LamGC/Oracle-Sentry
1
0
Fork 0
mirror of https://github.com/LamGC/Oracle-Sentry.git synced 2025-04-29 22:27:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: LamGC:v0.0.1-alpha-SNAPSHOT
Branches Tags
LamGC:master
LamGC:v0.2.0
LamGC:v0.1.1
LamGC:v0.1.0
LamGC:v0.0.1-alpha-SNAPSHOT
...
compare: LamGC:master
Branches Tags
LamGC:master
LamGC:v0.2.0
LamGC:v0.1.1
LamGC:v0.1.0
LamGC:v0.0.1-alpha-SNAPSHOT

81 Commits
v0.0.1-alp ... master

Author SHA1 Message Date
LamGC
626ce88565
build(vcs): 补充 Idea 的构建文件夹. 2022-02-21 16:22:33 +08:00
LamGC
1cdc15a05f
feat: 添加重试器, 并应用到身份配置加载中(有待测试). 
本提交添加了一个 Retryer, 用于增加对失败加载身份配置时, 可进行重试.
请注意: 对于将该功能整合到身份配置的加载, 其状况有待测试.

issue #5
 2021-10-26 19:57:20 +08:00
LamGC
bded118c03
docs(readme): 补个更新缓慢的说明. 
rt.
 2021-10-22 18:53:47 +08:00
LamGC
4ca9139b3e
refactor(script): 补充提交 SPI 接口实现文件; 
该提交补充了由 e6ff28e0 提交漏掉的一个文件, 没了.
Sorry X_X
 2021-10-12 20:22:11 +08:00
LamGC
b84b2d1ef6
refactor(logging): 设置最低等级为 Info, 以减缓因低等级日志过多导致日志文件过大. 
通过调整全局日志级别, 尝试解决因低等级日志内容过多导致日志文件过大的问题.
 2021-10-10 19:50:39 +08:00
LamGC
43a8ac4026
refactor(script): 调整了加载脚本时获取 ScriptInfo 时异常捕获的时机. 
调整后, 当获取 ScriptInfo 抛出异常时, 会作为脚本加载失败处理.
 2021-10-10 19:46:20 +08:00
LamGC
e6ff28e077
feat: 添加扩展接口, 通过 SPI 机制允许外部模块为脚本添加功能组件. 
通过扩展接口, 可让第三方为脚本提供功能组件, 而无需局限于 Sentry 内置功能组件.

Closes #6
 2021-10-10 11:12:49 +08:00
LamGC
7a008848db
build: 调整项目 group. 
将 group 二级给移除, 合并到一级中.
 2021-10-10 10:48:15 +08:00
LamGC
e55dde09fd
refactor(oci): 调整 ComputeInstanceManager 的包位置. 
调整包位置以更好的区分功能部分.
 2021-10-05 15:37:13 +08:00
LamGC
2f98d1f91d
refactor(oci): 补充日志输出, 方便 Debug. 
补充日志输出, 可通过配置 application.yml 的 logging.root 来控制是否打印这些日志以排查错误.
 2021-10-05 15:34:18 +08:00
LamGC
18d8bb1ef2
feat(script): 新增实例状态触发器. 
该触发器可根据实例的状态变更, 触发回调函数进行相应处理.
 2021-10-05 15:19:22 +08:00
LamGC
652dabedef
feat: 为日志回滚启用 Gzip 压缩. 
通过启用 Gzip 压缩, 可减轻日志文件对存储的压力.
 2021-10-05 15:10:26 +08:00
LamGC
8c51bac6be
fix(script): 修复了当 Trigger 名称包含大写字母时, 无法获取 Trigger 实例的问题. 
当 Trigger 被注册时, 其名称将转换成小写, 存储在 Map 中, 但是 getTriggerByName 并没有对参数转换成小写, 导致该 Bug 产生.
 2021-10-05 15:06:18 +08:00
LamGC
9d5c91d5b4
fix: 修复 regions 使用了错误 id 的问题. 
修复 regions 方法使用了 userId 而不是 tenantId 的问题.
 2021-09-10 02:37:57 +08:00
LamGC
ab69189d5b
feat(sftp): Sftp 现在支持获取用户主目录. 
鉴于当前尚不支持使用"~"指向用户主目录, 为此提供解决方法.
 2021-09-10 02:33:33 +08:00
LamGC
2006097d5f
refactor(logging): 现在日志系统将不记录 SSH 组件 INFO 以下级别的日志. 
由于 SSH 组件在 Debug 级别中输出的东西实在是太多了, 所以把它屏蔽了.
 2021-09-10 02:32:18 +08:00
LamGC
7dcbcc3270
feat: 支持获取计算实例的主要 VNIC 信息. 
增加 getPrimaryVnic 方法以获取主要的 VNIC 信息.
 2021-09-10 02:30:02 +08:00
LamGC
a128748b4f
feat: 支持获取帐号区域订阅信息和直接获取主区域订阅信息. 
增加 regions 和 mainRegion 方法, 可快速获取帐号所订阅的所有区域, 以及主区域的信息.
 2021-09-10 02:27:24 +08:00
LamGC
b8b2268d2e
feat: CommandExecSession 的 waitFor(long) 方法支持通过返回值传递是否超时. 
现在 waitFor(long) 方法在超过指定时间返回后, 将会通过 boolean 返回值告诉调用方是否超时.
详细信息见 Javadoc.
 2021-09-10 01:25:57 +08:00
LamGC
d6738d635c
fix: 修复 SSH 连接配置中的 keyPassword 设置无效的问题. 
由于 mina-ssh 的设计问题, 如果手动设置 KeyIdentityProvider, 则 SshClient 中的 FilePasswordProvider 将对此无效(SshClient 的 FilePasswordProvider 只会对默认密钥路径 "~/id_rsa" 起作用), keyPassword 应直接在 FileKeyPairProvider 设置.
 2021-09-09 23:46:24 +08:00
LamGC
46ae196fe9
release: 发布新版本(0.1.1 -> 0.2.0). 2021-09-05 15:44:02 +08:00
LamGC
e5b08bc12a
docs: 补充类文档. 
补充类文档中的说明部分.
 2021-09-05 15:42:45 +08:00
LamGC
bec7010d43
feat: 重做 Oracle Identity 相关组件, 为脚本提供访问 Oracle Account 的组件. 
重做 OracleIdentityManager, 增加 OracleAccount 与 OracleClients 对象, 使脚本可以访问 SDK, 执行更多操作.
调整 ComputeInstance 与 InstanceNetwork, SDK Client 不再直接创建, 而是使用 OracleClients 中的客户端单例.
 2021-09-05 14:36:37 +08:00
LamGC
6b2bd0a59d
build: 添加 OCI 对象存储 SDK 的依赖项. 
添加以下依赖项:
- com.oracle.oci.sdk:oci-java-sdk-objectstorage (2.4.0)
 2021-09-05 14:34:11 +08:00
LamGC
749ea644f1
docs: 补充文档内容, 修复文档错误. 2021-09-05 14:32:58 +08:00
LamGC
e6a81784a3
style: 忽略误报的编译警告, 调整内部字段访问权. 2021-09-05 14:31:23 +08:00
LamGC
b5c3af1c19
refactor: 修正测试类未跟进更改的问题. 
补充实现接口方法.
 2021-09-04 16:34:48 +08:00
LamGC
13d90595b7
feat: 初步添加 SSH Forwarding 功能. 
添加对 SSH 转发功能的支持, 脚本可通过 SSH 会话使用.

注意: 该功能尚未得到足够的测试, 使用时遇到问题请反馈.
 2021-09-02 18:58:10 +08:00
LamGC
3641593210
refactor: 调整 logger 获取方式. 
调整方法名称以避免 Groovy 误将其当做 Getter 来获取脚本日志记录器.
 2021-09-02 18:55:05 +08:00
LamGC
f5881ddbfe
refactor: 同步调整单元测试(虽然这个算不上是单元测试). 
适配更改.
 2021-09-02 18:54:16 +08:00
LamGC
2c1e9606e1
refactor: 调整类修饰符. 
通过调整修饰符, 降低其他不必要问题出现的概率.
 2021-09-02 18:53:37 +08:00
LamGC
166c63fb93
feat: 添加方法协助脚本确认自身是否已经初始化完成. 
添加 isInitialed 方法, 帮助脚本判断自己是否已经被哨兵初始化完成.
 2021-09-02 18:51:54 +08:00
LamGC
69def56d91
refactor: 调整相关类的包路径, 添加 ScriptLoggerFactory 的使用. 2021-09-02 16:28:42 +08:00
LamGC
cfbe0315f0
perf: 优化数组操作. 
从数组操作中移除 List 的使用(现在是纯数组操作), 添加方法缓存.
 2021-09-02 15:46:01 +08:00
LamGC
ead42e2b00
build: 更新依赖项版本. 
已确认以下依赖项变更不会影响到当前项目的所有功能:
- org.slf4j:slf4j-api (1.7.31 -> 1.7.32)
- com.oracle.oci.sdk:oci-java-sdk-core (2.3.2 -> 2.4.0)
- com.oracle.oci.sdk:oci-java-sdk-identity (2.3.2 -> 2.4.0)
- org.codehaus.groovy:groovy-all (3.0.7 -> 3.0.8)
- com.google.code.gson:gson (2.8.7 -> 2.8.8)
- org.junit.jupiter:junit-jupiter-api (5.7.0 -> 5.7.2)
- org.junit.jupiter:junit-jupiter-engine (5.7.0 -> 5.7.2)
 2021-09-02 14:45:54 +08:00
LamGC
8dc7da3f3f
refactor: 调整包路径. 
整理 common 包的分类.
 2021-09-02 14:31:59 +08:00
LamGC
8658104f7f
feat: 为脚本添加日志记录器. 
- 增加 ScriptLoggerFactory, 通过 CGLIB 为 Logger 设置动态代理, 在记录日志时隐式添加 marker, 配合日志配置调整脚本日志输出, 以解决脚本无法将日志记录到日志文件中的问题.
- 调整 Trigger 日志记录器获取方式, 以解决脚本可能误用 Trigger 日志记录器的问题.
- 适当调整了部分包的日志记录级别.
 2021-09-02 14:30:50 +08:00
LamGC
2cd679bcaf
feat: 为 GroovyTrigger 添加 shutdown 方法. 
增加 shutdown 方法用于向触发器发出停止信号, 以后有用.
 2021-09-02 14:26:05 +08:00
LamGC
2f225d27fe
feat: 添加 ScriptComponentFactory 以允许通过该接口实例动态生成脚本组件. 
通过 ScriptComponentFactory 接口, 可以根据脚本信息动态得构造一些特定于脚本的组件, 例如日志.
本次提交同时调整了 Groovy 脚本的初始化过程, 让 ScriptInfo 的初始化能够更先于脚本 Trigger 的运行.
 2021-09-02 14:23:37 +08:00
LamGC
c2aa02cae3
release: 推送紧急更新版本, 修复脚本基础功能的严重问题. 2021-08-24 18:48:15 +08:00
LamGC
284f0229f7
fix: 修复线程池尚未初始化的问题. 
ThreadPoolTaskScheduler 需要手动初始化才能使用.
 2021-08-24 18:44:46 +08:00
LamGC
800bb13c9e
release: 更新版本至 0.1.0; 2021-08-20 19:49:55 +08:00
LamGC
984576f5e1
fact: 添加 SSH 端口配置项. 
添加 SSH 端口配置项以允许自定义 SSH 连接端口.
本次提交也补充了相应的测试项, 覆盖率 100%.
 2021-08-20 18:23:45 +08:00
LamGC
59f1f3e57a
docs: 更新文档目录和文档文件名. 2021-08-20 16:44:28 +08:00
LamGC
88a0440541
docs: 更新文档目录. 2021-08-20 16:41:36 +08:00
LamGC
3fcd506f0c
docs: 补充脚本编写文档. 2021-08-20 16:40:41 +08:00
LamGC
342087cd01
fact: Supported Sftp 
支持 Sftp 客户端.
 2021-08-20 15:25:07 +08:00
LamGC
3d249696a7
refactor: 修改脚本内组件的传递方式. 
将传递脚本组件的方式由 Delegate 类属性改为 Binding, 以增加灵活性和可维护性.
 2021-08-20 14:01:43 +08:00
LamGC
0dc44864cd
fix: 调整 Json 字段获取方式以修复由于可选字段不存在导致加载失败的问题. 
当 keyPassword 为 null 时, 由于类型检查漏洞, 会出现解析失败的问题.
 2021-08-20 14:00:40 +08:00
LamGC
6bd28909ae
refactor: 调整 Trigger 接收闭包的类型, 以便添加新的功能. 
调整 Trigger 接收闭包的类型(Runnable -> Closure), 闭包可传递参数, 且 Trigger 为 Groovy 特有(至少目前是这样), 故调整类型以提供更多灵活性.
 2021-08-20 13:59:06 +08:00
LamGC
cbb1784f5e
build: 添加 Jacoco 插件, 以分析测试覆盖率. 
以后有用, 目前先配置好先.
 2021-08-20 02:35:15 +08:00
LamGC
616179c00a
test: 添加两个完整的单元测试. 
本次提交添加(补充) GroovyTriggerProvider 和 SshAuthInfoSerializer 的完整单元测试类.
 2021-08-20 02:30:56 +08:00
LamGC
4609e146d9
refactor: 调整编码公钥失败时的动作. 
编码公钥失败时的异常不应该被隐藏, 但为了保持鲁棒性, 我决定把异常直接打印到日志中.
 2021-08-20 02:29:54 +08:00
LamGC
35c45a858c
refactor: 调整代码以更好的进行测试. 
部分代码对测试不友好, 故在不影响原设计的情况下进行了代码调整, 以便更好的编写测试项.
 2021-08-20 02:19:11 +08:00
LamGC
7ac17c6ed7
fix: 修复 Ssh AuthInfo 未加载 keyPassword 的问题. 
该问题原因是忘记写了.
 2021-08-20 00:46:38 +08:00
LamGC
8bd55ca2e4
refactor: 添加对参数的非空检查. 
添加非空检查以在执行操作前将其拦截.
 2021-08-20 00:33:12 +08:00
LamGC
e54a9513df
style: 调整代码, 以防止造成误解. 
调整 static 属性与 instance 属性的位置, 以防被视为纳入 instance 属性的一部分.
 2021-08-19 23:51:21 +08:00
LamGC
3d8167b3b4
fact: 添加对 Http Header 的取值. 
这个属于是忘记加了的, 原本就计划要弄.
 2021-08-19 23:45:54 +08:00
LamGC
72685ef896
docs: 完善文档. 2021-08-19 23:45:15 +08:00
LamGC
83161f81fb
style: 移除未使用的导入代码. 2021-08-19 23:44:53 +08:00
LamGC
6b458020ef
docs: 完善类文档. 2021-08-19 23:43:18 +08:00
LamGC
389f23d6d5
style: 移除无用导入和空行. 2021-08-19 23:43:03 +08:00
LamGC
f48cdaabe9
build: 添加对 Javadoc 的配置. 
其实是设置了编码而已.
 2021-08-19 19:31:30 +08:00
LamGC
79d18685e5
refactor: 调整类访问权, 添加文档. 
调整以缩小类构造方法访问权.
 2021-08-19 19:23:34 +08:00
LamGC
6d5aea82a4
refactor: 调整 getInstanceState 方法的返回值. 
目前遇到脚本无法直接访问 LifecycleState enum 类的情况, 所以暂时调整为返回 String.
 2021-08-19 19:22:44 +08:00
LamGC
39c3695df4
docs: 补充方法文档. 2021-08-19 19:19:47 +08:00
LamGC
4dd6a9b695
refactor: 包装 Image 对象. 
包装 Image 对象以简化脚本对 Image 的访问.
 2021-08-19 19:19:11 +08:00
LamGC
499c3d283c
refactor: 设置自动关闭钩子. 
设置自动关闭钩子以关闭自动保存线程池.
 2021-08-19 19:14:57 +08:00
LamGC
d5d25dfa42
refactor: 适配更改(Git Commit: bf29faa9). 
适配类名更改.
 2021-08-19 19:11:38 +08:00
LamGC
c92c491bd8
docs: 补充文档. 2021-08-19 19:10:12 +08:00
LamGC
882eabbc71
refactor: 调整类访问权. 
减小类可访问范围.
 2021-08-19 19:06:22 +08:00
LamGC
039a020621
refactor: 适配更改(Git Commit: bf29faa9). 
适配类名更改.
 2021-08-19 19:05:47 +08:00
LamGC
be905b2976
refactor: 调整构造方法访问权. 
最小化开放权限.
 2021-08-19 19:04:28 +08:00
LamGC
bf29faa9a5
refactor: 调整类名, 以更符合其意义. 
更改类名和相关属性名.
 2021-08-19 18:43:05 +08:00
LamGC
c47ab110bc
docs: 适配更改(Git Commit: 2f97b56d). 
文档根据相关修改而进行调整.
 2021-08-19 18:37:11 +08:00
LamGC
2f97b56de1
refactor: 调整 ScriptInfo 中的属性名(artifact -> name). 
调整属性名以更适配具体意义.

BREAKING CHANGE: 该变更将影响旧版脚本的初始化过程.
更新方法:
将脚本对 ScriptInfo 的访问按如下进行更改.
旧版:
info {
    artifact 'simple-script'
    group 'org.example'
    version '1.0.0'
}

新版:
info {
    name 'simple-script'
    group 'org.example'
    version '1.0.0'
}

将 artifact 更改为 name 即可.
 2021-08-19 18:35:35 +08:00
LamGC
608e3195ed
feat: 增加应用配置文件的初始化功能. 
如果不初始化配置文件, 将导致用户修改配置困难.
 2021-08-19 18:22:09 +08:00
LamGC
332bc7a6a1
fix: 修复实例管理器加载已终止实例的问题. 
已终止实例已无管理必要, 可以排除.
 2021-08-19 17:59:07 +08:00
LamGC
9905f6ce01
fix: 修复因 Oracle 身份配置内容缺失导致加载失败的问题. 
准确来讲该问题并不是很严重, 但还是为此添加了验证步骤以更优雅的告知用户该配置有问题.
 2021-08-17 23:30:59 +08:00
LamGC
541115b9c7
docs: 修复图片引用错误的问题x2. 2021-08-16 13:07:15 +08:00
LamGC
fa1ba94790
docs: 修复图片引用错误的问题, 补充脚本内容. 2021-08-16 13:05:52 +08:00
99 changed files with 3437 additions and 337 deletions
Show Stats Expand all files Collapse all files

1
.gitignore vendored
View File

@ -31,3 +31,4 @@ hs_err_pid*
# Idea Editor
/.idea
out/

4
Readme.md
View File

@ -12,6 +12,10 @@
本程序为脚本提供 SSH 客户端(使用 [apache/Mina-sshd](https://github.com/apache/mina-sshd) ),协助脚本通过 SSH 管理服务器。
### 关于更新慢的说明 ###
这个项目一直在更新(只有仓库存档了才会说不更),有什么不足的,
或者想添加什么功能的可以发 issue最近本人比较忙可能没那么及时但本项目肯定是不会弃坑的 :D
## Docs ##
[中文(简体)](./docs/cn/Index.md)

45
build.gradle
View File

@ -1,11 +1,14 @@
//file:noinspection GradlePackageUpdate SpringBoot .
//file:noinspection GroovyAssignabilityCheck
plugins {
id 'java'
id 'org.springframework.boot' version '2.5.3'
id 'org.springframework.boot' version '2.5.4'
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
id 'jacoco'
}
group 'net.lamgc.oracle'
version '0.0.1-alpha-SNAPSHOT'
group 'net.lamgc'
version '0.2.0'
compileJava.sourceCompatibility = JavaVersion.VERSION_16
repositories {
@ -13,17 +16,18 @@ repositories {
}
dependencies {
def ociSdkVer = '2.3.2'
def ociSdkVer = '2.4.0'
def sshdVer = '2.7.0'
def bouncyCastleVer = '1.69'
implementation 'org.springframework.boot:spring-boot-starter'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
implementation 'org.slf4j:slf4j-api:1.7.31'
implementation 'org.slf4j:slf4j-api:1.7.32'
implementation "com.oracle.oci.sdk:oci-java-sdk-core:${ociSdkVer}"
implementation "com.oracle.oci.sdk:oci-java-sdk-identity:${ociSdkVer}"
implementation "com.oracle.oci.sdk:oci-java-sdk-objectstorage:${ociSdkVer}"
implementation "org.apache.sshd:sshd-core:${sshdVer}"
implementation "org.apache.sshd:sshd-sftp:${sshdVer}"
@ -31,16 +35,39 @@ dependencies {
implementation "org.bouncycastle:bcpg-jdk15on:${bouncyCastleVer}"
implementation "org.bouncycastle:bcpkix-jdk15on:${bouncyCastleVer}"
implementation 'cglib:cglib:3.3.0'
implementation "net.i2p.crypto:eddsa:0.3.0"
implementation 'org.codehaus.groovy:groovy-all:3.0.7'
implementation 'org.codehaus.groovy:groovy-all:3.0.8'
implementation 'com.google.code.gson:gson:2.8.7'
implementation 'com.google.code.gson:gson:2.8.8'
testImplementation 'org.junit.jupiter:junit-jupiter-api:5.7.0'
testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.7.0'
testImplementation 'org.junit.jupiter:junit-jupiter-api:5.7.2'
testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.7.2'
}
test {
useJUnitPlatform()
jacoco {
classDumpDir = file("$buildDir/jacoco/classpathDumps")
}
}
javadoc {
options.encoding = 'UTF-8'
}
jacoco {
reportsDir file("$buildDir/jacoco/reports")
}
jacocoTestReport {
reports {
xml.enabled true
xml.destination file("$buildDir/jacoco/reports.xml")
html.enabled true
html.destination file("$buildDir/jacoco/reports-html/")
}
}

3
docs/cn/Index.md
View File

@ -2,3 +2,6 @@
- [安装并使用](安装并使用.md)
- [编写脚本](./script/groovy/入门.md)
- [注册并使用触发器](./script/groovy/注册并使用触发器.md)
- [可用的触发器](./script/groovy/可用的触发器.md)
- [开始使用 SSH](./script/groovy/开始使用SSH.md)

12
docs/cn/script/groovy/入门.md
View File

@ -1,12 +1,12 @@
## Groovy 脚本编写
### 基本格式
Groovy 语言的脚本基本格式如下:
Groovy 语言的脚本基本格式如下
```groovy
info {
// 脚本信息, 遵循 Java 的 GAV 规则.
// 脚本英文名
artifact 'demo'
name 'demo'
// 所属组(如果有域名, 就是自己的域名的倒序, 例如 tieba.baidu.com 就是 com.baidu.tieba)
// 如果没有, 也可以用 github 的.
group 'org.example'
@ -34,6 +34,7 @@ def formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss")
// 这里注册定时器触发器.
trigger("timer") {
// time 参数指定 Cron 表达式, 像这样设置表达式字符串后就可以了.
// 比如这里设定一分钟执行一次.
time "0 0/1 * * * ? "
run {
@ -45,3 +46,10 @@ trigger("timer") {
```
Groovy 语言比较贴近 Java实际开发与 Java 没什么区别(相比于 Java 多了不少语法糖,但还是兼容 Java 的)。
## 我能在脚本中使用什么?
目前你能使用的东西有:
- `HTTP`:一个 HttpClient允许你访问 Http 资源。
- `InstanceManager`:计算实例(就是服务器)管理器,可以获取所有的服务器实例,通过实例对象能获取和操作服务器。
除此之外,还有 Java 基本库与 Groovy 基本库可供脚本使用。

36
docs/cn/script/groovy/可用的触发器.md Normal file
View File

@ -0,0 +1,36 @@
## 可用的触发器
### Once 触发器
Once 触发器只会在启动后执行一次,适用于初始化等操作。
示例:
```groovy
trigger ("once") {
run {
// do something...
}
}
```
参数:
- (没有参数)
`it` 对象:无
### Timer 触发器
Timer 触发器通过设定的 Cron 时间表达式,根据时间触发执行,可用于定时检查等操作。
示例:
```groovy
trigger ("once") {
time "0 0 12 * * ? *"
run {
// do something...
}
}
```
参数:
- `time`Cron 时间表达式
`it` 对象:无

54
docs/cn/script/groovy/开始使用SSH.md Normal file
View File

@ -0,0 +1,54 @@
## 开始使用 SSH
哨兵为脚本包装了一个 SSH 客户端,通过 SSH 客户端,脚本可以通过 SSH 连接实例并执行命令、通过 Sftp 访问文件、设置端口转发。
### 创建一个 SSH 会话
SSH 会话不止一个,一个脚本可以创建多个 SSH 会话来同时做不同的事情,也可以多个脚本创建多个会话来做不同事情,会话之间互不干扰。
创建会话的方法很简单,只需要这么做:
```groovy
def session = instance.ssh().createSession()
```
这样就能创建一个会话了,至于 SSH 的连接认证什么的,只需要交给哨兵完成即可!
> 注意:会话不保证创建成功,如果创建失败,方法将抛出一个异常。
### 通过 SSH 执行命令
在得到 SSH 会话后,就可以开始执行命令了。
首先需要创建一个命令执行会话(虽然本质上是一个通道):
```groovy
def execSession = session.createExecSession("date")
```
设定后,我们还需要设置命令的标准输出和标准输入,以方便我们获得命令的输出,和向命令输入内容(比如参数):
```groovy
// 这里如果不需要获取并处理的话,可以不设置,
// 也可以将输出设定为哨兵的标准输出,也是可以的。
execSession.setOut(System.out)
// 这里也设置为哨兵的标准输入,可以由管理员主动输入内容。
execSession.setIn(System.in)
```
最后,调用 `exec()` 方法,执行命令并等待命令运行完成即可。
如果需要执行命令后自动输入之类的异步操作呢?可以改用 `exec(true)` 进行异步执行,然后使用 `waitFor()` 等待命令执行完成即可。
命令执行完成后,除了可以检查输出内容来检查程序执行结果外,还可以通过退出代码了解,只需要调用 `exitCode()` 获取退出码即可:
```groovy
if (execSession.exitCode() == 0) {
println "命令执行成功!"
} else {
println "命令执行失败,退出代码不为 0退出码${execSession.exitCode()}"
}
```
### 完整示例代码
```groovy
run {
def session = instance.ssh().createSession()
def execSession = session.createExecSession("date")
execSession.setOut(System.out)
execSession.setIn(System.in)
// 同步执行,并等待命令执行结束。
execSession.exec()
// 除了上述的 if 判断外,也可以使用 Groovy 的字符串嵌入语法。
println "命令执行完成,退出代码:${execSession.exitCode()}"
}
```

23
docs/cn/script/groovy/注册并使用触发器.md Normal file
View File

@ -0,0 +1,23 @@
## 注册并使用触发器
触发器可以在适当的时候执行脚本所注册的运行代码,使用触发器,哨兵可以在某项事件发生时,触发脚本执行某些操作,而无需脚本手动检查。
### 注册触发器
注册触发器的方法非常简单:
```groovy
trigger("timer") {
// timer 触发器的参数 "time", 填写 Cron 时间表达式.
time "0 0 12 * * ? *"
run {
// 这里编写当到达时间时所需执行的动作.
}
}
```
其中,`"timer"`是触发器名称,`time` 是触发器参数,不同的触发器有不同的参数,也可能没有参数(比如 Once 触发器),`run` 代码块是每个触发器必须有的当满足条件时run 代码块将会被执行。
run 代码块有个隐藏参数 `it`,如果触发器有参数,将通过该参数传递至 run 代码块,供脚本使用。
> 注意:每个触发器所能提供的东西并不一样,具体信息见[触发器文档](可用的触发器.md)。
当注册好了触发器后,只需要等待触发器,在合适的时机触发执行任务即可!

10
docs/cn/安装并使用.md
View File

@ -3,22 +3,22 @@
### 创建 API 密钥
前往 [Oracle Cloud](https://cloud.oracle.com),登录后左上角打开菜单,选择“身份和安全”组,在右侧找到“身份”,然后找到“用户”。
![从菜单中找到用户](.\images\Find-the-user-from-the-menu.png)
![从菜单中找到用户](images/Find-the-user-from-the-menu.png)
然后找到自己的账号(一般用注册邮箱命名),如果先前有创建过帐号,找不到自己的帐号,可以在“用户类型”选择“本地”,会方便查找,找到自己的帐号后点进去。
![找到并选择主用户](.\images\Locate-and-select-the-primary-user.png)
![找到并选择主用户](images/Locate-and-select-the-primary-user.png)
进去后左下角资源选择“API密钥”右侧列表选添加 API 密钥,在弹出的窗口中点击“下载私有密钥”,将密钥下载下来妥善保管好(可以先根据需要命名),然后点击“添加”。
![创建 API 机密密钥](.\images\Create-api-secret-key.png)
![创建 API 机密密钥](images/Create-api-secret-key.png)
点击后,会显示一个身份配置模板,将模板复制下来,粘贴到一个文件上,将文件命名为`<自定义名字>.oracle.ini`。
![复制身份认证配置](.\images\Create-authentication-profile.png)
![复制身份认证配置](images/Create-authentication-profile.png)
粘贴到文件之后,将刚刚保存好的密钥路径粘贴到`key_file`项里,如图所示:
![粘贴到文件中并设置密钥路径](.\images\Save-to-file.png)
![粘贴到文件中并设置密钥路径](images/Save-to-file.png)
哨兵支持解析密钥*相对于*配置文件的路径,所以可以填相对路径,方便移动配置文件和密钥文件。

81
src/main/java/net/lamgc/oracle/sentry/ApplicationInitiation.java
View File

@ -1,27 +1,34 @@
package net.lamgc.oracle.sentry;
import com.oracle.bmc.auth.AuthenticationDetailsProvider;
import net.lamgc.oracle.sentry.script.ScriptComponent;
import com.google.common.base.Throwables;
import net.lamgc.oracle.sentry.oci.account.OracleAccount;
import net.lamgc.oracle.sentry.oci.account.OracleAccountManager;
import net.lamgc.oracle.sentry.oci.compute.ComputeInstanceManager;
import net.lamgc.oracle.sentry.script.ScriptComponentExtension;
import net.lamgc.oracle.sentry.script.ScriptComponents;
import net.lamgc.oracle.sentry.script.ScriptManager;
import net.lamgc.oracle.sentry.script.tools.http.ScriptHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.core.io.Resource;
import org.springframework.lang.NonNull;
import javax.annotation.PostConstruct;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.util.ServiceLoader;
/**
* @author LamGC
*/
@Configuration
public class ApplicationInitiation {
class ApplicationInitiation {
private final static Logger log = LoggerFactory.getLogger(ApplicationInitiation.class);
@ -42,8 +49,8 @@ public class ApplicationInitiation {
private String sshIdentityPath;
@Bean("oracle.identity.manager")
public OracleIdentityManager initialOracleIdentityManager() throws IOException {
OracleIdentityManager oracleUserManager = new OracleIdentityManager();
public OracleAccountManager initialOracleAccountManager() throws IOException {
OracleAccountManager oracleUserManager = new OracleAccountManager();
log.info("正在加载 Oracle API 身份配置...");
log.debug("Oracle API 身份配置查找路径: \"{}\", 匹配表达式: {}", identityDirectory, identityFilePattern);
File identityDir = new File(identityDirectory);
@ -62,15 +69,15 @@ public class ApplicationInitiation {
@Bean("oracle.compute.instance.manager")
@Autowired
public ComputeInstanceManager initialComputeInstanceManager(OracleIdentityManager identityManager) throws IOException {
public ComputeInstanceManager initialComputeInstanceManager(OracleAccountManager accountManager) throws IOException {
ComputeInstanceManager instanceManager = new ComputeInstanceManager();
int addTotal = 0;
for (AuthenticationDetailsProvider provider : identityManager.getProviders()) {
String identityName = identityManager.getIdentityName(provider.getUserId());
for (OracleAccount account : accountManager.getAccounts()) {
String identityName = account.name();
log.info("正在加载用户 {} 所拥有的所有实例...", identityName);
int addCount;
try {
addCount = instanceManager.addComputeInstanceFromUser(provider);
addCount = instanceManager.addComputeInstanceFromUser(account);
} catch (Exception e) {
log.error("加载实例时发生异常.", e);
continue;
@ -87,17 +94,33 @@ public class ApplicationInitiation {
@Bean("sentry.script.manager")
@Autowired
public ScriptManager initialScriptManager(ComputeInstanceManager instanceManager) {
ScriptComponent context = new ScriptComponent(new ScriptHttpClient(HttpClientBuilder.create()
.build()),
instanceManager);
public ScriptManager initialScriptManager(ComputeInstanceManager instanceManager, OracleAccountManager accountManager) {
ScriptComponents components = new ScriptComponents();
components.addComponentObject("InstanceManager", instanceManager);
components.addComponentObject("AccountManager", accountManager);
ScriptManager manager = new ScriptManager(new File(scriptsLocation), context);
configureScriptComponentsFromExtension(components);
ScriptManager manager = new ScriptManager(new File(scriptsLocation), components);
manager.loadScripts();
return manager;
}
private void configureScriptComponentsFromExtension(ScriptComponents components) {
ServiceLoader<ScriptComponentExtension> extensions = ServiceLoader.load(ScriptComponentExtension.class);
for (ScriptComponentExtension extension : extensions) {
try {
extension.configureScriptComponents(components);
} catch (Exception e) {
log.error("脚本组件扩展配置组件时发生未捕获异常.(Extension: {})\n{}",
extension.getClass().getName(), Throwables.getStackTraceAsString(e));
}
}
}
@PostConstruct
@Order(1)
@SuppressWarnings({"MismatchedReadAndWriteOfArray", "RedundantOperationOnEmptyContainer"})
private void initialEnvironment() throws IOException {
String[] directors = new String[] {
"./config",
@ -106,7 +129,7 @@ public class ApplicationInitiation {
};
String[] files = new String[] {
sshIdentityPath
};
for (String directory : directors) {
@ -130,4 +153,28 @@ public class ApplicationInitiation {
}
log.debug("目录检查完成.");
}
@Autowired
private void initialConfigurationFile(ApplicationContext context) {
File configFile = new File("config/application.yml");
if (!configFile.exists()) {
Resource resource = context.getResource("application.yml");
if (!resource.exists()) {
log.error("默认配置初始化失败(包内资源不存在).");
return;
}
try {
Files.copy(resource.getInputStream(), configFile.toPath());
log.info("默认配置文件已初始化完成, 如果调整配置, 可修改配置文件中的相应配置项.");
} catch (IOException e) {
log.error("初始化默认配置文件失败!(Path: {})\n{}",
configFile.getAbsolutePath(), Throwables.getStackTraceAsString(e));
}
} else {
log.debug("配置文件存在, 无需初始化.");
}
}
}

6
src/main/java/net/lamgc/oracle/sentry/ApplicationMain.java
View File

@ -12,13 +12,17 @@ import org.springframework.context.annotation.Configuration;
*/
@SpringBootApplication
@Configuration
public class ApplicationMain {
class ApplicationMain {
private final static Logger log = LoggerFactory.getLogger(ApplicationMain.class);
@SuppressWarnings("AlibabaConstantFieldShouldBeUpperCase")
private final static Object mainThreadWaiter = new Object();
/**
* 程序入口.
* @param args 程序参数.
*/
public static void main(String[] args) {
SpringApplication.run(ApplicationMain.class, args);

19
src/main/java/net/lamgc/oracle/sentry/Constants.java
View File

@ -1,5 +1,7 @@
package net.lamgc.oracle.sentry;
import net.lamgc.oracle.sentry.oci.compute.ssh.ConfiguredForwardingFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.lang.NonNull;
import org.springframework.stereotype.Component;
@ -10,6 +12,9 @@ import org.springframework.stereotype.Component;
@Component("sentry.constants")
public final class Constants {
/**
* 本类唯一实例, 请不要进行设置.
*/
public static Constants instance;
private Constants() {
@ -20,9 +25,23 @@ public final class Constants {
@NonNull
private String firstConnectionPolicy;
@Autowired
private ConfiguredForwardingFilter forwardingFilter;
/**
* 获取 SSH 首次连接策略.
* @return 返回策略值.
*/
@NonNull
public String getFirstConnectionPolicy() {
return firstConnectionPolicy;
}
/**
* 获取已配置的转发过滤器.
* @return 返回转发过滤器.
*/
public ConfiguredForwardingFilter getForwardingFilter() {
return forwardingFilter;
}
}

48
src/main/java/net/lamgc/oracle/sentry/common/LazyLoader.java Normal file
View File

@ -0,0 +1,48 @@
package net.lamgc.oracle.sentry.common;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Supplier;
/**
* 惰性加载器.
* <p> 该加载器只会在第一次获取对象时初始化.
* <p> 如果不用, 可能会导致内存消耗增加, 尤其是在管理大量帐号的情况下.
* <p> 对象在本加载器中为单例, 任何通过同一个加载器获取的对象都是同一个对象.
* @author LamGC
* @param <T> 对象类型.
*/
public final class LazyLoader<T> {
private final Supplier<T> supplier;
private final AtomicReference<T> object = new AtomicReference<>(null);
/**
* 构建惰性加载器.
* @param supplier 对象提供器.
*/
public LazyLoader(Supplier<T> supplier) {
this.supplier = Objects.requireNonNull(supplier);
}
/**
* 获取对象.
* <p> 如果是首次调用本方法, 本方法将通过 Supplier 获取一个对象, 缓存对象后返回.
* @return 返回惰性加载的对象.
*/
public T getInstance() {
if (object.get() == null) {
synchronized (this) {
if (object.get() == null) {
T newInstance = supplier.get();
if (newInstance == null) {
throw new NullPointerException("Supplier is not allowed to return null.");
}
return object.compareAndSet(null, newInstance) ? newInstance : object.get();
}
}
}
return object.get();
}
}

14
src/main/java/net/lamgc/oracle/sentry/common/OracleBmcExceptionHandler.java Normal file
View File

@ -0,0 +1,14 @@
package net.lamgc.oracle.sentry.common;
import com.oracle.bmc.model.BmcException;
import net.lamgc.oracle.sentry.common.retry.RetryExceptionHandler;
public class OracleBmcExceptionHandler implements RetryExceptionHandler {
@Override
public boolean handle(Exception e) {
if (e instanceof BmcException bmc) {
return bmc.getStatusCode() == -1;
}
return true;
}
}

12
src/main/java/net/lamgc/oracle/sentry/common/InputStreamWrapper.java → src/main/java/net/lamgc/oracle/sentry/common/io/InputStreamWrapper.java
View File

@ -1,13 +1,23 @@
package net.lamgc.oracle.sentry.common;
package net.lamgc.oracle.sentry.common.io;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
/**
* 输入流包装器.
* <p> 准确来说只是屏蔽了 {@link InputStream#close()} 而已,
* 尝试修复 SSH 命令执行会话可能会关闭设置的输入流的问题.
* @author LamGC
*/
public class InputStreamWrapper extends InputStream {
private final InputStream source;
/**
* 包装一个输入流.
* @param source 输入源.
*/
public InputStreamWrapper(InputStream source) {
this.source = source;
}

12
src/main/java/net/lamgc/oracle/sentry/common/OutputStreamWrapper.java → src/main/java/net/lamgc/oracle/sentry/common/io/OutputStreamWrapper.java
View File

@ -1,12 +1,22 @@
package net.lamgc.oracle.sentry.common;
package net.lamgc.oracle.sentry.common.io;
import java.io.IOException;
import java.io.OutputStream;
/**
* 输出流包装器.
* <p> 准确来说只是屏蔽了 {@link OutputStream#close()} 而已,
* 尝试修复 SSH 命令执行会话可能会关闭设置的输出流的问题.
* @author LamGC
*/
public class OutputStreamWrapper extends OutputStream {
private final OutputStream target;
/**
* 包装一个输出流.
* @param target 目标输出流.
*/
public OutputStreamWrapper(OutputStream target) {
this.target = target;
}

53
src/main/java/net/lamgc/oracle/sentry/common/logging/LevelRangeFilter.java Normal file
View File

@ -0,0 +1,53 @@
package net.lamgc.oracle.sentry.common.logging;
import ch.qos.logback.classic.Level;
import ch.qos.logback.classic.spi.ILoggingEvent;
import ch.qos.logback.core.filter.Filter;
import ch.qos.logback.core.spi.FilterReply;
/**
* 级别范围过滤器.
* @author LamGC
*/
@SuppressWarnings("unused")
public class LevelRangeFilter extends Filter<ILoggingEvent> {
private Level maxLevel;
private Level minLevel;
@Override
public FilterReply decide(ILoggingEvent event) {
int level = event.getLevel().levelInt;
if (level > maxLevel.levelInt || level < minLevel.levelInt) {
return FilterReply.DENY;
}
return FilterReply.NEUTRAL;
}
/**
* 设置最高等级.
* <p> 仅限 XML 配置文件设置.
* @param maxLevel 最高等级(包括).
*/
public void setMaxLevel(String maxLevel) {
this.maxLevel = Level.toLevel(maxLevel);
}
/**
* 设置最低等级.
* @param minLevel 允许的最低等级(包括).
*/
public void setMinLevel(String minLevel) {
this.minLevel = Level.toLevel(minLevel);
}
@Override
public void start() {
if (maxLevel != null && minLevel != null) {
if (maxLevel.levelInt < minLevel.levelInt) {
throw new IllegalArgumentException("The maximum level cannot be less than the minimum level.");
}
super.start();
}
}
}

55
src/main/java/net/lamgc/oracle/sentry/common/logging/MarkerFilter.java Normal file
View File

@ -0,0 +1,55 @@
package net.lamgc.oracle.sentry.common.logging;
import ch.qos.logback.classic.spi.ILoggingEvent;
import ch.qos.logback.core.filter.Filter;
import ch.qos.logback.core.spi.FilterReply;
import org.slf4j.Marker;
/**
* @author LamGC
*/
@SuppressWarnings("unused")
public class MarkerFilter extends Filter<ILoggingEvent> {
private String markerName;
private FilterReply onMatch = FilterReply.NEUTRAL;
private FilterReply onMismatch = FilterReply.DENY;
@Override
public FilterReply decide(ILoggingEvent event) {
return event.getMarker() != null && event.getMarker().getName().equals(markerName) ? onMatch : onMismatch;
}
/**
* 设置要匹配的 {@link Marker} 名称.
* @param markerName Marker 名称.
*/
public void setMarkerName(String markerName) {
this.markerName = markerName;
}
/**
* 如果匹配, 需要执行的操作.
* @see FilterReply
* @param onMatch 操作名称.
*/
public void setOnMatch(String onMatch) {
this.onMatch = FilterReply.valueOf(onMatch);
}
/**
* 如果不匹配, 需要执行的操作.
* @see FilterReply
* @param onMismatch 操作名称.
*/
public void setOnMismatch(String onMismatch) {
this.onMismatch = FilterReply.valueOf(onMismatch);
}
@Override
public void start() {
if (markerName != null && onMatch != null && onMismatch != null) {
super.start();
}
}
}

15
src/main/java/net/lamgc/oracle/sentry/common/logging/NoMarkerFilter.java Normal file
View File

@ -0,0 +1,15 @@
package net.lamgc.oracle.sentry.common.logging;
import ch.qos.logback.classic.spi.ILoggingEvent;
import ch.qos.logback.core.filter.Filter;
import ch.qos.logback.core.spi.FilterReply;
/**
* @author LamGC
*/
public class NoMarkerFilter extends Filter<ILoggingEvent> {
@Override
public FilterReply decide(ILoggingEvent event) {
return event.getMarker() != null ? FilterReply.DENY : FilterReply.NEUTRAL;
}
}

14
src/main/java/net/lamgc/oracle/sentry/common/retry/AssertionChecker.java Normal file
View File

@ -0,0 +1,14 @@
package net.lamgc.oracle.sentry.common.retry;
/**
* 断言校验器.
* <p> 校验器可帮助 {@link Retryer} 检查执行结果是否符合预期, 如果不符合预期, 那么将会重新执行任务.
* @param <R> 执行结果类型.
* @author LamGC
*/
@FunctionalInterface
public interface AssertionChecker<R> {
void check(R result) throws RetryAssertException;
}

14
src/main/java/net/lamgc/oracle/sentry/common/retry/ExponentialBackoffDelayer.java Normal file
View File

@ -0,0 +1,14 @@
package net.lamgc.oracle.sentry.common.retry;
/**
* 指数退避延迟器.
* @author LamGC
*/
public final class ExponentialBackoffDelayer implements RetryDelayer {
@Override
public long nextDelayTime(int currentRetryCount) {
return (4L << currentRetryCount) * 1000;
}
}

26
src/main/java/net/lamgc/oracle/sentry/common/retry/FixedTimeDelayer.java Normal file
View File

@ -0,0 +1,26 @@
package net.lamgc.oracle.sentry.common.retry;
import java.util.concurrent.TimeUnit;
/**
* 固定延迟器.
* <p> 永远以指定的延迟重试.
* @author LamGC
*/
public final class FixedTimeDelayer implements RetryDelayer {
private final long delay;
public FixedTimeDelayer(long time, TimeUnit unit) {
this(unit.toMillis(time));
}
public FixedTimeDelayer(long delay) {
this.delay = delay;
}
@Override
public long nextDelayTime(int currentRetryCount) {
return delay;
}
}

27
src/main/java/net/lamgc/oracle/sentry/common/retry/NonNullChecker.java Normal file
View File

@ -0,0 +1,27 @@
package net.lamgc.oracle.sentry.common.retry;
/**
* 非空检查器.
* <p> 当执行结果为 null 时断言失败.
* @param <R>
* @author LamGC
*/
public final class NonNullChecker<R> implements AssertionChecker<R> {
@SuppressWarnings("rawtypes")
private final static NonNullChecker INSTANCE = new NonNullChecker();
@SuppressWarnings("unchecked")
public static <R> NonNullChecker<R> getInstance() {
return (NonNullChecker<R>) INSTANCE;
}
private NonNullChecker() {}
@Override
public void check(Object result) throws RetryAssertException {
if (result == null) {
throw new RetryAssertException("The execution result is null.");
}
}
}

18
src/main/java/net/lamgc/oracle/sentry/common/retry/RetryAssertException.java Normal file
View File

@ -0,0 +1,18 @@
package net.lamgc.oracle.sentry.common.retry;
/**
* 重试断言异常.
* <p> 当指定条件失败时抛出该异常.
* <p> 跑出该异常的原因并非任务执行失败, 而是任务执行的结果与预期不符.
* @author LamGC
*/
public class RetryAssertException extends Exception {
public RetryAssertException(String message) {
super(message);
}
public RetryAssertException(String message, Throwable cause) {
super(message, cause);
}
}

17
src/main/java/net/lamgc/oracle/sentry/common/retry/RetryDelayer.java Normal file
View File

@ -0,0 +1,17 @@
package net.lamgc.oracle.sentry.common.retry;
/**
* 重试延迟器.
* <p> 用于决定每次重试的间隔时间, 可根据重试次数调整间隔时常, 以避免频繁执行影响性能.
* @author LamGC
*/
public interface RetryDelayer {
/**
* 获取下一次重试延迟时间.
* @param currentRetryCount 当前重试次数, 如果第一次重试失败, 则本参数为 0.
* @return 返回延迟时间.
*/
long nextDelayTime(int currentRetryCount);
}

13
src/main/java/net/lamgc/oracle/sentry/common/retry/RetryExceptionHandler.java Normal file
View File

@ -0,0 +1,13 @@
package net.lamgc.oracle.sentry.common.retry;
@FunctionalInterface
public interface RetryExceptionHandler {
/**
* 处理异常, 并指示是否继续重试.
* @param e 异常对象.
* @return 如果可以继续重试, 返回 {@code true}.
*/
boolean handle(Exception e);
}

20
src/main/java/net/lamgc/oracle/sentry/common/retry/RetryFailedException.java Normal file
View File

@ -0,0 +1,20 @@
package net.lamgc.oracle.sentry.common.retry;
/**
* 重试失败异常.
* <p> 该异常是由于某一个任务尝试执行失败过多而抛出, 失败的原因可能是任务执行时抛出异常, 或执行结果与预期不符.
*/
public final class RetryFailedException extends Exception {
public RetryFailedException(String message) {
super(message);
}
public RetryFailedException(String message, Throwable cause) {
super(message, cause);
}
public RetryFailedException(Throwable cause) {
super(cause);
}
}

20
src/main/java/net/lamgc/oracle/sentry/common/retry/RetryableTask.java Normal file
View File

@ -0,0 +1,20 @@
package net.lamgc.oracle.sentry.common.retry;
/**
* 可重试任务.
* <p> 实现该方法后, 该任务可在 {@link Retryer} 运行, 可用于一些需重试的任务.
* @param <R> 执行结果类型.
*/
@FunctionalInterface
public interface RetryableTask<R> {
/**
* 运行方法.
* <p> 当该方法抛出异常, 或经 {@link AssertionChecker} 检查认为结果与预期不符时, 将会被重新运行.
* <p> 请注意, 即使任务执行完成, {@link AssertionChecker} 认为结果与预期不符, 任务将会被重新运行, 请注意处理该情况.
* @throws Exception 当异常抛出时, 将视为执行失败, 重试器将根据设定自动重新执行.
* @return 根据需要可返回.
*/
R run() throws Exception;
}

177
src/main/java/net/lamgc/oracle/sentry/common/retry/Retryer.java Normal file
View File

@ -0,0 +1,177 @@
package net.lamgc.oracle.sentry.common.retry;
import com.google.common.util.concurrent.ThreadFactoryBuilder;
import java.util.*;
import java.util.concurrent.*;
/**
* 重试器.
* <p> 通过重试器, 可以对某一个可能失败的任务做重试, 尽可能确保任务执行成功.
* @param <R> 任务结果类型.
* @author LamGC
*/
public final class Retryer<R> {
private final static ThreadPoolExecutor ASYNC_EXECUTOR = new ThreadPoolExecutor(
1,
Math.min(4, Math.max(1, Runtime.getRuntime().availableProcessors() / 2)),
10, TimeUnit.SECONDS,
new LinkedBlockingDeque<>(),
new ThreadFactoryBuilder()
.setNameFormat("Thread-Retryer-%d")
.build()
);
private final RetryableTask<R> task;
private final int retryNumber;
private final RetryDelayer delayer;
private final Set<AssertionChecker<R>> checkers = new HashSet<>();
private final RetryExceptionHandler handler;
private Retryer(RetryableTask<R> task, int retryNumber, RetryDelayer delayer, Set<AssertionChecker<R>> checkers, RetryExceptionHandler handler) {
this.handler = handler;
if (retryNumber < 0) {
throw new IllegalArgumentException("The number of retries is not allowed to be negative: " + retryNumber);
}
this.task = Objects.requireNonNull(task);
this.delayer = Objects.requireNonNull(delayer);
this.retryNumber = retryNumber;
if (checkers != null && !checkers.isEmpty()) {
this.checkers.addAll(checkers);
}
}
@SuppressWarnings("BusyWait")
private R execute0() throws Exception {
Exception lastException;
int currentRetryCount = 0;
do {
try {
R result = task.run();
checkResult(result);
return result;
} catch (Exception e) {
lastException = e;
if (e instanceof InterruptedException) {
break;
}
if (handler != null && !handler.handle(e)) {
break;
}
if (currentRetryCount >= retryNumber) {
break;
}
long delayTime = delayer.nextDelayTime(currentRetryCount);
if (delayTime > 0) {
try {
Thread.sleep(delayTime);
} catch (InterruptedException interrupted) {
break;
}
}
currentRetryCount ++;
}
} while (true);
throw lastException;
}
/**
* 使用 {@link AssertionChecker} 检查结果是否符合预期.
* <p> 当结果不符合检验器预期时, 检验器将抛出 {@link RetryAssertException} 来表示结果不符预期,
* {@link Retryer} 将会重试该任务.
* @param result 执行结果.
* @throws RetryAssertException 当断言检验器对结果断言失败时抛出该异常.
*/
private void checkResult(R result) throws RetryAssertException {
for (AssertionChecker<R> checker : checkers) {
checker.check(result);
}
}
/**
* 异步执行任务.
* <p> 使用线程池执行 task.
* @return 返回 Future 对象以跟踪异步执行结果.
*/
public Future<R> executeAsync() {
return ASYNC_EXECUTOR.submit(this::execute0);
}
/**
* 同步执行任务.
* @return 如果执行完成且成功, 返回执行结果.
* @throws RetryFailedException 当重试多次仍失败时抛出该异常.
*/
public R execute() throws RetryFailedException {
Future<R> future = executeAsync();
try {
return future.get();
} catch (InterruptedException | ExecutionException e) {
if (e instanceof ExecutionException exception) {
throw new RetryFailedException("Failure after a certain number of attempts.", exception);
} else {
throw new RetryFailedException(e);
}
}
}
/**
* 获取一个构建器.
* @param task 需要重试的任务.
* @param <R> 结果类型.
* @return 返回新的构造器.
*/
public static <R> Builder<R> builder(RetryableTask<R> task) {
return new Builder<>(task);
}
/**
* {@link Retryer} 构造器.
* <p> 可通过链式调用快速创建 {@link Retryer}.
* @param <R> 任务结果类型.
*/
public static class Builder<R> {
private final RetryableTask<R> task;
private RetryDelayer delayer = new FixedTimeDelayer(0);
private int retryNumber = 0;
private final Set<AssertionChecker<R>> checkers = new HashSet<>();
private RetryExceptionHandler handler = (e) -> true;
private Builder(RetryableTask<R> task) {
this.task = task;
}
public Retryer<R> create() {
return new Retryer<>(task, retryNumber, delayer, checkers, handler);
}
public Builder<R> delayer(RetryDelayer delayer) {
this.delayer = delayer;
return this;
}
public Builder<R> retryIfReturnNull() {
this.checkers.add(NonNullChecker.getInstance());
return this;
}
public Builder<R> retryNumber(int number) {
this.retryNumber = number;
return this;
}
public Builder<R> checker(AssertionChecker<R> checker) {
checkers.add(checker);
return this;
}
public Builder<R> exceptionHandler(RetryExceptionHandler handler) {
this.handler = handler == null ? (e) -> true : handler;
return this;
}
}
}

116
src/main/java/net/lamgc/oracle/sentry/oci/account/OracleAccount.java Normal file
View File

@ -0,0 +1,116 @@
package net.lamgc.oracle.sentry.oci.account;
import com.oracle.bmc.auth.AuthenticationDetailsProvider;
import com.oracle.bmc.identity.model.RegionSubscription;
import com.oracle.bmc.identity.model.User;
import com.oracle.bmc.identity.requests.GetUserRequest;
import com.oracle.bmc.identity.requests.ListRegionSubscriptionsRequest;
import java.util.List;
import java.util.NoSuchElementException;
import java.util.Objects;
/**
* Oracle 云账户.
* @author LamGC
*/
public final class OracleAccount {
private final AuthenticationDetailsProvider provider;
private final OracleClients clients;
private final User user;
OracleAccount(AuthenticationDetailsProvider provider) {
this.provider = Objects.requireNonNull(provider);
this.clients = new OracleClients(provider);
this.user = clients.identity().getUser(GetUserRequest.builder()
.userId(provider.getUserId())
.build()).getUser();
}
/**
* 获取帐号 Id.
* @return 返回帐号 OCID.
*/
public String id() {
return provider.getUserId();
}
/**
* 获取租户 Id.
* <p> Id 同时也是根区间 Id.
* @return 返回租户 Id.
*/
public String tenantId() {
return provider.getTenantId();
}
/**
* 获取用户名.
* @return 返回用户名称.
*/
public String name() {
return this.user.getName();
}
/**
* 获取用户说明信息.
* @return 返回设定的用户说明信息.
*/
public String description() {
return this.user.getDescription();
}
/**
* 获取用户订阅的所有地区.
* @return 返回已订阅地区列表.
*/
public List<RegionSubscription> regions() {
return this.clients.identity().listRegionSubscriptions(ListRegionSubscriptionsRequest.builder()
.tenancyId(this.tenantId())
.build()).getItems();
}
/**
* 获取帐号主区域.
* @return 返回帐号主区域.
* @throws NoSuchElementException 当主区域搜索失败时抛出.
*/
public RegionSubscription mainRegion() {
for (RegionSubscription subscription : regions()) {
if (subscription.getIsHomeRegion()) {
return subscription;
}
}
throw new NoSuchElementException("Primary region not found.");
}
/**
* 获取该账户所属的 API 客户端集合.
* @return 返回该账户所属的甲骨文 API 客户端集.
*/
public OracleClients clients() {
return clients;
}
@Override
public boolean equals(Object o) {
if (this == o) {
return true;
}
if (o == null || getClass() != o.getClass()) {
return false;
}
AuthenticationDetailsProvider thatProvider = ((OracleAccount) o).provider;
return provider.getUserId().equals(thatProvider.getUserId()) &&
provider.getTenantId().equals(thatProvider.getTenantId()) &&
provider.getFingerprint().equals(thatProvider.getFingerprint()) &&
provider.getKeyId().equals(thatProvider.getKeyId());
}
@Override
public int hashCode() {
return Objects.hash(provider.getUserId(), provider.getTenantId(), provider.getFingerprint(), provider.getKeyId());
}
}

147
src/main/java/net/lamgc/oracle/sentry/OracleIdentityManager.java → src/main/java/net/lamgc/oracle/sentry/oci/account/OracleAccountManager.java
View File

@ -1,16 +1,15 @@
package net.lamgc.oracle.sentry;
package net.lamgc.oracle.sentry.oci.account;
import com.google.common.base.Strings;
import com.google.common.base.Throwables;
import com.google.gson.JsonArray;
import com.google.gson.JsonObject;
import com.oracle.bmc.ConfigFileReader;
import com.oracle.bmc.Region;
import com.oracle.bmc.auth.AuthenticationDetailsProvider;
import com.oracle.bmc.auth.SimpleAuthenticationDetailsProvider;
import com.oracle.bmc.auth.SimplePrivateKeySupplier;
import com.oracle.bmc.identity.IdentityClient;
import com.oracle.bmc.identity.requests.GetUserRequest;
import com.oracle.bmc.identity.responses.GetUserResponse;
import net.lamgc.oracle.sentry.common.OracleBmcExceptionHandler;
import net.lamgc.oracle.sentry.common.retry.ExponentialBackoffDelayer;
import net.lamgc.oracle.sentry.common.retry.Retryer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -22,30 +21,25 @@ import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.*;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.function.Supplier;
import java.util.stream.Collectors;
/**
* Oracle 身份管理器.
* Oracle 云账号管理器.
* @author LamGC
*/
public final class OracleIdentityManager {
public final class OracleAccountManager {
private final static Logger log = LoggerFactory.getLogger(OracleIdentityManager.class);
private final static Logger log = LoggerFactory.getLogger(OracleAccountManager.class);
/**
* 认证身份 Map.
* Key: Identity Id
* Value {@link AuthenticationDetailsProvider}
*/
private final Map<String, AuthenticationDetailsProvider> identityMap = new ConcurrentHashMap<>();
/**
* 用户名 Map.
* key Identity Id
* Value: Username
*/
private final Map<String, String> identityNameMap = new ConcurrentHashMap<>();
private final Map<String, OracleAccount> accountMap = new ConcurrentHashMap<>();
/**
* 从目录扫描匹配的配置文件并加载.
@ -65,34 +59,60 @@ public final class OracleIdentityManager {
if (configFiles == null) {
throw new IOException("Unable to access the specified directory: " + directory.getCanonicalPath());
}
int loadedCount = 0;
AtomicInteger loadedCount = new AtomicInteger();
for (File configFile : configFiles) {
try {
AuthenticationDetailsProvider provider = loadFromConfigFile(configFile);
loadedCount ++;
Retryer<OracleAccount> retryer = Retryer.builder(() -> {
OracleAccount account = loadFromConfigFile(configFile);
if (account == null) {
return null;
}
log.info("已成功加载身份配置文件.\n\tUserId: {}\n\tUsername: {}\n\tPath: {}",
provider.getUserId(),
getIdentityName(provider.getUserId()),
account.id(),
account.name(),
configFile.getCanonicalPath());
} catch (Exception e) {
log.error("加载身份配置文件时发生异常.(Path: {})\n{}", configFile.getCanonicalPath(), Throwables.getStackTraceAsString(e));
return account;
})
.delayer(new ExponentialBackoffDelayer())
.exceptionHandler(new OracleBmcExceptionHandler())
.retryNumber(8)
.create();
Future<OracleAccount> future = retryer.executeAsync();
future.get(30, TimeUnit.SECONDS);
} catch (InterruptedException | ExecutionException | TimeoutException e) {
if (e instanceof TimeoutException) {
continue;
} else if (e instanceof InterruptedException) {
Thread.currentThread().interrupt();
break;
}
log.error("加载身份配置文件时发生异常.(Path: {})\n{}", configFile.getCanonicalPath(), Throwables.getStackTraceAsString(e.getCause()));
}
}
return loadedCount;
return loadedCount.get();
}
/**
* 通过配置文件加载身份信息.
* <p> 加载成功后, 将会注册到身份管理器中.
* @param identityConfig 身份信息文件.
* @return 返回已成功加载后, 配置文件对应的身份配置提供器.
* @throws IOException 如果读取文件发生问题时将抛出该异常.
*/
public AuthenticationDetailsProvider loadFromConfigFile(File identityConfig) throws IOException {
public OracleAccount loadFromConfigFile(File identityConfig) throws IOException {
if (!identityConfig.exists()) {
throw new FileNotFoundException(identityConfig.getAbsolutePath());
}
ConfigFileReader.ConfigFile config
= ConfigFileReader.parse(identityConfig.getAbsolutePath());
if (!checkIdentityProfileConfig(config)) {
log.warn("该配置文件缺少必要信息, 跳过加载.(Path: {})", identityConfig.getCanonicalPath());
return null;
}
String keyFilePath = config.get("key_file");
if (keyFilePath.startsWith(".")) {
@ -111,38 +131,30 @@ public final class OracleIdentityManager {
.build();
// 尝试获取身份所属用户名, 以此检查该身份配置是否正确.
String identityName = getIdentityName0(provider);
identityNameMap.put(provider.getUserId(), identityName);
identityMap.put(provider.getUserId(), provider);
return provider;
OracleAccount oracleAccount = new OracleAccount(provider);
String accountName = oracleAccount.name();
if (accountName == null) {
throw new NullPointerException("Failed to obtain the account name. The identity configuration may be incorrect.");
}
log.debug("已成功通过身份配置获取用户名称: {}", accountName);
accountMap.put(oracleAccount.id(), oracleAccount);
return oracleAccount;
}
/**
* 获取身份所属用户的名称.
* @param provider 身份提供器.
* @return 返回用户名.
*/
private String getIdentityName0(AuthenticationDetailsProvider provider) {
IdentityClient identityClient = new IdentityClient(provider);
GetUserResponse user = identityClient.getUser(GetUserRequest.builder()
.userId(provider.getUserId())
.build());
return user.getUser().getName();
private boolean checkIdentityProfileConfig(ConfigFileReader.ConfigFile config) {
String[] fields = new String[] {
"key_file",
"region",
"tenancy",
"user",
"fingerprint"
};
for (String field : fields) {
if (Strings.isNullOrEmpty(config.get(field))) {
return false;
}
/**
* 获取身份信息所属的用户名.
* @param userId 身份信息所属的用户 Id.
* @return 返回用户名.
* @throws NullPointerException userId {@code null} 时抛出该异常.
* @throws NoSuchElementException 指定的 UserId 未找到对应用户名时抛出该异常.
*/
public String getIdentityName(String userId) {
Objects.requireNonNull(userId);
if (!identityMap.containsKey(userId)) {
throw new NoSuchElementException(userId);
}
return identityNameMap.get(userId);
return true;
}
/**
@ -152,37 +164,20 @@ public final class OracleIdentityManager {
* @throws NullPointerException userId {@code null} 时抛出该异常.
* @throws NoSuchElementException 指定的 UserId 未找到对应 Provider 时抛出该异常.
*/
public AuthenticationDetailsProvider getProviderByUserId(String userId) {
public OracleAccount getAccountByUserId(String userId) {
Objects.requireNonNull(userId);
if (!identityMap.containsKey(userId)) {
if (!accountMap.containsKey(userId)) {
throw new NoSuchElementException(userId);
}
return identityMap.get(userId);
}
/**
* 导出身份信息.
* <p> 不包含私钥.
* @return 返回 Json 形式的身份信息数组.
*/
public JsonArray exportIdentityInfo() {
JsonArray identityInfoArray = new JsonArray(identityMap.size());
for (AuthenticationDetailsProvider provider : identityMap.values()) {
JsonObject identity = new JsonObject();
identity.addProperty("UserId", provider.getUserId());
identity.addProperty("TenantId", provider.getTenantId());
identity.addProperty("Fingerprint", provider.getFingerprint());
identityInfoArray.add(identity);
}
return identityInfoArray;
return accountMap.get(userId);
}
/**
* 获取所有身份提供器.
* @return 返回包含所有身份提供器的集合对象.
*/
public Set<AuthenticationDetailsProvider> getProviders() {
return identityMap.values().stream().collect(Collectors.toUnmodifiableSet());
public Set<OracleAccount> getAccounts() {
return accountMap.values().stream().collect(Collectors.toUnmodifiableSet());
}
}

110
src/main/java/net/lamgc/oracle/sentry/oci/account/OracleClients.java Normal file
View File

@ -0,0 +1,110 @@
package net.lamgc.oracle.sentry.oci.account;
import com.oracle.bmc.auth.AuthenticationDetailsProvider;
import com.oracle.bmc.core.BlockstorageClient;
import com.oracle.bmc.core.ComputeClient;
import com.oracle.bmc.core.VirtualNetworkClient;
import com.oracle.bmc.identity.IdentityClient;
import com.oracle.bmc.objectstorage.ObjectStorageClient;
import net.lamgc.oracle.sentry.common.LazyLoader;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Supplier;
/**
* 甲骨文 SDK 客户端.
* @author LamGC
*/
public class OracleClients {
private final Map<Class<?>, LazyLoader<?>> LAZY_LOADER_MAP = new ConcurrentHashMap<>();
private final AuthenticationDetailsProvider provider;
OracleClients(AuthenticationDetailsProvider provider) {
this.provider = Objects.requireNonNull(provider);
initialLazyLoad();
}
private void initialLazyLoad() {
registryLazyLoader(ComputeClient.class, () -> new ComputeClient(provider));
registryLazyLoader(VirtualNetworkClient.class, () -> new VirtualNetworkClient(provider));
registryLazyLoader(BlockstorageClient.class, () -> new BlockstorageClient(provider));
registryLazyLoader(IdentityClient.class, () -> new IdentityClient(provider));
registryLazyLoader(ObjectStorageClient.class, () -> new ObjectStorageClient(provider));
}
/**
* 获取计算类客户端.
* @return 获取计算类客户端对象.
*/
public ComputeClient compute() {
return getInstance(ComputeClient.class);
}
/**
* 获取网络客户端.
* @return 返回 VCN 操作客户端.
*/
public VirtualNetworkClient network() {
return getInstance(VirtualNetworkClient.class);
}
/**
* 获取块存储客户端.
* <p> 仅限计算实例的存储.
* @return 返回块存储客户端.
*/
public BlockstorageClient blockStorage() {
return getInstance(BlockstorageClient.class);
}
/**
* 获取身份客户端.
* <p> 用于访问身份相关 API.
* @return 返回身份客户端.
*/
public IdentityClient identity() {
return getInstance(IdentityClient.class);
}
/**
* 获取对象存储客户端.
* <p> 不包括计算实例的存储.
* @return 获取对象存储客户端.
*/
public ObjectStorageClient objectStorage() {
return getInstance(ObjectStorageClient.class);
}
/**
* 获取实例.
* @param type 实例类.
* @param <T> 实例类型.
* @return 返回对象.
*/
@SuppressWarnings("unchecked")
private <T> T getInstance(Class<?> type) {
Objects.requireNonNull(type);
if (!LAZY_LOADER_MAP.containsKey(type)) {
throw new NoSuchElementException("No lazy loader of this type was found: " + type);
}
return (T) LAZY_LOADER_MAP.get(type).getInstance();
}
/**
* 注册惰性加载器.
* @param type 对象类.
* @param supplier 对象提供器.
* @param <T> 对象类型.
*/
private <T> void registryLazyLoader(Class<? extends T> type, Supplier<T> supplier) {
Objects.requireNonNull(type);
Objects.requireNonNull(supplier);
LAZY_LOADER_MAP.put(type, new LazyLoader<>(supplier));
}
}

90
src/main/java/net/lamgc/oracle/sentry/oci/compute/BootImage.java Normal file
View File

@ -0,0 +1,90 @@
package net.lamgc.oracle.sentry.oci.compute;
import com.oracle.bmc.core.model.Image;
import java.util.Date;
/**
* 引导镜像.
* <p> 创建实例时所指定的引导镜像.
* <p> 如果实例经过其他方式重新安装了系统, 则本信息有偏差.
* @author LamGC
*/
public final class BootImage {
private final Image image;
BootImage(Image image) {
this.image = image;
}
/**
* 获取镜像 Id.
* <p> Id 可在创建服务器时指定所使用的系统镜像.
* @return 返回镜像在 Oracle Id.
*/
public String getImageId() {
return image.getId();
}
/**
* 获取镜像所在的区域 Id.
* @return 返回镜像所在区域的 Id.
*/
public String getCompartmentId() {
return image.getCompartmentId();
}
/**
* 获取镜像系统名称.
* <p> 比如 Ubuntu 或者说 CentOS.
* @return 返回系统名称(不是计算机名称).
*/
public String getOS() {
return image.getOperatingSystem();
}
/**
* 获取该镜像基于某一镜像的 Id.
* <p> Oracle 提供了方法, 可以通过当前服务器生成新的镜像,
* 生成后, 新的镜像就是基于原镜像生成, 该项就不为空.
* @return 如果存在, 返回基础镜像 Id, 无基础镜像则返回 {@code null}.
*/
public String getBaseImageId() {
return image.getBaseImageId();
}
/**
* 镜像的显示名称.
* <p> 获取镜像显示名, 该名称与该镜像系统在官方为 iso 的命名差不多.
* @return 获取镜像的显示名称.
*/
public String getName() {
return image.getDisplayName();
}
/**
* 获取镜像大小.
* @return 返回镜像大小, 单位为 MiB.
*/
public Long getSize() {
return image.getSizeInMBs();
}
/**
* 获取系统版本号.
* @return 返回镜像内系统的版本号, 如果版本较旧且服务器更新过系统, 则版本号不是最新的.
*/
public String getOSVersion() {
return image.getOperatingSystemVersion();
}
/**
* 获取镜像创建时间.
* @return 获取镜像创建时间.
*/
public Date getTimeCreated() {
return image.getTimeCreated();
}
}

98
src/main/java/net/lamgc/oracle/sentry/oci/compute/ComputeInstance.java
View File

@ -1,8 +1,6 @@
package net.lamgc.oracle.sentry.oci.compute;
import com.oracle.bmc.auth.AuthenticationDetailsProvider;
import com.oracle.bmc.core.ComputeClient;
import com.oracle.bmc.core.model.Image;
import com.oracle.bmc.core.model.Instance;
import com.oracle.bmc.core.requests.GetImageRequest;
import com.oracle.bmc.core.requests.GetInstanceRequest;
@ -10,7 +8,7 @@ import com.oracle.bmc.core.requests.InstanceActionRequest;
import com.oracle.bmc.core.responses.GetImageResponse;
import com.oracle.bmc.core.responses.GetInstanceResponse;
import com.oracle.bmc.core.responses.InstanceActionResponse;
import net.lamgc.oracle.sentry.ComputeInstanceManager;
import net.lamgc.oracle.sentry.oci.account.OracleAccount;
import net.lamgc.oracle.sentry.oci.compute.ssh.InstanceSsh;
import net.lamgc.oracle.sentry.oci.compute.ssh.SshAuthInfo;
@ -25,54 +23,62 @@ public final class ComputeInstance {
private final ComputeInstanceManager instanceManager;
private final String instanceId;
private final String userId;
private final String compartmentId;
private final String imageId;
private final AuthenticationDetailsProvider authProvider;
private final InstanceNetwork network;
private final OracleAccount fromAccount;
private final ComputeClient computeClient;
public ComputeInstance(ComputeInstanceManager instanceManager, String instanceId, String userId,
String compartmentId, String imageId, AuthenticationDetailsProvider provider) {
/**
* 构造一个计算实例对象.
* @param instanceManager 实例所属的管理器.
* @param instanceId 实例 Id.
* @param compartmentId 实例所在区域的 Id.
* @param imageId 镜像 Id.
* @param fromAccount 所属用户的身份配置提供器.
*/
public ComputeInstance(ComputeInstanceManager instanceManager, String instanceId,
String compartmentId, String imageId, OracleAccount fromAccount) {
this.instanceManager = instanceManager;
this.instanceId = instanceId;
this.userId = userId;
this.compartmentId = compartmentId;
this.imageId = imageId;
this.authProvider = provider;
this.fromAccount = fromAccount;
computeClient = new ComputeClient(provider);
this.network = new InstanceNetwork(this);
this.computeClient = fromAccount.clients().compute();
}
/**
* 获取实例 Id.
* <p> 可通过实例 Id 直接调用 Oracle Cloud SDK, 也可以作为服务器的唯一标识.
* @return 返回实例 Id.
*/
public String getInstanceId() {
return instanceId;
}
public String getUserId() {
return userId;
}
/**
* 获取服务器所属区域的 Id.
* <p> 使用的资源必须要处于同一区域, 例如 IP 资源, 磁盘.
* @return 返回服务器所属区域的 Id.
*/
public String getCompartmentId() {
return compartmentId;
}
public String getImageId() {
return imageId;
}
/**
* 获取并返回实例镜像信息.
* <p> 可获取系统信息.
* <p> 如果实例被 dd, 则本信息不准确.
* @return 返回实例信息.
*/
public Image getImage() {
public BootImage getImage() {
GetImageResponse image = computeClient.getImage(GetImageRequest.builder()
.imageId(imageId)
.build());
return image.getImage();
return new BootImage(image.getImage());
}
/**
@ -84,37 +90,58 @@ public final class ComputeInstance {
return network;
}
/**
* 获取实例的 SSH 客户端.
* @return 返回实例 SSH 客户端.
*/
public InstanceSsh ssh() {
Instance.LifecycleState instanceState = getInstanceState();
if (instanceState != Instance.LifecycleState.Running) {
String instanceState = getInstanceState();
if (!Instance.LifecycleState.Running.name().equals(instanceState)) {
throw new IllegalStateException("The state of the current instance cannot connect to SSH: " + instanceState);
}
return new InstanceSsh(this, getSshIdentity());
}
public Instance.LifecycleState getInstanceState() {
/**
* 获取实例当前状态.
* <p> 实例可有以下状态:
* <ul>
* <li> Moving: 实例正在转移中;
* <li> Provisioning: 实例正在预分配中(正在创建实例);
* <li> Running: 实例正在运行中;
* <li> Starting: 实例正在启动中;
* <li> Stopping: 实例正在停止中;
* <li> Stopped: 实例已停止运行;
* <li> CreatingImage: 正在通过实例构建镜像;
* <li> Terminating: 正在终止实例(正在删除实例);
* <li> Terminated: 实例已经终止(已删除实例)
* </ul>
* @return 返回实例状态.
*/
public String getInstanceState() {
GetInstanceResponse instance = computeClient.getInstance(GetInstanceRequest.builder()
.instanceId(instanceId)
.build());
return instance.getInstance().getLifecycleState();
return instance.getInstance().getLifecycleState().name();
}
/**
* 对实例执行操作.
* @param action 操作类型.
* @return 如果成功, 返回实例最新状态.
* @return 如果成功, 返回实例最新状态(返回值意义见 {@link #getInstanceState()} 文档).
*/
public Instance.LifecycleState execAction(InstanceAction action) {
public String execAction(InstanceAction action) {
InstanceActionResponse actionResponse = computeClient.instanceAction(InstanceActionRequest.builder()
.instanceId(instanceId)
.action(action.getActionValue())
.build());
return actionResponse.getInstance().getLifecycleState();
return actionResponse.getInstance().getLifecycleState().name();
}
/**
* 获取实例名称.
* @return 返回实例显示名.
*/
public String getInstanceName() {
GetInstanceResponse instance = computeClient.getInstance(GetInstanceRequest.builder()
@ -131,10 +158,6 @@ public final class ComputeInstance {
return computeClient;
}
AuthenticationDetailsProvider getAuthProvider() {
return authProvider;
}
@Override
public boolean equals(Object o) {
if (this == o) {
@ -144,20 +167,29 @@ public final class ComputeInstance {
return false;
}
ComputeInstance that = (ComputeInstance) o;
return instanceId.equals(that.instanceId) && userId.equals(that.userId) && compartmentId.equals(that.compartmentId);
return instanceId.equals(that.instanceId) && fromAccount.equals(that.fromAccount) && compartmentId.equals(that.compartmentId);
}
@Override
public int hashCode() {
return Objects.hash(instanceId, userId, compartmentId);
return Objects.hash(instanceId, fromAccount, compartmentId);
}
/**
* 获取 SSH 认证信息.
* @return 返回实例 SSH 认证信息.
* @throws java.util.NoSuchElementException 如果没有指定配置信息则抛出该异常.
*/
private SshAuthInfo getSshIdentity() {
return instanceManager.getSshIdentityProvider()
.getAuthInfoByInstanceId(instanceId);
}
/**
* 获取实例所属的 Oracle 云帐号对象.
* @return 返回实例所属帐号对象.
*/
public OracleAccount getFromAccount() {
return fromAccount;
}
}

53
src/main/java/net/lamgc/oracle/sentry/ComputeInstanceManager.java → src/main/java/net/lamgc/oracle/sentry/oci/compute/ComputeInstanceManager.java
View File

@ -1,20 +1,22 @@
package net.lamgc.oracle.sentry;
package net.lamgc.oracle.sentry.oci.compute;
import com.oracle.bmc.auth.AuthenticationDetailsProvider;
import com.oracle.bmc.core.ComputeClient;
import com.oracle.bmc.core.model.Instance;
import com.oracle.bmc.core.requests.ListInstancesRequest;
import com.oracle.bmc.core.responses.ListInstancesResponse;
import com.oracle.bmc.identity.IdentityClient;
import com.oracle.bmc.identity.model.Compartment;
import com.oracle.bmc.identity.requests.ListCompartmentsRequest;
import com.oracle.bmc.identity.responses.ListCompartmentsResponse;
import net.lamgc.oracle.sentry.oci.compute.ComputeInstance;
import net.lamgc.oracle.sentry.oci.account.OracleAccount;
import net.lamgc.oracle.sentry.oci.compute.ssh.SshAuthIdentityProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.File;
import java.io.IOException;
import java.util.*;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;
@ -22,7 +24,9 @@ import java.util.stream.Collectors;
* 计算实例管理器.
* @author LamGC
*/
public class ComputeInstanceManager {
public final class ComputeInstanceManager {
private final static Logger log = LoggerFactory.getLogger(ComputeInstanceManager.class);
private final Map<String, ComputeInstance> instanceMap = new ConcurrentHashMap<>();
private SshAuthIdentityProvider sshIdentityProvider;
@ -33,10 +37,16 @@ public class ComputeInstanceManager {
* @throws IOException 加载时如有异常将直接抛出.
*/
public void initialSshIdentityProvider(File sshIdentityJson) throws IOException {
log.debug("正在初始化 SSH 认证配置提供器...");
sshIdentityProvider = new SshAuthIdentityProvider(this, sshIdentityJson);
sshIdentityProvider.loadAuthInfo();
log.debug("SSH 认证配置提供器已初始化完成.");
}
/**
* 获取实例 SSH 认证配置提供器.
* @return 返回 SSH 认证配置提供器.
*/
public SshAuthIdentityProvider getSshIdentityProvider() {
return sshIdentityProvider;
}
@ -60,36 +70,41 @@ public class ComputeInstanceManager {
public Set<ComputeInstance> getInstancesByUserId(String userId) {
Objects.requireNonNull(userId);
return instanceMap.values().stream()
.filter(computeInstance -> computeInstance.getUserId().equals(userId))
.filter(computeInstance -> computeInstance.getFromAccount().id().equals(userId))
.collect(Collectors.toSet());
}
/**
* 添加某一用户的所有计算实例.
* @param provider 用户身份提供器.
* @param account Oracle 云账号对象.
* @return 返回已成功添加的实例数量.
* @throws NullPointerException 如果 provider {@code null} 则抛出异常.
*/
public int addComputeInstanceFromUser(AuthenticationDetailsProvider provider) {
Objects.requireNonNull(provider);
IdentityClient identityClient = new IdentityClient(provider);
ComputeClient computeClient = new ComputeClient(provider);
ListCompartmentsResponse listCompartments = identityClient.listCompartments(ListCompartmentsRequest.builder()
.compartmentId(provider.getTenantId())
public int addComputeInstanceFromUser(OracleAccount account) {
Objects.requireNonNull(account);
ListCompartmentsResponse listCompartments = account.clients().identity()
.listCompartments(ListCompartmentsRequest.builder()
.compartmentId(account.tenantId())
.build());
int addCount = 0;
Set<String> compartmentIds = listCompartments.getItems().stream()
.map(Compartment::getId).collect(Collectors.toSet());
compartmentIds.add(provider.getTenantId());
compartmentIds.add(account.tenantId());
for (String compartmentId : compartmentIds) {
ListInstancesResponse listInstances = computeClient.listInstances(ListInstancesRequest.builder()
ListInstancesResponse listInstances = account.clients().compute()
.listInstances(ListInstancesRequest.builder()
.compartmentId(compartmentId)
.build());
for (Instance instance : listInstances.getItems()) {
if (instance.getLifecycleState() == Instance.LifecycleState.Terminated ||
instance.getLifecycleState() == Instance.LifecycleState.Terminating) {
log.debug("实例 {} 状态为 {}, 不添加该实例.", instance.getId(), instance.getLifecycleState());
continue;
}
ComputeInstance computeInstance = new ComputeInstance(this, instance.getId(),
provider.getUserId(), compartmentId, instance.getImageId(), provider);
compartmentId, instance.getImageId(), account);
addComputeInstance(computeInstance);
log.debug("已为用户 {} 添加计算实例: {}", account.id(), instance.getId());
addCount ++;
}
}

9
src/main/java/net/lamgc/oracle/sentry/oci/compute/InstanceAction.java
View File

@ -1,5 +1,10 @@
package net.lamgc.oracle.sentry.oci.compute;
/**
* 实例动作.
* <p> 可对实例执行的操作.
* @author LamGC
*/
public enum InstanceAction {
/**
* 启动实例.
@ -30,6 +35,10 @@ public enum InstanceAction {
this.actionValue = actionValue;
}
/**
* 获取动作的 API 调用值.
* @return 返回 API 所规定的对应值.
*/
public String getActionValue() {
return actionValue;
}

22
src/main/java/net/lamgc/oracle/sentry/oci/compute/InstanceNetwork.java
View File

@ -1,6 +1,7 @@
package net.lamgc.oracle.sentry.oci.compute;
import com.oracle.bmc.core.VirtualNetworkClient;
import com.oracle.bmc.core.model.Vnic;
import com.oracle.bmc.core.model.VnicAttachment;
import com.oracle.bmc.core.requests.GetVnicRequest;
import com.oracle.bmc.core.requests.ListVnicAttachmentsRequest;
@ -13,6 +14,7 @@ import java.util.NoSuchElementException;
import java.util.Set;
/**
* 实例网络操作类.
* @author LamGC
*/
public class InstanceNetwork {
@ -22,7 +24,7 @@ public class InstanceNetwork {
InstanceNetwork(ComputeInstance instance) {
this.instance = instance;
this.vcnClient = new VirtualNetworkClient(this.instance.getAuthProvider());
this.vcnClient = instance.getFromAccount().clients().network();
}
/**
@ -55,8 +57,24 @@ public class InstanceNetwork {
.build()
);
return listVnicAttachments.getItems().stream().toList();
return listVnicAttachments.getItems();
}
/**
* 获取实例的主要 VNIC(虚拟网络接口)
* @return 返回实例的主要 VNIC 对象.
* @throws NoSuchElementException 当找不到主要 VNIC 时抛出该异常.
*/
public Vnic getPrimaryVnic() {
for (VnicAttachment vnicAttachment : listVnicAttachments()) {
GetVnicResponse vnic = vcnClient.getVnic(GetVnicRequest.builder()
.vnicId(vnicAttachment.getVnicId())
.build());
if (vnic.getVnic().getIsPrimary()) {
return vnic.getVnic();
}
}
throw new NoSuchElementException("Primary vnic not found.");
}
}

15
src/main/java/net/lamgc/oracle/sentry/oci/compute/ssh/CommandExecSession.java
View File

@ -1,7 +1,7 @@
package net.lamgc.oracle.sentry.oci.compute.ssh;
import net.lamgc.oracle.sentry.common.InputStreamWrapper;
import net.lamgc.oracle.sentry.common.OutputStreamWrapper;
import net.lamgc.oracle.sentry.common.io.InputStreamWrapper;
import net.lamgc.oracle.sentry.common.io.OutputStreamWrapper;
import org.apache.sshd.client.channel.ChannelExec;
import org.apache.sshd.client.channel.ClientChannelEvent;
@ -19,7 +19,7 @@ public final class CommandExecSession implements Closeable {
private final ChannelExec channelExec;
public CommandExecSession(ChannelExec channelExec) {
CommandExecSession(ChannelExec channelExec) {
this.channelExec = channelExec;
}
@ -54,9 +54,11 @@ public final class CommandExecSession implements Closeable {
/**
* 等待程序执行完毕.
* @param timeout 超时时间, 0 为无限等待(单位: 毫秒).
* @return 如果在超时时间内返回, 返回 {@code true}, 超时返回 {@code false}.
*/
public void waitFor(long timeout) {
channelExec.waitFor(EnumSet.of(ClientChannelEvent.EXIT_STATUS, ClientChannelEvent.EXIT_SIGNAL), timeout);
public boolean waitFor(long timeout) {
return !channelExec.waitFor(EnumSet.of(ClientChannelEvent.EXIT_STATUS, ClientChannelEvent.EXIT_SIGNAL), timeout)
.contains(ClientChannelEvent.TIMEOUT);
}
/**
@ -71,6 +73,7 @@ public final class CommandExecSession implements Closeable {
/**
* 设置输入流.
* <p> 设置待执行命令的输入流.
* @param in 待设置的输入流
*/
public void setIn(InputStream in) {
channelExec.setIn(new InputStreamWrapper(in));
@ -79,6 +82,7 @@ public final class CommandExecSession implements Closeable {
/**
* 设置标准输出流.
* <p> 对应待执行命令的 Stdout.
* @param out 设置标准输出的输出流.
*/
public void setOut(OutputStream out) {
channelExec.setOut(new OutputStreamWrapper(out));
@ -87,6 +91,7 @@ public final class CommandExecSession implements Closeable {
/**
* 设置错误输出流.
* <p> 如果命令使用到, 错误信息会从该输出流输出.
* @param err 设置错误输出的输出流.
*/
public void setErr(OutputStream err) {
channelExec.setErr(new OutputStreamWrapper(err));

45
src/main/java/net/lamgc/oracle/sentry/oci/compute/ssh/ConfiguredForwardingFilter.java Normal file
View File

@ -0,0 +1,45 @@
package net.lamgc.oracle.sentry.oci.compute.ssh;
import org.apache.sshd.common.session.Session;
import org.apache.sshd.common.util.net.SshdSocketAddress;
import org.apache.sshd.server.forward.ForwardingFilter;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
/**
* 已配置转发过滤器.
* <p> 根据应用配置, 选择是否允许转发指定类型的流量.
* @author LamGC
*/
@Component("sentry.script.ssh.forwarding.filter")
public class ConfiguredForwardingFilter implements ForwardingFilter {
@Value("oracle.ssh.forwarding.X11.enable")
private String x11Enabled;
@Value("oracle.ssh.forwarding.tcp.enable")
private String tcpEnabled;
@Value("oracle.ssh.forwarding.agent.enable")
private String agentEnabled;
@Override
public boolean canForwardAgent(Session session, String requestType) {
return Boolean.parseBoolean(agentEnabled);
}
@Override
public boolean canListen(SshdSocketAddress address, Session session) {
return Boolean.parseBoolean(tcpEnabled);
}
@Override
public boolean canConnect(Type type, SshdSocketAddress address, Session session) {
return Boolean.parseBoolean(tcpEnabled);
}
@Override
public boolean canForwardX11(Session session, String requestType) {
return Boolean.parseBoolean(x11Enabled);
}
}

29
src/main/java/net/lamgc/oracle/sentry/oci/compute/ssh/InstanceSsh.java
View File

@ -1,6 +1,7 @@
package net.lamgc.oracle.sentry.oci.compute.ssh;
import com.google.common.base.Strings;
import net.lamgc.oracle.sentry.Constants;
import net.lamgc.oracle.sentry.oci.compute.ComputeInstance;
import org.apache.sshd.client.SshClient;
import org.apache.sshd.client.future.AuthFuture;
@ -16,6 +17,12 @@ import java.util.Objects;
import java.util.Set;
import java.util.concurrent.TimeUnit;
/**
* 实例 SSH 客户端.
* <p> 包装并简化了 SSH 会话的创建流程.
* @author LamGC
*/
@SuppressWarnings("unused")
public class InstanceSsh implements AutoCloseable {
private final static Logger log = LoggerFactory.getLogger(InstanceSsh.class);
@ -24,17 +31,25 @@ public class InstanceSsh implements AutoCloseable {
private final SshAuthInfo authInfo;
private final SshClient sshClient;
/**
* 创建连接实例用的 SSH 客户端.
* @param instance SSH 客户端对应的计算实例.
* @param authInfo SSH 认证配置.
*/
public InstanceSsh(ComputeInstance instance, SshAuthInfo authInfo) {
this.instance = Objects.requireNonNull(instance);
this.authInfo = Objects.requireNonNull(authInfo);
sshClient = SshClient.setUpDefaultClient();
sshClient.setForwardingFilter(Constants.instance.getForwardingFilter());
sshClient.setServerKeyVerifier(new OracleInstanceServerKeyVerifier(instance, authInfo));
if (authInfo instanceof PublicKeyAuthInfo info) {
sshClient.setKeyIdentityProvider(new FileKeyPairProvider(info.getPrivateKeyPath().toPath()));
FileKeyPairProvider fileKeyPairProvider = new FileKeyPairProvider(info.getPrivateKeyPath().toPath());
if (!Strings.isNullOrEmpty(info.getKeyPassword())) {
sshClient.setFilePasswordProvider(FilePasswordProvider.of(info.getKeyPassword()));
fileKeyPairProvider.setPasswordFinder(FilePasswordProvider.of(info.getKeyPassword()));
log.info("已设置密钥解密密码.");
}
sshClient.setKeyIdentityProvider(fileKeyPairProvider);
} else if (authInfo instanceof PasswordAuthInfo info) {
sshClient.addPasswordIdentity(info.getPassword());
} else {
@ -43,12 +58,19 @@ public class InstanceSsh implements AutoCloseable {
sshClient.start();
}
/**
* 创建 SSH 会话.
* <p> 允许创建多个 SSH 会话.
* @return 返回新的 SSH 会话.
* @throws IOException 会话创建失败时将抛出异常.
*/
public SshSession createSession() throws IOException {
Set<String> instancePublicIps = instance.network().getInstancePublicIp();
if (instancePublicIps.stream().findFirst().isEmpty()) {
throw new IllegalStateException("Instance has no public IP available.");
}
String connectUri = "ssh://" + authInfo.getUsername() + "@" + instancePublicIps.stream().findFirst().get() + ":22";
String connectUri = "ssh://" + authInfo.getUsername() + "@" +
instancePublicIps.stream().findFirst().get() + ":" + authInfo.getPort();
log.info("SSH 正在连接: {}", connectUri);
ConnectFuture connect = sshClient.connect(connectUri);
connect.verify();
@ -75,7 +97,6 @@ public class InstanceSsh implements AutoCloseable {
}
}
@Override
public void close() {
sshClient.stop();

2
src/main/java/net/lamgc/oracle/sentry/oci/compute/ssh/OracleInstanceServerKeyVerifier.java
View File

@ -23,7 +23,7 @@ public class OracleInstanceServerKeyVerifier implements ServerKeyVerifier {
private final ComputeInstance instance;
private final SshAuthInfo info;
public OracleInstanceServerKeyVerifier(ComputeInstance instance, SshAuthInfo info) {
OracleInstanceServerKeyVerifier(ComputeInstance instance, SshAuthInfo info) {
this.instance = instance;
this.info = info;
}

8
src/main/java/net/lamgc/oracle/sentry/oci/compute/ssh/PasswordAuthInfo.java
View File

@ -12,10 +12,18 @@ public class PasswordAuthInfo extends SshAuthInfo {
return AuthType.PASSWORD;
}
/**
* 获取 SSH 登录密码.
* @return 返回登录密码.
*/
public String getPassword() {
return password;
}
/**
* 设置 SSH 登录密码.
* @param password 新的登录密码.
*/
public void setPassword(String password) {
this.password = password;
}

25
src/main/java/net/lamgc/oracle/sentry/oci/compute/ssh/PublicKeyAuthInfo.java
View File

@ -1,10 +1,11 @@
package net.lamgc.oracle.sentry.oci.compute.ssh;
import org.apache.sshd.common.config.keys.FilePasswordProvider;
import java.io.File;
import java.security.KeyPair;
/**
* 公钥登录认证配置.
* @author LamGC
*/
public class PublicKeyAuthInfo extends SshAuthInfo{
private File privateKeyPath;
@ -15,18 +16,36 @@ public class PublicKeyAuthInfo extends SshAuthInfo{
return AuthType.PUBLIC_KEY;
}
/**
* 获取私钥路径.
* <p> 注意: 该路径由 SSH 认证配置文件提供, 不保证私钥的存在.
* @return 返回私钥所在路径.
*/
public File getPrivateKeyPath() {
return privateKeyPath;
}
/**
* 设置私钥路径.
* @param privateKeyPath 私钥路径.
*/
public void setPrivateKeyPath(File privateKeyPath) {
this.privateKeyPath = privateKeyPath;
}
/**
* 获取私钥密码.
* @return 如果有, 返回非 {@code null} .
*/
public String getKeyPassword() {
return keyPassword;
}
/**
* 设置私钥密码.
* <p> 如果私钥存在密码但未提供密码, 将无法使用私钥验证会话.
* @param keyPassword 私钥密码.
*/
public void setKeyPassword(String keyPassword) {
this.keyPassword = keyPassword;
}

280
src/main/java/net/lamgc/oracle/sentry/oci/compute/ssh/SftpSession.java Normal file
View File

@ -0,0 +1,280 @@
package net.lamgc.oracle.sentry.oci.compute.ssh;
import net.lamgc.oracle.sentry.common.LazyLoader;
import org.apache.sshd.sftp.client.SftpClient;
import org.apache.sshd.sftp.common.SftpConstants;
import org.apache.sshd.sftp.common.SftpException;
import java.io.*;
import java.nio.charset.StandardCharsets;
import java.nio.file.DirectoryNotEmptyException;
import java.nio.file.NoSuchFileException;
import java.util.HashSet;
import java.util.Set;
/**
* Sftp 会话.
* <p> 可通过会话访问远程服务器的文件.
* @author LamGC
*/
@SuppressWarnings("unused")
public class SftpSession implements Closeable {
/**
* 排除的文件名.
*/
private final static Set<String> EXCLUDED_FILE_NAMES;
static {
EXCLUDED_FILE_NAMES = new HashSet<>();
EXCLUDED_FILE_NAMES.add(".");
EXCLUDED_FILE_NAMES.add("..");
}
private final SftpClient sftpClient;
private final LazyLoader<String> userHome;
/**
* 创建 Sftp 会话.
* @param sftpClient Sftp 客户端.
*/
SftpSession(SftpClient sftpClient) {
this.sftpClient = sftpClient;
this.userHome = new LazyLoader<>(() -> {
try {
CommandExecSession echoHOME = new CommandExecSession(sftpClient.getSession().createExecChannel("echo $HOME"));
ByteArrayOutputStream outBuffer = new ByteArrayOutputStream();
echoHOME.setOut(outBuffer);
echoHOME.exec();
if (echoHOME.exitCode() != null && echoHOME.exitCode() == 0) {
return outBuffer.toString(StandardCharsets.UTF_8).trim();
}
throw new IOException("Command execution failed.(ExitCode: " + echoHOME.exitCode() + ")");
} catch (IOException e) {
throw new RuntimeException(e);
}
});
}
/**
* 获取指定文件夹内的所有文件.
* @param path 文件夹路径.
* @return 返回该目录下所有文件的文件名, 文件名不带路径.
* @throws IOException 执行失败时抛出异常.
*/
public Set<String> listFiles(String path) throws IOException {
SftpClient.CloseableHandle handle = sftpClient.openDir(path);
Set<String> paths = new HashSet<>();
for (SftpClient.DirEntry entry : sftpClient.listDir(handle)) {
if (EXCLUDED_FILE_NAMES.contains(entry.getFilename())) {
continue;
}
paths.add(entry.getFilename());
}
sftpClient.close(handle);
return paths;
}
/**
* 读取指定路径的问题.
* @param path 文件所在路径.
* @return 返回文件输入流.
* @throws FileNotFoundException 当文件不存在时抛出该异常.
* @throws IOException 当操作执行失败时抛出异常.
*/
public InputStream read(String path) throws IOException {
if (!exists(path)) {
throw new FileNotFoundException(path);
}
return sftpClient.read(path);
}
/**
* 写入数据到指定目录.
* @param path 待写入的路径.
* @return 返回数据输出流.
* @throws FileNotFoundException 当文件不存在时抛出该异常.
* @throws IOException 如果操作失败则抛出异常.
*/
public OutputStream write(String path) throws IOException {
if (!exists(path)) {
throw new FileNotFoundException(path);
}
return sftpClient.write(path, SftpClient.OpenMode.Write);
}
/**
* 检查指定路径是否存在.
* @param path 待检查的路径.
* @return 如果存在, 返回 {@code true}, 如果文件不存在, 返回 {@code false}.
* @throws IOException 执行失败时抛出.
*/
public boolean exists(String path) throws IOException {
try {
return getAttributes(path) != null;
} catch (IOException e) {
if (e instanceof SftpException sftpException) {
if (sftpException.getStatus() == SftpConstants.SSH_FX_NO_SUCH_FILE) {
return false;
}
}
throw e;
}
}
/**
* 是否为一个目录.
* @param path 待检查路径.
* @return 如果是一个目录, 返回 {@code true}.
* @throws FileNotFoundException 当路径不存在时抛出该异常.
* @throws IOException 如果执行失败则抛出异常.
*/
public boolean isDirectory(String path) throws IOException {
if (!exists(path)) {
throw new FileNotFoundException(path);
}
return getAttributes(path).isDirectory();
}
/**
* 是否为一个文件.
* @param path 待检查路径.
* @return 如果是一个文件, 返回 {@code true}.
* @throws FileNotFoundException 当路径不存在时抛出该异常.
* @throws IOException 如果执行失败则抛出异常.
*/
public boolean isFile(String path) throws IOException {
if (!exists(path)) {
throw new FileNotFoundException(path);
}
return getAttributes(path).isRegularFile();
}
/**
* 获取文件大小.
* @param path 待获取的路径.
* @return 返回文件大小, 单位 b.
* @throws NoSuchFileException 当指定路径不是一个文件(或符号链接)时抛出.
* @throws FileNotFoundException 当指定路径不存在时抛出.
* @throws IOException 当操作执行失败时抛出.
*/
public long getFileSize(String path) throws IOException {
if (!exists(path)) {
throw new FileNotFoundException(path);
}
SftpClient.Attributes attributes = getAttributes(path);
if (!attributes.isRegularFile()) {
if (attributes.isSymbolicLink()) {
return getFileSize(sftpClient.readLink(path));
}
throw new NoSuchFileException("Not a file: " + path);
}
return attributes.getSize();
}
/**
* 获取指定路径的属性.
* @param path 待获取属性的路径.
* @return 返回路径所属属性.
* @throws IOException 如果执行失败则抛出异常.
*/
public SftpClient.Attributes getAttributes(String path) throws IOException {
return sftpClient.stat(path);
}
/**
* 创建文件夹.
* @param path 待创建的目录.
* @return 当文件夹已存在时返回 {@code false}, 不存在且创建成功则返回 {@code true}.
* @throws IOException 如果操作执行失败则抛出异常.
*/
public boolean mkdir(String path) throws IOException {
if (exists(path)) {
return false;
}
sftpClient.mkdir(path);
return true;
}
/**
* 创建新文件.
* @param path 待创建的文件路径.
* @return 当文件已存在时返回 {@code false}, 不存在且创建成功则返回 {@code true}.
* @throws IOException 如果操作失败啧抛出异常.
*/
public boolean createNewFile(String path) throws IOException {
if (exists(path)) {
return false;
}
SftpClient.CloseableHandle handle = sftpClient.open(path, SftpClient.OpenMode.Create);
sftpClient.close(handle);
return true;
}
/**
* 删除指定路径.
* <p> 该方法内部做了适配, 可兼容文件与文件夹两种类型.
* @param path 待删除的路径.
* @throws IOException 如果删除失败, 抛出异常.
* @throws FileNotFoundException 当指定路径不存在时抛出该异常.
* @throws DirectoryNotEmptyException 当路径为目录且目录不为空时抛出该异常.
*/
public void delete(String path) throws IOException {
if (!exists(path)) {
throw new FileNotFoundException(path);
}
if (isDirectory(path)) {
if (!listFiles(path).isEmpty()) {
throw new DirectoryNotEmptyException(path);
}
sftpClient.rmdir(path);
} else {
sftpClient.remove(path);
}
}
/**
* 强制删除文件夹.
* <p> 如果删除文件夹, 将会对文件夹执行遍历删除, 文件夹及子文件夹内的所有内容都会被删除.
* @param path 待删除的路径.
* @return 如果目标路径为文件夹且删除成功, 返回 {@code true}, 如果是文件, 则不会执行操作并返回 {@code false}.
* 该行为是防止文件遭到误删.
* @throws IOException 如果操作执行失败, 则抛出异常.
*/
public boolean forceDeleteDir(String path) throws IOException {
if (isDirectory(path)) {
for (String filePath : listFiles(path)) {
String fullFilePath = path + "/" + filePath;
if (isDirectory(fullFilePath)) {
forceDeleteDir(fullFilePath);
} else {
sftpClient.remove(fullFilePath);
}
}
sftpClient.rmdir(path);
return true;
} else {
return false;
}
}
@Override
public void close() throws IOException {
sftpClient.close();
}
/**
* 获取用户主目录.
* @return 返回用户主目录, 例如: "/root", 末尾无符号.
* @throws IOException 如果操作失败, 则抛出异常.
*/
public String getUserHome() throws IOException {
try {
return userHome.getInstance();
} catch (RuntimeException e) {
throw (IOException) e.getCause();
}
}
}

26
src/main/java/net/lamgc/oracle/sentry/oci/compute/ssh/SshAuthIdentityProvider.java
View File

@ -4,7 +4,7 @@ import com.google.common.reflect.TypeToken;
import com.google.common.util.concurrent.ThreadFactoryBuilder;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import net.lamgc.oracle.sentry.ComputeInstanceManager;
import net.lamgc.oracle.sentry.oci.compute.ComputeInstanceManager;
import net.lamgc.oracle.sentry.oci.compute.ComputeInstance;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -15,6 +15,7 @@ import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.StandardOpenOption;
import java.util.Collections;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Set;
@ -29,7 +30,7 @@ import java.util.stream.Collectors;
* @author LamGC
*/
@SuppressWarnings("UnstableApiUsage")
public final class SshAuthIdentityProvider {
public final class SshAuthIdentityProvider implements AutoCloseable {
private final static String DEFAULT_AUTH_KEY = "@default";
private final static Logger log = LoggerFactory.getLogger(SshAuthIdentityProvider.class);
@ -51,7 +52,11 @@ public final class SshAuthIdentityProvider {
.build());
private final AtomicBoolean needSave = new AtomicBoolean(false);
/**
* 创建 SSH 认证配置提供器.
* @param instanceManager 所属实例管理器.
* @param identityJson 认证配置文件对象.
*/
public SshAuthIdentityProvider(ComputeInstanceManager instanceManager, File identityJson) {
this.instanceManager = instanceManager;
this.identityJsonFile = identityJson;
@ -67,8 +72,14 @@ public final class SshAuthIdentityProvider {
log.warn("本次 SSH 认证配置保存失败.", e);
}
}, 60, 10, TimeUnit.SECONDS);
Runtime.getRuntime().addShutdownHook(new Thread(this::close, "Thread-ProviderAutoSave-Close"));
}
/**
* 添加 SSH 认证配置.
* @param instanceId 配置对应的实例 Id.
* @param authInfo SSH 认证配置对象.
*/
public void addSshAuthIdentity(String instanceId, SshAuthInfo authInfo) {
authInfoMap.put(instanceId, authInfo);
}
@ -157,8 +168,13 @@ public final class SshAuthIdentityProvider {
/**
* 获取所有不存在 SSH 配置的实例 Id.
* @return 返回所有不存在对应 SSH 认证配置的实例 Id.
*/
private Set<String> checkForMissingInstances() {
if (instanceManager == null) {
log.info("实例管理器未设置, 跳过检查.");
return Collections.emptySet();
}
Set<String> instanceIdSet = instanceManager.getComputeInstances().stream()
.map(ComputeInstance::getInstanceId)
.collect(Collectors.toSet());
@ -168,4 +184,8 @@ public final class SshAuthIdentityProvider {
return instanceIdSet;
}
@Override
public void close() {
scheduledExec.shutdown();
}
}

53
src/main/java/net/lamgc/oracle/sentry/oci/compute/ssh/SshAuthInfo.java
View File

@ -3,7 +3,6 @@ package net.lamgc.oracle.sentry.oci.compute.ssh;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.IOException;
import java.security.PublicKey;
/**
@ -16,11 +15,8 @@ public abstract class SshAuthInfo {
private final static Logger log = LoggerFactory.getLogger(SshAuthInfo.class);
private String username;
/**
* 使用 Sha256 计算的密钥指纹.
*/
private PublicKey serverKey;
private int port;
private SshAuthIdentityProvider provider;
/**
@ -29,14 +25,28 @@ public abstract class SshAuthInfo {
*/
public abstract AuthType getType();
/**
* 获取 SSH 登录用户名.
* @return 返回 SSH 登录用户名.
*/
public String getUsername() {
return username;
}
/**
* 获取服务器公钥.
* <p> 用于认证服务器身份, 在首次登录成功后设置.
* @return 如果之前认证成功并保存过, 则不为 {@code null}, 否则需要进行首次连接确认.
*/
public PublicKey getServerKey() {
return serverKey;
}
/**
* 设置服务器公钥.
* <p> 如果本对象有关联的 {@link SshAuthIdentityProvider}, 则会通知 Provider 保存 SSH 认证配置文件.
* @param serverKey 服务器公钥.
*/
public void setServerKey(PublicKey serverKey) {
this.serverKey = serverKey;
if (this.provider != null) {
@ -44,14 +54,43 @@ public abstract class SshAuthInfo {
}
}
/**
* 设置 SSH 登录用户名.
* @param username 登录 SSH 的用户名.
*/
public void setUsername(String username) {
this.username = username;
}
/**
* 设置 SSH 连接端口.
* @param port SSH 端口号.
*/
public void setPort(int port) {
this.port = port;
}
/**
* 获取 SSH 端口号.
* @return 返回 SSH 端口号.
*/
public int getPort() {
return port;
}
/**
* 设置 SSH 认证配置提供器.
* <p> 设置后, 可在首次连接认证通过后, 保存服务器公钥到文件中.
* @param provider 所属提供器对象.
*/
void setProvider(SshAuthIdentityProvider provider) {
this.provider = provider;
}
/**
* 认证类型.
* <p> 如果没有所需认证类型, 就是没支持.
*/
public enum AuthType {
/**
* 密码认证.
@ -68,6 +107,10 @@ public abstract class SshAuthInfo {
this.targetClass = targetClass;
}
/**
* 获取类型所属的认证配置类.
* @return 返回认证配置类.
*/
public Class<? extends SshAuthInfo> getTargetClass() {
return targetClass;
}

93
src/main/java/net/lamgc/oracle/sentry/oci/compute/ssh/SshAuthInfoSerializer.java
View File

@ -5,6 +5,8 @@ import com.google.gson.*;
import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.config.keys.PublicKeyEntry;
import org.apache.sshd.common.config.keys.PublicKeyEntryDecoder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.File;
import java.io.IOException;
@ -23,18 +25,21 @@ import java.util.Collections;
*/
public final class SshAuthInfoSerializer implements JsonSerializer<SshAuthInfo>, JsonDeserializer<SshAuthInfo> {
private final static Logger log = LoggerFactory.getLogger(SshAuthInfoSerializer.class);
/**
* 本类唯一实例.
* <p> 序列化器支持多用.
*/
public final static SshAuthInfoSerializer INSTANCE = new SshAuthInfoSerializer();
private SshAuthInfoSerializer() {}
@Override
public SshAuthInfo deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
if (!json.isJsonObject()) {
throw new JsonParseException("It should be a JsonObject");
}
JsonObject infoObject = json.getAsJsonObject();
String type = getFieldToStringOrFail(infoObject, "authType");
SshAuthInfo.AuthType authType = SshAuthInfo.AuthType.valueOf(type.toUpperCase());
SshAuthInfo.AuthType authType = getAuthType(type);
SshAuthInfo info;
if (authType == SshAuthInfo.AuthType.PASSWORD) {
PasswordAuthInfo pswAuthInfo = new PasswordAuthInfo();
@ -45,18 +50,40 @@ public final class SshAuthInfoSerializer implements JsonSerializer<SshAuthInfo>,
String privateKeyPath = getFieldToStringOrFail(infoObject, "privateKeyPath");
File privateKeyFile = new File(privateKeyPath);
publicKeyInfo.setPrivateKeyPath(privateKeyFile);
publicKeyInfo.setKeyPassword(getFieldToString(infoObject, "keyPassword"));
info = publicKeyInfo;
} else {
throw new JsonParseException("Unsupported authentication type: " + authType);
}
info.setUsername(getFieldToStringOrFail(infoObject, "username"));
String portStr = getFieldToString(infoObject, "port");
if (portStr != null) {
try {
info.setServerKey(decodeSshPublicKey(
infoObject.has("serverKey") && infoObject.get("serverKey").isJsonPrimitive() ?
infoObject.get("serverKey").getAsString() :
null));
int port = Integer.parseInt(portStr);
if (checkPortNumber(port)) {
info.setPort(port);
} else {
log.warn("端口号非法, 将使用默认端口号.(Input: {})", port);
info.setPort(22);
}
} catch (NumberFormatException e) {
log.warn("端口号无法转换成数字, 端口号将使用默认端口号.(Input: {})", portStr);
info.setPort(22);
}
} else {
info.setPort(22);
}
String serverKeyStr = getFieldToString(infoObject, "serverKey");
if (!Strings.isNullOrEmpty(serverKeyStr)) {
try {
info.setServerKey(decodeSshPublicKey(serverKeyStr));
} catch (GeneralSecurityException | IOException e) {
throw new JsonParseException(e);
info.setServerKey(null);
log.error("解析 ServerKey 时发生错误, 该 ServerKey 将为空.(后续连接需进行首次连接认证.)", e);
}
} else {
info.setServerKey(null);
}
return info;
}
@ -64,13 +91,6 @@ public final class SshAuthInfoSerializer implements JsonSerializer<SshAuthInfo>,
@Override
public JsonElement serialize(SshAuthInfo src, Type typeOfSrc, JsonSerializationContext context) {
JsonObject json = new JsonObject();
json.addProperty("authType", src.getType().toString());
json.addProperty("username", src.getUsername());
try {
json.addProperty("serverKey", encodeSshPublicKey(src.getServerKey()));
} catch (IOException e) {
throw new JsonParseException(e);
}
if (src instanceof PasswordAuthInfo info) {
json.addProperty("password", info.getPassword());
} else if (src instanceof PublicKeyAuthInfo info) {
@ -83,21 +103,37 @@ public final class SshAuthInfoSerializer implements JsonSerializer<SshAuthInfo>,
} else {
throw new JsonParseException("Unsupported type");
}
json.addProperty("authType", src.getType().toString());
json.addProperty("username", src.getUsername());
json.addProperty("port", src.getPort());
if (src.getServerKey() != null) {
json.addProperty("serverKey", encodeSshPublicKey(src.getServerKey()));
} else {
json.add("serverKey", JsonNull.INSTANCE);
}
return json;
}
private boolean checkPortNumber(int port) {
return port >= 0 && port <= 65535;
}
private String getFieldToStringOrFail(JsonObject object, String field) {
if (!object.has(field)) {
if (!object.has(field) || !object.get(field).isJsonPrimitive()) {
throw new JsonParseException("Missing field: " + field);
}
return object.get(field).getAsString();
}
private PublicKey decodeSshPublicKey(String publicKeyString) throws GeneralSecurityException, IOException {
if (Strings.isNullOrEmpty(publicKeyString)) {
private String getFieldToString(JsonObject object, String field) {
if (!object.has(field) || !object.get(field).isJsonPrimitive()) {
return null;
}
return object.get(field).getAsString();
}
private PublicKey decodeSshPublicKey(String publicKeyString) throws GeneralSecurityException, IOException {
String[] strings = publicKeyString.split(" ", 3);
@SuppressWarnings("unchecked") PublicKeyEntryDecoder<PublicKey, ?> decoder =
@ -105,14 +141,23 @@ public final class SshAuthInfoSerializer implements JsonSerializer<SshAuthInfo>,
return decoder.decodePublicKey(null, strings[0], Base64.getDecoder().decode(strings[1]), Collections.emptyMap());
}
private String encodeSshPublicKey(PublicKey key) throws IOException {
if (key == null) {
return null;
}
private String encodeSshPublicKey(PublicKey key) {
try {
StringBuilder builder = new StringBuilder();
PublicKeyEntry.appendPublicKeyEntry(builder, key);
return builder.toString();
} catch (IOException e) {
log.error("ServerKey 编码失败, 下次加载时需要进行首次连接认证.", e);
}
return null;
}
private SshAuthInfo.AuthType getAuthType(String type) {
try {
return SshAuthInfo.AuthType.valueOf(type.toUpperCase());
} catch (IllegalArgumentException e) {
return null;
}
}
}

49
src/main/java/net/lamgc/oracle/sentry/oci/compute/ssh/SshSession.java
View File

@ -1,6 +1,9 @@
package net.lamgc.oracle.sentry.oci.compute.ssh;
import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.client.session.forward.ExplicitPortForwardingTracker;
import org.apache.sshd.common.util.net.SshdSocketAddress;
import org.apache.sshd.sftp.client.SftpClientFactory;
import java.io.Closeable;
import java.io.IOException;
@ -15,7 +18,11 @@ public class SshSession implements Closeable {
private final ClientSession clientSession;
public SshSession(ClientSession clientSession) {
/**
* 创建新的 SSH 会话.
* @param clientSession 原始 SSH 会话.
*/
SshSession(ClientSession clientSession) {
this.clientSession = clientSession;
}
@ -29,6 +36,46 @@ public class SshSession implements Closeable {
return new CommandExecSession(clientSession.createExecChannel(command));
}
/**
* 创建 Sftp 会话.
* <p> 可通过会话操作 Sftp.
* @return 返回 Sftp 会话.
* @throws IOException 如果创建失败, 将抛出异常.
*/
public SftpSession createSftpSession() throws IOException {
SftpClientFactory factory = SftpClientFactory.instance();
return new SftpSession(factory.createSftpClient(clientSession));
}
/**
* 创建本地 TCP 转发隧道.
* <p> 该隧道为方向为 "本地-&gt;远端" (本地发起连接转发至远端端口).
* @param localPort 本地监听端口.
* @param remotePort 远端目标端口.
* @return 返回 TCP 转发通道对象, 可获取通道信息和关闭通道.
* @throws IOException 当操作失败时抛出该异常.
*/
public TcpForwardingChannel createLocalTcpForwarding(int localPort, int remotePort) throws IOException {
ExplicitPortForwardingTracker tracker = clientSession
.createLocalPortForwardingTracker(localPort, new SshdSocketAddress(remotePort));
return new TcpForwardingChannel(tracker);
}
/**
* 创建远端 TCP 转发隧道.
* <p> 该隧道为方向为 "本地&lt;-远端" (远端服务器发起连接转发至本地端口).
* @param remotePort 远端监听端口号, 该端口为远端服务连接转发的端口号.
* @param localPort 本地连接端口号, 该端口为本地服务端的端口号.
* @return 返回 Tcp 转发通道对象, 用于管理转发通道.
* @throws IOException 当操作失败时抛出异常.
*/
public TcpForwardingChannel createRemoteTcpForwarding(int remotePort, int localPort) throws IOException {
ExplicitPortForwardingTracker tracker =
clientSession.createRemotePortForwardingTracker(
new SshdSocketAddress(remotePort), new SshdSocketAddress(localPort));
return new TcpForwardingChannel(tracker);
}
/**
* 关闭 SSH 连接会话, 该连接会话所属的其他会话将会一同被关闭.
* @throws IOException 关闭失败时抛出异常,

63
src/main/java/net/lamgc/oracle/sentry/oci/compute/ssh/TcpForwardingChannel.java Normal file
View File

@ -0,0 +1,63 @@
package net.lamgc.oracle.sentry.oci.compute.ssh;
import org.apache.sshd.client.session.forward.ExplicitPortForwardingTracker;
import org.apache.sshd.common.util.net.SshdSocketAddress;
/**
* TCP 隧道.
* <p> 可通过该对象管理隧道.
* @author LamGC
*/
public class TcpForwardingChannel implements AutoCloseable {
private final ExplicitPortForwardingTracker tracker;
TcpForwardingChannel(ExplicitPortForwardingTracker tracker) {
this.tracker = tracker;
}
/**
* 是否为本地转发.
* @return 如果是本地转发, 则为 {@code true}, 否则返回 {@code false}, 代表远端转发.
*/
public boolean isLocalForwarding() {
return tracker.isLocalForwarding();
}
/**
* 隧道是否已打开.
* @return 如果已经打开, 返回 {@code true}, 否则返回 {@code false} 表示已关闭.
*/
public boolean isOpen() {
return tracker.isOpen();
}
/**
* 获取本地地址.
* @return 获取本地连接地址.
*/
public SshdSocketAddress getLocalAddress() {
return tracker.getLocalAddress();
}
/**
* 获取远端地址.
* @return 获取远端地址.
*/
public SshdSocketAddress getRemoteAddress() {
return tracker.getRemoteAddress();
}
/**
* 获取监听绑定地址.
* @return 返回监听绑定地址.
*/
public SshdSocketAddress getBoundAddress() {
return tracker.getBoundAddress();
}
@Override
public void close() throws Exception {
tracker.close();
}
}

13
src/main/java/net/lamgc/oracle/sentry/script/BuiltinComponentExtension.java Normal file
View File

@ -0,0 +1,13 @@
package net.lamgc.oracle.sentry.script;
import net.lamgc.oracle.sentry.script.tools.http.ScriptHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
public class BuiltinComponentExtension implements ScriptComponentExtension{
@Override
public void configureScriptComponents(ScriptComponents components) {
components.addComponentObject("HTTP", new ScriptHttpClient(HttpClientBuilder.create()
.build()));
components.addComponentFactory(new ScriptLoggerFactory());
}
}

14
src/main/java/net/lamgc/oracle/sentry/script/ScriptComponent.java
View File

@ -1,14 +0,0 @@
package net.lamgc.oracle.sentry.script;
import net.lamgc.oracle.sentry.ComputeInstanceManager;
import net.lamgc.oracle.sentry.script.tools.http.ScriptHttpClient;
/**
* @author LamGC
*/
public final record ScriptComponent(
ScriptHttpClient HTTP,
ComputeInstanceManager InstanceManager
) {
}

18
src/main/java/net/lamgc/oracle/sentry/script/ScriptComponentExtension.java Normal file
View File

@ -0,0 +1,18 @@
package net.lamgc.oracle.sentry.script;
/**
* 脚本组件扩展.
* <p> 通过实现该接口, 可在脚本加载前设置组件对象, 为脚本提供更多功能.
* <p> 实现接口后, 需按 SPI 方式添加实现.
* @author LamGC
*/
public interface ScriptComponentExtension {
/**
* 配置脚本组件.
* <p> 在方法中为组件集合添加组件.
* @param components 脚本组件集合.
*/
void configureScriptComponents(final ScriptComponents components);
}

22
src/main/java/net/lamgc/oracle/sentry/script/ScriptComponentFactory.java Normal file
View File

@ -0,0 +1,22 @@
package net.lamgc.oracle.sentry.script;
/**
* 脚本组件工厂.
* @author LamGC
*/
public interface ScriptComponentFactory<T> {
/**
* 创建并获取实例.
* @param info 脚本信息.
* @return 返回对象.
*/
T getInstance(ScriptInfo info);
/**
* 对象属性名.
* @return 返回建议的对象属性名, {@link ScriptLoader} 并不一定遵守.
*/
String getPropertyName();
}

58
src/main/java/net/lamgc/oracle/sentry/script/ScriptComponents.java Normal file
View File

@ -0,0 +1,58 @@
package net.lamgc.oracle.sentry.script;
import com.google.common.base.Strings;
import java.util.*;
/**
* 脚本组件集合.
* <p> 存储了脚本可以使用的对象.
* <p> 后续可能会改成用 {@link javax.script.Bindings} 之类的.
* @author LamGC
*/
public final class ScriptComponents {
private final ScriptComponents parent;
private final Map<String, Object> componentObjects = new HashMap<>();
private final Set<ScriptComponentFactory<?>> factories = new HashSet<>();
public ScriptComponents() {
this.parent = null;
}
public ScriptComponents(ScriptComponents parent) {
this.parent = parent;
}
public void addComponentObject(String componentName, Object componentObject) {
if (Strings.isNullOrEmpty(componentName)) {
throw new NullPointerException("The component name is null or empty.");
} else if (componentObject == null) {
throw new NullPointerException("ComponentObject is null");
} else if (componentObjects.containsKey(componentName)) {
throw new IllegalArgumentException("The corresponding object already exists for the component name.");
}
componentObjects.put(componentName, componentObject);
}
public void addComponentFactory(ScriptComponentFactory<?> factory) {
Objects.requireNonNull(factory);
factories.add(factory);
}
public Map<String, Object> getComponentObjects() {
Map<String, Object> componentObjects = this.parent == null ?
new HashMap<>() : new HashMap<>(this.parent.getComponentObjects());
componentObjects.putAll(this.componentObjects);
return Collections.unmodifiableMap(componentObjects);
}
public Set<ScriptComponentFactory<?>> getScriptComponentFactories() {
Set<ScriptComponentFactory<?>> factories = this.parent == null ?
new HashSet<>() : new HashSet<>(this.parent.factories);
factories.addAll(this.factories);
return Collections.unmodifiableSet(factories);
}
}

41
src/main/java/net/lamgc/oracle/sentry/script/ScriptInfo.java
View File

@ -4,29 +4,42 @@ import java.util.Objects;
/**
* 脚本信息.
* <p> 脚本信息的 Group, Name Version 遵循 Java 依赖管理的 GAV 坐标规则
* @author LamGC
*/
public class ScriptInfo {
private String group;
private String artifact;
private String name;
private String version;
/**
* 获取组名.
* @return 返回组名.
*/
public String getGroup() {
return group;
}
public String getArtifact() {
return artifact;
/**
* 获取组名.
* @return 返回组名.
*/
public String getName() {
return name;
}
/**
* 获取组名.
* @return 返回组名.
*/
public String getVersion() {
return version;
}
@Override
public String toString() {
return getGroup() + ":" + getArtifact() + ":" + getVersion();
return getGroup() + ":" + getName() + ":" + getVersion();
}
@Override
@ -38,22 +51,34 @@ public class ScriptInfo {
return false;
}
ScriptInfo that = (ScriptInfo) o;
return group.equals(that.group) && artifact.equals(that.artifact) && version.equals(that.version);
return group.equals(that.group) && name.equals(that.name) && version.equals(that.version);
}
@Override
public int hashCode() {
return Objects.hash(group, artifact, version);
return Objects.hash(group, name, version);
}
/**
* 设置组名.
* @param group 新的组名.
*/
public void setGroup(String group) {
this.group = group;
}
public void setArtifact(String artifact) {
this.artifact = artifact;
/**
* 设置脚本名称.
* @param name 设置脚本名称.
*/
public void setName(String name) {
this.name = name;
}
/**
* 设置版本号.
* @param version 脚本版本号.
*/
public void setVersion(String version) {
this.version = version;
}

2
src/main/java/net/lamgc/oracle/sentry/script/ScriptLoader.java
View File

@ -22,7 +22,7 @@ public interface ScriptLoader {
* @return 返回脚本对象.
* @throws Exception Loader 抛出异常时, 将视为脚本加载失败, 该脚本跳过加载.
*/
Script loadScript(ScriptComponent context, File scriptFile) throws Exception;
Script loadScript(ScriptComponents context, File scriptFile) throws Exception;
/**
* 获取脚本信息.

98
src/main/java/net/lamgc/oracle/sentry/script/ScriptLoggerFactory.java Normal file
View File

@ -0,0 +1,98 @@
package net.lamgc.oracle.sentry.script;
import net.sf.cglib.proxy.Enhancer;
import net.sf.cglib.proxy.MethodInterceptor;
import net.sf.cglib.proxy.MethodProxy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.Marker;
import org.slf4j.MarkerFactory;
import java.lang.reflect.Method;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
/**
* 脚本日志记录器工厂.
* <p> 通过 CGLIB 无缝为脚本设置 {@link Marker} 以将脚本日志输出到特定文件中.
* @author LamGC
*/
public class ScriptLoggerFactory implements ScriptComponentFactory<Logger> {
private final static Marker SCRIPT_MARKER = MarkerFactory.getMarker("Script");
@Override
public Logger getInstance(ScriptInfo info) {
Logger realLogger = LoggerFactory.getLogger(info.getGroup() + ":" + info.getName());
Enhancer enhancer = new Enhancer();
enhancer.setSuperclass(Logger.class);
enhancer.setCallback(new LoggerProxyImpl(realLogger));
return (Logger) enhancer.create();
}
@Override
public String getPropertyName() {
return "Log";
}
private static class LoggerProxyImpl implements MethodInterceptor {
private final static Set<String> PROXY_METHOD_NAMES = Set.of(
"trace", "debug", "info", "warn", "error",
"isTraceEnabled",
"isDebugEnabled",
"isInfoEnabled",
"isWarnEnabled",
"isErrorEnabled"
);
private final static ConcurrentHashMap<Method, Method> METHOD_CACHE_MAP =
new ConcurrentHashMap<>(PROXY_METHOD_NAMES.size(), 1);
private final Logger targetLog;
private final Class<? extends Logger> logClass;
public LoggerProxyImpl(Logger targetLog) {
this.targetLog = targetLog;
logClass = targetLog.getClass();
}
@Override
public Object intercept(Object obj, Method method, Object[] args, MethodProxy proxy) throws Throwable {
if (METHOD_CACHE_MAP.contains(method)) {
return METHOD_CACHE_MAP.get(method).invoke(targetLog, insertParameterToArray(args, SCRIPT_MARKER));
} else if (PROXY_METHOD_NAMES.contains(method.getName())) {
Class<?>[] types = method.getParameterTypes();
if (types.length != 0 && !Marker.class.isAssignableFrom(types[0])) {
Class<?>[] realMethodParamTypes = insertTypeToArray(types, Marker.class);
Method realMethod = logClass.getDeclaredMethod(method.getName(), realMethodParamTypes);
METHOD_CACHE_MAP.put(method, realMethod);
realMethod.invoke(targetLog, insertParameterToArray(args, SCRIPT_MARKER));
return null;
}
}
return proxy.invoke(targetLog, args);
}
public Object[] insertParameterToArray(Object[] arr, Object newElement) {
if (arr.length == 0) {
return new Object[] {newElement};
}
Object[] newArr = new Object[arr.length + 1];
newArr[0] = newElement;
System.arraycopy(arr, 0, newArr, 1, arr.length);
return newArr;
}
public Class<?>[] insertTypeToArray(Class<?>[] arr, Class<?> newElement) {
if (arr.length == 0) {
return new Class<?>[] {newElement};
}
Class<?>[] newArr = new Class<?>[arr.length + 1];
newArr[0] = newElement;
System.arraycopy(arr, 0, newArr, 1, arr.length);
return newArr;
}
}
}

25
src/main/java/net/lamgc/oracle/sentry/script/ScriptManager.java
View File

@ -19,13 +19,18 @@ public final class ScriptManager {
private final Set<ScriptLoader> loaders = new HashSet<>();
private final File scriptsLocation;
private final ScriptComponent context;
private final ScriptComponents context;
private final Map<ScriptInfo, Script> scripts = new ConcurrentHashMap<>();
public ScriptManager(File scriptsLocation, ScriptComponent context) {
/**
* 创建新的脚本管理器.
* @param scriptsLocation 脚本加载路径.
* @param components 脚本组件.
*/
public ScriptManager(File scriptsLocation, ScriptComponents components) {
this.scriptsLocation = scriptsLocation;
this.context = context;
this.context = components;
loadScriptLoaders();
}
@ -61,13 +66,6 @@ public final class ScriptManager {
} else {
continue;
}
} catch (Exception e) {
log.error("脚本加载时发生异常.(Loader: {}, Path: {})\n{}",
loader.getClass().getName(),
scriptFile.getAbsolutePath(),
Throwables.getStackTraceAsString(e));
throw new InvocationTargetException(e);
}
ScriptInfo scriptInfo = loader.getScriptInfo(script);
if (scriptInfo == null) {
log.warn("脚本加载成功, 但加载器没有返回脚本信息, 该脚本已放弃.");
@ -75,6 +73,13 @@ public final class ScriptManager {
}
scripts.put(scriptInfo, script);
return true;
} catch (Exception e) {
log.error("脚本加载时发生异常.(Loader: {}, Path: {})\n{}",
loader.getClass().getName(),
scriptFile.getAbsolutePath(),
Throwables.getStackTraceAsString(e));
throw new InvocationTargetException(e);
}
}
return false;
}

35
src/main/java/net/lamgc/oracle/sentry/script/groovy/GroovyDslDelegate.java
View File

@ -2,10 +2,9 @@ package net.lamgc.oracle.sentry.script.groovy;
import groovy.lang.Closure;
import groovy.lang.DelegatesTo;
import net.lamgc.oracle.sentry.ComputeInstanceManager;
import net.lamgc.oracle.sentry.script.Script;
import net.lamgc.oracle.sentry.script.ScriptInfo;
import net.lamgc.oracle.sentry.script.tools.http.ScriptHttpClient;
import net.lamgc.oracle.sentry.script.groovy.trigger.GroovyTrigger;
import org.codehaus.groovy.runtime.DefaultGroovyMethods;
/**
@ -16,16 +15,28 @@ import org.codehaus.groovy.runtime.DefaultGroovyMethods;
public class GroovyDslDelegate implements Script {
private final GroovyScriptInfo scriptInfo = new GroovyScriptInfo();
private final ScriptHttpClient HTTP;
private final ComputeInstanceManager InstanceManager;
private final GroovyScriptLoader scriptLoader;
public GroovyDslDelegate(ScriptHttpClient httpClient, ComputeInstanceManager instanceManager) {
HTTP = httpClient;
InstanceManager = instanceManager;
/**
* 构建一个 DSL Delegate, 并传入可操作对象.
* @param scriptLoader 该脚本所属的加载器.
*/
public GroovyDslDelegate(GroovyScriptLoader scriptLoader) {
this.scriptLoader = scriptLoader;
}
/**
* 注册触发器.
* <p> 注意: 如果脚本尚未初始化完成, 将无法注册触发器, 可通过 {@link #isInitialed()} 检查是否已经完成初始化.
* @param triggerName 触发器名称.
* @param closure 待执行闭包.
*/
private void trigger(String triggerName, Closure<?> closure){
DefaultGroovyMethods.with(GroovyTriggerProvider.INSTANCE.getTriggerByName(triggerName), closure);
if (!scriptLoader.isInitialed(this)) {
return;
}
GroovyTrigger trigger = GroovyTriggerProvider.INSTANCE.getTriggerByName(triggerName);
DefaultGroovyMethods.with(trigger, closure);
}
/**
@ -40,4 +51,12 @@ public class GroovyDslDelegate implements Script {
public ScriptInfo getScriptInfo() {
return scriptInfo;
}
/**
* 检查脚本当前是否已经初始化完成.
* @return 如果脚本已经初始化, 本方法将返回 {@code true}.
*/
public final boolean isInitialed() {
return scriptLoader.isInitialed(this);
}
}

26
src/main/java/net/lamgc/oracle/sentry/script/groovy/GroovyScriptInfo.java
View File

@ -2,16 +2,38 @@ package net.lamgc.oracle.sentry.script.groovy;
import net.lamgc.oracle.sentry.script.ScriptInfo;
/**
* 适配 Groovy 的脚本信息对象.
* @author LamGC
*/
public class GroovyScriptInfo extends ScriptInfo {
public void artifact(String artifact) {
super.setArtifact(artifact);
/**
* 设置脚本名.
* <p> 不能有空格.
* @param name 脚本名.
*/
public void name(String name) {
super.setName(name);
}
/**
* 设置组名.
* <p> 组名是脚本开发者的域名倒写, 如果你的域名是 example.com,
* 那么组名就是 com.example, 没有域名可以用 Github ,
* io.github.[你的 Github 用户名]
*
* @param group 组名.
*/
public void group(String group) {
super.setGroup(group);
}
/**
* 脚本版本号.
* <p> 遵循 SemVer 版本号规范.
* @param version 当前脚本版本号.
*/
public void version(String version) {
super.setVersion(version);
}

68
src/main/java/net/lamgc/oracle/sentry/script/groovy/GroovyScriptLoader.java
View File

@ -1,12 +1,15 @@
package net.lamgc.oracle.sentry.script.groovy;
import com.google.common.base.Strings;
import com.google.common.base.Throwables;
import groovy.lang.Binding;
import groovy.lang.GroovyClassLoader;
import groovy.util.DelegatingScript;
import net.lamgc.oracle.sentry.script.Script;
import net.lamgc.oracle.sentry.script.ScriptComponent;
import net.lamgc.oracle.sentry.script.ScriptComponents;
import net.lamgc.oracle.sentry.script.ScriptInfo;
import net.lamgc.oracle.sentry.script.ScriptLoader;
import net.lamgc.oracle.sentry.script.ScriptComponentFactory;
import org.codehaus.groovy.control.CompilerConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -15,10 +18,13 @@ import java.io.File;
import java.io.IOException;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
/**
* Groovy 脚本加载器.
* @author LamGC
*/
@SuppressWarnings("MapOrSetKeyShouldOverrideHashCodeEquals")
@ -27,9 +33,13 @@ public class GroovyScriptLoader implements ScriptLoader {
private final static Logger log = LoggerFactory.getLogger(GroovyScriptLoader.class);
private final GroovyClassLoader scriptClassLoader;
private final Map<Script, ScriptInfo> scriptInfoMap = new ConcurrentHashMap<>();
private final Set<Script> initialedScript = new HashSet<>();
/**
* 构造一个新的脚本加载器.
* <p> 每个加载器所使用的 {@link GroovyClassLoader} 实例是不一样的.
*/
public GroovyScriptLoader() {
CompilerConfiguration compilerConfiguration = new CompilerConfiguration();
compilerConfiguration.setScriptBaseClass(DelegatingScript.class.getName());
@ -42,7 +52,7 @@ public class GroovyScriptLoader implements ScriptLoader {
}
@Override
public Script loadScript(ScriptComponent context, File scriptFile) throws IOException {
public Script loadScript(ScriptComponents context, File scriptFile) throws IOException {
Class<?> scriptClass = scriptClassLoader.parseClass(scriptFile);
if (!DelegatingScript.class.isAssignableFrom(scriptClass)) {
return null;
@ -51,10 +61,17 @@ public class GroovyScriptLoader implements ScriptLoader {
Constructor<? extends DelegatingScript> constructor =
scriptClass.asSubclass(DelegatingScript.class).getConstructor();
DelegatingScript newScriptObject = constructor.newInstance();
GroovyDslDelegate dslDelegate = new GroovyDslDelegate(context.HTTP(), context.InstanceManager());
GroovyDslDelegate dslDelegate = new GroovyDslDelegate(this);
newScriptObject.setDelegate(dslDelegate);
newScriptObject.run();
scriptInfoMap.put(dslDelegate, dslDelegate.getScriptInfo());
ScriptInfo scriptInfo = dslDelegate.getScriptInfo();
if (!checkScriptInfo(scriptInfo)) {
return null;
}
initialedScript.add(dslDelegate);
newScriptObject.setBinding(createBinding(context, scriptInfo));
newScriptObject.run();
scriptInfoMap.put(dslDelegate, scriptInfo);
return dslDelegate;
} catch (NoSuchMethodException | InstantiationException | IllegalAccessException | InvocationTargetException e) {
log.error("加载脚本时发生异常.(ScriptPath: {})\n{}", scriptFile.getAbsolutePath(), Throwables.getStackTraceAsString(e));
@ -66,4 +83,45 @@ public class GroovyScriptLoader implements ScriptLoader {
public ScriptInfo getScriptInfo(Script script) {
return scriptInfoMap.get(script);
}
/**
* 检查脚本是否已经初始化完毕.
* @param script 脚本对象.
* @return 如果已初始化完毕, 返回 {@code true}.
*/
public boolean isInitialed(GroovyDslDelegate script) {
return initialedScript.contains(script);
}
private static Binding createBinding(ScriptComponents components, ScriptInfo info) {
Binding binding = new Binding();
components.getComponentObjects().forEach(binding::setProperty);
for (ScriptComponentFactory<?> factory : components.getScriptComponentFactories()) {
String componentName = factory.getPropertyName();
if (binding.hasVariable(componentName)) {
log.warn("脚本组件名发生冲突: 工厂 {} 所给定的组件名已经存在静态组件, 将跳过创建.", factory.getClass());
continue;
}
Object componentObject = factory.getInstance(info);
binding.setProperty(componentName, componentObject);
}
return binding;
}
private static boolean checkScriptInfo(ScriptInfo info) {
if (Strings.isNullOrEmpty(info.getGroup())) {
log.warn("脚本信息缺少 {}, 跳过加载.", "Group");
return false;
}
if (Strings.isNullOrEmpty(info.getName())) {
log.warn("脚本信息缺少 {}, 跳过加载.", "Name");
return false;
}
if (Strings.isNullOrEmpty(info.getVersion())) {
log.warn("脚本信息缺少 {}, 跳过加载.", "Version");
return false;
}
return true;
}
}

22
src/main/java/net/lamgc/oracle/sentry/script/groovy/GroovyTriggerProvider.java
View File

@ -3,23 +3,28 @@ package net.lamgc.oracle.sentry.script.groovy;
import com.google.common.base.Strings;
import net.lamgc.oracle.sentry.script.groovy.trigger.GroovyTrigger;
import net.lamgc.oracle.sentry.script.groovy.trigger.TriggerName;
import org.springframework.scheduling.Trigger;
import java.util.Locale;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Objects;
import java.util.ServiceLoader;
import java.util.concurrent.ConcurrentHashMap;
/**
* Groovy 脚本语言的触发器提供者.
* <p> 根据脚本需要创建并注册触发器.
* @author LamGC
*/
public class GroovyTriggerProvider {
private final Map<String, ServiceLoader.Provider<GroovyTrigger>> triggerProviderMap = new ConcurrentHashMap<>();
/**
* Trigger Provider 唯一实例.
*/
public final static GroovyTriggerProvider INSTANCE = new GroovyTriggerProvider();
private final Map<String, ServiceLoader.Provider<GroovyTrigger>> triggerProviderMap = new ConcurrentHashMap<>();
private GroovyTriggerProvider() {
ServiceLoader<GroovyTrigger> loader = ServiceLoader.load(GroovyTrigger.class);
loader.stream().iterator().forEachRemaining(triggerProvider -> {
@ -40,11 +45,18 @@ public class GroovyTriggerProvider {
});
}
/**
* 通过 Trigger 名称获取新的 Trigger.
* @param triggerName Trigger 名称.
* @return 返回指定 Trigger 的新实例.
* @throws NoSuchElementException 当指定的 Trigger 名称没有对应 Trigger 时抛出该异常.
*/
public GroovyTrigger getTriggerByName(String triggerName) {
Objects.requireNonNull(triggerName);
if (!triggerProviderMap.containsKey(triggerName.toLowerCase())) {
throw new NoSuchElementException("The specified trigger could not be found: " + triggerName);
}
return triggerProviderMap.get(triggerName).get();
return triggerProviderMap.get(triggerName.toLowerCase()).get();
}
}

12
src/main/java/net/lamgc/oracle/sentry/script/groovy/trigger/GroovyTrigger.java
View File

@ -1,8 +1,11 @@
package net.lamgc.oracle.sentry.script.groovy.trigger;
import groovy.lang.DelegatesTo;
import groovy.lang.Closure;
/**
* Groovy 脚本的触发器接口.
* <p> 实现该接口并添加 {@link TriggerName} 注解后,
* 添加到 SPI 实现列表, 即可作为一个 Trigger.
* @author LamGC
*/
public interface GroovyTrigger {
@ -12,8 +15,11 @@ public interface GroovyTrigger {
* <p> 注意, 触发器执行 run 方法不可以阻塞方法返回.
* @param task 触发器需要执行的任务.
*/
void run(Runnable task);
void run(Closure<?> task);
/**
* 关闭触发器.
*/
void shutdown();
}

286
src/main/java/net/lamgc/oracle/sentry/script/groovy/trigger/InstanceStateWatchTrigger.java Normal file
View File

@ -0,0 +1,286 @@
package net.lamgc.oracle.sentry.script.groovy.trigger;
import com.google.common.util.concurrent.ThreadFactoryBuilder;
import com.oracle.bmc.core.ComputeClient;
import com.oracle.bmc.core.model.Instance;
import com.oracle.bmc.core.requests.GetInstanceRequest;
import groovy.lang.Closure;
import net.lamgc.oracle.sentry.oci.compute.ComputeInstanceManager;
import net.lamgc.oracle.sentry.oci.compute.ComputeInstance;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ThreadFactory;
import java.util.concurrent.atomic.AtomicReference;
/**
* 实例状态监视触发器.
* <p> 通过轮询实例状态, 当状态为指定的状态时将触发回调执行操作.
* <p> 吐槽: 换个地方轮询(xs).
* @author LamGC
*/
@TriggerName("InstanceStateWatcher")
public class InstanceStateWatchTrigger implements GroovyTrigger {
private final static Logger log = LoggerFactory.getLogger(InstanceStateWatchTrigger.class);
private final static ThreadFactory THREAD_FACTORY = new ThreadFactoryBuilder()
.setDaemon(true)
.setNameFormat("Thread-InstanceStatePolling-%d")
.build();
private final Set<ComputeInstance> instances = new HashSet<>();
private final AtomicReference<ComputeInstanceManager> instanceManager = new AtomicReference<>();
private final AtomicReference<Thread> pollingThreadReference = new AtomicReference<>();
private final Set<Instance.LifecycleState> targetStates = new HashSet<>();
private long interval = 5000;
/**
* 设置 {@link ComputeInstanceManager}.
* <p> 设置计算实例管理器以实现部分功能.
* @param instanceManager 实例管理器.
*/
public void setInstanceManager(ComputeInstanceManager instanceManager) {
this.instanceManager.set(instanceManager);
}
/**
* 添加所有实例.
* <p> 调用前需设置实例管理器.
*/
public void allInstances() {
addInstance(instanceManager.get().getComputeInstances());
}
/**
* 添加需要监控的实例.
* <p> 调用前需设置实例管理器.
* @param instanceId 要添加的实例 Id.(注意不是实例名称.)
*/
public void addInstance(String instanceId) {
this.instances.add(instanceManager.get().getComputeInstanceById(instanceId));
}
/**
* 添加需要监控的实例.
* @param instance 实例对象.
*/
public void addInstance(ComputeInstance instance) {
this.instances.add(instance);
}
/**
* 添加需要监控的实例.
* @param instances 实例集合.
*/
public void addInstance(Set<ComputeInstance> instances) {
this.instances.addAll(instances);
}
/**
* 设置监控间隔.
* <p> 该间隔是每轮查询之间的间隔, 并非查询每个实例的间隔. Oracle 对该接口的请求限制很宽松, 且单个帐号的实例有限, 故不再设置查询间隔.
* @param interval 间隔时常, 单位: 毫秒.
*/
public void interval(long interval) {
this.interval = interval;
}
/**
* 要检查的状态.
* <p> 当实例处于指定状态时将触发回调.
* @param state 状态名.
*/
public void state(String state) {
targetStates.add(getState(state));
}
/**
* 要检查的状态.
* <p> 当实例处于指定状态时将触发回调.
* @param states 状态集合.
*/
public void state(String[] states) {
Set<Instance.LifecycleState> stateSet = new HashSet<>();
for (String state : states) {
stateSet.add(getState(state));
}
targetStates.addAll(stateSet);
}
/**
* 添加所有状态.
* <p> 所有状态都会触发回调函数.
*/
public void allStates() {
targetStates.addAll(Set.of(Instance.LifecycleState.values()));
}
/**
* 通过状态名获取对应的 {@link Instance.LifecycleState}.
* @param state 状态名.
* @return 返回对应值.
* @throws IllegalArgumentException 当无法获取指定状态对象时抛出该异常.
*/
private Instance.LifecycleState getState(String state) {
try {
return LifecycleStateMapping.valueOf(state.toUpperCase()).target;
} catch (IllegalArgumentException e) {
try {
return Instance.LifecycleState.valueOf(toFirstCharUpperCase(state));
} catch (IllegalArgumentException ex) {
throw new IllegalArgumentException("Invalid target state: " + state);
}
}
}
@Override
public synchronized void run(final Closure<?> callback) {
if (pollingThreadReference.get() != null) {
throw new IllegalStateException("Attempting to start multiple check threads repeatedly, which is not allowed.");
}
if (targetStates.isEmpty()) {
throw new IllegalArgumentException("The target status has not been set.");
}
if (instances.isEmpty()) {
log.warn("尚未设置任何需监视的实例, 已跳过对触发器的启动.", new IllegalStateException("未设置任何需要监视的实例."));
return;
}
Thread newPollingThread = THREAD_FACTORY.newThread(new PollingTask(instances, targetStates, callback, interval));
newPollingThread.start();
pollingThreadReference.set(newPollingThread);
}
@Override
public synchronized void shutdown() {
if (pollingThreadReference.get() == null) {
return;
}
// 合规的用于停止线程的方法无歧义
Thread pollingThread = pollingThreadReference.get();
pollingThread.interrupt();
pollingThreadReference.set(null);
}
/**
* 首字母大写.
* @param str 要处理的单词.
* @return 如果首字母非大写, 就转换成大写.
*/
private static String toFirstCharUpperCase(String str) {
char firstChar = str.charAt(0);
if (!Character.isUpperCase(firstChar)) {
return Character.toUpperCase(firstChar) + str.substring(1);
}
return str;
}
/**
* 轮询任务.
*/
private static class PollingTask implements Runnable {
private final Set<ComputeInstance> instances;
private final Set<Instance.LifecycleState> targetStates;
private final Closure<?> callback;
private final long interval;
private final Map<ComputeInstance, Instance.LifecycleState> lastStateMap = new ConcurrentHashMap<>();
private PollingTask(Set<ComputeInstance> instances, Set<Instance.LifecycleState> targetStates,
Closure<?> callback, long interval) {
this.instances = instances;
this.targetStates = targetStates;
this.callback = callback;
if (interval <= 0) {
throw new IllegalArgumentException("Interval cannot be less than or equal to 0.");
}
this.interval = interval;
}
@SuppressWarnings("BusyWait")
@Override
public void run() {
while (!Thread.interrupted()) {
try {
// 并非 BusyWait, 而是延迟操作.
Thread.sleep(interval);
} catch (InterruptedException e) {
break;
}
log.trace("正在开始新一轮实例状态检查...");
for (ComputeInstance instance : instances) {
ComputeClient computeClient = instance.getFromAccount().clients().compute();
Instance instanceInfo;
try {
instanceInfo = computeClient.getInstance(GetInstanceRequest.builder()
.instanceId(instance.getInstanceId())
.build()).getInstance();
} catch (Exception e) {
if (e.getCause() instanceof InterruptedException) {
Thread.currentThread().interrupt();
break;
}
if (log.isDebugEnabled()) {
log.error("获取实例状态失败.", e);
} else {
log.error("获取实例状态失败(详情请打开 Debug 级别): {}:{}", e.getClass().getName(), e.getMessage());
}
continue;
}
Instance.LifecycleState lastState = lastStateMap.get(instance);
if (targetStates.contains(instanceInfo.getLifecycleState()) &&
instanceInfo.getLifecycleState() != lastState) {
try {
callback.call(new InstanceStateChangeEvent(instance,
lastState != null ? lastState.name() : null,
instanceInfo.getLifecycleState().name()));
} catch (Exception e) {
log.error("实例状态事件处理时发生未捕获异常.", e);
}
}
lastStateMap.put(instance, instanceInfo.getLifecycleState());
}
log.trace("实例状态检查已结束.");
}
}
}
/**
* 一个 Oracle 实例状态枚举的映射枚举类.
*/
@SuppressWarnings({"AlibabaEnumConstantsMustHaveComment", "unused"})
private enum LifecycleStateMapping {
MOVING(Instance.LifecycleState.Moving),
PROVISIONING(Instance.LifecycleState.Provisioning),
RUNNING(Instance.LifecycleState.Running),
STARTING(Instance.LifecycleState.Starting),
STOPPING(Instance.LifecycleState.Stopping),
STOPPED(Instance.LifecycleState.Stopped),
CREATING_IMAGE(Instance.LifecycleState.CreatingImage),
TERMINATING(Instance.LifecycleState.Terminating),
TERMINATED(Instance.LifecycleState.Terminated);
private final Instance.LifecycleState target;
LifecycleStateMapping(Instance.LifecycleState target) {
this.target = target;
}
}
/**
* 实例状态变更事件.
* @param instance 相关实例.
* @param oldState 旧状态, 当监视器第一次查询即触发时, 该值为 {@code null}.
* @param newState 新状态.
*/
public static record InstanceStateChangeEvent(
ComputeInstance instance,
String oldState,
String newState
) {}
}

14
src/main/java/net/lamgc/oracle/sentry/script/groovy/trigger/OnceTrigger.java
View File

@ -1,7 +1,7 @@
package net.lamgc.oracle.sentry.script.groovy.trigger;
import com.google.common.util.concurrent.ThreadFactoryBuilder;
import org.slf4j.Logger;
import groovy.lang.Closure;
import org.slf4j.LoggerFactory;
import java.util.concurrent.ExecutorService;
@ -13,17 +13,21 @@ import java.util.concurrent.Executors;
*/
@TriggerName("once")
public class OnceTrigger implements GroovyTrigger {
private final static Logger log = LoggerFactory.getLogger(OnceTrigger.class);
private final static ExecutorService EXECUTOR = Executors.newFixedThreadPool(
Runtime.getRuntime().availableProcessors(),
new ThreadFactoryBuilder()
.setNameFormat("GroovyOnceExec-%d")
.setUncaughtExceptionHandler((t, e) -> log.error("脚本执行时发生未捕获异常.", e))
.setUncaughtExceptionHandler((t, e) -> LoggerFactory.getLogger(OnceTrigger.class)
.error("脚本执行时发生未捕获异常.", e))
.build());
@Override
public void run(Runnable task) {
public void run(Closure<?> task) {
EXECUTOR.execute(task);
}
@Override
public void shutdown() {
// Nothing.
}
}

64
src/main/java/net/lamgc/oracle/sentry/script/groovy/trigger/TimerTrigger.java
View File

@ -2,30 +2,36 @@ package net.lamgc.oracle.sentry.script.groovy.trigger;
import com.google.common.base.Throwables;
import com.google.common.util.concurrent.ThreadFactoryBuilder;
import groovy.lang.Closure;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler;
import org.springframework.scheduling.support.CronTrigger;
import java.util.concurrent.ScheduledFuture;
/**
* 时间触发器.
* <p> 通过设置 Cron 时间表达式, 可以达到定时触发的效果.
* @author LamGC
*/
@SuppressWarnings("unused")
@TriggerName("timer")
public class TimerTrigger implements GroovyTrigger {
private final static Logger log = LoggerFactory.getLogger(TimerTrigger.class);
private CronTrigger trigger;
private final static ThreadPoolTaskScheduler SCHEDULER = new ThreadPoolTaskScheduler();
static {
SCHEDULER.setPoolSize(Runtime.getRuntime().availableProcessors());
SCHEDULER.setThreadFactory(new ThreadFactoryBuilder()
.setNameFormat("Groovy-TimerTrigger-%d")
.build());
SCHEDULER.setErrorHandler(t -> log.error("脚本执行时发生异常.", t));
SCHEDULER.setErrorHandler(t -> triggerLog().error("脚本执行时发生异常.", t));
SCHEDULER.initialize();
}
private CronTrigger trigger;
private ScheduledFuture<?> future;
/**
* 设定定时时间.
* <p> 只允许在第一次执行时设置.
@ -38,26 +44,56 @@ public class TimerTrigger implements GroovyTrigger {
}
@Override
public void run(Runnable runnable) {
public synchronized void run(Closure<?> runnable) {
if (future != null) {
triggerLog().warn("脚本存在多个 run 代码块, 已忽略.");
return;
}
if (trigger == null) {
if (!log.isDebugEnabled()) {
log.warn("脚本尚未设置 Cron 时间表达式, 任务将不会执行(堆栈信息请检查调试级别日志).");
if (!triggerLog().isDebugEnabled()) {
triggerLog().warn("脚本尚未设置 Cron 时间表达式, 任务将不会执行(堆栈信息请检查调试级别日志).");
} else {
log.warn("{} - 脚本尚未设置 Cron 时间表达式, 任务将不会执行(堆栈信息请检查调试级别日志).", this);
log.warn("{} - 脚本尚未设置 Cron 时间表达式, 任务将不会执行.\n{}", this, Throwables.getStackTraceAsString(new Exception()));
triggerLog().warn("{} - 脚本尚未设置 Cron 时间表达式, 任务将不会执行(堆栈信息请检查调试级别日志).", this);
triggerLog().warn("{} - 脚本尚未设置 Cron 时间表达式, 任务将不会执行.\n{}", this, Throwables.getStackTraceAsString(new Exception()));
}
return;
} else if (runnable == null) {
if (!log.isDebugEnabled()) {
log.warn("脚本尚未设置 Cron 时间表达式, 任务将不会执行(堆栈信息请检查调试级别日志).");
if (!triggerLog().isDebugEnabled()) {
triggerLog().warn("脚本尚未设置 Cron 时间表达式, 任务将不会执行(堆栈信息请检查调试级别日志).");
} else {
log.warn("{} - 脚本尚未设置任务动作, 任务将不会执行(堆栈信息请检查调试级别日志).", this);
log.warn("{} - 脚本尚未设置任务动作, 任务将不会执行.\n{}", this, Throwables.getStackTraceAsString(new Exception()));
triggerLog().warn("{} - 脚本尚未设置任务动作, 任务将不会执行(堆栈信息请检查调试级别日志).", this);
triggerLog().warn("{} - 脚本尚未设置任务动作, 任务将不会执行.\n{}", this, Throwables.getStackTraceAsString(new Exception()));
}
return;
}
SCHEDULER.schedule(runnable, trigger);
this.future = SCHEDULER.schedule(new TimerTaskRunnable(runnable), trigger);
}
@Override
public void shutdown() {
if (this.future != null) {
future.cancel(false);
}
}
private static Logger triggerLog() {
return LoggerFactory.getLogger(TimerTrigger.class);
}
private static class TimerTaskRunnable implements Runnable {
private final Closure<?> closure;
private TimerTaskRunnable(Closure<?> closure) {
this.closure = closure;
}
@Override
public void run() {
closure.call();
}
}
}

5
src/main/java/net/lamgc/oracle/sentry/script/groovy/trigger/TriggerName.java
View File

@ -13,6 +13,11 @@ import java.lang.annotation.Target;
@Retention(RetentionPolicy.RUNTIME)
public @interface TriggerName {
/**
* Trigger 名称.
* <p> 需保证唯一性.
* @return 返回 Trigger 名称.
*/
String value();
}

14
src/main/java/net/lamgc/oracle/sentry/script/tools/http/HttpAccess.java
View File

@ -10,7 +10,8 @@ import java.io.IOException;
import java.nio.charset.StandardCharsets;
/**
*
* Http 访问对象.
* <p> 该对象可以复用.
* @author LamGC
*/
public class HttpAccess {
@ -23,12 +24,23 @@ public class HttpAccess {
this.url = url;
}
/**
* Get 方法发起 Http 请求.
* @return 返回 Http 响应对象.
* @throws IOException 当请求发送失败时抛出异常.
*/
public HttpAccessResponse get() throws IOException {
HttpGet request = new HttpGet(url);
HttpResponse response = client.execute(request);
return new HttpAccessResponse(response);
}
/**
* Post 方法发起 Http 请求.
* @param body Post 请求体.
* @return 返回 Http 响应对象.
* @throws IOException 当请求发送失败时抛出异常.
*/
public HttpAccessResponse post(String body) throws IOException {
HttpPost request = new HttpPost(url);
request.setEntity(new StringEntity(body, StandardCharsets.UTF_8));

26
src/main/java/net/lamgc/oracle/sentry/script/tools/http/HttpAccessResponse.java
View File

@ -6,7 +6,6 @@ import org.apache.http.HttpResponse;
import org.apache.http.StatusLine;
import org.apache.http.util.EntityUtils;
import java.io.File;
import java.io.IOException;
import java.util.Locale;
import java.util.Map;
@ -32,20 +31,45 @@ public final class HttpAccessResponse {
this.entity = response.getEntity();
}
/**
* 获取响应状态行.
* @return 返回响应状态行, 包括响应码和信息.
*/
public StatusLine getStatusLine() {
return statusLine;
}
/**
* 获取语言.
* @return 返回 Locale 对象.
*/
public Locale getLocale() {
return locale;
}
/**
* ResponseBody 转为字符串并返回.
* @return 返回字符串形式的响应体.
* @throws IOException 当接收失败时抛出异常.
*/
public String getContentToString() throws IOException {
return EntityUtils.toString(entity);
}
/**
* 获取响应体实体, 可手动接收 Http Response Body.
* @return 返回 Http 实体.
*/
public HttpEntity getEntity() {
return entity;
}
/**
* 获取 Header.
* @param name Header 名称.
* @return 如果存在, 返回相应值, 否则返回 {@code null}.
*/
public String getHeader(String name) {
return headers.get(name);
}
}

10
src/main/java/net/lamgc/oracle/sentry/script/tools/http/ScriptHttpClient.java
View File

@ -2,10 +2,19 @@ package net.lamgc.oracle.sentry.script.tools.http;
import org.apache.http.client.HttpClient;
/**
* 创建脚本使用的 HttpClient 包装对象.
* <p> 可根据脚本需要优化和简化步骤.
* @author LamGC
*/
public class ScriptHttpClient {
private final HttpClient httpClient;
/**
* 包装并构造一个脚本 Http 客户端.
* @param httpClient 原始 Http 客户端.
*/
public ScriptHttpClient(HttpClient httpClient) {
this.httpClient = httpClient;
}
@ -13,6 +22,7 @@ public class ScriptHttpClient {
/**
* 打开一个连接.
* @param url 要访问的 Url.
* @return 返回 Http 访问对象(可重复使用).
*/
public HttpAccess create(String url) {
return new HttpAccess(httpClient, url);

1
src/main/resources/META-INF/services/net.lamgc.oracle.sentry.script.ScriptComponentExtension Normal file
View File

@ -0,0 +1 @@
net.lamgc.oracle.sentry.script.BuiltinComponentExtension

1
src/main/resources/META-INF/services/net.lamgc.oracle.sentry.script.groovy.trigger.GroovyTrigger
View File

@ -1,2 +1,3 @@
net.lamgc.oracle.sentry.script.groovy.trigger.OnceTrigger
net.lamgc.oracle.sentry.script.groovy.trigger.TimerTrigger
net.lamgc.oracle.sentry.script.groovy.trigger.InstanceStateWatchTrigger

11
src/main/resources/application.yml
View File

@ -14,3 +14,14 @@ oracle:
# 首次连接认证策略
# 支持 confirm(询问) accept(接受) reject(拒绝)
authenticationPolicy: 'confirm'
# SSH 转发设定
forwarding:
# X11 转发
X11:
enable: false
# SSH-Agent 转发
agent:
enable: false
# TCP 转发
tcp:
enable: true

64
src/main/resources/logback.xml
View File

@ -2,10 +2,10 @@
<configuration debug="false">
<appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
<target>System.out</target>
<filter class="ch.qos.logback.classic.filter.LevelFilter">
<level>INFO</level>
<onMatch>ACCEPT</onMatch>
<onMismatch>DENY</onMismatch>
<filter class="net.lamgc.oracle.sentry.common.logging.NoMarkerFilter"/>
<filter class="net.lamgc.oracle.sentry.common.logging.LevelRangeFilter">
<minLevel>DEBUG</minLevel>
<maxLevel>INFO</maxLevel>
</filter>
<encoder>
<pattern>[%d{HH:mm:ss.SSS} %5level][%logger][%thread]: %msg%n</pattern>
@ -13,6 +13,7 @@
</appender>
<appender name="stderr" class="ch.qos.logback.core.ConsoleAppender">
<target>System.err</target>
<filter class="net.lamgc.oracle.sentry.common.logging.NoMarkerFilter"/>
<filter class="ch.qos.logback.classic.filter.ThresholdFilter">
<level>WARN</level>
</filter>
@ -23,6 +24,7 @@
<appender name="logFile" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>./logs/latest.log</file>
<filter class="net.lamgc.oracle.sentry.common.logging.NoMarkerFilter"/>
<filter class="ch.qos.logback.classic.filter.LevelFilter">
<level>TRACE</level>
<onMatch>DENY</onMatch>
@ -37,11 +39,63 @@
</rollingPolicy>
</appender>
<appender name="stdout_script" class="ch.qos.logback.core.ConsoleAppender">
<target>System.out</target>
<filter class="net.lamgc.oracle.sentry.common.logging.MarkerFilter">
<markerName>Script</markerName>
</filter>
<filter class="net.lamgc.oracle.sentry.common.logging.LevelRangeFilter">
<minLevel>DEBUG</minLevel>
<maxLevel>INFO</maxLevel>
</filter>
<encoder>
<pattern>[%d{HH:mm:ss.SSS} %5level][Script][%logger]: %msg%n</pattern>
</encoder>
</appender>
<appender name="stderr_script" class="ch.qos.logback.core.ConsoleAppender">
<target>System.err</target>
<filter class="net.lamgc.oracle.sentry.common.logging.MarkerFilter">
<markerName>Script</markerName>
</filter>
<filter class="ch.qos.logback.classic.filter.ThresholdFilter">
<level>WARN</level>
</filter>
<encoder>
<pattern>[%d{HH:mm:ss.SSS} %5level][Script][%logger]: %msg%n</pattern>
</encoder>
</appender>
<appender name="logFile_script" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>./logs/latest-script.log</file>
<filter class="net.lamgc.oracle.sentry.common.logging.MarkerFilter">
<markerName>Script</markerName>
</filter>
<filter class="ch.qos.logback.classic.filter.LevelFilter">
<level>TRACE</level>
<onMatch>DENY</onMatch>
<onMismatch>ACCEPT</onMismatch>
</filter>
<encoder>
<pattern>[%d{HH:mm:ss.SSS} %5level][Script][%logger]: %msg%n</pattern>
</encoder>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>./logs/run-script-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
<maxHistory>30</maxHistory>
</rollingPolicy>
</appender>
<logger name="com.oracle.bmc" level="WARN"/>
<logger name="org.springframework" level="INFO"/>
<logger name="org.apache.http" level="INFO"/>
<logger name="org.apache.sshd" level="INFO"/>
<logger name="com.oracle.bmc.http.ApacheConfigurator" level="ERROR"/>
<root>
<root level="INFO">
<appender-ref ref="stdout" />
<appender-ref ref="stderr" />
<appender-ref ref="logFile" />
<appender-ref ref="stdout_script" />
<appender-ref ref="stderr_script" />
<appender-ref ref="logFile_script" />
</root>
</configuration>

63
src/test/java/net/lamgc/oracle/sentry/common/LazyLoaderTest.java Normal file
View File

@ -0,0 +1,63 @@
package net.lamgc.oracle.sentry.common;
import org.junit.jupiter.api.Test;
import java.lang.reflect.Field;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicReference;
import static org.junit.jupiter.api.Assertions.*;
class LazyLoaderTest {
@Test
@SuppressWarnings("rawtypes")
public void lazyLoadTest() throws NoSuchFieldException, IllegalAccessException {
LazyLoader<Object> loader = new LazyLoader<>(Object::new);
Field field = LazyLoader.class.getDeclaredField("object");
field.setAccessible(true);
AtomicReference reference = (AtomicReference) field.get(loader);
assertNotNull(reference);
assertNull(reference.get());
Object instance = loader.getInstance();
assertEquals(reference.get(), instance);
assertEquals(reference.get(), loader.getInstance());
assertEquals(instance, loader.getInstance());
}
@Test
@SuppressWarnings("StatementWithEmptyBody")
public void multiThreadAccessTest() {
class Singleton {
private final static AtomicInteger constructNum = new AtomicInteger(0);
public Singleton() {
if (constructNum.incrementAndGet() > 1) {
fail("Multiple instances were generated.");
}
}
}
final LazyLoader<Singleton> loader = new LazyLoader<>(Singleton::new);
AtomicBoolean start = new AtomicBoolean(false);
int threadNum = Runtime.getRuntime().availableProcessors();
List<Thread> threads = new ArrayList<>(threadNum);
for (int i = 0; i < threadNum; i++) {
Thread thread = new Thread(() -> {
while (!start.get()) {
}
assertNotNull(loader.getInstance());
});
threads.add(thread);
}
for (Thread thread : threads) {
thread.start();
}
start.set(true);
}
}

57
src/test/java/net/lamgc/oracle/sentry/common/retry/RetryerTest.java Normal file
View File

@ -0,0 +1,57 @@
package net.lamgc.oracle.sentry.common.retry;
import org.junit.jupiter.api.Test;
import java.util.Random;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.atomic.AtomicInteger;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertThrows;
class RetryerTest {
@Test
void successTest() throws RetryFailedException, ExecutionException, InterruptedException {
final Object obj = new Object();
Retryer<Object> retryer = Retryer.builder(() -> obj).create();
assertEquals(obj, retryer.execute());
assertEquals(obj, retryer.executeAsync().get());
}
@Test
void failedTest() {
assertThrows(RetryFailedException.class, () -> {
Retryer<Object> retryer = Retryer.builder(() -> {
throw new RuntimeException();
}).create();
retryer.execute();
});
}
@Test
void retryNumberTest() {
final int retryNumber = new Random().nextInt(9) + 1;
final AtomicInteger retryCounter = new AtomicInteger(-1);
Retryer<Object> retryer = Retryer.builder(() -> {
retryCounter.incrementAndGet();
throw new RuntimeException();
}).retryNumber(retryNumber).create();
try {
retryer.execute();
} catch (RetryFailedException e) {
e.printStackTrace();
}
assertEquals(retryNumber, retryCounter.get());
}
@Test
void checkerTest() {
Retryer<Object> retryer = Retryer.builder(() -> null)
.retryIfReturnNull()
.create();
assertThrows(RetryFailedException.class, retryer::execute);
}
}

20
src/test/java/net/lamgc/oracle/sentry/oci/compute/ssh/BadPublicKey.java Normal file
View File

@ -0,0 +1,20 @@
package net.lamgc.oracle.sentry.oci.compute.ssh;
import java.security.PublicKey;
public class BadPublicKey implements PublicKey {
@Override
public String getAlgorithm() {
return null;
}
@Override
public String getFormat() {
return null;
}
@Override
public byte[] getEncoded() {
return new byte[0];
}
}

253
src/test/java/net/lamgc/oracle/sentry/oci/compute/ssh/SshAuthInfoSerializerTest.java
View File

@ -3,43 +3,50 @@ package net.lamgc.oracle.sentry.oci.compute.ssh;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonObject;
import com.google.gson.JsonParseException;
import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.config.keys.PublicKeyEntryDecoder;
import org.junit.jupiter.api.Test;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PublicKey;
import java.util.Base64;
import java.util.Collections;
import java.util.NoSuchElementException;
import java.util.Random;
import static org.junit.jupiter.api.Assertions.*;
/**
* @see SshAuthInfoSerializer
*/
class SshAuthInfoSerializerTest {
private final static Gson gson = new GsonBuilder()
.registerTypeAdapter(SshAuthInfo.class, SshAuthInfoSerializer.INSTANCE)
.registerTypeAdapter(PasswordAuthInfo.class, SshAuthInfoSerializer.INSTANCE)
.registerTypeAdapter(PublicKeyAuthInfo.class, SshAuthInfoSerializer.INSTANCE)
.registerTypeAdapter(UnsupportedSshAuthInfo.class, SshAuthInfoSerializer.INSTANCE)
.serializeNulls()
.create();
private JsonObject getPasswordAuthObject() {
return gson.fromJson("""
{
"username": "opc",
"authType": "password",
"serverKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/NGFFKkchNdE8HDE9WHGIcw97ZVOP5edY7drtRQn0xSSG6uLu08T36B8IWT+XJdg45/YMmcuVSzsG1QZs/R3s0URVUhsWjwdezWDeWeBHt8/6TGl2AsgA0iXSAOeRNldhZlITFvWoBEv2wElNjCTsEGo5bBp3rVPqqZNJFUs+FR9s/uVgmFqe7HGhuKhhk7BrRThJ/NcgDRicMQ4yXU3Hl++pG54TVLH+0HmgWg312XNAWtzw2iRmKBAuu2I4pP1TRp93K/lbD7QU8k8W7QcyGSAc73nZrhyzYVMko5wQGt4/vGpchOw7ehkotSejTB1GSyhzBTZobA23For76YLzuVFOjF3lEvSh1QV30ysu0PREKLtY83ad0WHVFqVgJrFHkkXQrglN335BhGwhFzwyMpRxbD8HCDtz6VjpqwoKtd/ExQkcfaj/g10o28vRzHGyzUbCTe433V61fjSsC4Bikw15vTnQ3ZuyOzfyoCYUNpFcf1Wv+mkoWqn9xU8lGvk= Test-Server",
"password": "123456"
private JsonObject getTestsInfo(String name) {
InputStream resource = this.getClass().getResourceAsStream("/ssh-auth/" + name + ".json");
if (resource == null) {
throw new NoSuchElementException("Required resource not found: " + name);
}
""", JsonObject.class);
}
private JsonObject getPublicKeyAuthObject() {
return gson.fromJson("""
{
"username": "opc",
"authType": "Public_Key",
"serverKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/NGFFKkchNdE8HDE9WHGIcw97ZVOP5edY7drtRQn0xSSG6uLu08T36B8IWT+XJdg45/YMmcuVSzsG1QZs/R3s0URVUhsWjwdezWDeWeBHt8/6TGl2AsgA0iXSAOeRNldhZlITFvWoBEv2wElNjCTsEGo5bBp3rVPqqZNJFUs+FR9s/uVgmFqe7HGhuKhhk7BrRThJ/NcgDRicMQ4yXU3Hl++pG54TVLH+0HmgWg312XNAWtzw2iRmKBAuu2I4pP1TRp93K/lbD7QU8k8W7QcyGSAc73nZrhyzYVMko5wQGt4/vGpchOw7ehkotSejTB1GSyhzBTZobA23For76YLzuVFOjF3lEvSh1QV30ysu0PREKLtY83ad0WHVFqVgJrFHkkXQrglN335BhGwhFzwyMpRxbD8HCDtz6VjpqwoKtd/ExQkcfaj/g10o28vRzHGyzUbCTe433V61fjSsC4Bikw15vTnQ3ZuyOzfyoCYUNpFcf1Wv+mkoWqn9xU8lGvk= Test-Server",
"privateKeyPath": "",
"keyPassword": ""
}
""", JsonObject.class);
return gson.fromJson(new InputStreamReader(resource, StandardCharsets.UTF_8), JsonObject.class);
}
@Test
public void deserializeTest() {
SshAuthInfo info = gson.fromJson(getPasswordAuthObject(), SshAuthInfo.class);
public void deserializePasswordTest() {
SshAuthInfo info = gson.fromJson(getTestsInfo("StandardPassword"), SshAuthInfo.class);
assertTrue(info instanceof PasswordAuthInfo);
assertEquals("opc", info.getUsername());
@ -47,4 +54,206 @@ class SshAuthInfoSerializerTest {
assertEquals("SHA256:qBu2jRXM6Wog/jWUJJ0WLTMb3UdDGAmYEVZQNZdFZNM", KeyUtils.getFingerPrint(info.getServerKey()));
}
@Test
public void deserializePublicKeyTest() {
SshAuthInfo info = gson.fromJson(getTestsInfo("StandardPublicKey"), SshAuthInfo.class);
assertEquals("SHA256:qBu2jRXM6Wog/jWUJJ0WLTMb3UdDGAmYEVZQNZdFZNM", KeyUtils.getFingerPrint(info.getServerKey()));
assertEquals("opc", info.getUsername());
if (info instanceof PublicKeyAuthInfo pkInfo) {
assertEquals(new File("~/.ssh/id_rsa"), pkInfo.getPrivateKeyPath());
assertEquals("123456", pkInfo.getKeyPassword());
} else {
fail("The type of the parsing result does not match: " + info.getClass());
}
}
@Test
public void deserializeBadPortNumberTest() {
SshAuthInfo info = gson.fromJson(getTestsInfo("BadPortValue-NonNumber"), SshAuthInfo.class);
assertTrue(info instanceof PasswordAuthInfo);
assertEquals("opc", info.getUsername());
assertEquals("123456", ((PasswordAuthInfo) info).getPassword());
assertEquals("SHA256:qBu2jRXM6Wog/jWUJJ0WLTMb3UdDGAmYEVZQNZdFZNM", KeyUtils.getFingerPrint(info.getServerKey()));
assertEquals(22, info.getPort());
}
@Test
public void deserializePortNumberOutOfBoundTest() {
SshAuthInfo info = gson.fromJson(getTestsInfo("BadPortValue-OutOfBound"), SshAuthInfo.class);
assertTrue(info instanceof PasswordAuthInfo);
assertEquals("opc", info.getUsername());
assertEquals("123456", ((PasswordAuthInfo) info).getPassword());
assertEquals("SHA256:qBu2jRXM6Wog/jWUJJ0WLTMb3UdDGAmYEVZQNZdFZNM", KeyUtils.getFingerPrint(info.getServerKey()));
assertEquals(22, info.getPort());
}
@Test
public void deserializePortNumberOutOfBoundMinusTest() {
SshAuthInfo info = gson.fromJson(getTestsInfo("BadPortValue-OutOfBound-minus"), SshAuthInfo.class);
assertTrue(info instanceof PasswordAuthInfo);
assertEquals("opc", info.getUsername());
assertEquals("123456", ((PasswordAuthInfo) info).getPassword());
assertEquals("SHA256:qBu2jRXM6Wog/jWUJJ0WLTMb3UdDGAmYEVZQNZdFZNM", KeyUtils.getFingerPrint(info.getServerKey()));
assertEquals(22, info.getPort());
}
@Test
public void deserializeUnsupportedTest() {
assertThrows(JsonParseException.class, () ->
gson.fromJson(getTestsInfo("UnsupportedAuthType"), SshAuthInfo.class));
}
@Test
public void deserializeNoExistTypeTest() {
assertThrows(JsonParseException.class, () ->
gson.fromJson(getTestsInfo("NoExistType"), SshAuthInfo.class));
}
@Test
public void deserializeBadServerKeyFieldTest() {
SshAuthInfo info = gson.fromJson(getTestsInfo("BadServerKeyField"), SshAuthInfo.class);
assertNull(info.getServerKey());
}
@Test
public void deserializeBadServerKeyDecodeTest() {
SshAuthInfo info = gson.fromJson(getTestsInfo("BadServerKey-decode"), SshAuthInfo.class);
assertNull(info.getServerKey());
}
@Test
public void deserializeNoExistServerKeyTest() {
SshAuthInfo info = gson.fromJson(getTestsInfo("ServerKeyNoExist"), SshAuthInfo.class);
assertNull(info.getServerKey());
}
@Test
public void deserializeUnsupportedJsonTypeTest() {
assertThrows(JsonParseException.class, () ->
gson.fromJson(getTestsInfo("UnsupportedJsonType"), SshAuthInfo.class));
}
@Test
public void deserializeBadRequiredFieldJsonTypeTest() {
assertThrows(JsonParseException.class, () ->
gson.fromJson(getTestsInfo("BadRequiredFieldType"), SshAuthInfo.class));
}
private void initialSshAuthInfo(SshAuthInfo info) {
try {
KeyPair pair = KeyUtils.generateKeyPair("ssh-rsa", 3072);
info.setServerKey(pair.getPublic());
info.setPort(new Random().nextInt(65536));
info.setUsername("linux");
if (info instanceof PasswordAuthInfo psw) {
psw.setPassword(String.valueOf(new Random().nextLong()));
} else if (info instanceof PublicKeyAuthInfo pk) {
pk.setKeyPassword(String.valueOf(new Random().nextLong()));
pk.setPrivateKeyPath(new File("./" + new Random().nextLong() + "/key"));
}
} catch (GeneralSecurityException e) {
throw new RuntimeException(e);
}
}
private String getOrFailField(JsonObject json, String field) {
if (json.has(field) && json.get(field).isJsonPrimitive()) {
return json.get(field).getAsString();
} else {
fail("The JSON field '" + field + "' does not exist or is not a primitive.");
throw new RuntimeException();
}
}
private PublicKey decodeSshPublicKey(String publicKeyString) throws GeneralSecurityException, IOException {
String[] strings = publicKeyString.split(" ", 3);
@SuppressWarnings("unchecked") PublicKeyEntryDecoder<PublicKey, ?> decoder =
(PublicKeyEntryDecoder<PublicKey, ?>) KeyUtils.getPublicKeyEntryDecoder(strings[0]);
return decoder.decodePublicKey(null, strings[0], Base64.getDecoder().decode(strings[1]), Collections.emptyMap());
}
@Test
public void serializePasswordTest() throws GeneralSecurityException, IOException {
PasswordAuthInfo info = new PasswordAuthInfo();
initialSshAuthInfo(info);
JsonObject json = gson.fromJson(gson.toJson(info), JsonObject.class);
assertEquals(SshAuthInfo.AuthType.PASSWORD.name(), getOrFailField(json, "authType"));
assertEquals(KeyUtils.getFingerPrint(info.getServerKey()),
KeyUtils.getFingerPrint(decodeSshPublicKey(getOrFailField(json, "serverKey"))));
assertEquals(info.getPort(), Integer.parseInt(getOrFailField(json, "port")));
assertEquals(info.getUsername(), getOrFailField(json, "username"));
assertEquals(info.getPassword(), getOrFailField(json, "password"));
}
@Test
public void serializePublicKeyTest() throws GeneralSecurityException, IOException {
PublicKeyAuthInfo info = new PublicKeyAuthInfo();
initialSshAuthInfo(info);
JsonObject json = gson.fromJson(gson.toJson(info), JsonObject.class);
assertEquals(SshAuthInfo.AuthType.PUBLIC_KEY.name(), getOrFailField(json, "authType"));
assertEquals(KeyUtils.getFingerPrint(info.getServerKey()),
KeyUtils.getFingerPrint(decodeSshPublicKey(getOrFailField(json, "serverKey"))));
assertEquals(info.getUsername(), getOrFailField(json, "username"));
assertEquals(info.getPort(), Integer.parseInt(getOrFailField(json, "port")));
assertEquals(info.getPrivateKeyPath().getCanonicalFile(), new File(getOrFailField(json, "privateKeyPath")));
assertEquals(info.getKeyPassword(), getOrFailField(json, "keyPassword"));
}
@Test
public void serializeNoExistServerKeyTest() {
PasswordAuthInfo info = new PasswordAuthInfo();
initialSshAuthInfo(info);
info.setServerKey(null);
JsonObject json = gson.fromJson(gson.toJson(info), JsonObject.class);
assertEquals(SshAuthInfo.AuthType.PASSWORD.name(), getOrFailField(json, "authType"));
assertTrue(json.get("serverKey").isJsonNull());
assertEquals(info.getUsername(), getOrFailField(json, "username"));
assertEquals(info.getPort(), Integer.parseInt(getOrFailField(json, "port")));
assertEquals(info.getPassword(), getOrFailField(json, "password"));
}
@Test
public void serializeUnsupportedTest() {
assertThrows(JsonParseException.class, () ->
gson.toJson(new UnsupportedSshAuthInfo(false)));
}
@Test
public void serializeBadPrivateKeyPathTest() {
PublicKeyAuthInfo info = new PublicKeyAuthInfo();
initialSshAuthInfo(info);
info.setPrivateKeyPath(new File("@#$*%&&96137:()*/key"));
assertThrows(JsonParseException.class, () ->
gson.toJson(info));
}
@Test
public void serializeBadServerKeyTest() {
PasswordAuthInfo info = new PasswordAuthInfo();
initialSshAuthInfo(info);
info.setServerKey(new BadPublicKey());
JsonObject json = gson.fromJson(gson.toJson(info), JsonObject.class);
assertEquals(SshAuthInfo.AuthType.PASSWORD.name(), getOrFailField(json, "authType"));
assertTrue(json.get("serverKey").isJsonNull());
assertEquals(info.getUsername(), getOrFailField(json, "username"));
assertEquals(info.getPort(), Integer.parseInt(getOrFailField(json, "port")));
assertEquals(info.getPassword(), getOrFailField(json, "password"));
}
}

15
src/test/java/net/lamgc/oracle/sentry/oci/compute/ssh/UnsupportedSshAuthInfo.java Normal file
View File

@ -0,0 +1,15 @@
package net.lamgc.oracle.sentry.oci.compute.ssh;
public class UnsupportedSshAuthInfo extends SshAuthInfo {
private final boolean returnType;
public UnsupportedSshAuthInfo(boolean returnType) {
this.returnType = returnType;
}
@Override
public AuthType getType() {
return returnType ? AuthType.PASSWORD : null;
}
}

6
src/test/java/net/lamgc/oracle/sentry/script/ScriptManagerTest.java
View File

@ -1,6 +1,7 @@
package net.lamgc.oracle.sentry.script;
import net.lamgc.oracle.sentry.ComputeInstanceManager;
import net.lamgc.oracle.sentry.oci.compute.ComputeInstanceManager;
import net.lamgc.oracle.sentry.oci.account.OracleAccountManager;
import net.lamgc.oracle.sentry.script.tools.http.ScriptHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.junit.jupiter.api.Test;
@ -12,8 +13,7 @@ class ScriptManagerTest {
@Test
public void loadScriptTest() {
ScriptManager manager = new ScriptManager(new File("./run/scripts"),
new ScriptComponent(new ScriptHttpClient(HttpClientBuilder.create().build()),
new ComputeInstanceManager()));
new ScriptComponents());
manager.loadScripts();

77
src/test/java/net/lamgc/oracle/sentry/script/groovy/GroovyTriggerProviderTest.java Normal file
View File

@ -0,0 +1,77 @@
package net.lamgc.oracle.sentry.script.groovy;
import net.lamgc.oracle.sentry.script.groovy.trigger.*;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import java.lang.reflect.Field;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.ServiceLoader;
/**
* @see GroovyTriggerProvider
*/
class GroovyTriggerProviderTest {
@Test
public void standardRunTest() {
GroovyTrigger trigger = GroovyTriggerProvider.INSTANCE.getTriggerByName("once");
Assertions.assertNotNull(trigger);
Assertions.assertEquals(OnceTrigger.class, trigger.getClass());
}
@Test
public void noAnnotationTriggerTest() throws NoSuchFieldException, IllegalAccessException {
failIfHasTrigger(NoAnnotationTrigger.class);
}
@Test
public void badTriggerNameLoadTest() throws NoSuchFieldException, IllegalAccessException {
failIfHasTrigger(BadAnnotationTrigger.class);
}
@Test
public void duplicateTriggerLoadTest() throws NoSuchFieldException, IllegalAccessException {
Assertions.assertFalse(hasTrigger(DuplicateTriggerA.class) && hasTrigger(DuplicateTriggerB.class));
}
@Test
public void tryToGetNoExistTriggerTest() {
Assertions.assertThrows(NoSuchElementException.class, () ->
GroovyTriggerProvider.INSTANCE.getTriggerByName("NoExistTrigger"));
}
@Test
public void nullTest() {
Assertions.assertThrows(NullPointerException.class, () ->
GroovyTriggerProvider.INSTANCE.getTriggerByName(null));
}
private void failIfHasTrigger(Class<? extends GroovyTrigger> triggerClass)
throws NoSuchFieldException, IllegalAccessException {
if (hasTrigger(triggerClass)) {
Assertions.fail("Trigger did not appear as expected.");
}
}
@SuppressWarnings("unchecked")
private boolean hasTrigger(Class<? extends GroovyTrigger> triggerClass)
throws NoSuchFieldException, IllegalAccessException {
Field providerMapField =
GroovyTriggerProvider.class.getDeclaredField("triggerProviderMap");
providerMapField.setAccessible(true);
Map<String, ServiceLoader.Provider<GroovyTrigger>> map =
(Map<String, ServiceLoader.Provider<GroovyTrigger>>) providerMapField.get(
GroovyTriggerProvider.INSTANCE
);
providerMapField.setAccessible(false);
for (ServiceLoader.Provider<GroovyTrigger> value : map.values()) {
if (triggerClass.equals(value.type())) {
return true;
}
}
return false;
}
}

5
src/test/java/net/lamgc/oracle/sentry/script/groovy/trigger/BadAnnotationTrigger.java Normal file
View File

@ -0,0 +1,5 @@
package net.lamgc.oracle.sentry.script.groovy.trigger;
@TriggerName("")
public class BadAnnotationTrigger extends BaseTestTrigger {
}

15
src/test/java/net/lamgc/oracle/sentry/script/groovy/trigger/BaseTestTrigger.java Normal file
View File

@ -0,0 +1,15 @@
package net.lamgc.oracle.sentry.script.groovy.trigger;
import groovy.lang.Closure;
public abstract class BaseTestTrigger implements GroovyTrigger {
@Override
public void run(Closure<?> task) {
throw new UnsupportedOperationException("Unavailable trigger.");
}
@Override
public void shutdown() {
// Do nothing.
}
}

5
src/test/java/net/lamgc/oracle/sentry/script/groovy/trigger/DuplicateTriggerA.java Normal file
View File

@ -0,0 +1,5 @@
package net.lamgc.oracle.sentry.script.groovy.trigger;
@TriggerName("Duplicate")
public class DuplicateTriggerA extends BaseTestTrigger {
}

5
src/test/java/net/lamgc/oracle/sentry/script/groovy/trigger/DuplicateTriggerB.java Normal file
View File

@ -0,0 +1,5 @@
package net.lamgc.oracle.sentry.script.groovy.trigger;
@TriggerName("Duplicate")
public class DuplicateTriggerB extends BaseTestTrigger {
}

5
src/test/java/net/lamgc/oracle/sentry/script/groovy/trigger/NoAnnotationTrigger.java Normal file
View File

@ -0,0 +1,5 @@
package net.lamgc.oracle.sentry.script.groovy.trigger;
public class NoAnnotationTrigger extends BaseTestTrigger {
}

4
src/test/resources/META-INF/services/net.lamgc.oracle.sentry.script.groovy.trigger.GroovyTrigger Normal file
View File

@ -0,0 +1,4 @@
net.lamgc.oracle.sentry.script.groovy.trigger.NoAnnotationTrigger
net.lamgc.oracle.sentry.script.groovy.trigger.BadAnnotationTrigger
net.lamgc.oracle.sentry.script.groovy.trigger.DuplicateTriggerA
net.lamgc.oracle.sentry.script.groovy.trigger.DuplicateTriggerB

7
src/test/resources/ssh-auth/BadPortValue-NonNumber.json Normal file
View File

@ -0,0 +1,7 @@
{
"username": "opc",
"authType": "password",
"port": "test",
"serverKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/NGFFKkchNdE8HDE9WHGIcw97ZVOP5edY7drtRQn0xSSG6uLu08T36B8IWT+XJdg45/YMmcuVSzsG1QZs/R3s0URVUhsWjwdezWDeWeBHt8/6TGl2AsgA0iXSAOeRNldhZlITFvWoBEv2wElNjCTsEGo5bBp3rVPqqZNJFUs+FR9s/uVgmFqe7HGhuKhhk7BrRThJ/NcgDRicMQ4yXU3Hl++pG54TVLH+0HmgWg312XNAWtzw2iRmKBAuu2I4pP1TRp93K/lbD7QU8k8W7QcyGSAc73nZrhyzYVMko5wQGt4/vGpchOw7ehkotSejTB1GSyhzBTZobA23For76YLzuVFOjF3lEvSh1QV30ysu0PREKLtY83ad0WHVFqVgJrFHkkXQrglN335BhGwhFzwyMpRxbD8HCDtz6VjpqwoKtd/ExQkcfaj/g10o28vRzHGyzUbCTe433V61fjSsC4Bikw15vTnQ3ZuyOzfyoCYUNpFcf1Wv+mkoWqn9xU8lGvk= Test-Server",
"password": "123456"
}

7
src/test/resources/ssh-auth/BadPortValue-OutOfBound-minus.json Normal file
View File

@ -0,0 +1,7 @@
{
"username": "opc",
"authType": "password",
"port": "-22",
"serverKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/NGFFKkchNdE8HDE9WHGIcw97ZVOP5edY7drtRQn0xSSG6uLu08T36B8IWT+XJdg45/YMmcuVSzsG1QZs/R3s0URVUhsWjwdezWDeWeBHt8/6TGl2AsgA0iXSAOeRNldhZlITFvWoBEv2wElNjCTsEGo5bBp3rVPqqZNJFUs+FR9s/uVgmFqe7HGhuKhhk7BrRThJ/NcgDRicMQ4yXU3Hl++pG54TVLH+0HmgWg312XNAWtzw2iRmKBAuu2I4pP1TRp93K/lbD7QU8k8W7QcyGSAc73nZrhyzYVMko5wQGt4/vGpchOw7ehkotSejTB1GSyhzBTZobA23For76YLzuVFOjF3lEvSh1QV30ysu0PREKLtY83ad0WHVFqVgJrFHkkXQrglN335BhGwhFzwyMpRxbD8HCDtz6VjpqwoKtd/ExQkcfaj/g10o28vRzHGyzUbCTe433V61fjSsC4Bikw15vTnQ3ZuyOzfyoCYUNpFcf1Wv+mkoWqn9xU8lGvk= Test-Server",
"password": "123456"
}

7
src/test/resources/ssh-auth/BadPortValue-OutOfBound.json Normal file
View File

@ -0,0 +1,7 @@
{
"username": "opc",
"authType": "password",
"port": "1000000",
"serverKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/NGFFKkchNdE8HDE9WHGIcw97ZVOP5edY7drtRQn0xSSG6uLu08T36B8IWT+XJdg45/YMmcuVSzsG1QZs/R3s0URVUhsWjwdezWDeWeBHt8/6TGl2AsgA0iXSAOeRNldhZlITFvWoBEv2wElNjCTsEGo5bBp3rVPqqZNJFUs+FR9s/uVgmFqe7HGhuKhhk7BrRThJ/NcgDRicMQ4yXU3Hl++pG54TVLH+0HmgWg312XNAWtzw2iRmKBAuu2I4pP1TRp93K/lbD7QU8k8W7QcyGSAc73nZrhyzYVMko5wQGt4/vGpchOw7ehkotSejTB1GSyhzBTZobA23For76YLzuVFOjF3lEvSh1QV30ysu0PREKLtY83ad0WHVFqVgJrFHkkXQrglN335BhGwhFzwyMpRxbD8HCDtz6VjpqwoKtd/ExQkcfaj/g10o28vRzHGyzUbCTe433V61fjSsC4Bikw15vTnQ3ZuyOzfyoCYUNpFcf1Wv+mkoWqn9xU8lGvk= Test-Server",
"password": "123456"
}

9
src/test/resources/ssh-auth/BadRequiredFieldType.json Normal file
View File

@ -0,0 +1,9 @@
{
"username": {
},
"authType": "password",
"port": 22,
"serverKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/NGFFKkchNdE8HDE9WHGIcw97ZVOP5edY7drtRQn0xSSG6uLu08T36B8IWT+XJdg45/YMmcuVSzsG1QZs/R3s0URVUhsWjwdezWDeWeBHt8/6TGl2AsgA0iXSAOeRNldhZlITFvWoBEv2wElNjCTsEGo5bBp3rVPqqZNJFUs+FR9s/uVgmFqe7HGhuKhhk7BrRThJ/NcgDRicMQ4yXU3Hl++pG54TVLH+0HmgWg312XNAWtzw2iRmKBAuu2I4pP1TRp93K/lbD7QU8k8W7QcyGSAc73nZrhyzYVMko5wQGt4/vGpchOw7ehkotSejTB1GSyhzBTZobA23For76YLzuVFOjF3lEvSh1QV30ysu0PREKLtY83ad0WHVFqVgJrFHkkXQrglN335BhGwhFzwyMpRxbD8HCDtz6VjpqwoKtd/ExQkcfaj/g10o28vRzHGyzUbCTe433V61fjSsC4Bikw15vTnQ3ZuyOzfyoCYUNpFcf1Wv+mkoWqn9xU8lGvk= Test-Server",
"password": "123456"
}

6
src/test/resources/ssh-auth/BadServerKey-decode.json Normal file
View File

@ -0,0 +1,6 @@
{
"username": "opc",
"authType": "password",
"serverKey": "ssh-rsa AAAAaCADAQABAAABgQC/NGFFKkchNdE8HDE9WHGIcw97ZVOP5edY7drtRQn0xSSG6uLu08T36B8IWT+XJdg45/YMmcuVSzsG1QZs/R3s0URVUhsWjwdezWDeWeBHt8/6TGl2AsgA0iXSAOeRNldhZlITFvWoBEv2wElNjCTsEGo5bBp3rVPqqZNJFUs+FR9s/uVgmFqe7HGhuKhhk7BrRThJ/NcgDRicMQ4yXU3Hl++pG54TVLH+0HmgWg312XNAWtzw2iRmKBAuu2I4pP1TRp93K/lbD7QU8k8W7QcyGSAc73nZrhyzYVMko5wQGt4/vGpchOw7ehkotSejTB1GSyhzBTZobA23For76YLzuVFOjF3lEvSh1QV30ysu0PREKLtY83ad0WHVFqVgJrFHkkXQrglN335BhGwhFzwyMpRxbD8HCDtz6VjpqwoKtd/ExQkcfaj/g10o28vRzHGyzUbCTe433V61fjSsC4Bikw15vTnQ3ZuyOzfyoCYUNpFcf1Wv+mkoWqn9xU8lGvk= Test-Server",
"password": "123456"
}

9
src/test/resources/ssh-auth/BadServerKeyField.json Normal file
View File

@ -0,0 +1,9 @@
{
"username": "opc",
"authType": "Public_Key",
"serverKey": {
"msg": "badServerKeyField"
},
"privateKeyPath": "~/.ssh/id_rsa",
"keyPassword": "123456"
}

5
src/test/resources/ssh-auth/NoExistType.json Normal file
View File

@ -0,0 +1,5 @@
{
"username": "opc",
"serverKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/NGFFKkchNdE8HDE9WHGIcw97ZVOP5edY7drtRQn0xSSG6uLu08T36B8IWT+XJdg45/YMmcuVSzsG1QZs/R3s0URVUhsWjwdezWDeWeBHt8/6TGl2AsgA0iXSAOeRNldhZlITFvWoBEv2wElNjCTsEGo5bBp3rVPqqZNJFUs+FR9s/uVgmFqe7HGhuKhhk7BrRThJ/NcgDRicMQ4yXU3Hl++pG54TVLH+0HmgWg312XNAWtzw2iRmKBAuu2I4pP1TRp93K/lbD7QU8k8W7QcyGSAc73nZrhyzYVMko5wQGt4/vGpchOw7ehkotSejTB1GSyhzBTZobA23For76YLzuVFOjF3lEvSh1QV30ysu0PREKLtY83ad0WHVFqVgJrFHkkXQrglN335BhGwhFzwyMpRxbD8HCDtz6VjpqwoKtd/ExQkcfaj/g10o28vRzHGyzUbCTe433V61fjSsC4Bikw15vTnQ3ZuyOzfyoCYUNpFcf1Wv+mkoWqn9xU8lGvk= Test-Server",
"password": "123456"
}

5
src/test/resources/ssh-auth/ServerKeyNoExist.json Normal file
View File

@ -0,0 +1,5 @@
{
"username": "opc",
"authType": "password",
"password": "123456"
}

7
src/test/resources/ssh-auth/StandardPassword.json Normal file
View File

@ -0,0 +1,7 @@
{
"username": "opc",
"authType": "password",
"port": 22,
"serverKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/NGFFKkchNdE8HDE9WHGIcw97ZVOP5edY7drtRQn0xSSG6uLu08T36B8IWT+XJdg45/YMmcuVSzsG1QZs/R3s0URVUhsWjwdezWDeWeBHt8/6TGl2AsgA0iXSAOeRNldhZlITFvWoBEv2wElNjCTsEGo5bBp3rVPqqZNJFUs+FR9s/uVgmFqe7HGhuKhhk7BrRThJ/NcgDRicMQ4yXU3Hl++pG54TVLH+0HmgWg312XNAWtzw2iRmKBAuu2I4pP1TRp93K/lbD7QU8k8W7QcyGSAc73nZrhyzYVMko5wQGt4/vGpchOw7ehkotSejTB1GSyhzBTZobA23For76YLzuVFOjF3lEvSh1QV30ysu0PREKLtY83ad0WHVFqVgJrFHkkXQrglN335BhGwhFzwyMpRxbD8HCDtz6VjpqwoKtd/ExQkcfaj/g10o28vRzHGyzUbCTe433V61fjSsC4Bikw15vTnQ3ZuyOzfyoCYUNpFcf1Wv+mkoWqn9xU8lGvk= Test-Server",
"password": "123456"
}

7
src/test/resources/ssh-auth/StandardPublicKey.json Normal file
View File

@ -0,0 +1,7 @@
{
"username": "opc",
"authType": "Public_Key",
"serverKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/NGFFKkchNdE8HDE9WHGIcw97ZVOP5edY7drtRQn0xSSG6uLu08T36B8IWT+XJdg45/YMmcuVSzsG1QZs/R3s0URVUhsWjwdezWDeWeBHt8/6TGl2AsgA0iXSAOeRNldhZlITFvWoBEv2wElNjCTsEGo5bBp3rVPqqZNJFUs+FR9s/uVgmFqe7HGhuKhhk7BrRThJ/NcgDRicMQ4yXU3Hl++pG54TVLH+0HmgWg312XNAWtzw2iRmKBAuu2I4pP1TRp93K/lbD7QU8k8W7QcyGSAc73nZrhyzYVMko5wQGt4/vGpchOw7ehkotSejTB1GSyhzBTZobA23For76YLzuVFOjF3lEvSh1QV30ysu0PREKLtY83ad0WHVFqVgJrFHkkXQrglN335BhGwhFzwyMpRxbD8HCDtz6VjpqwoKtd/ExQkcfaj/g10o28vRzHGyzUbCTe433V61fjSsC4Bikw15vTnQ3ZuyOzfyoCYUNpFcf1Wv+mkoWqn9xU8lGvk= Test-Server",
"privateKeyPath": "~/.ssh/id_rsa",
"keyPassword": "123456"
}

4
src/test/resources/ssh-auth/UnsupportedAuthType.json Normal file
View File

@ -0,0 +1,4 @@
{
"username": "linux",
"authType": "Unsupported"
}

3
src/test/resources/ssh-auth/UnsupportedJsonType.json Normal file
View File

@ -0,0 +1,3 @@
[
"?"
]