccessService.OSS_DOMAIN_PATTERN_ATTR, hostPattern); | ||
} | ||
filterChain.doFilter(request, response); | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
68 changes: 68 additions & 0 deletions
68
.../java/ai/starwhale/mlops/configuration/security/ObjectStoreDomainDetectionFilterTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
/* | ||
* Copyright 2022 Starwhale, Inc. All Rights Reserved. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package ai.starwhale.mlops.configuration.security; | ||
|
||
import static org.mockito.ArgumentMatchers.any; | ||
import static org.mockito.ArgumentMatchers.eq; | ||
import static org.mockito.Mockito.mock; | ||
import static org.mockito.Mockito.times; | ||
import static org.mockito.Mockito.verify; | ||
import static org.mockito.Mockito.when; | ||
|
||
import ai.starwhale.mlops.storage.configuration.StorageProperties; | ||
import ai.starwhale.mlops.storage.s3.S3Config; | ||
import java.io.IOException; | ||
import java.util.Map; | ||
import java.util.regex.Pattern; | ||
import javax.servlet.FilterChain; | ||
import javax.servlet.ServletException; | ||
import javax.servlet.http.HttpServletRequest; | ||
import javax.servlet.http.HttpServletResponse; | ||
import org.junit.jupiter.api.Assertions; | ||
import org.junit.jupiter.api.BeforeEach; | ||
import org.junit.jupiter.api.Test; | ||
import org.mockito.ArgumentCaptor; | ||
|
||
class ObjectStoreDomainDetectionFilterTest { | ||
|
||
ObjectStoreDomainDetectionFilter filter; | ||
|
||
@BeforeEach | ||
void setup() throws IOException { | ||
StorageProperties storageProperties = mock(StorageProperties.class); | ||
when(storageProperties.getS3Config()).thenReturn(new S3Config( | ||
Map.of("endpointEquivalents", "{\"test1\":\"http://120.0.1.2\", \"test2\":\"http://a.b.com\"}")) | ||
); | ||
filter = new ObjectStoreDomainDetectionFilter(storageProperties); | ||
} | ||
|
||
@Test | ||
void doFilterInternal() throws ServletException, IOException { | ||
HttpServletRequest req = mock(HttpServletRequest.class); | ||
HttpServletResponse resp = mock(HttpServletResponse.class); | ||
FilterChain filterChain = mock(FilterChain.class); | ||
when(req.getHeader("SW_CLIENT_FAVORED_OSS_DOMAIN_ALIAS")).thenReturn(null); | ||
filter.doFilterInternal(req, resp, filterChain); | ||
verify(req, times(0)).setAttribute(any(), any()); | ||
when(req.getHeader("SW_CLIENT_FAVORED_OSS_DOMAIN_ALIAS")).thenReturn("test1"); | ||
filter.doFilterInternal(req, resp, filterChain); | ||
ArgumentCaptor<Pattern> ac = ArgumentCaptor.forClass(Pattern.class); | ||
verify(req).setAttribute(eq("SW_OSS_DOMAIN_REG_PATTERN"), ac.capture()); | ||
Assertions.assertTrue(ac.getValue().matcher("120.0.1.2").matches()); | ||
Assertions.assertFalse(ac.getValue().matcher("120a0.1.2").matches()); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.