-
-
Notifications
You must be signed in to change notification settings - Fork 10.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add observe status access-key for pre-check and logging only (#5216) #5236
base: master
Are you sure you want to change the base?
Conversation
…polloconfig#5216) - ALTER TABLE `AccessKey` ADD COLUMN `Mode`, 0: filter,1: observer - portal: CRUD for observe status access-key - configservice: pre-check and logging via ClientAuthenticationFilter
apollo-portal/src/main/resources/static/scripts/controller/AccessKeyController.js
Show resolved
Hide resolved
apollo-portal/src/main/resources/static/scripts/controller/AccessKeyController.js
Show resolved
Hide resolved
apollo-portal/src/main/resources/static/scripts/controller/AccessKeyController.js
Show resolved
Hide resolved
apollo-portal/src/main/resources/static/scripts/controller/AccessKeyController.js
Show resolved
Hide resolved
WalkthroughThe changes introduce a new access key management feature in the Apollo framework, allowing for the specification of access key modes (FILTER and OBSERVER) during enabling and disabling operations. This includes modifications to the relevant controllers, services, and data models, as well as updates to the user interface and localization files. Additionally, new SQL columns and methods are added to support the pre-check functionality for unenabled keys, enhancing the overall access key handling capabilities. Changes
Sequence Diagram(s)sequenceDiagram
participant User
participant AccessKeyController
participant AccessKeyService
participant AccessKeyRepository
User->>AccessKeyController: enable(appId, id, mode)
AccessKeyController->>AccessKeyService: enable(appId, id, mode)
AccessKeyService->>AccessKeyRepository: save(AccessKey)
AccessKeyRepository-->>AccessKeyService: AccessKey saved
AccessKeyService-->>AccessKeyController: success response
AccessKeyController-->>User: success message
Assessment against linked issues
Poem
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 7
Outside diff range and nitpick comments (3)
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/service/AccessKeyService.java (1)
52-53
: Add unit tests for the updated method signature.The method signature has been updated to include an additional
mode
parameter. Ensure that the unit tests for this method have been updated to cover the new parameter.Do you want me to generate the unit testing code or open a GitHub issue to track this task?
scripts/sql/profiles/mysql-database-not-specified/delta/v230-v240/apolloconfigdb-v230-v240.sql (1)
29-30
: LGTM!The SQL statement for adding the
Mode
column to theAccessKey
table is well-structured and follows best practices:
- The column is defined with an appropriate data type (
tinyint(2) unsigned
) and default value (0
).- The comment provides clarity on the purpose and possible values of the column.
- The
AFTER
clause ensures proper positioning of the new column within the table structure.Consider adding a check constraint to enforce the allowed values for the
Mode
column:ALTER TABLE `AccessKey` ADD COLUMN `Mode` tinyint(2) unsigned NOT NULL DEFAULT '0' COMMENT '密钥模式,0: filter,1: observer' AFTER `Secret`, ADD CONSTRAINT `CK_AccessKey_Mode` CHECK (`Mode` IN (0, 1));This will ensure that only valid values (
0
for "filter" and1
for "observer") can be inserted into theMode
column.apollo-configservice/src/main/java/com/ctrip/framework/apollo/configservice/filter/ClientAuthenticationFilter.java (1)
82-82
: Avoid logging sensitive information directlyIncluding
timestamp
in logs is generally acceptable, but ensure that logging practices comply with security policies regarding sensitive information.
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files selected for processing (26)
- apollo-adminservice/src/main/java/com/ctrip/framework/apollo/adminservice/controller/AccessKeyController.java (4 hunks)
- apollo-biz/src/main/java/com/ctrip/framework/apollo/biz/entity/AccessKey.java (3 hunks)
- apollo-biz/src/main/java/com/ctrip/framework/apollo/biz/service/AccessKeyService.java (1 hunks)
- apollo-biz/src/test/resources/sql/accesskey-test.sql (1 hunks)
- apollo-common/src/main/java/com/ctrip/framework/apollo/common/constants/AccessKeyMode.java (1 hunks)
- apollo-common/src/main/java/com/ctrip/framework/apollo/common/dto/AccessKeyDTO.java (2 hunks)
- apollo-configservice/src/main/java/com/ctrip/framework/apollo/configservice/filter/ClientAuthenticationFilter.java (3 hunks)
- apollo-configservice/src/main/java/com/ctrip/framework/apollo/configservice/service/AccessKeyServiceWithCache.java (3 hunks)
- apollo-configservice/src/main/java/com/ctrip/framework/apollo/configservice/util/AccessKeyUtil.java (2 hunks)
- apollo-configservice/src/test/java/com/ctrip/framework/apollo/configservice/filter/ClientAuthenticationFilterTest.java (2 hunks)
- apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/api/AdminServiceAPI.java (1 hunks)
- apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/AccessKeyController.java (1 hunks)
- apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/service/AccessKeyService.java (1 hunks)
- apollo-portal/src/main/resources/static/app/access_key.html (2 hunks)
- apollo-portal/src/main/resources/static/i18n/en.json (2 hunks)
- apollo-portal/src/main/resources/static/i18n/zh-CN.json (2 hunks)
- apollo-portal/src/main/resources/static/scripts/controller/AccessKeyController.js (1 hunks)
- apollo-portal/src/main/resources/static/scripts/services/AccessKeyService.js (2 hunks)
- scripts/sql/profiles/h2-default/apolloconfigdb.sql (1 hunks)
- scripts/sql/profiles/h2-default/delta/v230-v240/apolloconfigdb-v230-v240.sql (1 hunks)
- scripts/sql/profiles/mysql-database-not-specified/apolloconfigdb.sql (1 hunks)
- scripts/sql/profiles/mysql-database-not-specified/delta/v230-v240/apolloconfigdb-v230-v240.sql (1 hunks)
- scripts/sql/profiles/mysql-default/apolloconfigdb.sql (1 hunks)
- scripts/sql/profiles/mysql-default/delta/v230-v240/apolloconfigdb-v230-v240.sql (1 hunks)
- scripts/sql/src/apolloconfigdb.sql (1 hunks)
- scripts/sql/src/delta/v230-v240/apolloconfigdb-v230-v240.sql (1 hunks)
Additional comments not posted (45)
apollo-common/src/main/java/com/ctrip/framework/apollo/common/constants/AccessKeyMode.java (1)
19-25
: LGTM!The
AccessKeyMode
interface is well-defined and serves its purpose as a container for the access key mode constants. The constant names are clear and self-explanatory, and their values are unique and follow a sequential pattern. The interface is placed in an appropriate package for common constants.scripts/sql/src/delta/v230-v240/apolloconfigdb-v230-v240.sql (1)
22-23
: LGTM!The SQL script for adding the
Mode
column to theAccessKey
table looks good. The data type, constraints, and default value are appropriate for the intended purpose, and the comment provides clear documentation on the meaning of the different mode values.A few additional suggestions for consideration:
Consider adding a check constraint to ensure that the
Mode
column only accepts valid values (0 or 1). This can help prevent invalid data from being inserted into the table.If there are any existing queries or application code that relies on the current structure of the
AccessKey
table, make sure to update them to handle the newMode
column appropriately.Verify that the upgrade process handles the addition of the new column gracefully, especially if there is a large amount of existing data in the
AccessKey
table.Overall, the changes in this SQL script are well-structured and align with the objectives of introducing the new access key management feature.
apollo-common/src/main/java/com/ctrip/framework/apollo/common/dto/AccessKeyDTO.java (2)
27-27
: LGTM!The new
mode
field aligns with the PR objective and follows best practices.
55-57
: LGTM!The new getter and setter methods for the
mode
field follow the JavaBean convention and maintain encapsulation.Also applies to: 59-61
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/service/AccessKeyService.java (1)
52-53
: Verify the method signature change in the codebase.The method signature has been updated to include an additional
mode
parameter. Ensure that all method calls toenable
have been updated to pass themode
parameter.Run the following script to verify the method usage:
Also, consider adding validation for the
mode
parameter to handle invalid values gracefully and prevent unexpected behavior.apollo-biz/src/main/java/com/ctrip/framework/apollo/biz/entity/AccessKey.java (3)
39-40
: LGTM!The new
mode
field is correctly defined with appropriate access modifier, annotation, and data type.
61-67
: LGTM!The getter and setter methods for the
mode
field are implemented correctly, following the JavaBean convention and providing proper encapsulation.
80-80
: LGTM!The
toString()
method is correctly updated to include themode
field, enhancing the debugging and logging capabilities of theAccessKey
class.scripts/sql/profiles/mysql-default/delta/v230-v240/apolloconfigdb-v230-v240.sql (1)
31-32
: LGTM! Verify the application code and dependent queries/views.The SQL statement for adding the
Mode
column to theAccessKey
table looks good. The column type, constraints, and comment are appropriate.Please ensure that:
- The application code has been updated to handle the new
Mode
column appropriately, both for reading and writing data.- Any queries or views that reference the
AccessKey
table have been updated to include the new column if necessary.You can use the following script to search for potential references to the
AccessKey
table in the codebase:scripts/sql/profiles/h2-default/delta/v230-v240/apolloconfigdb-v230-v240.sql (2)
30-30
: LGTM!The
UNIX_TIMESTAMP
function alias is created correctly using theCREATE ALIAS
statement and maps to a fully qualified Java method for timestamp conversion.
34-34
: LGTM!The
Mode
column is added correctly to theAccessKey
table using theALTER TABLE
statement with theADD COLUMN
clause. The column definition is valid, specifying the data type, size, nullability, and default value. The column is added at an appropriate position and has a clear comment explaining its purpose and possible values.apollo-configservice/src/main/java/com/ctrip/framework/apollo/configservice/util/AccessKeyUtil.java (2)
49-51
: LGTM!The new
findObservableSecrets
method is well-implemented and serves a clear purpose. It retrieves observable secrets for a given application ID by delegating to theaccessKeyServiceWithCache
instance. The method signature and logic are straightforward and easy to understand.
79-81
: Clarify the purpose and intended usage of thepreCheckInvalid
method.The
preCheckInvalid
method is currently empty and only contains a comment indicating it's for test mocking. It's unclear how this method fits into the overall functionality of theAccessKeyUtil
class and the access key pre-check feature.Please provide more context or documentation to explain the following:
- What is the intended purpose of this method?
- How is it meant to be used in the context of access key pre-checking?
- Are there any plans to implement the method's logic in the future, or will it remain a placeholder for testing?
Adding this information will help developers better understand the role of this method and how it relates to the broader access key management functionality.
apollo-adminservice/src/main/java/com/ctrip/framework/apollo/adminservice/controller/AccessKeyController.java (4)
21-21
: LGTM!The import statement for the
AccessKeyMode
class is correctly added.
31-31
: LGTM!The import statement for the
RequestParam
annotation is correctly added.
66-70
: LGTM!The changes to the
enable
method signature and the usage of themode
parameter are implemented correctly:
- The
mode
parameter is marked as optional with a default value of0
, ensuring backward compatibility.- The
mode
value is correctly set in theAccessKey
entity before updating it.
81-81
: LGTM!Setting the mode to
AccessKeyMode.FILTER
when disabling an access key is a valid approach to ensure the access key operates in the filter mode.apollo-biz/src/main/java/com/ctrip/framework/apollo/biz/service/AccessKeyService.java (1)
77-77
: LGTM!The change to set the mode of the
accessKey
object based on the incomingentity
parameter is a valid enhancement to theupdate
method. It allows for a more comprehensive update of theAccessKey
entity by including the mode attribute along with the enabled status and last modified information.The change is consistent with the method's purpose and does not introduce any apparent issues or side effects. It aligns well with the overall access key management feature being introduced in this PR.
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/AccessKeyController.java (1)
80-83
: LGTM! Verify theaccessKeyService.enable
method implementation.The addition of the optional
mode
parameter to theenable
method provides more flexibility in enabling access keys by allowing the mode to be specified. The default value of0
ensures backward compatibility for existing callers.Please verify that the
accessKeyService.enable
method has been updated to handle the newmode
parameter correctly.Run the following script to verify the
accessKeyService.enable
method signature:apollo-portal/src/main/resources/static/scripts/services/AccessKeyService.js (1)
34-34
: LGTM!The addition of the
mode
query parameter to the URL aligns with the PR objective of introducing an observe status access-key feature. This change allows for more granular control over the enabling process.apollo-portal/src/main/resources/static/scripts/controller/AccessKeyController.js (1)
139-153
: LGTM!The changes to the
enable
function look good:
- The new
mode
parameter is handled correctly, defaulting to 0 if not explicitly set to 1.- The
tipsPrefix
is constructed based on themode
value, allowing for different user feedback messages.- The confirmation message and success/error notifications are updated to use the
tipsPrefix
, providing contextually relevant messages.- The call to
AccessKeyService.enable_access_key
is updated to pass themode
parameter along with the existing parameters.The changes enhance the functionality of the
enable
method by allowing it to handle different operational modes and providing more specific user feedback based on the selected mode. The changes are also backward compatible as themode
parameter defaults to 0, maintaining the existing behavior if not explicitly set.apollo-configservice/src/main/java/com/ctrip/framework/apollo/configservice/service/AccessKeyServiceWithCache.java (4)
22-22
: LGTM!The import statement is necessary for the new methods being added.
41-41
: LGTM!The import statement is necessary for the new
getSecrets
method being added.
90-95
: LGTM!The new public methods
getAvailableSecrets
andgetObservableSecrets
provide a way to retrieve access keys based on their mode and enabled status. The methods use the new privategetSecrets
method with a predicate filter, which is a good way to reuse code and avoid duplication.
97-104
: LGTM!The new private method
getSecrets
provides a way to retrieve access keys based on a predicate filter. The method uses theaccessKeyCache
to retrieve access keys, which is a good way to avoid hitting the database for every request. The method uses thestream
API to filter and map the access keys, which is a good way to write concise and readable code.apollo-configservice/src/test/java/com/ctrip/framework/apollo/configservice/filter/ClientAuthenticationFilterTest.java (2)
150-174
: LGTM!The
testPreCheckInvalid
test method is well-structured and comprehensive. It effectively verifies the behavior of theclientAuthenticationFilter
when an invalid signature is provided.The mocking setup covers the necessary scenarios, and the assertions ensure that no error responses are sent, the filter chain is executed, and the
preCheckInvalid
method is called the expected number of times.
176-199
: LGTM!The
testPreCheckSuccessfully
test method is well-structured and effectively verifies the behavior of theclientAuthenticationFilter
when a valid signature is provided.The mocking setup is appropriate for the valid signature case, and the assertions ensure that no error responses are sent, the filter chain is executed, and the
preCheckInvalid
method is not called.scripts/sql/src/apolloconfigdb.sql (1)
400-400
: LGTM!The addition of the
Mode
column to theAccessKey
table is a valid change that introduces the capability to specify access key modes. The chosen data type, constraints, and default value align with the intended functionality.scripts/sql/profiles/h2-default/apolloconfigdb.sql (1)
396-396
: LGTM!The addition of the
Mode
column to theAccessKey
table looks good:
- The column is defined with the appropriate data type
tinyint(2) unsigned
and default value0
.- The comment clearly explains the purpose and allowed values for the column.
- This is a non-breaking change as existing code will continue to work due to the default value.
Note: Application code changes will be needed to set and interpret the
Mode
values in order to utilize this new functionality.scripts/sql/profiles/mysql-database-not-specified/apolloconfigdb.sql (1)
407-407
: Approve the addition of theMode
column to theAccessKey
table.The new
Mode
column introduces a way to categorize access keys into "filter" and "observer" modes. The chosen data type and default value are appropriate.Consider the following impacts:
- Update the application code to handle the new
Mode
column correctly.- Verify that assigning the "filter" mode by default to existing access keys aligns with the intended behavior.
- Ensure that the access control logic is updated to differentiate between the "filter" and "observer" modes as needed.
scripts/sql/profiles/mysql-default/apolloconfigdb.sql (1)
412-412
: LGTM!The addition of the
Mode
column to theAccessKey
table is a good enhancement that allows differentiating between "filter" and "observer" modes for access keys. The chosen data type and default value are appropriate.Consider the following:
- Update any existing code that interacts with the
AccessKey
table to handle the newMode
column appropriately.- Ensure that the application logic correctly utilizes the
Mode
value when processing access keys.- Update the relevant documentation to reflect the new access key modes and their behavior.
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/api/AdminServiceAPI.java (2)
320-322
: LGTM!The changes to the
enable
method signature and the corresponding update to the URL template look good.
320-322
: Verify the method invocation changes in the codebase.Please ensure that all invocations of the
enable
method have been updated to provide themode
argument.Run the following script to verify the method usage:
apollo-portal/src/main/resources/static/i18n/zh-CN.json (4)
519-524
: Looks good!The added localization strings provide clear guidance about access key usage and mention the new "Observe" status. The key names also follow existing naming conventions.
533-536
: Looks good!The added strings for the new "Observe" access key operation look appropriate and consistent with existing operation label conventions.
541-546
: Looks good!The added success and error message strings for the new observe access key operation are consistent with existing message conventions and provide suitable user-facing text.
550-550
: Looks good!The confirmation message for the observe access key operation is consistent with other confirmation prompts and provides a clear text to confirm the action.
apollo-portal/src/main/resources/static/i18n/en.json (4)
520-524
: LGTM!The added localization strings for access key tips are clear and informative. The JSON syntax is valid.
533-536
: Looks good!The new localization strings for the "Observe" access key operation are consistent with the existing entries. The JSON syntax is valid.
541-546
: Approved.The success and error message strings for the "Observe" access key operation are clear and consistent with the existing entries. The JSON syntax is valid.
550-551
: Good to go!The confirmation prompt string for the "Observe" access key operation is clear and consistent with the existing entries. The JSON syntax is valid.
apollo-configservice/src/main/java/com/ctrip/framework/apollo/configservice/filter/ClientAuthenticationFilter.java (3)
20-20
: Imports added for client IP extraction and tracingThe addition of
WebUtils
andTracer
imports is appropriate for retrieving client IP addresses and logging events, supporting the new logging functionality.Also applies to: 24-24
78-78
: Retrieve and utilize client IP for enhanced loggingFetching the client IP address using
WebUtils.tryToGetClientIp(request)
enhances logging details and aids in monitoring and troubleshooting client requests.
159-164
: Review the use ofaccessKeyUtil.preCheckInvalid()
in production codeThe
preCheckInvalidLogging
method includes a call toaccessKeyUtil.preCheckInvalid();
, with a comment indicating it's "only for test mock". If this method is intended solely for testing purposes, it should not be invoked in production code to avoid unintended side effects.Confirm whether
accessKeyUtil.preCheckInvalid()
should be called in the production environment. If not, consider removing it:private void preCheckInvalidLogging(String message) { logger.warn(message); Tracer.logEvent("Apollo.AccessKey.PreCheck", message); - // only for test mock - accessKeyUtil.preCheckInvalid(); }apollo-portal/src/main/resources/static/app/access_key.html (1)
63-67
: Ensure Translations for New Tips Are IncludedThe new tips
AccessKey.Tips.4
and its sub-items (AccessKey.Tips.4.1
,AccessKey.Tips.4.2
,AccessKey.Tips.4.3
) have been added. Please verify that corresponding translations exist in all localization files to ensure they are displayed correctly to users.Verification successful
Translations Verified Successfully
All new translation keys (
AccessKey.Tips.4
,AccessKey.Tips.4.1
,AccessKey.Tips.4.2
,AccessKey.Tips.4.3
) are present in the localization files (en.json
,zh-CN.json
).Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Check if new translation keys are present in localization files. # List of new translation keys keys=( 'AccessKey.Tips.4' 'AccessKey.Tips.4.1' 'AccessKey.Tips.4.2' 'AccessKey.Tips.4.3' ) # Loop through each key and check if it's present in the localization files for key in "${keys[@]}"; do echo "Checking for $key..." if ! rg --files-with-matches "$key" ./src/main/resources/i18n/; then echo "Missing translation for $key" fi doneLength of output: 1436
Script:
#!/bin/bash # Description: Locate all i18n directories in the repository. fd --type d i18nLength of output: 64
Script:
#!/bin/bash # Description: Check if new translation keys are present in localization files. # List of new translation keys keys=( 'AccessKey.Tips.4' 'AccessKey.Tips.4.1' 'AccessKey.Tips.4.2' 'AccessKey.Tips.4.3' ) # Loop through each key and check if it's present in the localization files for key in "${keys[@]}"; do echo "Checking for $key..." if ! rg --files-with-matches "$key" ./apollo-portal/src/main/resources/static/i18n/; then echo "Missing translation for $key" fi doneLength of output: 1328
What's the purpose of this PR
add observe status access-key for pre-check and logging only
Which issue(s) this PR fixes:
Fixes #5216
Brief changelog
Follow this checklist to help us incorporate your contribution quickly and easily:
mvn clean test
to make sure this pull request doesn't break anything.CHANGES
log.Summary by CodeRabbit
Release Notes
New Features
mode
parameter for enabling and disabling access keys, allowing users to specify operational modes (filter or observer).Bug Fixes
Documentation
These changes enhance user control and clarity in managing access keys within the application.