From 352ef974bd6a20c3516e643abd6897c800f10e55 Mon Sep 17 00:00:00 2001
From: Zone <78101209+haha-zwx-ooo@users.noreply.github.com>
Date: Mon, 15 Jan 2024 15:54:56 +0800
Subject: [PATCH] [0.6.0.dev240115] (#215)
repo-sync-2024-01-15T15:29:33+0800
---
CHANGELOG.md | 11 +-
Makefile | 5 +-
cmd/kuscia/master/master.go | 5 +-
cmd/kuscia/modules/containerd.go | 2 +
cmd/kuscia/modules/datamesh.go | 2 +
cmd/kuscia/modules/domainroute.go | 1 +
cmd/kuscia/modules/envoy.go | 2 +
cmd/kuscia/modules/k3s.go | 44 ++-
cmd/kuscia/modules/kusciaapi.go | 2 +
cmd/kuscia/modules/transport.go | 2 +
.../K8s_master_lite_cn.md | 13 +-
.../K8s_deployment_kuscia/K8s_p2p_cn.md | 7 +-
docs/deployment/deploy_master_lite_cn.md | 28 +-
docs/deployment/deploy_p2p_cn.md | 19 +-
docs/deployment/kuscia_config_cn.md | 19 +-
docs/deployment/logdescription.md | 52 ++-
docs/deployment/networkrequirements.md | 13 +-
docs/development/register_custom_image.md | 4 +-
docs/reference/apis/domaindata_cn.md | 1 +
docs/reference/apis/kusciajob_cn.md | 2 +-
docs/reference/apis/summary_cn.md | 2 +-
docs/reference/concepts/domaindata_cn.md | 18 +-
docs/reference/concepts/domaindatagrant_cn.md | 15 +-
docs/reference/concepts/domainroute_cn.md | 2 +-
docs/reference/concepts/kusciajob_cn.md | 2 +-
docs/reference/concepts/kusciatask_cn.md | 2 +-
docs/reference/overview.md | 3 +-
docs/reference/troubleshoot/index.rst | 4 +-
.../troubleshoot/networkauthorizationcheck.md | 2 +-
.../troubleshoot/networktroubleshoot.md | 36 ++
.../troubleshoot/private_key_loss.md | 25 ++
docs/reference/troubleshoot/runjobfailed.md | 3 +-
docs/tutorial/run_secretflow_with_api_cn.md | 12 +-
go.mod | 1 +
go.sum | 2 +
hack/build.sh | 2 +-
hack/k8s/autonomy/configmap.yaml | 2 +-
hack/k8s/kine.sql | 17 +
hack/k8s/lite/configmap.yaml | 4 +-
hack/k8s/master/configmap.yaml | 2 +-
pkg/common/constants.go | 7 +
pkg/common/convert.go | 6 +-
pkg/common/gen.go | 4 +
.../clusterdomainroute/controller.go | 366 +++---------------
.../clusterdomainroute/controller_test.go | 61 ++-
pkg/controllers/clusterdomainroute/domain.go | 119 ++++++
.../clusterdomainroute/domainroute.go | 191 +++++++++
pkg/controllers/clusterdomainroute/monitor.go | 54 ++-
.../domain/authorization_resource.go | 22 +-
pkg/controllers/domain/controller.go | 19 +-
pkg/controllers/domain/domain.go | 6 +-
pkg/controllers/domainroute/check.go | 9 +-
pkg/controllers/domainroute/controller.go | 18 +-
pkg/controllers/domainroute/rolling.go | 30 +-
pkg/controllers/kusciadeployment/reconcile.go | 4 +
.../kusciatask/handler/pending_handler.go | 4 +
.../handler/pending_handler_test.go | 2 +
pkg/datamesh/service/domaindata.go | 7 +
pkg/datamesh/service/domaindatagrant.go | 34 +-
pkg/gateway/clusters/master.go | 108 ++----
pkg/gateway/commands/root.go | 25 +-
pkg/gateway/config/cluster_config.go | 1 +
pkg/gateway/config/gateway_config.go | 4 -
pkg/gateway/controller/domain_route.go | 166 ++++----
pkg/gateway/controller/domain_route_test.go | 19 +-
pkg/gateway/controller/endpoints.go | 4 +-
pkg/gateway/controller/gateway.go | 69 ++--
pkg/gateway/controller/gateway_test.go | 6 +-
pkg/gateway/controller/handshake.go | 307 ++++++---------
.../controller/interconn/bfia_handler.go | 11 +-
pkg/gateway/controller/interconn/factory.go | 6 +-
.../controller/interconn/kuscia_handler.go | 14 +-
pkg/gateway/controller/regitser_node.go | 23 +-
pkg/gateway/metrics/monitor.go | 8 +-
pkg/gateway/utils/clusters.go | 28 ++
pkg/gateway/utils/handshake.go | 27 ++
pkg/gateway/utils/http.go | 123 ++++++
pkg/gateway/xds/xds.go | 1 -
pkg/kusciaapi/service/domain_route_service.go | 16 +-
.../service/domain_route_service_test.go | 2 +-
pkg/kusciaapi/service/domain_service.go | 8 +
pkg/kusciaapi/service/domaindata_grant.go | 47 ++-
pkg/kusciaapi/service/domaindata_service.go | 13 +
.../service/domaindata_service_test.go | 2 +-
pkg/kusciaapi/service/domaindata_source.go | 6 +
pkg/kusciaapi/service/job_service.go | 5 +
pkg/kusciaapi/service/serving_service.go | 7 +
.../datastore/datastore_endpoint_check.go | 91 +++++
.../datastore_endpoint_check_test.go | 119 ++++++
pkg/utils/paths/paths.go | 9 +
pkg/utils/process/process.go | 48 +++
pkg/utils/queue/queue.go | 4 +-
pkg/utils/resources/common.go | 18 +
pkg/utils/resources/common_test.go | 92 +++++
proto/api/v1alpha1/BUILD.bazel | 22 ++
proto/api/v1alpha1/appconfig/BUILD.bazel | 14 +
proto/api/v1alpha1/datamesh/BUILD.bazel | 48 +++
.../kuscia/proto/api/v1alpha1/common_pb2.py | 5 +-
.../v1alpha1/datamesh/domaindatagrant_pb2.py | 60 +--
.../v1alpha1/datamesh/domaindatasource_pb2.py | 104 +----
.../datamesh/domaindatasource_pb2_grpc.py | 99 -----
.../api/v1alpha1/datamesh/flightdm_pb2.py | 34 +-
.../api/v1alpha1/handshake/handshake_pb2.py | 24 +-
.../api/v1alpha1/kusciaapi/certificate_pb2.py | 49 +++
.../kusciaapi/certificate_pb2_grpc.py | 66 ++++
.../api/v1alpha1/kusciaapi/domain_pb2.py | 34 +-
.../v1alpha1/kusciaapi/domaindatagrant_pb2.py | 68 ++--
.../kusciaapi/domaindatasource_pb2.py | 209 ++++++++++
.../kusciaapi/domaindatasource_pb2_grpc.py | 198 ++++++++++
.../proto/api/v1alpha1/kusciaapi/job_pb2.py | 74 ++--
.../api/v1alpha1/kusciaapi/serving_pb2.py | 22 +-
python/version.py | 2 +-
scripts/deploy/deploy.sh | 21 +-
scripts/deploy/start_standalone.sh | 4 +-
.../templates/cluster_domain_route.token.yaml | 1 +
scripts/templates/kuscia-autonomy.yaml | 3 +-
scripts/templates/kuscia-lite.yaml | 7 +-
scripts/templates/kuscia-master.yaml | 3 +-
scripts/test/suite/center/base.sh | 72 ++++
scripts/test/suite/core/functions.sh | 114 +++++-
scripts/test/suite/p2p/base.sh | 128 ++++++
scripts/user/create_example_job.sh | 2 +-
122 files changed, 2993 insertions(+), 1284 deletions(-)
create mode 100644 docs/reference/troubleshoot/networktroubleshoot.md
create mode 100644 docs/reference/troubleshoot/private_key_loss.md
create mode 100644 hack/k8s/kine.sql
create mode 100644 pkg/controllers/clusterdomainroute/domain.go
create mode 100644 pkg/controllers/clusterdomainroute/domainroute.go
create mode 100644 pkg/gateway/utils/clusters.go
create mode 100644 pkg/gateway/utils/handshake.go
create mode 100644 pkg/utils/datastore/datastore_endpoint_check.go
create mode 100644 pkg/utils/datastore/datastore_endpoint_check_test.go
create mode 100644 pkg/utils/process/process.go
create mode 100644 proto/api/v1alpha1/BUILD.bazel
create mode 100644 proto/api/v1alpha1/datamesh/BUILD.bazel
create mode 100644 python/kuscia/proto/api/v1alpha1/kusciaapi/certificate_pb2.py
create mode 100644 python/kuscia/proto/api/v1alpha1/kusciaapi/certificate_pb2_grpc.py
create mode 100644 python/kuscia/proto/api/v1alpha1/kusciaapi/domaindatasource_pb2.py
create mode 100644 python/kuscia/proto/api/v1alpha1/kusciaapi/domaindatasource_pb2_grpc.py
diff --git a/CHANGELOG.md b/CHANGELOG.md
index ae18bd02..cbe7ef18 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,11 +12,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
`Fixed` for any bug fixes.
`Security` in case of vulnerabilities.
+## [0.6.0.dev240115] - 2023-01-15
+### Added
+- Add network error troubleshooting document.
+- Add steps for pre creating data tables in the process of deploying kusica on K8s.
+
+### Changed
+- The token from lite to master supports rotation.
+### Fixed
+- When deploying using deploy.sh, no kuscia API client certificate was generated.
+
## [0.5.0b0] - 2024-1-8
### Added
- Support deploying kuscia on K8s.
- Support running algorithm images based on runp and runk modes.
-- Support configuring Path prefix in domain public URL addresses.
### Changed
- Optimize deployment configuration and add configuration documentation.
diff --git a/Makefile b/Makefile
index 6bdc8906..10ffc226 100644
--- a/Makefile
+++ b/Makefile
@@ -1,9 +1,8 @@
# Image URL to use all building image targets
DATETIME = $(shell date +"%Y%m%d%H%M%S")
-KUSCIA_VERSION_TAG = $(shell git describe --abbrev=7 --always)
-COMMIT_ID = $(shell git log -1 --pretty="format:%h")
-TAG = ${KUSCIA_VERSION_TAG}-${DATETIME}-${COMMIT_ID}
+KUSCIA_VERSION_TAG = $(shell git describe --tags --always)
+TAG = ${KUSCIA_VERSION_TAG}-${DATETIME}
IMG := secretflow/kuscia:${TAG}
# TEST_SUITE used by integration test
diff --git a/cmd/kuscia/master/master.go b/cmd/kuscia/master/master.go
index 33e75633..83408868 100644
--- a/cmd/kuscia/master/master.go
+++ b/cmd/kuscia/master/master.go
@@ -75,7 +75,10 @@ func Run(ctx context.Context, configFile string, onlyControllers bool) error {
nlog.Info("Scheduler and controllers are all started")
// wait any controller failed
} else {
- modules.RunK3s(runCtx, cancel, conf)
+ if err := modules.RunK3s(runCtx, cancel, conf); err != nil {
+ nlog.Errorf("k3s start failed: %s", err)
+ return err
+ }
// make clients after k3s start
conf.MakeClients()
diff --git a/cmd/kuscia/modules/containerd.go b/cmd/kuscia/modules/containerd.go
index fc58e0a9..fbe1ae4d 100644
--- a/cmd/kuscia/modules/containerd.go
+++ b/cmd/kuscia/modules/containerd.go
@@ -92,7 +92,9 @@ func (s *containerdModule) execPreCmds(ctx context.Context) error {
func (s *containerdModule) WaitReady(ctx context.Context) error {
ticker := time.NewTicker(30 * time.Second)
+ defer ticker.Stop()
tickerReady := time.NewTicker(time.Second)
+ defer tickerReady.Stop()
for {
select {
case <-tickerReady.C:
diff --git a/cmd/kuscia/modules/datamesh.go b/cmd/kuscia/modules/datamesh.go
index 1f36ef2c..05e7c2f5 100644
--- a/cmd/kuscia/modules/datamesh.go
+++ b/cmd/kuscia/modules/datamesh.go
@@ -70,7 +70,9 @@ func (m dataMeshModule) Run(ctx context.Context) error {
func (m dataMeshModule) WaitReady(ctx context.Context) error {
timeoutTicker := time.NewTicker(30 * time.Second)
+ defer timeoutTicker.Stop()
checkTicker := time.NewTicker(1 * time.Second)
+ defer checkTicker.Stop()
for {
select {
case <-checkTicker.C:
diff --git a/cmd/kuscia/modules/domainroute.go b/cmd/kuscia/modules/domainroute.go
index 1d231357..f1ff1d6a 100644
--- a/cmd/kuscia/modules/domainroute.go
+++ b/cmd/kuscia/modules/domainroute.go
@@ -107,6 +107,7 @@ func (d *domainRouteModule) Run(ctx context.Context) error {
func (d *domainRouteModule) WaitReady(ctx context.Context) error {
ticker := time.NewTicker(60 * time.Second)
+ defer ticker.Stop()
select {
case <-commands.ReadyChan:
return nil
diff --git a/cmd/kuscia/modules/envoy.go b/cmd/kuscia/modules/envoy.go
index e74cc3f9..592d47ec 100644
--- a/cmd/kuscia/modules/envoy.go
+++ b/cmd/kuscia/modules/envoy.go
@@ -138,7 +138,9 @@ func (s *envoyModule) logRotate(ctx context.Context) {
func (s *envoyModule) WaitReady(ctx context.Context) error {
ticker := time.NewTicker(60 * time.Second)
+ defer ticker.Stop()
tickerReady := time.NewTicker(time.Second)
+ defer tickerReady.Stop()
for {
select {
case <-ctx.Done():
diff --git a/cmd/kuscia/modules/k3s.go b/cmd/kuscia/modules/k3s.go
index ef8cfd29..1da28f06 100644
--- a/cmd/kuscia/modules/k3s.go
+++ b/cmd/kuscia/modules/k3s.go
@@ -37,8 +37,11 @@ import (
pkgcom "github.com/secretflow/kuscia/pkg/common"
"github.com/secretflow/kuscia/pkg/utils/common"
+ "github.com/secretflow/kuscia/pkg/utils/datastore"
"github.com/secretflow/kuscia/pkg/utils/network"
"github.com/secretflow/kuscia/pkg/utils/nlog/ljwriter"
+ "github.com/secretflow/kuscia/pkg/utils/paths"
+ "github.com/secretflow/kuscia/pkg/utils/process"
tlsutils "github.com/secretflow/kuscia/pkg/utils/tls"
"github.com/secretflow/kuscia/pkg/utils/nlog"
@@ -59,8 +62,27 @@ type k3sModule struct {
}
func (s *k3sModule) readyz(host string) error {
+
+ // check k3s process
+ if !process.CheckExists("k3s") {
+ errMsg := "process [k3s] is not exists"
+ nlog.Error(errMsg)
+ return errors.New(errMsg)
+ }
+
cl := http.Client{}
- caCertFile, err := os.ReadFile(filepath.Join(s.dataDir, "server/tls/server-ca.crt"))
+ // check file exist
+ serverCaFilePath := filepath.Join(s.dataDir, "server/tls/server-ca.crt")
+ clientAdminCrtFilePath := filepath.Join(s.dataDir, "server/tls/client-admin.crt")
+ clientAdminKeyFilePath := filepath.Join(s.dataDir, "server/tls/client-admin.key")
+
+ if fileExistError := paths.CheckAllFileExist(serverCaFilePath, clientAdminCrtFilePath, clientAdminKeyFilePath); fileExistError != nil {
+ err := fmt.Errorf("%s. Please check the k3s service is running successfully ", fileExistError)
+ nlog.Error(err)
+ return err
+ }
+
+ caCertFile, err := os.ReadFile(serverCaFilePath)
if err != nil {
nlog.Error(err)
return err
@@ -71,13 +93,13 @@ func (s *k3sModule) readyz(host string) error {
nlog.Error(msg)
return fmt.Errorf("%s", msg)
}
- certPEMBlock, err := os.ReadFile(filepath.Join(s.dataDir, "server/tls/client-admin.crt"))
+ certPEMBlock, err := os.ReadFile(clientAdminCrtFilePath)
if err != nil {
nlog.Error(err)
return err
}
- keyPEMBlock, err := os.ReadFile(filepath.Join(s.dataDir, "server/tls/client-admin.key"))
+ keyPEMBlock, err := os.ReadFile(clientAdminKeyFilePath)
if err != nil {
nlog.Error(err)
return err
@@ -194,6 +216,9 @@ func (s *k3sModule) Run(ctx context.Context) error {
envs := os.Environ()
envs = append(envs, "CATTLE_NEW_SIGNED_CERT_EXPIRATION_DAYS=3650")
+ if os.Getenv("KINE_SKIP_INIT_MYSQL") == "" {
+ envs = append(envs, "KINE_SKIP_INIT_MYSQL=true")
+ }
cmd.Env = envs
return cmd
})
@@ -201,7 +226,9 @@ func (s *k3sModule) Run(ctx context.Context) error {
func (s *k3sModule) WaitReady(ctx context.Context) error {
ticker := time.NewTicker(30 * time.Second)
+ defer ticker.Stop()
tickerReady := time.NewTicker(time.Second)
+ defer tickerReady.Stop()
for {
select {
case <-ctx.Done():
@@ -220,7 +247,14 @@ func (s *k3sModule) Name() string {
return "k3s"
}
-func RunK3s(ctx context.Context, cancel context.CancelFunc, conf *Dependencies) Module {
+func RunK3s(ctx context.Context, cancel context.CancelFunc, conf *Dependencies) error {
+ // check DatastoreEndpoint
+ if err := datastore.CheckDatastoreEndpoint(conf.Master.DatastoreEndpoint); err != nil {
+ nlog.Error(err)
+ cancel()
+ return err
+ }
+
m := NewK3s(conf)
go func() {
if err := m.Run(ctx); err != nil {
@@ -247,7 +281,7 @@ func RunK3s(ctx context.Context, cancel context.CancelFunc, conf *Dependencies)
nlog.Info("k3s is ready")
}
- return m
+ return nil
}
func applyCRD(conf *Dependencies) error {
diff --git a/cmd/kuscia/modules/kusciaapi.go b/cmd/kuscia/modules/kusciaapi.go
index fb688132..d13eca22 100644
--- a/cmd/kuscia/modules/kusciaapi.go
+++ b/cmd/kuscia/modules/kusciaapi.go
@@ -108,7 +108,9 @@ func (m kusciaAPIModule) Run(ctx context.Context) error {
func (m kusciaAPIModule) WaitReady(ctx context.Context) error {
timeoutTicker := time.NewTicker(30 * time.Second)
+ defer timeoutTicker.Stop()
checkTicker := time.NewTicker(1 * time.Second)
+ defer checkTicker.Stop()
for {
select {
case <-checkTicker.C:
diff --git a/cmd/kuscia/modules/transport.go b/cmd/kuscia/modules/transport.go
index 0bd4db03..add60670 100644
--- a/cmd/kuscia/modules/transport.go
+++ b/cmd/kuscia/modules/transport.go
@@ -83,7 +83,9 @@ func (t *transportModule) Name() string {
func (t *transportModule) WaitReady(ctx context.Context) error {
ticker := time.NewTicker(30 * time.Second)
+ defer ticker.Stop()
tickerReady := time.NewTicker(time.Second)
+ defer tickerReady.Stop()
for {
select {
case <-ctx.Done():
diff --git a/docs/deployment/K8s_deployment_kuscia/K8s_master_lite_cn.md b/docs/deployment/K8s_deployment_kuscia/K8s_master_lite_cn.md
index faa482e2..bcce18ff 100644
--- a/docs/deployment/K8s_deployment_kuscia/K8s_master_lite_cn.md
+++ b/docs/deployment/K8s_deployment_kuscia/K8s_master_lite_cn.md
@@ -10,7 +10,10 @@
> Tips:k8s 部署模式暂不支持训练,仅支持预测服务
## 部署 master
-部署 master 需提前准备好 mysql 数据库,数据库帐号密码等信息配置在步骤三 Configmap 中(database 需要提前手动创建好并且 mysql 账户需要具有创建表的权限)
+
+### 前置准备
+
+部署 master 需提前准备好 mysql 数据库表并且符合[kuscia配置](../kuscia_config_cn.md#id3)中的规范,数据库帐号密码等信息配置在步骤三 configmap 中。
### 步骤一:创建 Namespace
> 创建 namespace 需要先获取 create 权限,避免出现 "namespaces is forbidden" 报错
@@ -63,7 +66,7 @@ kubectl create ns lite-alice
### 步骤二:创建 Service
-获取 [service.yaml](https://github.com/secretflow/kuscia/blob/main/hack/k8s/lite/service.yaml) 文件,如果 master 与 lite 不在一个 k8s 集群内,可以将 master service 的端口暴露方式改为 LoadBalancer(公有云,例如:阿里云) 或者 NodePort,并在 configmap 的 masterEndpoint 字段改为可正常访问的地址,创建 service
+获取 [service.yaml](https://github.com/secretflow/kuscia/blob/main/hack/k8s/lite/service.yaml) 文件,如果 master 与 lite 不在一个 k8s 集群内,可以将 master service 的端口暴露方式改为 [LoadBalancer](https://kubernetes.io/zh-cn/docs/concepts/services-networking/service/#loadbalancer)(公有云,例如:[阿里云](https://help.aliyun.com/zh/ack/serverless-kubernetes/user-guide/use-annotations-to-configure-load-balancing)) 或者 [NodePort](https://kubernetes.io/zh-cn/docs/concepts/services-networking/service/#type-nodeport),并在 configmap 的 masterEndpoint 字段改为可正常访问的地址,创建 service
```bash
kubectl create -f service.yaml
```
@@ -71,7 +74,7 @@ kubectl create -f service.yaml
### 步骤三:创建 Configmap
ConfigMap 是用来配置 kuscia 的配置文件,详细的配置文件介绍参考[kuscia配置](../kuscia_config_cn.md)
-部署 configmap 需要提前在 master 节点 pod 内生成 domainID 以及 token,并填写到 configmap 的 domainID 和 liteDeployToken 字段中,私钥可以通过命令 `docker run -it --rm secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow/kuscia scripts/deploy/generate_rsa_key.sh` 生成并填写到 domainKeyData 字段中
+部署 configmap 需要提前在 master 节点 pod 内生成 domainID 以及 Token,并填写到 configmap 的 domainID 和 liteDeployToken 字段中,私钥可以通过命令 `docker run -it --rm secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow/kuscia scripts/deploy/generate_rsa_key.sh` 生成并填写到 domainKeyData 字段中
> 注意:
1、目前节点私钥仅支持 pkcs#1 格式: "BEGIN RSA PRIVATE KEY/END RSA PRIVATE KEY"
2、修改 Configmap 配置后,需执行 kubectl delete po ${pod-name} -n ${namespace} 重新拉起 pod 生效
@@ -82,9 +85,9 @@ lite-bob 配置与 lite-alice 一样,下面以 alice 为例:
```bash
kubectl exec -it ${master_pod_name} bash -n kuscia-master
scripts/deploy/add_domain_lite.sh alice
-# 示例 token
+# 示例 Token
BMC4xjNqa7uAmWmyXLuJ4rrZw6brZeax
-# 如果token遗忘了,可以通过该命令重新获取
+# 如果 Token 遗忘了,可以通过该命令重新获取
kubectl get domain alice -o=jsonpath='{.status.deployTokenStatuses[?(@.state=="unused")].token}' && echo
```
diff --git a/docs/deployment/K8s_deployment_kuscia/K8s_p2p_cn.md b/docs/deployment/K8s_deployment_kuscia/K8s_p2p_cn.md
index f1217a04..3ea2c804 100644
--- a/docs/deployment/K8s_deployment_kuscia/K8s_p2p_cn.md
+++ b/docs/deployment/K8s_deployment_kuscia/K8s_p2p_cn.md
@@ -9,7 +9,10 @@
> Tips:k8s 部署模式暂不支持训练,仅支持预测服务
## 部署 autonomy
-部署 autonomy 需提前准备好 mysql 数据库,数据库帐号密码等信息配置在步骤三 Configmap 中(database 需要提前手动创建好并且 mysql 账户需要具有创建表的权限)
+
+### 前置准备
+
+部署 autonomy 需提前准备好 mysql 数据库表并且符合[kuscia配置](../kuscia_config_cn.md#id3)中的规范,数据库帐号密码等信息配置在步骤三 configmap 中。
### 步骤一:创建 Namespace
> 创建 namespace 需要先获取 create 权限,避免出现 "namespaces is forbidden" 报错
@@ -65,7 +68,7 @@ kubectl create -f deployment.yaml
alice 和 bob 授权之前可以先检测下相互之间的通信是否正常
-建议使用 curl -kvvv http://kuscia-autonomy-bob.autonomy-bob.svc.cluster.local:1080;(此处以 http 为例,https 可以删除 configmap 里的 protocol: NOTLS 字段,重启 pod 生效。LoadBalancer 或者 NodePort 方式可以用 curl -kvvv http://ip:port)检查一下是否访问能通,正常情况下返回的 http 错误码是401,内容是:unauthorized
+建议使用 curl -kvvv http://kuscia-autonomy-bob.autonomy-bob.svc.cluster.local:1080;(此处以 http 为例,https 可以删除 configmap 里的 protocol: NOTLS 字段,重启 pod 生效。[LoadBalancer](https://kubernetes.io/zh-cn/docs/concepts/services-networking/service/#loadbalancer) 或者 [NodePort](https://kubernetes.io/zh-cn/docs/concepts/services-networking/service/#type-nodeport) 方式可以用 curl -kvvv http://ip:port)检查一下是否访问能通,正常情况下返回的 http 错误码是401,内容是:unauthorized
示例参考[这里](../K8s_deployment_kuscia/K8s_master_lite_cn.md#id6)
diff --git a/docs/deployment/deploy_master_lite_cn.md b/docs/deployment/deploy_master_lite_cn.md
index 302067c6..d516a6c0 100644
--- a/docs/deployment/deploy_master_lite_cn.md
+++ b/docs/deployment/deploy_master_lite_cn.md
@@ -128,7 +128,7 @@ docker run --rm --pull always $KUSCIA_IMAGE cat /home/kuscia/scripts/deploy/depl
启动 alice。默认会在当前目录下创建 kuscia-lite-alice-certs 目录用来存放 alice 的公私钥和证书。默认会在当前目录下创建 kuscia-lite-alice-data 目录用来存放 alice 的数据:
```bash
# -n 参数传递的是节点 ID
-# -t 参数传递的是节点部署的 token
+# -t 参数传递的是节点部署的 Token
# -m 参数传递的是 master 容器对外暴露的 https://IP:PORT,如上文中 master 的 ip 是1.1.1.1,端口是18080
# -p 参数传递的是节点容器映射到主机的端口,保证和主机上现有的端口不冲突即可
./deploy.sh lite -n alice -t abcdefg -m https://1.1.1.1:18080 -p 28080
@@ -137,8 +137,8 @@ docker run --rm --pull always $KUSCIA_IMAGE cat /home/kuscia/scripts/deploy/depl
#### 部署 lite 节点 bob
-在部署 bob 节点之前,我们需要在 master 注册 bob 节点,并获取到部署时需要用到的 token 。
-执行以下命令,完成节点注册并从返回中得到 token (下文将以hijklmn为例)。
+在部署 bob 节点之前,我们需要在 master 注册 bob 节点,并获取到部署时需要用到的 Token 。
+执行以下命令,完成节点注册并从返回中得到 Token (下文将以hijklmn为例)。
```bash
docker exec -it ${USER}-kuscia-master sh scripts/deploy/add_domain_lite.sh bob
```
@@ -147,7 +147,7 @@ docker exec -it ${USER}-kuscia-master sh scripts/deploy/add_domain_lite.sh bob
hijklmn
```
-如果token遗忘了,可以通过该命令重新获取
+如果 Token 遗忘了,可以通过该命令重新获取
```bash
docker exec -it ${USER}-kuscia-master kubectl get domain bob -o=jsonpath='{.status.deployTokenStatuses[?(@.state=="unused")].token}' && echo
```
@@ -173,7 +173,7 @@ docker run --rm --pull always $KUSCIA_IMAGE cat /home/kuscia/scripts/deploy/depl
启动 bob。默认会在当前目录下创建 kuscia-lite-bob-certs 目录用来存放 bob 的公私钥和证书。默认会在当前目录下创建 kuscia-lite-bob-data 目录用来存放 bob 的数据:
```bash
# -n 参数传递的是节点 ID
-# -t 参数传递的是节点部署的 token
+# -t 参数传递的是节点部署的 Token
# -m 参数传递的是 master 容器对外暴露的 https://IP:PORT,如上文中 master 的 ip 是1.1.1.1,端口是18080
# -p 参数传递的是节点容器映射到主机的端口,保证和主机上现有的端口不冲突即可
./deploy.sh lite -n bob -t hijklmn -m https://1.1.1.1:18080 -p 38080
@@ -243,13 +243,24 @@ docker exec -it ${USER}-kuscia-master scripts/deploy/create_domaindata_bob_table
登录到安装 alice 的机器上,为 alice 的测试数据创建 domaindatagrant
```bash
-docker exec -it ${USER}-kuscia-lite-alice curl https://127.0.0.1:8070/api/v1/datamesh/domaindatagrant/create -X POST -H 'content-type: application/json' -d '{"author":"alice","domaindata_id":"alice-table","grant_domain":"bob"}' --cacert var/certs/ca.crt --cert var/certs/ca.crt --key var/certs/ca.key
+docker exec -it root-kuscia-lite-alice curl -X POST 'https://127.0.0.1:8082/api/v1/domaindatagrant/create' --header "Token: $(cat kuscia-lite-alice-certs/token)" --header 'Content-Type: application/json' -d '{
+ "grant_domain": "bob",
+ "description": {"domaindatagrant":"alice-bob"},
+ "domain_id": "alice",
+ "domaindata_id": "alice-table"
+}' --cacert /home/kuscia/var/certs/ca.crt --cert /home/kuscia/var/certs/ca.crt --key /home/kuscia/var/certs/ca.key
```
同理,登录到安装 bob 的机器上,为 bob 的测试数据创建 domaindatagrant
```bash
-docker exec -it ${USER}-kuscia-lite-bob curl https://127.0.0.1:8070/api/v1/datamesh/domaindatagrant/create -X POST -H 'content-type: application/json' -d '{"author":"bob","domaindata_id":"bob-table","grant_domain":"alice"}' --cacert var/certs/ca.crt --cert var/certs/ca.crt --key var/certs/ca.key
+docker exec -it root-kuscia-lite-bob curl -X POST 'https://127.0.0.1:8082/api/v1/domaindatagrant/create' --header "Token: $(cat kuscia-lite-bob-certs/token)" --header 'Content-Type: application/json' -d '{
+ "grant_domain": "alice",
+ "description": {"domaindatagrant":"bob-alice"},
+ "domain_id": "bob",
+ "domaindata_id": "bob-table"
+}' --cacert /home/kuscia/var/certs/ca.crt --cert /home/kuscia/var/certs/ca.crt --key /home/kuscia/var/certs/ca.key
+
```
#### 执行测试作业
@@ -265,8 +276,9 @@ docker exec -it ${USER}-kuscia-master scripts/user/create_example_job.sh
```bash
docker exec -it ${USER}-kuscia-master kubectl get kj
```
+任务运行遇到网络错误时,可以参考[这里](../reference/troubleshoot/networktroubleshoot.md)排查
### 部署 secretpad
-> 注意:secretpad 的部署依赖 master 的证书与 token,必须与 master 部署在同一台物理机上
+> 注意:secretpad 的部署依赖 master 的证书与 Token,必须与 master 部署在同一台物理机上
指定 secretpad 版本:
```bash
diff --git a/docs/deployment/deploy_p2p_cn.md b/docs/deployment/deploy_p2p_cn.md
index 2d391da8..987ece0e 100644
--- a/docs/deployment/deploy_p2p_cn.md
+++ b/docs/deployment/deploy_p2p_cn.md
@@ -4,7 +4,7 @@
本教程帮助你在多台机器上使用 [点对点组网模式](../reference/architecture_cn.md#点对点组网模式) 来部署 Kuscia 集群。
-当前 Kuscia 节点之间只支持 token 的身份认证方式,在跨机器部署的场景下流程较为繁琐,后续本教程会持续更新优化。
+当前 Kuscia 节点之间只支持 Token 的身份认证方式,在跨机器部署的场景下流程较为繁琐,后续本教程会持续更新优化。
## 前置准备
@@ -162,7 +162,12 @@ docker exec -it ${USER}-kuscia-autonomy-alice scripts/deploy/create_domaindata_a
为 alice 的测试数据创建 domaindatagrant
```bash
-docker exec -it ${USER}-kuscia-autonomy-alice curl https://127.0.0.1:8070/api/v1/datamesh/domaindatagrant/create -X POST -H 'content-type: application/json' -d '{"author":"alice","domaindata_id":"alice-table","grant_domain":"bob"}' --cacert var/certs/ca.crt --cert var/certs/ca.crt --key var/certs/ca.key
+docker exec -it root-kuscia-autonomy-alice curl -X POST 'https://127.0.0.1:8082/api/v1/domaindatagrant/create' --header "Token: $(cat kuscia-autonomy-alice-certs/token)" --header 'Content-Type: application/json' -d '{
+ "grant_domain": "bob",
+ "description": {"domaindatagrant":"alice-bob"},
+ "domain_id": "alice",
+ "domaindata_id": "alice-table"
+}' --cacert /home/kuscia/var/certs/ca.crt --cert /home/kuscia/var/certs/ca.crt --key /home/kuscia/var/certs/ca.key
```
- bob 节点准备测试数据
@@ -178,7 +183,12 @@ docker exec -it ${USER}-kuscia-autonomy-bob scripts/deploy/create_domaindata_bob
为 bob 的测试数据创建 domaindatagrant
```bash
-docker exec -it ${USER}-kuscia-autonomy-bob curl https://127.0.0.1:8070/api/v1/datamesh/domaindatagrant/create -X POST -H 'content-type: application/json' -d '{"author":"bob","domaindata_id":"bob-table","grant_domain":"alice"}' --cacert var/certs/ca.crt --cert var/certs/ca.crt --key var/certs/ca.key
+docker exec -it root-kuscia-autonomy-bob curl -X POST 'https://127.0.0.1:8082/api/v1/domaindatagrant/create' --header "Token: $(cat kuscia-autonomy-bob-certs/token)" --header 'Content-Type: application/json' -d '{
+ "grant_domain": "alice",
+ "description": {"domaindatagrant":"bob-alice"},
+ "domain_id": "bob",
+ "domaindata_id": "bob-table"
+}' --cacert /home/kuscia/var/certs/ca.crt --cert /home/kuscia/var/certs/ca.crt --key /home/kuscia/var/certs/ca.key
```
### 执行作业
@@ -191,4 +201,5 @@ docker exec -it ${USER}-kuscia-autonomy-alice scripts/user/create_example_job.sh
查看作业状态
```bash
docker exec -it ${USER}-kuscia-autonomy-alice kubectl get kj
-```
\ No newline at end of file
+```
+任务运行遇到网络错误时,可以参考[这里](../reference/troubleshoot/networktroubleshoot.md)排查
diff --git a/docs/deployment/kuscia_config_cn.md b/docs/deployment/kuscia_config_cn.md
index c709cb6b..afa7060d 100644
--- a/docs/deployment/kuscia_config_cn.md
+++ b/docs/deployment/kuscia_config_cn.md
@@ -23,7 +23,9 @@ logLevel: INFO
#############################################################################
############ Lite 配置 ############
#############################################################################
-# 节点连接 master 的部署 token,用于节点向 master 注册证书, 只在节点第一次向 master 注册证书时有效
+# 当节点首次部署链接 Master 时,Master 通过该 Token 来验证节点的身份(Token 由 Master 颁发),因为安全原因,该 Token 在节点部署成功后,立即失效
+# 多机部署时,请保持该 Token 不变即可
+# 如果节点私钥丢失,请在 Master 删除节点公钥,并重新申请 Token 部署
liteDeployToken: LS0tLS1CRUdJTi
# 节点连接 master 的地址
masterEndpoint: https://172.18.0.2:1080
@@ -65,14 +67,16 @@ image:
# 数据库连接串,不填默认使用 sqlite
# 示例:mysql://username:password@tcp(hostname:3306)/database-name
datastoreEndpoint: ""
+# KusciaAPI 以及节点对外网关使用的通信协议, NOTLS/TLS/MTLS
+protocol: NOTLS
```
### 配置项详解
- `mode`: 当前 Kuscia 节点部署模式 支持 Lite、Master、Autonomy(不区分大小写), 不同部署模式详情请参考[这里](../reference/architecture_cn)
- `domainID`: 当前 Kuscia 实例的 [节点 ID](../reference/concepts/domain_cn), 需要符合 DNS 子域名规则要求,详情请参考[这里](https://kubernetes.io/zh-cn/docs/concepts/overview/working-with-objects/names/#dns-subdomain-names)
-- `domainKeyData`: 节点私钥配置, 用于节点间的通信认证, 节点应用的证书签发, 经过 base64 编码。 可以通过命令 `docker run -it --rm secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow/kuscia scripts/deploy/generate_rsa_key.sh` 生成
+- `domainKeyData`: 节点私钥配置, 用于节点间的通信认证(通过 2 方的证书来生成通讯的身份令牌),节点应用的证书签发(为了加强通讯安全性,kuscia 会给每一个任务引擎分配 MTLS 证书,不论引擎访问其他模块(包括外部),还是其他模块访问引擎,都走 MTLS 通讯,以免内部攻破引擎。)。可以通过命令 `docker run -it --rm secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow/kuscia scripts/deploy/generate_rsa_key.sh` 生成
- `logLevel`: 日志级别 INFO、DEBUG、WARN,默认 INFO
-- `liteDeployToken`: 节点连接 master 的部署 token,用于节点向 master 注册证书, 只在节点第一次向 master 注册证书时有效,详情请参考[节点中心化部署](./deploy_master_lite_cn)
+- `liteDeployToken`: 节点首次连接到 Master 时使用的是由 Master 颁发的一次性 Token 进行身份验证[获取Token](../deployment/deploy_master_lite_cn.md#lite-alice),该 Token 在节点成功部署后立即失效。在多机部署中,请保持该 Token 不变即可;若节点私钥遗失,必须在 Master 上删除相应节点的公钥并重新获取 Token 部署。详情请参考[私钥丢失如何重新部署](./../reference/troubleshoot/private_key_loss.md)
- `masterEndpoint`: 节点连接 master 的地址,比如 https://172.18.0.2:1080
- `runtime`: 节点运行时 runc、runk、runp,运行时详解请参考[这里](../reference/architecture_cn.md#agent)
- `runk`: 当 runtime 为 runk 时配置
@@ -92,7 +96,14 @@ datastoreEndpoint: ""
- `endpoint`: 镜像仓库地址
- `username`: 镜像仓库用户名
- `password`: 镜像仓库密码
-- `datastoreEndpoint`: 数据库连接串,不填默认使用 sqlite。示例:mysql://username:password@tcp(hostname:3306)/database-name
+- `datastoreEndpoint`: 数据库连接串,不填默认使用 sqlite。示例:`mysql://username:password@tcp(hostname:3306)/database-name`使用mysql数据库存储需要符合以下规范:
+ - database 数据库名称暂不支持 "-"。
+ - 创建数据库表 kine,建表语句参考[kine](https://github.com/secretflow/kuscia/blob/main/hack/k8s/kine.sql)。
+ - 数据库账户对表中字段至少具有 select、insert、update、delete 操作权限。
+- `protocol`: KusciaAPI 以及节点对外网关使用的通信协议,有三种安全模式可供选择:NOTLS/TLS/MTLS(区分大小写)。
+ - `NOTLS`: 此模式下,通信不使用 TLS 协议,即数据通过未加密的 HTTP 传输,比较安全的内部网络环境或者 kuscia 已经存在外部网关的情况可以使用该模式。
+ - `TLS`: 在此模式下,通信通过 TLS 协议进行加密,即使用 HTTPS 进行安全传输,不需要手动配置证书。
+ - `MTLS`: 这种模式也使用 HTTPS 进行通信,但它支持双向TLS验证,需要手动交换证书以建立安全连接。
{#configuration-example}
### 配置示例
diff --git a/docs/deployment/logdescription.md b/docs/deployment/logdescription.md
index a6df9f04..f7e4f8b9 100644
--- a/docs/deployment/logdescription.md
+++ b/docs/deployment/logdescription.md
@@ -47,15 +47,15 @@
| 路径| 内容 |
|:---------|:-------|
-| /home/kuscia/var/logs/k3s.log | 记录了 k3s 相关的日志,当检测到 k3s 启动失败时,可以通过该日志排查问题 |
-| /home/kuscia/var/logs/envoy/internal.log | 记录了节点发出的请求日志(即本节点(+内部应用)访问其他节点的网络请求),日志格式参考下文 |
-| /home/kuscia/var/logs/envoy/external.log | 记录了节点收到的请求日志(即其他节点访问本节点的网络请求),日志格式参考下文 |
-| /home/kuscia/var/logs/envoy/envoy.log | envoy 代理的日志文件,记录了 envoy 网关的运行状态、连接情况、流量信息以及问题排查等相关的内容 |
-| /home/kuscia/var/stdout/pods/alice_xxxx/xxx/*.log | 任务的标准输出(stdout)的内容 |
+| `/home/kuscia/var/logs/k3s.log` | 记录了 k3s 相关的日志,当检测到 k3s 启动失败时,可以通过该日志排查问题 |
+| `/home/kuscia/var/logs/envoy/internal.log` | 记录了节点发出的请求日志(即本节点(+内部应用)访问其他节点的网络请求),日志格式参考下文 |
+| `/home/kuscia/var/logs/envoy/external.log` | 记录了节点收到的请求日志(即其他节点访问本节点的网络请求),日志格式参考下文 |
+| `/home/kuscia/var/logs/envoy/envoy.log` | envoy 代理的日志文件,记录了 envoy 网关的运行状态、连接情况、流量信息以及问题排查等相关的内容 |
+| `/home/kuscia/var/stdout/pods/alice_xxxx/xxx/*.log` | 任务的标准输出(stdout)的内容 |
### envoy 日志格式
-internal.log 日志格式如下:
+`internal.log` 日志格式如下:
```bash
%DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT% - [%START_TIME(%d/%b/%Y:%H:%M:%S %z)%] %REQ(Kuscia-Source)% %REQ(Kuscia-Host?:authority)% \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %REQ(x-b3-traceid)% %REQ(x-b3-spanid)% %RESPONSE_CODE% %RESPONSE_FLAGS% %REQ(content-length)% %DURATION% %REQUEST_DURATION% %RESPONSE_DURATION% %RESPONSE_TX_DURATION% %DYNAMIC_METADATA(envoy.kuscia:request_body)% %DYNAMIC_METADATA(envoy.kuscia:response_body)%
```
@@ -66,10 +66,30 @@ internal.log 日志格式如下:
1.2.3.4 - [23/Oct/2023:01:58:03 +0000] alice fgew-cwqearkz-node-4-0-fed.bob.svc "POST /org.interconnection.link.ReceiverService/Push HTTP/1.1" fdd0c66dfb0fbe45 fdd0c66dfb0fbe45 200 - 56 0 0 0 0 - -
1.2.3.4 - [23/Oct/2023:01:58:03 +0000] alice fgew-cwqearkz-node-4-0-fed.bob.svc "POST /org.interconnection.link.ReceiverService/Push HTTP/1.1" dc52437872f6e051 dc52437872f6e051 200 - 171 0 0 0 0 - -
```
+ internal.log 格式说明如下:
+| 属性 | 值 |
+| ------------------ | -------------------------------------------------- |
+| `对端节点的 IP` | 1.2.3.4 |
+| `收到请求时间` | 23/Oct/2023:01:58:02 +0000 |
+| `发送节点` | alice |
+| `请求的域名` | fgew-cwqearkz-node-4-0-fed.bob.svc |
+| `URL` | /org.interconnection.link.ReceiverService/Push |
+| `HTTP 方法/版本` | HTTP/1.1 |
+| `TRANCEID` | 743d0da7e6814c2e |
+| `SPANID` | 743d0da7e6814c2e |
+| `HTTP 返回码` | 200 |
+| `RESPONSE_FLAGS` | -,表示有关响应或连接的其他详细信息,详情可以参考[envoy官方文档](https://www.envoyproxy.io/docs/envoy/v1.25.0/configuration/observability/access_log/usage#command-operators) |
+| `CONTENT-LENGTH` | 1791,表示 body 的长度 |
+| `DURATION` | 0,表示请求总耗时 |
+| `REQ_META` | 0,表示请求body的meta信息 |
+| `RES_META` | 0,表示请求body的meta信息 |
+| `REQUEST_DURATION` | 0,接收下游请求报文的时间 |
+| `RESPONSE_DURATION` | -,从请求开始到响应开始的时间 |
+| `RESPONSE_TX_DURATION` |-,发送上游回包的时间 |
-external.log 日志格式如下:
+`external.log` 日志格式如下:
```bash
%DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT% - [%START_TIME(%d/%b/%Y:%H:%M:%S %z)%] %REQ(Kuscia-Source)% %REQ(Kuscia-Host?:authority)% \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %REQ(x-b3-traceid)% %REQ(x-b3-spanid)% %RESPONSE_CODE% %RESPONSE_FLAGS% %REQ(content-length)% %DURATION% %DYNAMIC_METADATA(envoy.kuscia:request_body)% %DYNAMIC_METADATA(envoy.kuscia:response_body)%
```
@@ -80,3 +100,21 @@ external.log 日志格式如下:
1.2.3.4 - [23/Oct/2023:04:37:06 +0000] bob kuscia-handshake.alice.svc "GET /handshake HTTP/1.1" 8537c88b929fee67 8537c88b929fee67 200 - - 0 - -
1.2.3.4 - [23/Oct/2023:04:37:08 +0000] tee kuscia-handshake.alice.svc "GET /handshake HTTP/1.1" 875d64696b98c6fa 875d64696b98c6fa 200 - - 0 - -
```
+
+ external.log 格式说明如下:
+| 属性 | 值 |
+| ------------------ | -------------------------------------------------- |
+| `对端节点的 IP` | 1.2.3.4 |
+| `收到请求时间` | 23/Oct/2023:01:58:02 +0000 |
+| `发送节点` | alice |
+| `请求的域名` | fgew-cwqearkz-node-4-0-fed.bob.svc |
+| `URL` | /org.interconnection.link.ReceiverService/Push |
+| `HTTP 方法/版本` | HTTP/1.1 |
+| `TRANCEID` | 743d0da7e6814c2e |
+| `SPANID` | 743d0da7e6814c2e |
+| `HTTP 返回码` | 200 |
+| `RESPONSE_FLAGS` | -,表示有关响应或连接的其他详细信息,详情可以参考[envoy官方文档](https://www.envoyproxy.io/docs/envoy/v1.25.0/configuration/observability/access_log/usage#command-operators) |
+| `CONTENT-LENGTH` | 1791,表示 body 的长度 |
+| `DURATION` | 0,表示请求总耗时 |
+| `REQ_META` | 0,表示请求body的meta信息 |
+| `RES_META` | 0,表示请求body的meta信息 |
\ No newline at end of file
diff --git a/docs/deployment/networkrequirements.md b/docs/deployment/networkrequirements.md
index 339e33a5..0642c543 100644
--- a/docs/deployment/networkrequirements.md
+++ b/docs/deployment/networkrequirements.md
@@ -2,16 +2,27 @@
## 前言
-在部署的过程中,复杂的网络环境导致网络通信出现问题时需要花费更多时间去排查问题。特别是在引入了机构网关的情况,因此为了确保节点间通信正常,我们需要对机构网关提出一些要求。
+在部署的过程中,可能面临复杂的网络环境,一旦出现问题,需要花费许多时间去排查,特别是在引入了机构网关的情况。机构的网络拓扑可能是这样的:
+
+包括 NAT 网关、防火墙、HTTP 代理服务器,也可能是多合一功能的设备,这些设备上可能有影响网络连通性的策略:
+- NAT、防火墙可能会配置空闲链接保活时长,现象是如果链接上持续一段时间没有流量,链接会被关闭。表像为发送端发给改机构的报文被丢弃。从发送端 Envoy 上看触发 tcp 重传,从接收端 Envoy 报文直接被丢弃。
+- NAT、防火墙可能会配置 IP 白名单:如果没有配置白名单,可能会出现,tcp 握手请求直接被拒绝。
+ - 如果 NAT、防火墙回复 reset:从发送端看,http 请求 503,tcp 链接被 reset。
+ - 如果 NAT、防火墙直接丢弃:从发送端看,请求会触发重传。
+- 防火墙可能配置安全策略:导致命中策略的请求被拒绝,导致请求503或502等。
+- 网关拦截:网关拦截返回 405,导致请求 503、502 或 405 等。
## 参数要求
如果节点与节点、节点与 master 之间存在网关,网关参数则需要满足如下要求:
- 需要支持 HTTP/1.1 协议
- Keepalive 超时时间大于 20 分钟
+ - TCP层:请确认防火墙超时时间
+ - HTTP层:请确认机构代理(如:nginx)超时时间
- 网关支持发送 Body <= 2MB 的内容
- 不针对 request/response 进行缓冲,以免造成性能低下;如果是 nginx 网关可以参考下文的配置
- 隐私计算大量的随机数传输有可能会命中防火墙的一些关键词规则,请提前确保关闭关键词过滤
+- 确认对外暴露的 IP 和端口,以及对端机构的出口 IP 是否已经配置了白名单
## 网络联通说明
diff --git a/docs/development/register_custom_image.md b/docs/development/register_custom_image.md
index f31cd5e9..6e05c04b 100644
--- a/docs/development/register_custom_image.md
+++ b/docs/development/register_custom_image.md
@@ -34,9 +34,9 @@ docker cp ${USER}-kuscia-autonomy-alice:/home/kuscia/scripts/tools/register_app_
- `-h`:可选参数,查看工具脚本帮助信息
- `-m`:必填参数,指定 Kuscia 的部署模式,支持`[center, p2p]`。中心化组网模式为`center`和点对点组网模式为`p2p`
- `-i`:必填参数,指定需要注册的自定义算法的 Docker 镜像,包含镜像名称和 TAG 信息。可以通过命令`docker images`查询。 镜像示例: `secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow/secretflow-lite-anolis8:latest`
-- `-d`:可选参数,指定节点 Domain IDs,默认为:`alice,bob`。若需指定多节点 Domain ID,各节点 Domain ID 之间以`,`分隔。
+- `-d`:可选参数,指定节点 Domain IDs,默认为:`alice,bob`。若需指定多节点 Domain ID,各节点 Domain ID 之间以`,`分隔
- `-u`:可选参数,指定部署 Kuscia 的用户,默认为:`${USER}`。通过命令`echo ${USER}`可查看当前用户
-- `-n`:可选参数,指定自定义算法镜像相关的 Kuscia AppImage 名称。若不指定,则工具脚本将根据算法镜像名称生成对应的 AppImage 名称。
+- `-n`:可选参数,指定自定义算法镜像相关的 Kuscia AppImage 名称。若不指定,则工具脚本将根据算法镜像名称生成对应的 AppImage 名称
- `-f`:可选参数,指定自定义算法镜像相关的 Kuscia AppImage 模版文件。推荐在工具脚本同级目录下,以规则`{Kuscia AppImage 名称}.yaml`命名模版文件。否则必须通过该标志指定模版文件。
## 准备自定义算法镜像的 AppImage
diff --git a/docs/reference/apis/domaindata_cn.md b/docs/reference/apis/domaindata_cn.md
index 56dc3f70..9e188eb4 100644
--- a/docs/reference/apis/domaindata_cn.md
+++ b/docs/reference/apis/domaindata_cn.md
@@ -217,6 +217,7 @@ Data Mesh API 提供了从 Domain 侧的管理 DomainData 的能力,详细 API
| partition | [Partition](#partition) | 可选 | 暂不支持 |
| columns | [DataColumn](#data-column)[] | 必填 | 列信息 |
| vendor | string | 可选 | 来源,用于批量查询接口筛选数据对象,参考 [ListDomainDataRequestData](#list-domain-data-request-data) 和 [DomainData 概念](../concepts/domaindata_cn.md) |
+| author | string | 可选 | 表示 DomainData 的所属者的节点 ID ,用来标识这个 DomainData 是由哪个节点创建的 |
{#partition}
diff --git a/docs/reference/apis/kusciajob_cn.md b/docs/reference/apis/kusciajob_cn.md
index 144b6c19..ed0c0374 100644
--- a/docs/reference/apis/kusciajob_cn.md
+++ b/docs/reference/apis/kusciajob_cn.md
@@ -192,7 +192,7 @@ protobuf 文件。
| 字段 | 类型 | 选填 | 描述 |
|-----------|--------|----|----------|
| domain_id | string | 必填 | DomainID |
-| role | string | 可选 | 角色 |
+| role | string | 可选 | 参与方角色,该字段由引擎自定义,对应到 [appImage](../concepts/appimage_cn.md#appimage-ref) 的部署模版中;更多参考 [KusciaJob](../concepts/kusciajob_cn.md#create-kuscia-job) |
{#party-status}
diff --git a/docs/reference/apis/summary_cn.md b/docs/reference/apis/summary_cn.md
index 06e53099..692a3094 100644
--- a/docs/reference/apis/summary_cn.md
+++ b/docs/reference/apis/summary_cn.md
@@ -137,7 +137,7 @@ GRPC 主机上端口:master 或者 autonomy 可以通过 `docker inspect --for
1. 使用编程语言的 HTTP 客户端库连接上 Kuscia API,注意:Kuscia API 使用 双向 HTTPS,所以你需要配置你的客户端库的双向 HTTPS
配置。
-2. 读取 token 文件内容,设置 HTTP 请求的 Header,增加:TOKEN={token}。
+2. 读取 Token 文件内容,设置 HTTP 请求的 Header,增加:TOKEN={token}。
3. 发送请求。
你也可以使用 HTTP 的客户端工具连接上 Kuscia API,如 curl,你需要替换 {} 中的内容:
diff --git a/docs/reference/concepts/domaindata_cn.md b/docs/reference/concepts/domaindata_cn.md
index abad8741..fd2051a9 100644
--- a/docs/reference/concepts/domaindata_cn.md
+++ b/docs/reference/concepts/domaindata_cn.md
@@ -52,6 +52,7 @@ spec:
relativeURI: alice.csv
type: table
vendor: manual
+ author: alice
```
在该示例中:
@@ -66,6 +67,7 @@ spec:
- `.spec.relativeURI`:表示相对于数据源根路径的位置,当前示例的绝对路径为`/home/kuscia/var/storage/data/alice.csv`,详细请查看 [参考](#refer)。
- `.spec.type`:表示 DomainData 的类型,目前支持 `table`、`model`、`rule`、`report`、`unknown`五种类型,分别表示数据表,模型,规则,报告和未知类型。
- `.spec.vendor`:表示 DomainData 的来源,仅用作标识,详细请查看 [参考](#refer)。
+- `.spec.author`:表示 DomainData 的所属者的节点 ID ,用来标识这个 DomainData 是由哪个节点创建的。
1. 准备你的 CSV 数据文件,将你的数据文件重命名为 `alice.csv`,并拷贝到alice节点容器即`${USER}-kuscia-lite-alice`容器的`/home/kuscia/var/storage/data`目录下,运行以下命令可完成:
@@ -113,10 +115,11 @@ spec:
name: education
type: float
dataSource: default-data-source
- name: alice.csv
+ name: alice-test.csv
relativeURI: alice.csv
type: table
vendor: manual
+ author: alice
```
在该示例中,将`.spec.name`的值调整为`alice-test.csv`。
@@ -155,15 +158,18 @@ Error from server (NotFound): domaindatas.kuscia.secretflow "alice-table" not fo
## 在 Domain 侧管理 DomainData
如 上文所述,DomainData 属于节点内资源,每一个 DomainData 都有自己所属的 Domain,且仅能被自己所属的 Domain 访问。
-你可以在 Domain 侧管理属于该 Domain 的 DomainData。Kuscia 在 Domain 侧提供了的 DataMesh API 来管理 DomainData。
+你可以在 Domain 侧管理属于该 Domain 的 DomainData。Kuscia 在 Domain 侧提供了的 Kuscia API 来管理 DomainData。
-Data Mesh API 提供 HTTP 和 GRPC 两种访问方法,分别位于 8070 和 8071
-端口,详情请参考 [Data Mesh API](../apis/datamesh/summary_cn.md#data-mesh-api-约定)。
+Kuscia API 提供 HTTP 和 GRPC 两种访问方法,端口分别为 8082 和 8083 。
+端口,详情请参考 [Kuscia API](../apis/domaindata_cn.md)。
1. 进入 alice 容器 `${USER}-kuscia-lite-alice` 容器中,查询 DomainData。
```shell
-docker exec -it ${USER}-kuscia-lite-alice curl -X POST 'https://127.0.0.1:8070/api/v1/datamesh/domaindata/query' --header 'Content-Type: application/json' -d '{
+docker exec -it root-kuscia-lite-alice curl -X POST 'https://127.0.0.1:8082/api/v1/domaindata/query' --header "Token: $(cat /home/kuscia/var/certs/token)" --header 'Content-Type: application/json' -d '{
+ "data": {
+ "domain_id": "alice",
"domaindata_id": "alice-table"
+ }
}' --cacert /home/kuscia/var/certs/ca.crt --cert /home/kuscia/var/certs/ca.crt --key /home/kuscia/var/certs/ca.key
```
@@ -201,6 +207,7 @@ spec:
relativeURI: alice.csv
type: table
vendor: manual
+ author: alice
```
DomainData `metadata` 的子字段详细介绍如下:
@@ -224,4 +231,5 @@ DomainData `spec` 的子字段详细介绍如下:
在该示例中是对于`default-data-source`数据源根目录的相对位置,即`/home/kuscia/var/storage/data/alice.csv`。
- `type`:表示 DomainData 的类型,目前支持 `table`、`model`、`rule`、`report`、`unknown`五种类型,分别表示数据表,模型,规则,报告和未知类型。
- `vendor`:表示 DomainData 的来源,仅用作标识,对于你手动创建的 DomainData,可以将其设置为`manual`,对于应用算法组件生成的表,由算法组件本身填充,secretflow算法组件会填充`secretflow`。
+- `.spec.author`:表示 DomainData 的所属者的节点 ID ,用来标识这个 DomainData 是由哪个节点创建的。
diff --git a/docs/reference/concepts/domaindatagrant_cn.md b/docs/reference/concepts/domaindatagrant_cn.md
index 82de1423..669d6dd8 100644
--- a/docs/reference/concepts/domaindatagrant_cn.md
+++ b/docs/reference/concepts/domaindatagrant_cn.md
@@ -148,16 +148,19 @@ Error from server (NotFound): domaindatas.kuscia.secretflow "alice-table" not fo
## 在 Domain 侧管理 DomainDataGrant
如 上文所述,DomainDataGrant 属于节点内资源,每一个 DomainDataGrant 都有自己所属的 Domain,且仅能被自己所属的 Domain 访问。
-你可以在 Domain 侧管理属于该 Domain 的 DomainDataGrant。Kuscia 在 Domain 侧提供了的 DataMesh API 来管理 DomainDataGrant。
+你可以在 Domain 侧管理属于该 Domain 的 DomainDataGrant。Kuscia 在 Domain 侧提供了的 Kuscia API 来管理 DomainDataGrant。
-Data Mesh API 提供 HTTP 和 GRPC 两种访问方法,分别位于 8070 和 8071
-端口,详情请参考 [Data Mesh API](../apis/datamesh/summary_cn.md#data-mesh-api-约定)。
+Kuscia API 提供 HTTP 和 GRPC 两种访问方法,端口分为 8082 和 8083 。
+端口,详情请参考 [Kuscia API](../apis/domaindatagrant_cn.md)。
1. 进入 alice 容器 `${USER}-kuscia-lite-alice` 容器中,查询 DomainDataGrant。
```shell
-curl -X POST 'http://{{USER-kuscia-lite-alice}:8070/api/v1/datamesh/domaindatagrant/query' --header 'Content-Type: application/json' -d '{
- "domaindatagrant_id": "alice"
-}'
+docker exec -it root-kuscia-lite-alice curl -X POST 'https://127.0.0.1:8082/api/v1/domaindatagrant/query' --header "Token: $(cat /home/kuscia/var/certs/token)" --header 'Content-Type: application/json' -d '{
+ "data": {
+ "domain_id": "alice",
+ "domaindatagrant_id": "${domaindatagrant_id}"
+ }
+}' --cacert /home/kuscia/var/certs/ca.crt --cert /home/kuscia/var/certs/ca.crt --key /home/kuscia/var/certs/ca.key
```
diff --git a/docs/reference/concepts/domainroute_cn.md b/docs/reference/concepts/domainroute_cn.md
index 4c052f21..08a02070 100644
--- a/docs/reference/concepts/domainroute_cn.md
+++ b/docs/reference/concepts/domainroute_cn.md
@@ -33,7 +33,7 @@ spec:
在示例中
* `.metadata.name`:表示路由规则的名称。
* `.metadata.namespace`:表示路由规则所在的命名空间,这里是 Master 的 Namespace。
-* `.spec.authenticationType`:表示节点到目标节点的身份认证方式,目前仅支持 TOKEN 、MTLS 和 None(表示不校验)。
+* `.spec.authenticationType`:表示节点到目标节点的身份认证方式,目前仅支持 Token 、MTLS 和 None(表示不校验)。
* `.spec.source`:表示源节点的 Namespace,这里即 Lite 节点的 Namespace。
* `.spec.destination`:表示目标节点的 Namespace,这里即 Master 的命名空间。
* `.spec.requestHeadersToAdd`:表示目标节点侧的 Envoy 在转发源节点的请求时添加的 headers,示例中 key 为
diff --git a/docs/reference/concepts/kusciajob_cn.md b/docs/reference/concepts/kusciajob_cn.md
index f2150b88..54e4a891 100644
--- a/docs/reference/concepts/kusciajob_cn.md
+++ b/docs/reference/concepts/kusciajob_cn.md
@@ -343,7 +343,7 @@ KusciaJob `spec`的子字段详细介绍如下:
- `tasks[].appImage`: 表示任务使用的 AppImage,详见 [AppImage](./appimage_cn.md)。
- `tasks[].parties`:表示任务参与方的信息。
- `tasks[].parties[].domainID`:表示任务参与方的节点 ID。
- - `tasks[].parties[].role`:表示任务参与方的角色。
+ - `tasks[].parties[].role`:表示任务参与方的角色,这个是由引擎自定义的;比如常见的 Host 、Guest , kuscia 会结合 [appImage](./appimage_cn.md#appimage-ref) 中的 role 字段,选择对应的部署模版启动引擎。
KusciaJob `status`的子字段详细介绍如下:
diff --git a/docs/reference/concepts/kusciatask_cn.md b/docs/reference/concepts/kusciatask_cn.md
index cbff917b..8cbe57d0 100644
--- a/docs/reference/concepts/kusciatask_cn.md
+++ b/docs/reference/concepts/kusciatask_cn.md
@@ -382,7 +382,7 @@ KusciaTask `spec` 的子字段详细介绍如下:
- `parties`:表示所有任务参与方的信息。
- `parties[].domainID`:表示任务参与方的节点标识。
- `parties[].appImageRef`:表示任务参与方所依赖的应用镜像名称。
- - `parties[].role`:表示任务参与方的角色。
+ - `parties[].role`:表示任务参与方的角色,这个是由引擎自定义的;比如常见的 Host 、Guest , kuscia 会结合 [appImage](./appimage_cn.md#appimage-ref) 中的 role 字段,选择对应的部署模版启动引擎。
- `parties[].minReservedPods`:表示任务参与方最小已预留资源的 Pod 数量,默认为空,表示任务参与方所有的 Pod 数量。Kuscia 调度器对每个任务参与方使用 Co-Scheduling 调度策略,
仅当任务参与方下已预留资源的 Pod 数量大于等于该值时,设置该参与方为已完成预留资源。
- `parties[].template`:表示任务参与方应用的模版信息。若配置该模版,则使用模版中配置的信息替换从 `parties[].appImageRef` 获取的模版信息。该字段下所包含的子字段含义,请参考概念 [AppImage](./appimage_cn.md)。
diff --git a/docs/reference/overview.md b/docs/reference/overview.md
index 1c13dbd9..ce1e123c 100644
--- a/docs/reference/overview.md
+++ b/docs/reference/overview.md
@@ -17,7 +17,7 @@
3. 多引擎集成:Kuscia 集成了多种隐私计算引擎,如隐语 PSI、SecretFlow、TrustedFlow(TEE)和 SecretFlow Serving,让您可以快速使用上述引擎能力。通过部署 Kuscia,您可以只选择需要的引擎,且可以动态升级支持其他引擎而无需再次部署。
4. 简化 API 调用:通过统一的 API 调用,您可以轻松启动任意算法任务,最简化的情况下仅需调用一个 API 就可完成任务执行。
-Kuscia 除解决以上问题外,也提供了任务流调度、多引擎协同、数据安全访问等能力。Kuscia 提供的能力详见"为什么需要 Kuscia"章节。
+Kuscia 除解决以上问题外,也提供了任务流调度、多引擎协同、数据安全访问等能力。Kuscia 提供的能力详见 [为什么需要 Kuscia](#why-kuscia) 章节。
### 生产部署
在实际生产环境中使用隐私计算,除上文提到 PoC 时可能遇到的挑战外,您可能会关心整个系统的隐私计算能力的快速演进、任务流调度能力、机构间异构数据源的支持、系统运维稳定性等问题。Kuscia 针对这些常见问题提供了一系列解决方案,让您可以更加专注于业务本身。
1. 一站式迭代演进:隐私计算技术仍处于快速发展阶段,引擎的更新迭代会比较频繁。Kuscia 凭借其良好的分层设计,使得新增引擎和升级现有引擎都无需重建已有的基础设施,从而简化了更新过程并降低了维护成本。同时为了应对不断扩大的数据流通市场规模,Kuscia 利用 RunC(容器运行时)和 RunK(Kubernetes 运行时)等技术,支持从小规模任务平滑过渡到大规模任务处理。这为应对将来可能出现的大量数据流通需求提供了准备。Kuscia 致力于成为用户在隐私计算领域长期的伙伴,陪伴用户一起成长和适应未来的技术变革和市场需求。
@@ -51,6 +51,7 @@ Kuscia 编排任务时期,即当前开源的 Kuscia 。经历了 Coordinator
通过这样的分层设计,让每一层聚焦于自己本层的核心职责。平台层专注于终端用户体验及实际的业务场景适配。Kuscia 层专注于解决隐私计算技术生产落地遇到的问题,引擎开发者专注于隐私计算任务核心逻辑的开发,无需考虑复杂的跨域网络环境及不同机构可能存在的异构数据源等问题。
+{#why-kuscia}
## 为什么需要 Kuscia
从一个隐私计算引擎开发完成到真正的生产级可用有多远,Kuscia 在隐私计算任务部署、执行、运维等整个生命周期中解决了哪些问题?
### 轻量化部署
diff --git a/docs/reference/troubleshoot/index.rst b/docs/reference/troubleshoot/index.rst
index 2f27d1e5..11b75ef7 100644
--- a/docs/reference/troubleshoot/index.rst
+++ b/docs/reference/troubleshoot/index.rst
@@ -9,6 +9,8 @@
deployfailed
networkauthorizationcheck
runjobfailed
+ networktroubleshoot
FATEdeployfailed
FATErunjobfailed
- userdefinedserviceroute
\ No newline at end of file
+ userdefinedserviceroute
+ private_key_loss
\ No newline at end of file
diff --git a/docs/reference/troubleshoot/networkauthorizationcheck.md b/docs/reference/troubleshoot/networkauthorizationcheck.md
index 5a830168..5ac7483b 100644
--- a/docs/reference/troubleshoot/networkauthorizationcheck.md
+++ b/docs/reference/troubleshoot/networkauthorizationcheck.md
@@ -77,4 +77,4 @@ curl: (7) Failed to connect to 1.1.1.1 port 18080 after 248 ms: Connection refus
通过日志能够很好的分析 kuscia 运行状态、连接情况、流量信息等,详细内容请参考[日志说明](../../deployment/logdescription.md/#envoy)
### 分析网络拓扑、使用抓包工具
-在复杂的网络环境中,可以先整理两方机构之间的网络拓扑,以便于更加清晰、快速的定位,再配合 Tcpdump、Wireshark 等抓包工具进行排查。
\ No newline at end of file
+在复杂的网络环境中,可以先整理两方机构之间的网络拓扑,以便于更加清晰、快速的定位,再配合 Tcpdump、Wireshark 等抓包工具进行排查。一个机构的网络拓扑可以参考[网络要求](../../deployment/networkrequirements.md)
\ No newline at end of file
diff --git a/docs/reference/troubleshoot/networktroubleshoot.md b/docs/reference/troubleshoot/networktroubleshoot.md
new file mode 100644
index 00000000..58454557
--- /dev/null
+++ b/docs/reference/troubleshoot/networktroubleshoot.md
@@ -0,0 +1,36 @@
+# 任务运行网络错误排查
+
+> 大多数任务失败是因为在运行任务前没做节点间授权,或者授权有问题,请提前参考[授权错误排查](./networkauthorizationcheck.md)确保授权没有问题
+
+## 问题排查的准入---找到问题请求的 traceid
+envoy 通过 http 请求头中 x-b3-traceid 字段来标识一个请求,根据 traceid 从 envoy 日志中的请求:
+- 如果引擎日志有打印 traceid,从 task 日志中获取 traceid 即可。
+- 如果引擎日志没有 traceid,则根据请求 taskid、url 或请求时间点,从 envoy 日志找到匹配的请求,从中找出traceid。
+如下示例,envoy 的 internal.log 和 external.log 日志中 url 后面的第一个字段即 traceid。
+
+```1.1.1.1 - [06/Dec/2023:16:33:33 +0000] bob hypq-fuexafpf-node-3-0-fed.alice.svc "POST /org.interconnection.link.ReceiverService/Push HTTP/1.1" 0ce06cf5c3249d98 0ce06cf5c3249d98 200 32 0 - -```
+
+## 认识 gateway 的日志格式
+
+### 日志格式
+
+envoy 的日志参考[envoy日志](./../../deployment/logdescription.md#envoy)
+
+### 怎么区分是入口流量还是出口流量呢?
+通常来说,External.log 是的请求是入口流量,Internal.log里的请求是出口流量。但是存在一种特殊场景,即转发场景,Alice --> Bob --> Carol。在 Bob 上,如果收到一个发送给 Carol 的请求,比如请求的域名是 xxx.carol.svc,Alice 的请求是 ExternalPort 进去,然后转到 InternalPort,最后转发到 Carol 的网关所以 Bob 的 External 和 Intenral.log 里会有对应该请求的 traceid 的两条日志,也可以根据请求的域名判断 ServiceName 中的 NameSpace 是不是自己的节点
+
+示例如下:
+```bash
+1.1.1.1 - [08/Dec/2023:07:21:10 +00001] alice mavis10-0-psi.carol.svc "POST /org.interconnection.link.ReceiverService/Push HTTP/1.1" 8c57cbc928bb598e 8c57cbc928bb598e 200 - 1398243 10 0 10 0 - -
+```
+
+## 正常请求的日志 Demo
+查看 traceid=`b257a3410662f1f3`日志
+- 发送端的internal.log
+```bash
+1.1.1.1 - [04/Jan/2024:05:52:40 +0000] bob squu-xaskaali-node-3-0-fed.alice.svc "POST /org.interconnection.link.ReceiverService/Push HTTP/1.1" b257a3410662f1f3 b257a3410662f1f3 200 - 149 0 0 0 0 - -
+```
+- 接收端的exernal.log
+```bash
+2.2.2.2 - [04/Jan/2024:05:52:40 +0000] bob squu-xaskaali-node-3-0-fed.alice.svc "POST /org.interconnection.link.ReceiverService/Push HTTP/1.1" b257a3410662f1f3 b257a3410662f1f3 200 - 149 0 - -
+```
\ No newline at end of file
diff --git a/docs/reference/troubleshoot/private_key_loss.md b/docs/reference/troubleshoot/private_key_loss.md
new file mode 100644
index 00000000..662e09ca
--- /dev/null
+++ b/docs/reference/troubleshoot/private_key_loss.md
@@ -0,0 +1,25 @@
+# Lite 节点遗漏证书之后如何重新部署
+
+## 前言
+
+出于安全性的考虑,如果 master 已经有了节点的证书并且机构侧节点已经部署完成,此时节点证书丢失且想要复用节点,需要执行下文步骤。
+
+## 重新部署节点
+
+### 步骤一
+在 master 节点上删除 lite 之前的节点证书,证书字段设置为空。详情参考[这里](../../reference/apis/domain_cn.md#update-domain)
+示例如下:
+```bash
+curl --cert /home/kuscia/var/certs/kusciaapi-server.crt \
+ --key /home/kuscia/var/certs/kusciaapi-server.key \
+ --cacert /home/kuscia/var/certs/ca.crt \
+ --header 'Token: {token}' --header 'Content-Type: application/json' \
+ 'https://{{USER}-kuscia-master}:8082/api/v1/domain/update' \
+ -d '{
+ "domain_id": "${节点ID}",
+ "cert": ""
+}'
+```
+
+### 步骤二
+向 master 重新申请 Token 并部署节点。详情参考[这里](../../deployment/deploy_master_lite_cn.md#lite-alice)
\ No newline at end of file
diff --git a/docs/reference/troubleshoot/runjobfailed.md b/docs/reference/troubleshoot/runjobfailed.md
index abfa4a8c..5c428493 100644
--- a/docs/reference/troubleshoot/runjobfailed.md
+++ b/docs/reference/troubleshoot/runjobfailed.md
@@ -100,4 +100,5 @@ docker exec -it ${USER}-kuscia-autonomy-bob bash
# 查看 bob 节点上任务 pod 日志
cat /home/kuscia/var/stdout/pods/podName_xxxx/xxxx/x.log
-```
\ No newline at end of file
+```
+任务运行遇到网络错误时,可以参考[这里](../reference/troubleshoot/networktroubleshoot.md)排查
\ No newline at end of file
diff --git a/docs/tutorial/run_secretflow_with_api_cn.md b/docs/tutorial/run_secretflow_with_api_cn.md
index e6e35807..7460ad30 100644
--- a/docs/tutorial/run_secretflow_with_api_cn.md
+++ b/docs/tutorial/run_secretflow_with_api_cn.md
@@ -8,7 +8,7 @@
{#cert-and-token}
-## 确认证书和 token
+## 确认证书和 Token
Kuscia API 使用双向 HTTPS,所以需要配置你的客户端库的双向 HTTPS 配置。
@@ -21,7 +21,7 @@ Kuscia API 使用双向 HTTPS,所以需要配置你的客户端库的双向 HT
| kusciaapi-server.key | 服务端私钥文件 |
| kusciaapi-server.crt | 服务端证书文件 |
| ca.crt | CA 证书文件 |
-| token | 认证 token ,在 headers 中添加 Token: { token 文件内容} |
+| token | 认证 Token ,在 headers 中添加 Token: { token 文件内容} |
### 点对点组网模式
@@ -34,7 +34,7 @@ Kuscia API 使用双向 HTTPS,所以需要配置你的客户端库的双向 HT
| kusciaapi-server.key | 服务端私钥文件 |
| kusciaapi-server.crt | 服务端证书文件 |
| ca.crt | CA 证书文件 |
-| token | 认证 token ,在 headers 中添加 Token: { token 文件内容} |
+| token | 认证 Token ,在 headers 中添加 Token: { token 文件内容} |
同时,还要保证节点间的授权证书配置正确,alice 节点和 bob 节点要完成授权的建立,否则双方无法共同参与计算任务。
@@ -364,13 +364,13 @@ KusciaJob 的算子参数由 `taskInputConfig` 字段定义,对于不同的算
curl: (56) OpenSSL SSL_read: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate, errno 0
-未配置 SSL 证书和私钥。请[确认证书和 token](#cert-and-token).
+未配置 SSL 证书和私钥。请[确认证书和 Token](#cert-and-token).
### curl: (58)
curl: (58) unable to set XXX file
-SSL 私钥、 SSL 证书或 CA 证书文件路径错误。请[确认证书和 token](#cert-and-token).
+SSL 私钥、 SSL 证书或 CA 证书文件路径错误。请[确认证书和 Token](#cert-and-token).
{#http-error-code}
@@ -378,7 +378,7 @@ SSL 私钥、 SSL 证书或 CA 证书文件路径错误。请[确认证书和 to
### 401 Unauthorized
-身份认证失败。请检查是否在 Headers 中配置了正确的 Token 。 Token 内容详见[确认证书和 token](#cert-and-token).
+身份认证失败。请检查是否在 Headers 中配置了正确的 Token 。 Token 内容详见[确认证书和 Token](#cert-and-token).
### 404 Page Not Found
diff --git a/go.mod b/go.mod
index d985850f..a62275ed 100644
--- a/go.mod
+++ b/go.mod
@@ -12,6 +12,7 @@ require (
github.com/envoyproxy/go-control-plane v0.11.1
github.com/fsnotify/fsnotify v1.6.0
github.com/gin-gonic/gin v1.9.1
+ github.com/go-sql-driver/mysql v1.6.0
github.com/golang-jwt/jwt/v5 v5.0.0
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
github.com/golang/mock v1.6.0
diff --git a/go.sum b/go.sum
index 5118f524..ce8e73da 100644
--- a/go.sum
+++ b/go.sum
@@ -243,6 +243,8 @@ github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJn
github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
github.com/go-playground/validator/v10 v10.14.0 h1:vgvQWe3XCz3gIeFDm/HnTIbj6UGmg/+t63MyGU2n5js=
github.com/go-playground/validator/v10 v10.14.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
+github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
+github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/gobuffalo/flect v0.3.0 h1:erfPWM+K1rFNIQeRPdeEXxo8yFr/PO17lhRnS8FUrtk=
github.com/gobuffalo/flect v0.3.0/go.mod h1:5pf3aGnsvqvCj50AVni7mJJF8ICxGZ8HomberC3pXLE=
diff --git a/hack/build.sh b/hack/build.sh
index d9ab1fc5..13c46359 100755
--- a/hack/build.sh
+++ b/hack/build.sh
@@ -19,7 +19,7 @@ set -e
app_type=""
-ldflags="-s -w -X github.com/secretflow/kuscia/pkg/utils/meta.KusciaVersion=$(git describe --always)"
+ldflags="-s -w -X github.com/secretflow/kuscia/pkg/utils/meta.KusciaVersion=$(git describe --tags --always)"
function build_kuscia() {
echo "build kuscia binary..."
diff --git a/hack/k8s/autonomy/configmap.yaml b/hack/k8s/autonomy/configmap.yaml
index f43480e9..4ebc4eed 100644
--- a/hack/k8s/autonomy/configmap.yaml
+++ b/hack/k8s/autonomy/configmap.yaml
@@ -11,7 +11,7 @@ data:
# 节点ID
# 示例: domainID: alice
domainID: {{.DOMAIN_ID}}
- # 节点私钥配置, 用于节点间的通信认证, 节点应用的证书签发
+ # 节点私钥配置, 用于节点间的通信认证(通过 2 方的证书来生成通讯的身份令牌), 节点应用的证书签发(为了加强通讯安全性,kuscia 会给每一个任务引擎分配 MTLS 证书,不论引擎访问其他模块(包括外部),还是其他模块访问引擎,都走 MTLS 通讯,以免内部攻破引擎。)
# 注意: 目前节点私钥仅支持 pkcs#1 格式的: "BEGIN RSA PRIVATE KEY/END RSA PRIVATE KEY"
# 执行命令 "docker run -it --rm secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow/kuscia scripts/deploy/generate_rsa_key.sh" 生成私钥
domainKeyData: {{.DOMAIN_KEY_DATA}}
diff --git a/hack/k8s/kine.sql b/hack/k8s/kine.sql
new file mode 100644
index 00000000..129f0aff
--- /dev/null
+++ b/hack/k8s/kine.sql
@@ -0,0 +1,17 @@
+CREATE TABLE if not exists `kine` (
+ `id` int(11) NOT NULL AUTO_INCREMENT,
+ `name` varchar(630) CHARACTER SET ascii DEFAULT NULL,
+ `created` int(11) DEFAULT NULL,
+ `deleted` int(11) DEFAULT NULL,
+ `create_revision` int(11) DEFAULT NULL,
+ `prev_revision` int(11) DEFAULT NULL,
+ `lease` int(11) DEFAULT NULL,
+ `value` mediumblob,
+ `old_value` mediumblob,
+ PRIMARY KEY (`id`),
+ UNIQUE KEY `kine_name_prev_revision_uindex` (`name`,`prev_revision`),
+ KEY `kine_name_index` (`name`),
+ KEY `kine_name_id_index` (`name`,`id`),
+ KEY `kine_id_deleted_index` (`id`,`deleted`),
+ KEY `kine_prev_revision_index` (`prev_revision`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
\ No newline at end of file
diff --git a/hack/k8s/lite/configmap.yaml b/hack/k8s/lite/configmap.yaml
index 31e8a5da..d0811f2b 100644
--- a/hack/k8s/lite/configmap.yaml
+++ b/hack/k8s/lite/configmap.yaml
@@ -10,7 +10,7 @@ data:
# 节点ID
# 示例: domainID: alice
domainID: {{.DOMAIN_ID}}
- # 节点私钥配置, 用于节点间的通信认证, 节点应用的证书签发
+ # 节点私钥配置, 用于节点间的通信认证(通过 2 方的证书来生成通讯的身份令牌), 节点应用的证书签发(为了加强通讯安全性,kuscia 会给每一个任务引擎分配 MTLS 证书,不论引擎访问其他模块(包括外部),还是其他模块访问引擎,都走 MTLS 通讯,以免内部攻破引擎。)
# 注意: 目前节点私钥仅支持 pkcs#1 格式的: "BEGIN RSA PRIVATE KEY/END RSA PRIVATE KEY"
# 执行命令 "docker run -it --rm secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow/kuscia scripts/deploy/generate_rsa_key.sh" 生成私钥
domainKeyData: {{.DOMAIN_KEY_DATA}}
@@ -20,7 +20,7 @@ data:
# master
- # 节点连接 master 的部署 token, 用于节点向 master 注册证书, 只在节点第一次向 master 注册证书时有效
+ # 节点连接 master 的部署 Token, 用于节点向 master 注册证书, 只在节点第一次向 master 注册证书时有效
liteDeployToken: {{.DEPLOY_TOKEN}}
# 节点连接 master 的地址
# 示例: http://kuscia-master.kuscia-master.svc.cluster.local:1080
diff --git a/hack/k8s/master/configmap.yaml b/hack/k8s/master/configmap.yaml
index 3407a610..b63bd597 100644
--- a/hack/k8s/master/configmap.yaml
+++ b/hack/k8s/master/configmap.yaml
@@ -6,7 +6,7 @@ data:
# 节点ID
# 示例: domainID: kuscia-system
domainID: {{.DOMAIN_ID}}
- # 节点私钥配置, 用于节点间的通信认证, 节点应用的证书签发
+ # 节点私钥配置, 用于节点间的通信认证(通过 2 方的证书来生成通讯的身份令牌), 节点应用的证书签发(为了加强通讯安全性,kuscia 会给每一个任务引擎分配 MTLS 证书,不论引擎访问其他模块(包括外部),还是其他模块访问引擎,都走 MTLS 通讯,以免内部攻破引擎。)
# 注意: 目前节点私钥仅支持 pkcs#1 格式的: "BEGIN RSA PRIVATE KEY/END RSA PRIVATE KEY"
# 执行命令 "docker run -it --rm secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow/kuscia scripts/deploy/generate_rsa_key.sh" 生成私钥
domainKeyData: {{.DOMAIN_KEY_DATA}}
diff --git a/pkg/common/constants.go b/pkg/common/constants.go
index 3f0f1017..b7f09899 100644
--- a/pkg/common/constants.go
+++ b/pkg/common/constants.go
@@ -14,6 +14,8 @@
package common
+import "time"
+
// labels
const (
// LabelPortScope represents port usage scope. Its values may be Local, Domain, Cluster. Refer to PortScope for more details.
@@ -119,6 +121,7 @@ const (
// Environment variables issued to the task pod.
const (
+ EnvDomainID = "DOMAIN_ID"
EnvTaskID = "TASK_ID"
EnvServingID = "SERVING_ID"
EnvInputConfig = "INPUT_CONFIG"
@@ -198,3 +201,7 @@ const (
TmpPrefix = "var/tmp/"
ConfPrefix = "etc/conf/"
)
+
+const (
+ GatewayLiveTimeout = 3 * time.Minute
+)
diff --git a/pkg/common/convert.go b/pkg/common/convert.go
index 936b88cb..e29db7d3 100644
--- a/pkg/common/convert.go
+++ b/pkg/common/convert.go
@@ -120,7 +120,7 @@ func Convert2ArrowColumnType(colType string) arrow.DataType {
return arrow.PrimitiveTypes.Int16
case "int32":
return arrow.PrimitiveTypes.Int32
- case "int64":
+ case "int64", "int":
return arrow.PrimitiveTypes.Int64
case "uint8":
return arrow.PrimitiveTypes.Uint8
@@ -132,7 +132,7 @@ func Convert2ArrowColumnType(colType string) arrow.DataType {
return arrow.PrimitiveTypes.Uint64
case "float32":
return arrow.PrimitiveTypes.Float32
- case "float64":
+ case "float64", "float":
return arrow.PrimitiveTypes.Float64
case "date32":
return arrow.PrimitiveTypes.Date32
@@ -141,7 +141,7 @@ func Convert2ArrowColumnType(colType string) arrow.DataType {
case "bool":
return arrow.FixedWidthTypes.Boolean
// STRING UTF8 variable-length string as List
- case "string":
+ case "string", "str":
return arrow.BinaryTypes.String
// Variable-length bytes (no guarantee of UTF8-ness)
case "binary":
diff --git a/pkg/common/gen.go b/pkg/common/gen.go
index 9edbcafb..cf78a74f 100644
--- a/pkg/common/gen.go
+++ b/pkg/common/gen.go
@@ -43,3 +43,7 @@ func GenDomainDataID(dataName string) (dataID string) {
func GenDomainRouteName(src, dest string) string {
return fmt.Sprintf("%s-%s", src, dest)
}
+
+func GenerateClusterName(source, dest, portName string) string {
+ return fmt.Sprintf("%s-to-%s-%s", source, dest, portName)
+}
diff --git a/pkg/controllers/clusterdomainroute/controller.go b/pkg/controllers/clusterdomainroute/controller.go
index baba0c8f..639968bb 100644
--- a/pkg/controllers/clusterdomainroute/controller.go
+++ b/pkg/controllers/clusterdomainroute/controller.go
@@ -17,10 +17,6 @@ package clusterdomainroute
import (
"context"
- "crypto/rsa"
- "crypto/x509"
- "encoding/base64"
- "encoding/pem"
"fmt"
"reflect"
"time"
@@ -48,11 +44,6 @@ import (
const (
clusterDomainRouteSyncPeriod = 2 * time.Minute
- syncDomainPubKeyReason = "SyncDomainPubKey"
- errErrResourceExists = "ErrResourceExists"
- doValidateReason = "DoValidate"
- checkDomainRoute = "CheckDomainRoute"
- syncDomainRouteStatus = "SyncDomainRouteStatus"
controllerName = "cluster-domain-route-controller"
)
@@ -120,7 +111,7 @@ func NewController(ctx context.Context, config controllers.ControllerConfig) con
return
}
- nlog.Debugf("Found clusterdomain(%s) update", newCdr.Name)
+ nlog.Debugf("Found clusterdomainroute(%s) update", newCdr.Name)
cc.enqueueClusterDomainRoute(newCdr)
},
DeleteFunc: func(obj interface{}) {
@@ -187,6 +178,9 @@ func NewController(ctx context.Context, config controllers.ControllerConfig) con
cc.enqueueClusterDomainRoute(newOne)
}
},
+ DeleteFunc: func(obj interface{}) {
+ cc.enqueueClusterDomainRoute(obj)
+ },
},
0,
)
@@ -201,68 +195,6 @@ func (c *controller) runWorker(ctx context.Context) {
}
}
-func addLabel(ctx context.Context, kusciaClient kusciaclientset.Interface, cdr *kusciaapisv1alpha1.ClusterDomainRoute) *kusciaapisv1alpha1.ClusterDomainRoute {
- var err error
- if cdr.Labels == nil {
- cdrCopy := cdr.DeepCopy()
- cdrCopy.Labels = map[string]string{
- common.KusciaSourceKey: cdr.Spec.Source,
- common.KusciaDestinationKey: cdr.Spec.Destination,
- }
- if cdr, err = kusciaClient.KusciaV1alpha1().ClusterDomainRoutes().Update(ctx, cdrCopy, metav1.UpdateOptions{}); err != nil {
- nlog.Errorf("Update cdr, src(%s) dst(%s) failed with (%s)", cdr.Spec.Source, cdr.Spec.Destination, err.Error())
- }
- } else if _, ok := cdr.Labels[common.KusciaSourceKey]; !ok {
- cdrCopy := cdr.DeepCopy()
- cdrCopy.Labels[common.KusciaSourceKey] = cdr.Spec.Source
- cdrCopy.Labels[common.KusciaDestinationKey] = cdr.Spec.Destination
- if cdr, err = kusciaClient.KusciaV1alpha1().ClusterDomainRoutes().Update(ctx, cdrCopy, metav1.UpdateOptions{}); err != nil {
- nlog.Errorf("Update cdr, src(%s) dst(%s) failed with (%s)", cdr.Spec.Source, cdr.Spec.Destination, err.Error())
- }
- }
- return cdr
-}
-
-func (c *controller) checkDomainRoute(ctx context.Context, cdr *kusciaapisv1alpha1.ClusterDomainRoute,
- role kusciaapisv1alpha1.DomainRole, namespace, drName string) (*kusciaapisv1alpha1.DomainRoute, error) {
- if role == kusciaapisv1alpha1.Partner {
- return nil, nil
- }
- if cdr.Spec.Destination == c.Namespace && namespace != c.Namespace {
- return nil, nil
- }
- dr, err := c.domainRouteLister.DomainRoutes(namespace).Get(drName)
- if k8serrors.IsNotFound(err) {
- nlog.Infof("Not found domainroute %s/%s, so create it", namespace, drName)
- if dr, err = c.kusciaClient.KusciaV1alpha1().DomainRoutes(namespace).Create(ctx, newDomainRoute(cdr, drName, namespace), metav1.CreateOptions{}); err != nil {
- return nil, err
- }
- }
-
- if err != nil {
- return nil, err
- }
-
- if !metav1.IsControlledBy(dr, cdr) {
- msg := fmt.Sprintf("DomainRoute %s already exists in namespace %s and is not managed by ClusterDomainRoute", drName, namespace)
- return nil, fmt.Errorf("%s", msg)
- }
- if needDeleteDr(cdr, dr) {
- return nil, c.kusciaClient.KusciaV1alpha1().DomainRoutes(namespace).Delete(ctx, dr.Name, metav1.DeleteOptions{})
- }
-
- if !compareSpec(cdr, dr) {
- dr = dr.DeepCopy()
- dr.Labels = cdr.Labels
- dr.Spec = cdr.Spec.DomainRouteSpec
- nlog.Infof("Found domainroute %s/%s not match cdr, correct it", namespace, drName)
- if dr, err = c.kusciaClient.KusciaV1alpha1().DomainRoutes(namespace).Update(ctx, dr, metav1.UpdateOptions{}); err != nil {
- return nil, err
- }
- }
- return dr, nil
-}
-
func needDeleteDr(cdr *kusciaapisv1alpha1.ClusterDomainRoute, dr *kusciaapisv1alpha1.DomainRoute) bool {
if !reflect.DeepEqual(cdr.Spec.Endpoint, dr.Spec.Endpoint) {
return true
@@ -302,52 +234,58 @@ func (c *controller) syncHandler(ctx context.Context, key string) error {
return err
}
- cdr, err = c.syncDomainPubKey(ctx, cdr)
+ // Check domain role
+ sourceRole, destRole, err := c.getDomainRole(cdr)
if err != nil {
- nlog.Errorf("clusterdomainroute %s SyncDomainPubKey error:%v", cdr.Name, err)
return err
}
- if err := domainroute.DoValidate(&cdr.Spec.DomainRouteSpec); err != nil {
- nlog.Errorf("clusterdomainroute %s doValidate error:%v", cdr.Name, err)
- return err
+ appendLabels := make(map[string]string, 0)
+ appendLabels[common.KusciaSourceKey] = cdr.Spec.Source
+ appendLabels[common.KusciaDestinationKey] = cdr.Spec.Destination
+ if sourceRole == kusciaapisv1alpha1.Partner {
+ appendLabels[common.LabelDomainRoutePartner] = cdr.Spec.Source
+ } else if destRole == kusciaapisv1alpha1.Partner {
+ appendLabels[common.LabelDomainRoutePartner] = cdr.Spec.Destination
}
- sourceRole, destRole, err := c.getDomainRole(cdr)
- if err != nil {
+ // Update label must be first.
+ if hasUpdate, err := c.updateLabel(ctx, cdr, appendLabels, nil); err != nil || hasUpdate {
return err
}
- drName := fmt.Sprintf("%s-%s", cdr.Spec.Source, cdr.Spec.Destination)
-
- // Create domainroute in source namespace
- srcdr, err := c.checkDomainRoute(ctx, cdr, sourceRole, cdr.Spec.Source, drName)
- if err != nil {
- nlog.Warnf(err.Error())
+ if hasUpdate, err := c.syncDomainPubKey(ctx, cdr); err != nil || hasUpdate {
return err
}
- // Create domainroute in destination namespace
- destdr, err := c.checkDomainRoute(ctx, cdr, destRole, cdr.Spec.Destination, drName)
- if err != nil {
- nlog.Warnf(err.Error())
+ if err := domainroute.DoValidate(&cdr.Spec.DomainRouteSpec); err != nil {
+ nlog.Errorf("clusterdomainroute %s doValidate error:%v", cdr.Name, err)
return err
}
- appendLabels := make(map[string]string, 0)
- if sourceRole == kusciaapisv1alpha1.Partner {
- appendLabels[common.LabelDomainRoutePartner] = cdr.Spec.Source
- } else if destRole == kusciaapisv1alpha1.Partner {
- appendLabels[common.LabelDomainRoutePartner] = cdr.Spec.Destination
+ var srcdr, destdr *kusciaapisv1alpha1.DomainRoute
+ drName := fmt.Sprintf("%s-%s", cdr.Spec.Source, cdr.Spec.Destination)
+ if sourceRole != kusciaapisv1alpha1.Partner {
+ // Create domainroute in source namespace
+ if hasUpdate, err := c.checkDomainRoute(ctx, cdr, cdr.Spec.Source, drName); err != nil || hasUpdate {
+ return err
+ }
+ if srcdr, err = c.domainRouteLister.DomainRoutes(cdr.Spec.Source).Get(drName); err != nil {
+ return err
+ }
}
- cdr, err = c.updateLabel(ctx, cdr, appendLabels, nil)
- if err != nil {
- return err
+ if destRole != kusciaapisv1alpha1.Partner {
+ // Create domainroute in destination namespace
+ if hasUpdate, err := c.checkDomainRoute(ctx, cdr, cdr.Spec.Destination, drName); err != nil || hasUpdate {
+ return err
+ }
+ if destdr, err = c.domainRouteLister.DomainRoutes(cdr.Spec.Destination).Get(drName); err != nil {
+ return err
+ }
}
- cdr, err = c.syncStatusFromDomainroute(cdr, srcdr, destdr)
- if err != nil {
+ if hasUpdate, err := c.syncStatusFromDomainroute(cdr, srcdr, destdr); err != nil || hasUpdate {
return err
}
@@ -358,35 +296,6 @@ func (c *controller) enqueueClusterDomainRoute(obj interface{}) {
queue.EnqueueObjectWithKey(obj, c.clusterDomainRouteWorkqueue)
}
-func (c *controller) syncDomainPubKey(ctx context.Context,
- cdr *kusciaapisv1alpha1.ClusterDomainRoute) (*kusciaapisv1alpha1.ClusterDomainRoute, error) {
- if cdr.Spec.TokenConfig != nil && cdr.Spec.TokenConfig.TokenGenMethod == kusciaapisv1alpha1.TokenGenMethodRSA || cdr.Spec.TokenConfig.TokenGenMethod == kusciaapisv1alpha1.TokenGenUIDRSA {
- cdrCopy := cdr.DeepCopy()
- needUpdate := false
-
- srcRsaPubData := c.getPublicKeyFromDomain(cdr.Spec.Source)
- srcRsaPub := base64.StdEncoding.EncodeToString(srcRsaPubData)
- if len(srcRsaPubData) != 0 && cdr.Spec.TokenConfig.SourcePublicKey != srcRsaPub {
- cdrCopy.Spec.TokenConfig.SourcePublicKey = srcRsaPub
- needUpdate = true
- }
-
- destRsaPubData := c.getPublicKeyFromDomain(cdr.Spec.Destination)
- destRsaPub := base64.StdEncoding.EncodeToString(destRsaPubData)
- if len(destRsaPubData) != 0 && cdr.Spec.TokenConfig.DestinationPublicKey != destRsaPub {
- cdrCopy.Spec.TokenConfig.DestinationPublicKey = destRsaPub
- needUpdate = true
- }
-
- if needUpdate {
- cdr, err := c.kusciaClient.KusciaV1alpha1().ClusterDomainRoutes().Update(ctx, cdrCopy,
- metav1.UpdateOptions{})
- return cdr, err
- }
- }
- return cdr, nil
-}
-
func (c *controller) syncClusterDomainRouteByDomainName(key, domainName string) {
cdrReqSrc, _ := labels.NewRequirement(key, selection.Equals, []string{domainName})
cdrs, err := c.clusterDomainRouteLister.List(labels.NewSelector().Add(*cdrReqSrc))
@@ -396,6 +305,7 @@ func (c *controller) syncClusterDomainRouteByDomainName(key, domainName string)
}
for _, cdr := range cdrs {
+ nlog.Infof("Enqueue clusterdomainroute %s, because domain %s update", cdr.Name, domainName)
c.enqueueClusterDomainRoute(cdr)
}
}
@@ -414,7 +324,7 @@ func (c *controller) Run(threadiness int) error {
go wait.Until(func() {
c.Monitorcdrstatus(c.ctx)
- }, time.Minute, c.ctx.Done())
+ }, time.Second*30, c.ctx.Done())
// Launch two workers to process ClusterDomainRoute resources
for i := 0; i < threadiness; i++ {
go wait.Until(func() {
@@ -434,120 +344,12 @@ func (c *controller) Stop() {
}
}
-func newDomainRoute(cdr *kusciaapisv1alpha1.ClusterDomainRoute, name, namespace string) *kusciaapisv1alpha1.DomainRoute {
- return &kusciaapisv1alpha1.DomainRoute{
- ObjectMeta: metav1.ObjectMeta{
- Name: name,
- Namespace: namespace,
- Labels: cdr.Labels,
- OwnerReferences: []metav1.OwnerReference{
- *metav1.NewControllerRef(cdr, kusciaapisv1alpha1.SchemeGroupVersion.WithKind("ClusterDomainRoute")),
- },
- },
- Spec: cdr.Spec.DomainRouteSpec,
- Status: kusciaapisv1alpha1.DomainRouteStatus{},
- }
-}
-
-func compareSpec(cdr *kusciaapisv1alpha1.ClusterDomainRoute, dr *kusciaapisv1alpha1.DomainRoute) bool {
- if !reflect.DeepEqual(cdr.Labels, dr.Labels) {
- return false
- }
-
- if !reflect.DeepEqual(cdr.Spec.DomainRouteSpec, dr.Spec) {
- return false
- }
-
- return true
-}
-
-func (c *controller) getPublicKeyFromDomain(namespace string) []byte {
- domain, err := c.domainLister.Get(namespace)
- if err != nil {
- return nil
- }
- if domain.Spec.Cert != "" {
- rsaPubData, err := getPublickeyFromCert(domain.Spec.Cert)
- if err != nil {
- return nil
- }
- return rsaPubData
- }
- return nil
-}
-
func (c *controller) Name() string {
return controllerName
}
-func (c *controller) syncStatusFromDomainroute(cdr *kusciaapisv1alpha1.ClusterDomainRoute,
- srcdr *kusciaapisv1alpha1.DomainRoute, destdr *kusciaapisv1alpha1.DomainRoute) (*kusciaapisv1alpha1.ClusterDomainRoute, error) {
- needUpdate := false
- cdr = cdr.DeepCopy()
-
- isSrcTokenChanged := srcdr != nil && !reflect.DeepEqual(cdr.Status.TokenStatus.SourceTokens, srcdr.Status.TokenStatus.Tokens)
- isSrcStatusChanged := srcdr != nil && !srcdr.Status.IsDestinationUnreachable != IsReady(&cdr.Status)
-
- // init new condition
- setCondition(&cdr.Status, newCondition(kusciaapisv1alpha1.ClusterDomainRouteReady, corev1.ConditionTrue, "", "Success"))
-
- if isSrcTokenChanged || isSrcStatusChanged {
- cdr.Status.TokenStatus.SourceTokens = srcdr.Status.TokenStatus.Tokens
- needUpdate = true
-
- if len(cdr.Status.TokenStatus.SourceTokens) == 0 {
- if !srcdr.Status.IsDestinationAuthorized {
- setCondition(&cdr.Status, newCondition(kusciaapisv1alpha1.ClusterDomainRouteReady, corev1.ConditionFalse, "DestinationIsNotAuthrized", "TokenNotGenerate"))
- } else {
- setCondition(&cdr.Status, newCondition(kusciaapisv1alpha1.ClusterDomainRouteReady, corev1.ConditionFalse, "TokenNotGenerate", "TokenNotGenerate"))
- }
- } else if srcdr.Status.IsDestinationUnreachable {
- nlog.Infof("set cdr(%s) ready condition.reason=DestinationUnreachable", cdr.Name)
- setCondition(&cdr.Status, newCondition(kusciaapisv1alpha1.ClusterDomainRouteReady, corev1.ConditionFalse,
- "DestinationUnreachable", "DestinationUnreachable"))
- }
- }
- if destdr != nil && !reflect.DeepEqual(cdr.Status.TokenStatus.DestinationTokens, destdr.Status.TokenStatus.Tokens) {
- cdr.Status.TokenStatus.DestinationTokens = destdr.Status.TokenStatus.Tokens
- needUpdate = true
- if len(cdr.Status.TokenStatus.DestinationTokens) == 0 {
- setCondition(&cdr.Status, newCondition(kusciaapisv1alpha1.ClusterDomainRouteReady, corev1.ConditionFalse, "TokenNotGenerate", "TokenNotGenerate"))
- }
- }
-
- if needUpdate {
- sn := len(cdr.Status.TokenStatus.SourceTokens)
- dn := len(cdr.Status.TokenStatus.DestinationTokens)
- if sn > 0 && dn > 0 && cdr.Status.TokenStatus.SourceTokens[sn-1].Revision != cdr.Status.TokenStatus.DestinationTokens[dn-1].Revision {
- setCondition(&cdr.Status, newCondition(kusciaapisv1alpha1.ClusterDomainRouteReady, corev1.ConditionFalse, "TokenRevisionNotMatch", "TokenRevisionNotMatch"))
- }
-
- cdr, err := c.kusciaClient.KusciaV1alpha1().ClusterDomainRoutes().UpdateStatus(c.ctx, cdr, metav1.UpdateOptions{})
- return cdr, err
- }
-
- return cdr, nil
-}
-
-func (c *controller) getDomainRole(cdr *kusciaapisv1alpha1.ClusterDomainRoute) (kusciaapisv1alpha1.DomainRole,
- kusciaapisv1alpha1.DomainRole, error) {
- s, err := c.domainLister.Get(cdr.Spec.Source)
- if err != nil {
- nlog.Warnf("get Domain %s fail: %v", cdr.Spec.Source, err)
- return "", "", err
- }
-
- d, err := c.domainLister.Get(cdr.Spec.Destination)
- if err != nil {
- nlog.Warnf("get Domain %s fail: %v", cdr.Spec.Destination, err)
- return "", "", err
- }
-
- return s.Spec.Role, d.Spec.Role, nil
-}
-
func (c *controller) updateLabel(ctx context.Context, cdr *kusciaapisv1alpha1.ClusterDomainRoute, addLabels map[string]string,
- removeLabels map[string]struct{}) (*kusciaapisv1alpha1.ClusterDomainRoute, error) {
+ removeLabels map[string]bool) (bool, error) {
var err error
needUpdateLabel := func() bool {
@@ -555,18 +357,13 @@ func (c *controller) updateLabel(ctx context.Context, cdr *kusciaapisv1alpha1.Cl
return true
}
- _, ok := cdr.Labels[common.KusciaSourceKey]
- if !ok {
- return true
- }
-
for k, v := range addLabels {
if oldVal, exist := cdr.Labels[k]; !exist || oldVal != v {
return true
}
}
- for k, _ := range removeLabels {
+ for k := range removeLabels {
if _, exist := cdr.Labels[k]; exist {
return true
}
@@ -576,7 +373,7 @@ func (c *controller) updateLabel(ctx context.Context, cdr *kusciaapisv1alpha1.Cl
}
if !needUpdateLabel() {
- return cdr, nil
+ return false, nil
}
cdrCopy := cdr.DeepCopy()
@@ -602,81 +399,16 @@ func (c *controller) updateLabel(ctx context.Context, cdr *kusciaapisv1alpha1.Cl
cdrCopy.Labels[k] = v
}
- if cdr, err = c.kusciaClient.KusciaV1alpha1().ClusterDomainRoutes().Update(ctx, cdrCopy, metav1.UpdateOptions{}); err != nil {
- nlog.Warnf("Update cdr, src(%s) dst(%s) failed with (%s)", cdrCopy.Spec.Source, cdrCopy.Spec.Destination, err.Error())
- return cdr, err
+ _, err = c.kusciaClient.KusciaV1alpha1().ClusterDomainRoutes().Update(ctx, cdrCopy, metav1.UpdateOptions{})
+ if err != nil && !k8serrors.IsConflict(err) {
+ nlog.Errorf("Update cdr, src(%s) dst(%s) failed with (%s)", cdrCopy.Spec.Source, cdrCopy.Spec.Destination, err.Error())
+ return true, err
}
-
- return cdr, nil
-}
-
-func newCondition(condType kusciaapisv1alpha1.ClusterDomainRouteConditionType, status corev1.ConditionStatus, reason, message string) *kusciaapisv1alpha1.ClusterDomainRouteCondition {
- return &kusciaapisv1alpha1.ClusterDomainRouteCondition{
- Type: condType,
- Status: status,
- LastUpdateTime: metav1.Now(),
- LastTransitionTime: metav1.Now(),
- Reason: reason,
- Message: message,
+ if err == nil {
+ nlog.Infof("ClusterDomainRoute %s updateLabel", cdr.Name)
}
-}
-
-func setCondition(status *kusciaapisv1alpha1.ClusterDomainRouteStatus, condition *kusciaapisv1alpha1.ClusterDomainRouteCondition) {
- var currentCond *kusciaapisv1alpha1.ClusterDomainRouteCondition
- for i := range status.Conditions {
- cond := &status.Conditions[i]
-
- if cond.Type != condition.Type {
- // DO NOT TOUCH READY CONDITION
- if cond.Type == kusciaapisv1alpha1.ClusterDomainRouteReady || condition.Type == kusciaapisv1alpha1.ClusterDomainRouteReady {
- continue
- }
- if cond.Status == corev1.ConditionTrue {
- cond.Status = corev1.ConditionFalse
- cond.LastUpdateTime = condition.LastTransitionTime
- cond.LastTransitionTime = condition.LastTransitionTime
- cond.Reason = condition.Reason
- cond.Message = condition.Message
- }
- continue
- }
-
- currentCond = cond
- // Do not update lastTransitionTime if the status of the condition doesn't change.
- if cond.Status == condition.Status {
- condition.LastTransitionTime = cond.LastTransitionTime
- }
- status.Conditions[i] = *condition
- }
-
- if currentCond == nil {
- status.Conditions = append(status.Conditions, *condition)
- }
-}
-
-func getPublickeyFromCert(certString string) ([]byte, error) {
- certPem, err := base64.StdEncoding.DecodeString(certString)
- if err != nil {
- return nil, err
- }
- certData, _ := pem.Decode(certPem)
- if certData == nil {
- return nil, fmt.Errorf("%s", "pem Decode fail")
- }
- cert, err := x509.ParseCertificate(certData.Bytes)
- if err != nil {
- return nil, err
- }
- rsaPub, ok := cert.PublicKey.(*rsa.PublicKey)
- if !ok {
- return nil, fmt.Errorf("%s", "Cant get publickey from src domain")
- }
- block := &pem.Block{
- Type: "RSA PUBLIC KEY",
- Bytes: x509.MarshalPKCS1PublicKey(rsaPub),
- }
- return pem.EncodeToMemory(block), nil
+ return true, nil
}
func IsReady(status *kusciaapisv1alpha1.ClusterDomainRouteStatus) bool {
diff --git a/pkg/controllers/clusterdomainroute/controller_test.go b/pkg/controllers/clusterdomainroute/controller_test.go
index b8b7062c..c6380df5 100644
--- a/pkg/controllers/clusterdomainroute/controller_test.go
+++ b/pkg/controllers/clusterdomainroute/controller_test.go
@@ -153,6 +153,21 @@ func Test_controller_add_label(t *testing.T) {
}
_, err = kusciaClient.KusciaV1alpha1().Domains().Create(ctx, aliceDomain, metav1.CreateOptions{})
assert.NoError(t, err)
+ _, err = kusciaClient.KusciaV1alpha1().Gateways(alice).Create(ctx, &kusciaapisv1alpha1.Gateway{
+ Status: kusciaapisv1alpha1.GatewayStatus{
+ NetworkStatus: []kusciaapisv1alpha1.GatewayEndpointStatus{
+ {
+ Type: common.GenerateClusterName(alice, bob, "http"),
+ Name: "DomainRoute",
+ },
+ {
+ Type: common.GenerateClusterName(alice, bob, "http"),
+ Name: "DomainRoute",
+ },
+ },
+ },
+ }, metav1.CreateOptions{})
+ assert.NoError(t, err)
_, err = kusciaClient.KusciaV1alpha1().Domains().Create(ctx, bobDomain, metav1.CreateOptions{})
assert.NoError(t, err)
_, err = kusciaClient.KusciaV1alpha1().Domains().Create(ctx, charlieDomain, metav1.CreateOptions{})
@@ -169,6 +184,13 @@ func Test_controller_add_label(t *testing.T) {
TokenConfig: &kusciaapisv1alpha1.TokenConfig{
TokenGenMethod: kusciaapisv1alpha1.TokenGenMethodRSA,
},
+ Endpoint: kusciaapisv1alpha1.DomainEndpoint{
+ Ports: []kusciaapisv1alpha1.DomainPort{
+ {
+ Name: "http",
+ },
+ },
+ },
},
},
Status: kusciaapisv1alpha1.ClusterDomainRouteStatus{},
@@ -185,6 +207,13 @@ func Test_controller_add_label(t *testing.T) {
Source: alice,
Destination: charlie,
AuthenticationType: kusciaapisv1alpha1.DomainAuthenticationToken,
+ Endpoint: kusciaapisv1alpha1.DomainEndpoint{
+ Ports: []kusciaapisv1alpha1.DomainPort{
+ {
+ Name: "http",
+ },
+ },
+ },
TokenConfig: &kusciaapisv1alpha1.TokenConfig{
TokenGenMethod: kusciaapisv1alpha1.TokenGenMethodRSA,
},
@@ -198,6 +227,7 @@ func Test_controller_add_label(t *testing.T) {
_, err = kusciaClient.KusciaV1alpha1().ClusterDomainRoutes().Create(ctx, testdr2, metav1.CreateOptions{})
assert.NoError(t, err)
time.Sleep(100 * time.Millisecond)
+
close(chStop)
}()
ic.Run(4)
@@ -257,14 +287,15 @@ func Test_controller_update_label(t *testing.T) {
"l2": "v2",
}
- removeLabels := map[string]struct{}{
- "l3": struct{}{},
- "l4": struct{}{},
+ removeLabels := map[string]bool{
+ "l3": true,
+ "l4": true,
}
- cdr, err := c.updateLabel(context.Background(), testdr1, addLabels, removeLabels)
+ _, err = c.updateLabel(context.Background(), testdr1, addLabels, removeLabels)
+ assert.NoError(t, err)
+ cdr, err := c.kusciaClient.KusciaV1alpha1().ClusterDomainRoutes().Get(context.Background(), testdr1.Name, metav1.GetOptions{})
assert.NoError(t, err)
-
v1, ok := cdr.Labels["l1"]
assert.True(t, ok)
assert.True(t, v1 == "v1")
@@ -326,22 +357,34 @@ func Test_controller_syncDomainRouteStatus(t *testing.T) {
srcDr := dstDr.DeepCopy()
dstDr.Status.TokenStatus.Tokens = []kusciaapisv1alpha1.DomainRouteToken{}
- cdr, err := c.syncStatusFromDomainroute(testCdr1, srcDr, dstDr)
+ update, err := c.syncStatusFromDomainroute(testCdr1, srcDr, dstDr)
+ assert.NoError(t, err)
+ assert.True(t, update)
+ cdr, err := c.kusciaClient.KusciaV1alpha1().ClusterDomainRoutes().Get(c.ctx, testCdr1.Name, metav1.GetOptions{})
assert.NoError(t, err)
assert.False(t, IsReady(&cdr.Status))
dstDr.Status.TokenStatus.Tokens = []kusciaapisv1alpha1.DomainRouteToken{mockToken}
- cdr, err = c.syncStatusFromDomainroute(testCdr1, srcDr, dstDr)
+ update, err = c.syncStatusFromDomainroute(testCdr1, srcDr, dstDr)
+ assert.NoError(t, err)
+ assert.True(t, update)
+ cdr, err = c.kusciaClient.KusciaV1alpha1().ClusterDomainRoutes().Get(c.ctx, testCdr1.Name, metav1.GetOptions{})
assert.NoError(t, err)
assert.True(t, IsReady(&cdr.Status))
srcDr.Status.IsDestinationUnreachable = true
- cdr, err = c.syncStatusFromDomainroute(testCdr1, srcDr, dstDr)
+ update, err = c.syncStatusFromDomainroute(testCdr1, srcDr, dstDr)
+ assert.NoError(t, err)
+ assert.True(t, update)
+ cdr, err = c.kusciaClient.KusciaV1alpha1().ClusterDomainRoutes().Get(c.ctx, testCdr1.Name, metav1.GetOptions{})
assert.NoError(t, err)
assert.False(t, IsReady(&cdr.Status))
srcDr.Status.IsDestinationUnreachable = false
- cdr, err = c.syncStatusFromDomainroute(testCdr1, srcDr, dstDr)
+ update, err = c.syncStatusFromDomainroute(testCdr1, srcDr, dstDr)
+ assert.NoError(t, err)
+ assert.True(t, update)
+ cdr, err = c.kusciaClient.KusciaV1alpha1().ClusterDomainRoutes().Get(c.ctx, testCdr1.Name, metav1.GetOptions{})
assert.NoError(t, err)
assert.True(t, IsReady(&cdr.Status))
}
diff --git a/pkg/controllers/clusterdomainroute/domain.go b/pkg/controllers/clusterdomainroute/domain.go
new file mode 100644
index 00000000..d35a72c3
--- /dev/null
+++ b/pkg/controllers/clusterdomainroute/domain.go
@@ -0,0 +1,119 @@
+// Copyright 2023 Ant Group Co., Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//nolint:dulp
+package clusterdomainroute
+
+import (
+ "context"
+ "crypto/rsa"
+ "crypto/x509"
+ "encoding/base64"
+ "encoding/pem"
+ "fmt"
+
+ kusciaapisv1alpha1 "github.com/secretflow/kuscia/pkg/crd/apis/kuscia/v1alpha1"
+ "github.com/secretflow/kuscia/pkg/utils/nlog"
+ k8serrors "k8s.io/apimachinery/pkg/api/errors"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+func (c *controller) syncDomainPubKey(ctx context.Context, cdr *kusciaapisv1alpha1.ClusterDomainRoute) (bool, error) {
+ if cdr.Spec.TokenConfig != nil && cdr.Spec.TokenConfig.TokenGenMethod == kusciaapisv1alpha1.TokenGenMethodRSA || cdr.Spec.TokenConfig.TokenGenMethod == kusciaapisv1alpha1.TokenGenUIDRSA {
+ cdrCopy := cdr.DeepCopy()
+ needUpdate := false
+ srcRsaPub := c.getPublicKeyFromDomain(cdr.Spec.Source)
+ if srcRsaPub != "" && cdr.Spec.TokenConfig.SourcePublicKey != srcRsaPub {
+ cdrCopy.Spec.TokenConfig.SourcePublicKey = srcRsaPub
+ needUpdate = true
+ }
+
+ destRsaPub := c.getPublicKeyFromDomain(cdr.Spec.Destination)
+ if destRsaPub != "" && cdrCopy.Spec.TokenConfig.DestinationPublicKey != destRsaPub {
+ cdrCopy.Spec.TokenConfig.DestinationPublicKey = destRsaPub
+ needUpdate = true
+ }
+
+ if needUpdate {
+ _, err := c.kusciaClient.KusciaV1alpha1().ClusterDomainRoutes().Update(ctx, cdrCopy, metav1.UpdateOptions{})
+ if err != nil && !k8serrors.IsConflict(err) {
+ return true, err
+ }
+ if err == nil {
+ nlog.Infof("ClusterDomainRoute %s update publickey", cdr.Name)
+ }
+ return true, nil
+ }
+ }
+ return false, nil
+}
+
+func (c *controller) getPublicKeyFromDomain(namespace string) string {
+ domain, err := c.domainLister.Get(namespace)
+ if err != nil {
+ nlog.Errorf("Get domain %s error, %s ", namespace, err.Error())
+ return ""
+ }
+ if domain.Spec.Cert != "" {
+ rsaPubData, err := getPublickeyFromCert(domain.Spec.Cert)
+ if err != nil {
+ nlog.Errorf("Domain %s cert format error", namespace)
+ return ""
+ }
+ return base64.StdEncoding.EncodeToString(rsaPubData)
+ }
+ nlog.Warnf("Domain %s cert is nil", namespace)
+ return ""
+}
+
+func getPublickeyFromCert(certString string) ([]byte, error) {
+ certPem, err := base64.StdEncoding.DecodeString(certString)
+ if err != nil {
+ return nil, err
+ }
+ certData, _ := pem.Decode(certPem)
+ if certData == nil {
+ return nil, fmt.Errorf("%s", "pem Decode fail")
+ }
+ cert, err := x509.ParseCertificate(certData.Bytes)
+ if err != nil {
+ return nil, err
+ }
+ rsaPub, ok := cert.PublicKey.(*rsa.PublicKey)
+ if !ok {
+ return nil, fmt.Errorf("%s", "Cant get publickey from src domain")
+ }
+ block := &pem.Block{
+ Type: "RSA PUBLIC KEY",
+ Bytes: x509.MarshalPKCS1PublicKey(rsaPub),
+ }
+ return pem.EncodeToMemory(block), nil
+}
+
+func (c *controller) getDomainRole(cdr *kusciaapisv1alpha1.ClusterDomainRoute) (kusciaapisv1alpha1.DomainRole,
+ kusciaapisv1alpha1.DomainRole, error) {
+ s, err := c.domainLister.Get(cdr.Spec.Source)
+ if err != nil {
+ nlog.Warnf("get Domain %s fail: %v", cdr.Spec.Source, err)
+ return "", "", err
+ }
+
+ d, err := c.domainLister.Get(cdr.Spec.Destination)
+ if err != nil {
+ nlog.Warnf("get Domain %s fail: %v", cdr.Spec.Destination, err)
+ return "", "", err
+ }
+
+ return s.Spec.Role, d.Spec.Role, nil
+}
diff --git a/pkg/controllers/clusterdomainroute/domainroute.go b/pkg/controllers/clusterdomainroute/domainroute.go
new file mode 100644
index 00000000..be82188b
--- /dev/null
+++ b/pkg/controllers/clusterdomainroute/domainroute.go
@@ -0,0 +1,191 @@
+// Copyright 2023 Ant Group Co., Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//nolint:dulp
+package clusterdomainroute
+
+import (
+ "context"
+ "fmt"
+ "reflect"
+ "time"
+
+ corev1 "k8s.io/api/core/v1"
+ k8serrors "k8s.io/apimachinery/pkg/api/errors"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/labels"
+
+ "github.com/secretflow/kuscia/pkg/common"
+ kusciaapisv1alpha1 "github.com/secretflow/kuscia/pkg/crd/apis/kuscia/v1alpha1"
+ "github.com/secretflow/kuscia/pkg/utils/nlog"
+)
+
+func (c *controller) checkDomainRoute(ctx context.Context, cdr *kusciaapisv1alpha1.ClusterDomainRoute, namespace, drName string) (bool, error) {
+ dr, err := c.domainRouteLister.DomainRoutes(namespace).Get(drName)
+ if k8serrors.IsNotFound(err) {
+ nlog.Infof("Not found domainroute %s/%s, so create it", namespace, drName)
+ if _, err = c.kusciaClient.KusciaV1alpha1().DomainRoutes(namespace).Create(ctx, newDomainRoute(cdr, drName, namespace), metav1.CreateOptions{}); err != nil {
+ return false, err
+ }
+ return true, nil
+ }
+
+ if err != nil {
+ return false, err
+ }
+
+ if !metav1.IsControlledBy(dr, cdr) {
+ return false, fmt.Errorf("DomainRoute %s already exists in namespace %s and is not managed by ClusterDomainRoute", drName, namespace)
+ }
+ if needDeleteDr(cdr, dr) {
+ nlog.Infof("Delete domainroute %s/%s", namespace, drName)
+ return true, c.kusciaClient.KusciaV1alpha1().DomainRoutes(namespace).Delete(ctx, dr.Name, metav1.DeleteOptions{})
+ }
+
+ if !compareSpec(cdr, dr) {
+ drCopy := dr.DeepCopy()
+ drCopy.Labels = cdr.Labels
+ drCopy.Spec = cdr.Spec.DomainRouteSpec
+ nlog.Infof("Update domainroute %s/%s", namespace, drName)
+ if _, err = c.kusciaClient.KusciaV1alpha1().DomainRoutes(namespace).Update(ctx, drCopy, metav1.UpdateOptions{}); err != nil && !k8serrors.IsConflict(err) {
+ return false, err
+ }
+ return true, nil
+ }
+ return false, nil
+}
+
+func newDomainRoute(cdr *kusciaapisv1alpha1.ClusterDomainRoute, name, namespace string) *kusciaapisv1alpha1.DomainRoute {
+ return &kusciaapisv1alpha1.DomainRoute{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: name,
+ Namespace: namespace,
+ Labels: cdr.Labels,
+ OwnerReferences: []metav1.OwnerReference{
+ *metav1.NewControllerRef(cdr, kusciaapisv1alpha1.SchemeGroupVersion.WithKind("ClusterDomainRoute")),
+ },
+ },
+ Spec: cdr.Spec.DomainRouteSpec,
+ Status: kusciaapisv1alpha1.DomainRouteStatus{},
+ }
+}
+
+func compareSpec(cdr *kusciaapisv1alpha1.ClusterDomainRoute, dr *kusciaapisv1alpha1.DomainRoute) bool {
+ if !reflect.DeepEqual(cdr.Labels, dr.Labels) {
+ return false
+ }
+
+ if !reflect.DeepEqual(cdr.Spec.DomainRouteSpec, dr.Spec) {
+ return false
+ }
+
+ return true
+}
+
+func (c *controller) syncStatusFromDomainroute(cdr *kusciaapisv1alpha1.ClusterDomainRoute,
+ srcdr *kusciaapisv1alpha1.DomainRoute, destdr *kusciaapisv1alpha1.DomainRoute) (bool, error) {
+ needUpdate := false
+ cdr = cdr.DeepCopy()
+
+ isSrcTokenChanged := srcdr != nil && !reflect.DeepEqual(cdr.Status.TokenStatus.SourceTokens, srcdr.Status.TokenStatus.Tokens)
+ isSrcStatusChanged := srcdr != nil && !srcdr.Status.IsDestinationUnreachable != IsReady(&cdr.Status)
+
+ // init new condition
+ setCondition(&cdr.Status, newCondition(kusciaapisv1alpha1.ClusterDomainRouteReady, corev1.ConditionTrue, "", "Success"))
+
+ if isSrcTokenChanged || isSrcStatusChanged {
+ cdr.Status.TokenStatus.SourceTokens = srcdr.Status.TokenStatus.Tokens
+ needUpdate = true
+
+ if len(cdr.Status.TokenStatus.SourceTokens) == 0 {
+ if !srcdr.Status.IsDestinationAuthorized {
+ setCondition(&cdr.Status, newCondition(kusciaapisv1alpha1.ClusterDomainRouteReady, corev1.ConditionFalse, "DestinationIsNotAuthrized", "TokenNotGenerate"))
+ } else {
+ setCondition(&cdr.Status, newCondition(kusciaapisv1alpha1.ClusterDomainRouteReady, corev1.ConditionFalse, "TokenNotGenerate", "TokenNotGenerate"))
+ }
+ } else if srcdr.Status.IsDestinationUnreachable {
+ nlog.Infof("set cdr(%s) ready condition.reason=DestinationUnreachable", cdr.Name)
+ setCondition(&cdr.Status, newCondition(kusciaapisv1alpha1.ClusterDomainRouteReady, corev1.ConditionFalse,
+ "DestinationUnreachable", "DestinationUnreachable"))
+ }
+ }
+ if destdr != nil && !reflect.DeepEqual(cdr.Status.TokenStatus.DestinationTokens, destdr.Status.TokenStatus.Tokens) {
+ cdr.Status.TokenStatus.DestinationTokens = destdr.Status.TokenStatus.Tokens
+ needUpdate = true
+ if len(cdr.Status.TokenStatus.DestinationTokens) == 0 {
+ setCondition(&cdr.Status, newCondition(kusciaapisv1alpha1.ClusterDomainRouteReady, corev1.ConditionFalse, "TokenNotGenerate", "TokenNotGenerate"))
+ }
+ }
+
+ if needUpdate {
+ sn := len(cdr.Status.TokenStatus.SourceTokens)
+ dn := len(cdr.Status.TokenStatus.DestinationTokens)
+ if sn > 0 && dn > 0 && cdr.Status.TokenStatus.SourceTokens[sn-1].Revision != cdr.Status.TokenStatus.DestinationTokens[dn-1].Revision {
+ setCondition(&cdr.Status, newCondition(kusciaapisv1alpha1.ClusterDomainRouteReady, corev1.ConditionFalse, "TokenRevisionNotMatch", "TokenRevisionNotMatch"))
+ }
+
+ _, err := c.kusciaClient.KusciaV1alpha1().ClusterDomainRoutes().UpdateStatus(c.ctx, cdr, metav1.UpdateOptions{})
+ if err != nil && !k8serrors.IsConflict(err) {
+ return true, err
+ }
+ if err == nil {
+ nlog.Infof("ClusterDomainRoute %s update status", cdr.Name)
+ }
+ return true, nil
+ }
+
+ return false, nil
+}
+
+func newCondition(condType kusciaapisv1alpha1.ClusterDomainRouteConditionType, status corev1.ConditionStatus, reason, message string) *kusciaapisv1alpha1.ClusterDomainRouteCondition {
+ now := metav1.Now()
+ return &kusciaapisv1alpha1.ClusterDomainRouteCondition{
+ Type: condType,
+ Status: status,
+ LastUpdateTime: now,
+ LastTransitionTime: now,
+ Reason: reason,
+ Message: message,
+ }
+}
+
+func setCondition(status *kusciaapisv1alpha1.ClusterDomainRouteStatus, condition *kusciaapisv1alpha1.ClusterDomainRouteCondition) bool {
+ for i, v := range status.Conditions {
+ if v.Type == condition.Type {
+ if v.Status == condition.Status {
+ return false
+ }
+ status.Conditions[i] = *condition
+ return true
+ }
+ }
+
+ status.Conditions = append(status.Conditions, *condition)
+ return true
+}
+
+func (c *controller) checkAliveInstance(ns string) error {
+ gateways, err := c.gatewayLister.Gateways(ns).List(labels.Everything())
+ if err != nil {
+ return err
+ }
+
+ for _, g := range gateways {
+ if time.Since(g.Status.HeartbeatTime.Time) < common.GatewayLiveTimeout || g.Status.HeartbeatTime.Time.IsZero() {
+ return nil
+ }
+ }
+
+ return fmt.Errorf("there is no live gateway instance of %s", ns)
+}
diff --git a/pkg/controllers/clusterdomainroute/monitor.go b/pkg/controllers/clusterdomainroute/monitor.go
index c4620359..56a1a5de 100644
--- a/pkg/controllers/clusterdomainroute/monitor.go
+++ b/pkg/controllers/clusterdomainroute/monitor.go
@@ -16,20 +16,17 @@ package clusterdomainroute
import (
"context"
- "fmt"
"time"
+ k8serrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
+ "github.com/secretflow/kuscia/pkg/common"
kusciaapisv1alpha1 "github.com/secretflow/kuscia/pkg/crd/apis/kuscia/v1alpha1"
"github.com/secretflow/kuscia/pkg/utils/nlog"
)
-const (
- gatewayLiveTimeout = 3 * time.Minute
-)
-
func (c *controller) Monitorcdrstatus(ctx context.Context) {
c.UpdateStatus(ctx)
}
@@ -48,36 +45,51 @@ func (c *controller) UpdateStatus(ctx context.Context) error {
nlog.Errorf("List %s's gateways failed with %v", cdr.Spec.Source, err)
continue
}
- healthyCount := 0
if cdr.Status.EndpointStatuses == nil {
cdr.Status.EndpointStatuses = map[string]kusciaapisv1alpha1.ClusterDomainRouteEndpointStatus{}
}
+ endpointsHealthy := map[string]bool{}
for _, gw := range gws {
- if time.Since(gw.Status.HeartbeatTime.Time) > gatewayLiveTimeout {
+ if time.Since(gw.Status.HeartbeatTime.Time) > common.GatewayLiveTimeout {
continue
}
- for _, metric := range gw.Status.NetworkStatus {
- if metric.Type != "DomainRoute" {
- continue
- }
- for _, port := range cdr.Spec.Endpoint.Ports {
- if metric.Name == fmt.Sprintf("%s-to-%s-%s", cdr.Spec.Source, cdr.Spec.Destination, port.Name) && metric.HealthyEndpointsCount > 0 {
- healthyCount++
- if v, ok := cdr.Status.EndpointStatuses[gw.Name+"-"+port.Name]; !ok || !v.EndpointHealthy {
- cdr.Status.EndpointStatuses[gw.Name+"-"+port.Name] = kusciaapisv1alpha1.ClusterDomainRouteEndpointStatus{
- EndpointHealthy: true,
- }
- update = true
- }
+ for _, port := range cdr.Spec.Endpoint.Ports {
+ expectMetricsName := common.GenerateClusterName(cdr.Spec.Source, cdr.Spec.Destination, port.Name)
+ for _, metric := range gw.Status.NetworkStatus {
+ if metric.Type != "DomainRoute" {
+ continue
+ }
+ if metric.Name == expectMetricsName && metric.HealthyEndpointsCount > 0 {
+ endpointsHealthy[gw.Name+"-"+port.Name] = true
}
}
}
}
+ for k, eh := range endpointsHealthy {
+ if v, ok := cdr.Status.EndpointStatuses[k]; !ok || !v.EndpointHealthy {
+ cdr.Status.EndpointStatuses[k] = kusciaapisv1alpha1.ClusterDomainRouteEndpointStatus{
+ EndpointHealthy: eh,
+ }
+ update = true
+ }
+ }
+ for k, es := range cdr.Status.EndpointStatuses {
+ if _, ok := endpointsHealthy[k]; !ok && es.EndpointHealthy {
+ cdr.Status.EndpointStatuses[k] = kusciaapisv1alpha1.ClusterDomainRouteEndpointStatus{
+ EndpointHealthy: false,
+ }
+ update = true
+ }
+ }
if update {
- if _, err := c.kusciaClient.KusciaV1alpha1().ClusterDomainRoutes().UpdateStatus(ctx, cdr, metav1.UpdateOptions{}); err != nil {
+ _, err := c.kusciaClient.KusciaV1alpha1().ClusterDomainRoutes().UpdateStatus(ctx, cdr, metav1.UpdateOptions{})
+ if err != nil && !k8serrors.IsConflict(err) {
nlog.Warnf("Update cdr %s status failed with %v", cdr.Name, err)
}
+ if err == nil {
+ nlog.Infof("ClusterDomainRoute %s update monitor status", cdr.Name)
+ }
}
}
diff --git a/pkg/controllers/domain/authorization_resource.go b/pkg/controllers/domain/authorization_resource.go
index 209861e2..0b5af38a 100644
--- a/pkg/controllers/domain/authorization_resource.go
+++ b/pkg/controllers/domain/authorization_resource.go
@@ -7,7 +7,7 @@ import (
authenticationv1 "k8s.io/api/authentication/v1"
corev1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1"
- "k8s.io/apimachinery/pkg/api/errors"
+ k8serrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/utils/pointer"
@@ -26,10 +26,6 @@ const (
)
func (c *Controller) createOrUpdateAuth(domain *kusciaapisv1alpha1.Domain) error {
- if !shouldCreateOrUpdate(domain) {
- return nil
- }
-
ownerRef := metav1.NewControllerRef(domain, kusciaapisv1alpha1.SchemeGroupVersion.WithKind("Domain"))
domainID := domain.Name
// create service account if not exists
@@ -41,7 +37,7 @@ func (c *Controller) createOrUpdateAuth(domain *kusciaapisv1alpha1.Domain) error
},
},
}
- if _, err := c.kubeClient.CoreV1().ServiceAccounts(domainID).Create(c.ctx, sa, metav1.CreateOptions{}); err != nil && !errors.IsAlreadyExists(err) {
+ if _, err := c.kubeClient.CoreV1().ServiceAccounts(domainID).Create(c.ctx, sa, metav1.CreateOptions{}); err != nil && !k8serrors.IsAlreadyExists(err) {
nlog.Errorf("Create serviceAccount [%s] error: %v", sa.Name, err.Error())
return err
}
@@ -58,7 +54,7 @@ func (c *Controller) createOrUpdateAuth(domain *kusciaapisv1alpha1.Domain) error
return err
}
role.OwnerReferences = append(role.OwnerReferences, *ownerRef)
- if _, err := c.kubeClient.RbacV1().Roles(domainID).Create(c.ctx, role, metav1.CreateOptions{}); err != nil && !errors.IsAlreadyExists(err) {
+ if _, err := c.kubeClient.RbacV1().Roles(domainID).Create(c.ctx, role, metav1.CreateOptions{}); err != nil && !k8serrors.IsAlreadyExists(err) {
nlog.Errorf("Create role [%s] error: %v", role.Name, err.Error())
return err
}
@@ -81,7 +77,7 @@ func (c *Controller) createOrUpdateAuth(domain *kusciaapisv1alpha1.Domain) error
Name: role.Name,
},
}
- if _, err := c.kubeClient.RbacV1().RoleBindings(domainID).Create(c.ctx, roleBinding, metav1.CreateOptions{}); err != nil && !errors.IsAlreadyExists(err) {
+ if _, err := c.kubeClient.RbacV1().RoleBindings(domainID).Create(c.ctx, roleBinding, metav1.CreateOptions{}); err != nil && !k8serrors.IsAlreadyExists(err) {
nlog.Errorf("Create roleBinding [%s] error: %v", roleBinding.Name, err.Error())
return err
}
@@ -105,7 +101,7 @@ func (c *Controller) createOrUpdateAuth(domain *kusciaapisv1alpha1.Domain) error
Name: "domain-cluster-res",
},
}
- if _, err := c.kubeClient.RbacV1().ClusterRoleBindings().Create(c.ctx, clusterRoleBinding, metav1.CreateOptions{}); err != nil && !errors.IsAlreadyExists(err) {
+ if _, err := c.kubeClient.RbacV1().ClusterRoleBindings().Create(c.ctx, clusterRoleBinding, metav1.CreateOptions{}); err != nil && !k8serrors.IsAlreadyExists(err) {
nlog.Errorf("Create clusterRoleBinding [%s] error: %v", clusterRoleBinding.Name, err.Error())
return err
}
@@ -127,7 +123,8 @@ func (c *Controller) createOrUpdateAuth(domain *kusciaapisv1alpha1.Domain) error
InterConnProtocol: getInterConnProtocol(domain),
AuthenticationType: authCenter.AuthenticationType,
TokenConfig: &kusciaapisv1alpha1.TokenConfig{
- TokenGenMethod: authCenter.TokenGenMethod,
+ TokenGenMethod: authCenter.TokenGenMethod,
+ RollingUpdatePeriod: 600,
},
},
},
@@ -147,7 +144,7 @@ func (c *Controller) createOrUpdateAuth(domain *kusciaapisv1alpha1.Domain) error
key: value,
}
// create clusterDomainRoute domain to master
- if _, err := c.kusciaClient.KusciaV1alpha1().ClusterDomainRoutes().Create(c.ctx, cdr, metav1.CreateOptions{}); err != nil && !errors.IsAlreadyExists(err) {
+ if _, err := c.kusciaClient.KusciaV1alpha1().ClusterDomainRoutes().Create(c.ctx, cdr, metav1.CreateOptions{}); err != nil && !k8serrors.IsAlreadyExists(err) {
nlog.Errorf("Create clusterDomainRoute [%s] error: %v", cdr.Name, err.Error())
return err
}
@@ -161,8 +158,7 @@ func (c *Controller) createOrUpdateAuth(domain *kusciaapisv1alpha1.Domain) error
newDomain.Labels = make(map[string]string, 0)
}
newDomain.Labels[constants.LabelDomainAuth] = authCompleted
-
- if _, err := c.kusciaClient.KusciaV1alpha1().Domains().Update(c.ctx, newDomain, metav1.UpdateOptions{}); err != nil {
+ if _, err := c.kusciaClient.KusciaV1alpha1().Domains().Update(c.ctx, newDomain, metav1.UpdateOptions{}); err != nil && !k8serrors.IsConflict(err) {
nlog.Warnf("Update domain [%s] auth label error: %s", domainID, err.Error())
return err
}
diff --git a/pkg/controllers/domain/controller.go b/pkg/controllers/domain/controller.go
index 79a03a26..7c53f86d 100644
--- a/pkg/controllers/domain/controller.go
+++ b/pkg/controllers/domain/controller.go
@@ -341,13 +341,17 @@ func (c *Controller) create(domain *kusciaapisv1alpha1.Domain) error {
nlog.Warnf("Create domain %v namespace failed: %v", domain.Name, err.Error())
return err
}
+
if err := c.createResourceQuota(domain); err != nil {
nlog.Warnf("Create domain %v resource quota failed: %v", domain.Name, err.Error())
return err
}
- if err := c.createOrUpdateAuth(domain); err != nil {
- nlog.Warnf("Create domain %v auth failed: %v", domain.Name, err.Error())
- return err
+
+ if shouldCreateOrUpdate(domain) {
+ if err := c.createOrUpdateAuth(domain); err != nil {
+ nlog.Warnf("Create domain %v auth failed: %v", domain.Name, err.Error())
+ return err
+ }
}
return nil
@@ -365,9 +369,12 @@ func (c *Controller) update(domain *kusciaapisv1alpha1.Domain) error {
return err
}
- if err := c.createOrUpdateAuth(domain); err != nil {
- nlog.Warnf("update domain %v auth failed: %v", domain.Name, err.Error())
- return err
+ if shouldCreateOrUpdate(domain) {
+ if err := c.createOrUpdateAuth(domain); err != nil {
+ nlog.Warnf("update domain %v auth failed: %v", domain.Name, err.Error())
+ return err
+ }
+ return nil
}
if err := c.syncDomainStatus(domain); err != nil {
diff --git a/pkg/controllers/domain/domain.go b/pkg/controllers/domain/domain.go
index 215012a5..41db1776 100644
--- a/pkg/controllers/domain/domain.go
+++ b/pkg/controllers/domain/domain.go
@@ -20,6 +20,7 @@ import (
"sort"
apicorev1 "k8s.io/api/core/v1"
+ k8serrors "k8s.io/apimachinery/pkg/api/errors"
apismetav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/selection"
@@ -151,5 +152,8 @@ func (c *Controller) sortNodeStatus(status []kusciaapisv1alpha1.NodeStatus) {
func (c *Controller) updateDomainStatus(domain *kusciaapisv1alpha1.Domain) error {
nlog.Infof("Update domain %v status", domain.Name)
_, err := c.kusciaClient.KusciaV1alpha1().Domains().UpdateStatus(context.Background(), domain, apismetav1.UpdateOptions{})
- return err
+ if err != nil && !k8serrors.IsConflict(err) {
+ return err
+ }
+ return nil
}
diff --git a/pkg/controllers/domainroute/check.go b/pkg/controllers/domainroute/check.go
index 81c423ff..d5f0287a 100644
--- a/pkg/controllers/domainroute/check.go
+++ b/pkg/controllers/domainroute/check.go
@@ -23,6 +23,7 @@ import (
"k8s.io/apimachinery/pkg/labels"
+ "github.com/secretflow/kuscia/pkg/common"
kusciaapisv1alpha1 "github.com/secretflow/kuscia/pkg/crd/apis/kuscia/v1alpha1"
"github.com/secretflow/kuscia/pkg/utils/nlog"
)
@@ -42,22 +43,22 @@ func compareTokens(tokens1, tokens2 []kusciaapisv1alpha1.DomainRouteToken) bool
func (c *controller) checkEffectiveInstances(dr *kusciaapisv1alpha1.DomainRoute) bool {
if len(dr.Status.TokenStatus.Tokens) == 0 {
- nlog.Warnf("Domainroute %s/%s checkEffectiveInstances failed: tokens is nil", dr.Namespace, dr.Name)
+ nlog.Warnf("Domainroute %s/%s checkEffectiveInstances failed: tokens is nil, please check the result of handshake in instance's log ", dr.Namespace, dr.Name)
return false
}
gateways, err := c.gatewayLister.Gateways(dr.Namespace).List(labels.Everything())
if err != nil {
- nlog.Errorf("Domainroute %s/%s checkEffectiveInstances error: List gateways failed with %v", dr.Namespace, dr.Name, err)
+ nlog.Errorf("Domainroute %s/%s checkEffectiveInstances error: List gateways failed with %v", dr.Namespace, dr.Name, err)
return false
}
if gateways == nil {
- nlog.Errorf("Domainroute %s/%s checkEffectiveInstances error: not found effective gateway in %s, please deploy first", dr.Namespace, dr.Name, dr.Namespace)
+ nlog.Warnf("Domainroute %s/%s checkEffectiveInstances error: not found effective gateway in %s, please deploy first", dr.Namespace, dr.Name, dr.Namespace)
return false
}
liveGateways := map[string]bool{}
for i, gw := range gateways {
- if time.Since(gw.Status.HeartbeatTime.Time) < gatewayLiveTimeout {
+ if time.Since(gw.Status.HeartbeatTime.Time) < common.GatewayLiveTimeout {
liveGateways[gateways[i].Name] = true
}
}
diff --git a/pkg/controllers/domainroute/controller.go b/pkg/controllers/domainroute/controller.go
index bc383549..cb496856 100644
--- a/pkg/controllers/domainroute/controller.go
+++ b/pkg/controllers/domainroute/controller.go
@@ -41,7 +41,6 @@ import (
const (
domainRouteSyncPeriod = 2 * time.Minute
- gatewayLiveTimeout = 3 * time.Minute
controllerName = "domain-route-controller"
errErrResourceExists = "ErrResourceExists"
)
@@ -208,14 +207,21 @@ func (c *controller) syncHandler(ctx context.Context, key string) error {
if dr.Status.TokenStatus.RevisionToken.IsReady {
c.domainRouteWorkqueue.AddAfter(key, time.Until(dr.Status.TokenStatus.RevisionToken.ExpirationTime.Time))
+ if dr.Spec.TokenConfig.RollingUpdatePeriod > 0 {
+ c.domainRouteWorkqueue.AddAfter(key, time.Until(dr.Status.TokenStatus.RevisionToken.RevisionTime.Time.Add(time.Second*time.Duration(dr.Spec.TokenConfig.RollingUpdatePeriod))))
+ }
return c.postRollingSourceDomainRoute(ctx, dr)
}
} else if namespace == dr.Spec.Destination {
if dr.Spec.TokenConfig.RollingUpdatePeriod > 0 {
if len(dr.Status.TokenStatus.Tokens) > 0 && time.Since(dr.Status.TokenStatus.Tokens[0].ExpirationTime.Time) > domainRouteSyncPeriod {
dr = dr.DeepCopy()
+ rev := dr.Status.TokenStatus.Tokens[0].Revision
dr.Status.TokenStatus.Tokens = dr.Status.TokenStatus.Tokens[1:]
_, err = c.kusciaClient.KusciaV1alpha1().DomainRoutes(dr.Namespace).UpdateStatus(c.ctx, dr, metav1.UpdateOptions{})
+ if err == nil {
+ nlog.Infof("domainroute %s/%s delete expirated token %d", dr.Namespace, dr.Name, rev)
+ }
return err
}
}
@@ -245,17 +251,23 @@ func ensureLabels(ctx context.Context, kusciaClient kusciaclientset.Interface, d
common.KusciaSourceKey: dr.Spec.Source,
common.KusciaDestinationKey: dr.Spec.Destination,
}
- if _, err = kusciaClient.KusciaV1alpha1().DomainRoutes(dr.Namespace).Update(ctx, drCopy, metav1.UpdateOptions{}); err != nil {
+ if _, err = kusciaClient.KusciaV1alpha1().DomainRoutes(dr.Namespace).Update(ctx, drCopy, metav1.UpdateOptions{}); err != nil && !k8serrors.IsConflict(err) {
nlog.Warnf("Update domainroute %s/%s error:%s", dr.Namespace, dr.Name, err.Error())
}
+ if err == nil {
+ nlog.Infof("domainroute %s/%s add labels", dr.Namespace, dr.Name)
+ }
return true
} else if _, ok := dr.Labels[common.KusciaSourceKey]; !ok {
drCopy := dr.DeepCopy()
drCopy.Labels[common.KusciaSourceKey] = dr.Spec.Source
drCopy.Labels[common.KusciaDestinationKey] = dr.Spec.Destination
- if _, err = kusciaClient.KusciaV1alpha1().DomainRoutes(dr.Namespace).Update(ctx, drCopy, metav1.UpdateOptions{}); err != nil {
+ if _, err = kusciaClient.KusciaV1alpha1().DomainRoutes(dr.Namespace).Update(ctx, drCopy, metav1.UpdateOptions{}); err != nil && !k8serrors.IsConflict(err) {
nlog.Warnf("Update domainroute %s/%s error:%s", dr.Namespace, dr.Name, err.Error())
}
+ if err == nil {
+ nlog.Infof("domainroute %s/%s add labels", dr.Namespace, dr.Name)
+ }
return true
}
return false
diff --git a/pkg/controllers/domainroute/rolling.go b/pkg/controllers/domainroute/rolling.go
index 897dd573..9b76d7ed 100644
--- a/pkg/controllers/domainroute/rolling.go
+++ b/pkg/controllers/domainroute/rolling.go
@@ -23,13 +23,12 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
+ "github.com/secretflow/kuscia/pkg/common"
kusciaapisv1alpha1 "github.com/secretflow/kuscia/pkg/crd/apis/kuscia/v1alpha1"
"github.com/secretflow/kuscia/pkg/utils/nlog"
)
func (c *controller) preRollingSourceDomainRoute(ctx context.Context, dr *kusciaapisv1alpha1.DomainRoute) error {
- nlog.Infof("PreRollingDomainRoute %s/%s, new revision %d", dr.Namespace, dr.Name, dr.Status.TokenStatus.RevisionToken.Revision)
-
initializer, err := c.selectInitializer(ctx, dr)
if err != nil {
nlog.Warnf("Choose initializer for preRollingSourceDomainRoute %s fail: %v", dr.Name, err)
@@ -44,6 +43,9 @@ func (c *controller) preRollingSourceDomainRoute(ctx context.Context, dr *kuscia
IsReady: false,
}
_, err = c.kusciaClient.KusciaV1alpha1().DomainRoutes(dr.Namespace).UpdateStatus(ctx, dr, metav1.UpdateOptions{})
+ if err == nil {
+ nlog.Infof("PreRollingDomainRoute %s/%s, new revision %d", dr.Namespace, dr.Name, dr.Status.TokenStatus.RevisionToken.Revision)
+ }
return err
}
@@ -55,7 +57,7 @@ func (c *controller) selectInitializer(ctx context.Context, dr *kusciaapisv1alph
}
var liveGateways []string
for _, g := range gateways {
- if time.Since(g.Status.HeartbeatTime.Time) < gatewayLiveTimeout {
+ if time.Since(g.Status.HeartbeatTime.Time) < common.GatewayLiveTimeout || g.Status.HeartbeatTime.Time.IsZero() {
if g.Name == dr.Status.TokenStatus.RevisionInitializer {
return g.Name, nil
}
@@ -64,9 +66,7 @@ func (c *controller) selectInitializer(ctx context.Context, dr *kusciaapisv1alph
}
if len(liveGateways) == 0 {
- err := fmt.Errorf("there is no live gateway instance of %s", dr.Namespace)
- nlog.Warn(err)
- return "", err
+ return "", fmt.Errorf("there is no live gateway instance of %s", dr.Namespace)
}
initializer := liveGateways[mrand.Intn(len(liveGateways))]
@@ -80,26 +80,30 @@ func (c *controller) ensureInitializer(ctx context.Context, dr *kusciaapisv1alph
return false, err
}
- nlog.Infof("domainroute %s/%s select initializer %s", dr.Namespace, dr.Name, initializer)
dr = dr.DeepCopy()
dr.Status.TokenStatus.RevisionInitializer = initializer
_, err = c.kusciaClient.KusciaV1alpha1().DomainRoutes(dr.Namespace).UpdateStatus(ctx, dr, metav1.UpdateOptions{})
if err != nil {
return false, err
}
+ if err == nil {
+ nlog.Infof("domainroute %s/%s select initializer %s", dr.Namespace, dr.Name, initializer)
+ }
return true, nil
}
func (c *controller) postRollingSourceDomainRoute(ctx context.Context, dr *kusciaapisv1alpha1.DomainRoute) error {
n := len(dr.Status.TokenStatus.Tokens)
if n == 0 || dr.Status.TokenStatus.Tokens[n-1].Revision != dr.Status.TokenStatus.RevisionToken.Revision {
- nlog.Infof("Rolling update source domainroute %s/%s finish, revision %d", dr.Namespace, dr.Name, dr.Status.TokenStatus.RevisionToken.Revision)
dr = dr.DeepCopy()
dr.Status.TokenStatus.Tokens = append(dr.Status.TokenStatus.Tokens, dr.Status.TokenStatus.RevisionToken)
if n > 1 {
dr.Status.TokenStatus.Tokens = dr.Status.TokenStatus.Tokens[n-1:]
}
_, err := c.kusciaClient.KusciaV1alpha1().DomainRoutes(dr.Namespace).UpdateStatus(ctx, dr, metav1.UpdateOptions{})
+ if err == nil {
+ nlog.Infof("Rolling update source domainroute %s/%s finish, revision %d", dr.Namespace, dr.Name, dr.Status.TokenStatus.RevisionToken.Revision)
+ }
return err
}
return nil
@@ -108,21 +112,25 @@ func (c *controller) postRollingSourceDomainRoute(ctx context.Context, dr *kusci
func (c *controller) postRollingDestinationDomainRoute(ctx context.Context, dr *kusciaapisv1alpha1.DomainRoute) error {
n := len(dr.Status.TokenStatus.Tokens)
if dr.Status.TokenStatus.RevisionToken.Token != "" && (n == 0 || dr.Status.TokenStatus.Tokens[n-1].Revision != dr.Status.TokenStatus.RevisionToken.Revision) {
- nlog.Infof("Post rolling update destination domainroute %s/%s, revision %d, waiting for all instance sync token", dr.Namespace, dr.Name, dr.Status.TokenStatus.RevisionToken.Revision)
dr = dr.DeepCopy()
dr.Status.TokenStatus.Tokens = append(dr.Status.TokenStatus.Tokens, dr.Status.TokenStatus.RevisionToken)
_, err := c.kusciaClient.KusciaV1alpha1().DomainRoutes(dr.Namespace).UpdateStatus(ctx, dr, metav1.UpdateOptions{})
+ if err == nil {
+ nlog.Infof("Post rolling update destination domainroute %s/%s, revision %d, waiting for all instance sync token", dr.Namespace, dr.Name, dr.Status.TokenStatus.RevisionToken.Revision)
+ }
return err
}
if !dr.Status.TokenStatus.RevisionToken.IsReady && c.checkEffectiveInstances(dr) {
- // update source after all instances in destination have taken effect
- nlog.Infof("Rolling update destination domainroute %s/%s finish, revision %d", dr.Namespace, dr.Name, dr.Status.TokenStatus.RevisionToken.Revision)
dr = dr.DeepCopy()
n = len(dr.Status.TokenStatus.Tokens)
dr.Status.TokenStatus.Tokens[n-1].IsReady = true
dr.Status.TokenStatus.RevisionToken.IsReady = true
_, err := c.kusciaClient.KusciaV1alpha1().DomainRoutes(dr.Namespace).UpdateStatus(ctx, dr, metav1.UpdateOptions{})
+ if err == nil {
+ // update source after all instances in destination have taken effect
+ nlog.Infof("Rolling update destination domainroute %s/%s finish, revision %d", dr.Namespace, dr.Name, dr.Status.TokenStatus.RevisionToken.Revision)
+ }
return err
}
diff --git a/pkg/controllers/kusciadeployment/reconcile.go b/pkg/controllers/kusciadeployment/reconcile.go
index 9a8dc55f..e3555aa4 100644
--- a/pkg/controllers/kusciadeployment/reconcile.go
+++ b/pkg/controllers/kusciadeployment/reconcile.go
@@ -508,6 +508,10 @@ func (c *Controller) generateDeployment(partyKitInfo *PartyKitInfo) (*appsv1.Dep
}
resCtr.Env = append(resCtr.Env, []corev1.EnvVar{
+ {
+ Name: common.EnvDomainID,
+ Value: partyKitInfo.domainID,
+ },
{
Name: common.EnvClusterDefine,
Value: string(clusterDefine),
diff --git a/pkg/controllers/kusciatask/handler/pending_handler.go b/pkg/controllers/kusciatask/handler/pending_handler.go
index beb91bcd..ec784d32 100644
--- a/pkg/controllers/kusciatask/handler/pending_handler.go
+++ b/pkg/controllers/kusciatask/handler/pending_handler.go
@@ -914,6 +914,10 @@ func (h *PendingHandler) generatePod(partyKit *PartyKitInfo, podKit *PodKitInfo)
}
resCtr.Env = append(resCtr.Env, []v1.EnvVar{
+ {
+ Name: common.EnvDomainID,
+ Value: partyKit.domainID,
+ },
{
Name: common.EnvTaskID,
Value: partyKit.kusciaTask.Name,
diff --git a/pkg/controllers/kusciatask/handler/pending_handler_test.go b/pkg/controllers/kusciatask/handler/pending_handler_test.go
index bcf34b83..068f32eb 100644
--- a/pkg/controllers/kusciatask/handler/pending_handler_test.go
+++ b/pkg/controllers/kusciatask/handler/pending_handler_test.go
@@ -319,6 +319,8 @@ spec:
env:
- name: HOME
value: /root
+ - name: DOMAIN_ID
+ value: domain-a
- name: TASK_ID
value: kusciatask-001
- name: TASK_CLUSTER_DEFINE
diff --git a/pkg/datamesh/service/domaindata.go b/pkg/datamesh/service/domaindata.go
index ebfb19b4..c364aa16 100644
--- a/pkg/datamesh/service/domaindata.go
+++ b/pkg/datamesh/service/domaindata.go
@@ -28,6 +28,7 @@ import (
"github.com/secretflow/kuscia/pkg/datamesh/config"
"github.com/secretflow/kuscia/pkg/datamesh/errorcode"
"github.com/secretflow/kuscia/pkg/utils/nlog"
+ "github.com/secretflow/kuscia/pkg/utils/resources"
"github.com/secretflow/kuscia/pkg/web/utils"
pbv1alpha1 "github.com/secretflow/kuscia/proto/api/v1alpha1"
"github.com/secretflow/kuscia/proto/api/v1alpha1/datamesh"
@@ -53,6 +54,12 @@ func NewDomainDataService(config *config.DataMeshConfig) IDomainDataService {
func (s domainDataService) CreateDomainData(ctx context.Context, request *datamesh.CreateDomainDataRequest) *datamesh.CreateDomainDataResponse {
// check whether domainData is existed
if request.DomaindataId != "" {
+ // do k8s validate
+ if err := resources.ValidateK8sName(request.DomaindataId, "domaindata_id"); err != nil {
+ return &datamesh.CreateDomainDataResponse{
+ Status: utils.BuildErrorResponseStatus(errorcode.ErrRequestInvalidate, err.Error()),
+ }
+ }
domainData, err := s.conf.KusciaClient.KusciaV1alpha1().DomainDatas(s.conf.KubeNamespace).Get(ctx, request.DomaindataId, metav1.GetOptions{})
if err == nil && domainData != nil {
// update domainData
diff --git a/pkg/datamesh/service/domaindatagrant.go b/pkg/datamesh/service/domaindatagrant.go
index 52e16852..d5e56701 100644
--- a/pkg/datamesh/service/domaindatagrant.go
+++ b/pkg/datamesh/service/domaindatagrant.go
@@ -33,6 +33,7 @@ import (
"github.com/secretflow/kuscia/pkg/datamesh/config"
"github.com/secretflow/kuscia/pkg/datamesh/errorcode"
"github.com/secretflow/kuscia/pkg/utils/nlog"
+ "github.com/secretflow/kuscia/pkg/utils/resources"
"github.com/secretflow/kuscia/pkg/web/utils"
"github.com/secretflow/kuscia/proto/api/v1alpha1/datamesh"
)
@@ -55,9 +56,10 @@ func NewDomainDataGrantService(config *config.DataMeshConfig) IDomainDataGrantSe
}
func (s *domainDataGrantService) CreateDomainDataGrant(ctx context.Context, request *datamesh.CreateDomainDataGrantRequest) *datamesh.CreateDomainDataGrantResponse {
- if request.GrantDomain == "" {
+
+ if validateErr := validateCreateDomainDataGrantRequest(request); validateErr != nil {
return &datamesh.CreateDomainDataGrantResponse{
- Status: utils.BuildErrorResponseStatus(errorcode.ErrRequestInvalidate, "grantdomain cant be null"),
+ Status: utils.BuildErrorResponseStatus(errorcode.ErrRequestInvalidate, validateErr.Error()),
}
}
if request.GrantDomain == s.conf.KubeNamespace {
@@ -65,15 +67,11 @@ func (s *domainDataGrantService) CreateDomainDataGrant(ctx context.Context, requ
Status: utils.BuildErrorResponseStatus(errorcode.ErrRequestInvalidate, "grantdomain cant be self"),
}
}
- if request.DomaindataId == "" {
- return &datamesh.CreateDomainDataGrantResponse{
- Status: utils.BuildErrorResponseStatus(errorcode.ErrRequestInvalidate, "domaindata cant be null"),
- }
- }
+
dd, err := s.conf.KusciaClient.KusciaV1alpha1().DomainDatas(s.conf.KubeNamespace).Get(ctx, request.DomaindataId, metav1.GetOptions{})
if err != nil {
return &datamesh.CreateDomainDataGrantResponse{
- Status: utils.BuildErrorResponseStatus(errorcode.ErrRequestInvalidate, "domaindata cant be found"),
+ Status: utils.BuildErrorResponseStatus(errorcode.ErrRequestInvalidate, fmt.Sprintf("domaindata [%s] not exists", request.DomaindataId)),
}
}
if request.DomaindatagrantId != "" {
@@ -287,3 +285,23 @@ func (s *domainDataGrantService) convertSpec2Data(v *v1alpha1.DomainDataGrant, d
}
}
}
+
+func validateCreateDomainDataGrantRequest(request *datamesh.CreateDomainDataGrantRequest) error {
+ if request.GrantDomain == "" {
+ return fmt.Errorf("grantdomain cant be null")
+ }
+
+ if request.DomaindataId == "" {
+ return fmt.Errorf("domaindata cant be null")
+ }
+
+ // do k8s validate
+ if err := resources.ValidateK8sName(request.DomaindataId, "domaindata_id"); err != nil {
+ return err
+ }
+
+ if request.GetDomaindatagrantId() != "" {
+ return resources.ValidateK8sName(request.GetDomaindatagrantId(), "domaindatagrant_id")
+ }
+ return nil
+}
diff --git a/pkg/gateway/clusters/master.go b/pkg/gateway/clusters/master.go
index 148fd921..e58cc1d7 100644
--- a/pkg/gateway/clusters/master.go
+++ b/pkg/gateway/clusters/master.go
@@ -16,9 +16,7 @@ package clusters
import (
"context"
- "encoding/json"
"fmt"
- "io"
"net/http"
"strings"
"time"
@@ -32,27 +30,22 @@ import (
"google.golang.org/protobuf/types/known/wrapperspb"
"github.com/secretflow/kuscia/pkg/gateway/config"
+ "github.com/secretflow/kuscia/pkg/gateway/utils"
"github.com/secretflow/kuscia/pkg/gateway/xds"
"github.com/secretflow/kuscia/pkg/utils/nlog"
)
const (
- DomainAPIServer = "apiserver.master.svc"
- ServiceMasterProxy = "masterproxy"
- ServiceAPIServer = "apiserver"
- ServiceKusciaStorage = "kusciastorage"
- ServiceHandshake = "kuscia-handshake"
virtualHostHandshake = "handshake-virtual-host"
- ServiceKusciaAPI = "kusciaapi"
)
func GetMasterClusterName() string {
- return fmt.Sprintf("service-%s", ServiceMasterProxy)
+ return fmt.Sprintf("service-%s", utils.ServiceMasterProxy)
}
func AddMasterClusters(ctx context.Context, namespace string, config *config.MasterConfig) error {
if !config.Master {
- masterProxyCluster, err := generateDefaultCluster(ServiceMasterProxy, config.MasterProxy)
+ masterProxyCluster, err := generateDefaultCluster(utils.ServiceMasterProxy, config.MasterProxy)
if err != nil {
nlog.Fatalf("Generate masterProxy Cluster fail, %v", err)
return err
@@ -66,29 +59,31 @@ func AddMasterClusters(ctx context.Context, namespace string, config *config.Mas
nlog.Error(err)
return err
}
- nlog.Infof("add Master cluster:%s", ServiceMasterProxy)
- waitMasterProxyReady(ctx, config.MasterProxy.Path)
+ nlog.Infof("add Master cluster:%s", utils.ServiceMasterProxy)
+ waitMasterProxyReady(ctx, config.MasterProxy.Path, config, namespace)
} else {
+ config.Namespace = namespace
if config.APIServer != nil {
- if err := addMasterCluster(ServiceAPIServer, namespace, config.APIServer, config.APIWhitelist); err != nil {
+ if err := addMasterCluster(utils.ServiceAPIServer, namespace, config.APIServer, config.APIWhitelist); err != nil {
return err
}
}
if config.KusciaStorage != nil {
- if err := addMasterCluster(ServiceKusciaStorage, namespace, config.KusciaStorage, nil); err != nil {
+ if err := addMasterCluster(utils.ServiceKusciaStorage, namespace, config.KusciaStorage, nil); err != nil {
return err
}
}
if config.KusciaAPI != nil {
- if err := addMasterCluster(ServiceKusciaAPI, namespace, config.KusciaAPI, nil); err != nil {
+ if err := addMasterCluster(utils.ServiceKusciaAPI, namespace, config.KusciaAPI, nil); err != nil {
return err
}
}
addMasterHandshakeRoute(xds.InternalRoute)
addMasterHandshakeRoute(xds.ExternalRoute)
}
+
return nil
}
@@ -108,8 +103,8 @@ func addMasterCluster(service, namespace string, config *config.ClusterConfig, a
return nil
}
-func addMasterServiceVirtualHost(cluster, path, namespace, service string, apiWhitelist []string) error {
- internalVh := generateMasterInternalVirtualHost(cluster, path, service, generateMasterServiceDomains(namespace, service), apiWhitelist)
+func addMasterServiceVirtualHost(cluster, pathPrefix, namespace, service string, apiWhitelist []string) error {
+ internalVh := generateMasterInternalVirtualHost(cluster, pathPrefix, service, generateMasterServiceDomains(namespace, service), apiWhitelist)
if err := xds.AddOrUpdateVirtualHost(internalVh, xds.InternalRoute); err != nil {
return err
}
@@ -123,8 +118,8 @@ func addMasterServiceVirtualHost(cluster, path, namespace, service string, apiWh
return xds.AddOrUpdateVirtualHost(externalVh, xds.ExternalRoute)
}
-func AddMasterProxyVirtualHost(cluster, path, service, namespace, token string) error {
- internalVh := generateMasterInternalVirtualHost(cluster, path, service, generateMasterProxyDomains(), nil)
+func AddMasterProxyVirtualHost(cluster, pathPrefix, service, namespace, token string) error {
+ internalVh := generateMasterInternalVirtualHost(cluster, pathPrefix, service, generateMasterProxyDomains(), nil)
internalVh.Routes[0].RequestHeadersToAdd = []*core.HeaderValueOption{
{
Header: &core.HeaderValue{
@@ -152,10 +147,10 @@ func AddMasterProxyVirtualHost(cluster, path, service, namespace, token string)
return xds.AddOrUpdateVirtualHost(internalVh, xds.InternalRoute)
}
-func generateMasterInternalVirtualHost(cluster, path, service string, domains []string, apiWhitelist []string) *route.VirtualHost {
+func generateMasterInternalVirtualHost(cluster, pathPrefix, service string, domains []string, apiWhitelist []string) *route.VirtualHost {
var prefixRewrite string
- if len(path) > 0 {
- prefixRewrite = strings.TrimSuffix(path, "/") + "/"
+ if len(pathPrefix) > 0 {
+ prefixRewrite = strings.TrimSuffix(pathPrefix, "/") + "/"
}
virtualHost := &route.VirtualHost{
Name: fmt.Sprintf("%s-internal", cluster),
@@ -183,7 +178,7 @@ func generateMasterInternalVirtualHost(cluster, path, service string, domains []
},
},
}
- if service == ServiceAPIServer {
+ if service == utils.ServiceAPIServer {
regex := getMasterAPIWhitelistRegex(apiWhitelist)
if len(regex) > 0 {
virtualHost.Routes[0].Match.PathSpecifier = &route.RouteMatch_SafeRegex{
@@ -253,63 +248,38 @@ func generateDefaultCluster(name string, config *config.ClusterConfig) (*envoycl
return cluster, nil
}
-func getMasterNamespace(path string) (string, error) {
- var namespace string
- handshake := fmt.Sprintf("%s%s", strings.TrimSuffix(path, "/"), "/handshake")
- req, err := http.NewRequest("GET", config.InternalServer+handshake, nil)
- if err != nil {
- return namespace, fmt.Errorf("new http request failed with (%s)", err.Error())
- }
-
- req.Header.Set("Content-Type", "application/json")
- req.Header.Set("kuscia-Host", fmt.Sprintf("%s.master.svc", ServiceHandshake))
- req.Header.Set(fmt.Sprintf("%s-Cluster", ServiceHandshake), GetMasterClusterName())
- req.Host = fmt.Sprintf("%s.master.svc", ServiceHandshake)
-
- client := &http.Client{}
- res, err := client.Do(req)
- if err != nil {
- return namespace, err
- }
-
- defer func() {
- if err := res.Body.Close(); err != nil {
- nlog.Errorf("close response body error: %v", err)
- }
- }()
-
- data, err := io.ReadAll(res.Body)
- if err != nil {
- return namespace, fmt.Errorf("request %s return error: %v", req.Host, err)
- }
-
- if res.StatusCode != http.StatusOK {
- return namespace, fmt.Errorf("request %s return error code: %v", req.Host, res.StatusCode)
- }
-
- kusciaStatus := make(map[string]interface{})
- err = json.Unmarshal(data, &kusciaStatus)
+func getMasterNamespace(soure string, pathPrefix string) (string, error) {
+ kusciaStatus := map[string]interface{}{}
+ handshakePath := utils.GetHandshakePathOfPrefix(pathPrefix)
+ err := utils.DoHTTP(nil, &kusciaStatus, &utils.HTTPParam{
+ Method: http.MethodGet,
+ Path: handshakePath,
+ KusciaHost: fmt.Sprintf("%s.master.svc", utils.ServiceHandshake),
+ ClusterName: GetMasterClusterName(),
+ KusciaSource: soure,
+ })
if err != nil {
- return namespace, fmt.Errorf("request %s return non-json body: %s", req.Host, string(data))
+ return "", err
}
- namespace = fmt.Sprintf("%s", kusciaStatus["namespace"])
- return namespace, nil
+ return fmt.Sprintf("%s", kusciaStatus["namespace"]), nil
}
-func waitMasterProxyReady(ctx context.Context, path string) {
- timestick := time.NewTicker(2 * time.Second)
+func waitMasterProxyReady(ctx context.Context, path string, config *config.MasterConfig, namespace string) {
+ ticker := time.NewTicker(2 * time.Second)
+ defer ticker.Stop()
timeout, timeoutCancel := context.WithTimeout(ctx, time.Second*300)
defer timeoutCancel()
for {
select {
- case <-timestick.C:
- namespace, err := getMasterNamespace(path)
+ case <-ticker.C:
+ masterNamespace, err := getMasterNamespace(namespace, path)
if err == nil {
- nlog.Infof("Get master gateway namespace: %s", namespace)
+ nlog.Infof("Get master gateway namespace: %s", masterNamespace)
+ config.Namespace = masterNamespace
return
}
- nlog.Infof("get master gateway namespace fail: %v, wait for retry", err)
+ nlog.Warnf("get master gateway namespace fail: %v, wait for retry", err)
case <-timeout.Done():
nlog.Fatalf("get Master gateway namespace timeout")
case <-ctx.Done():
@@ -324,7 +294,7 @@ func addMasterHandshakeRoute(routeName string) {
nlog.Fatalf("%v", err)
}
- vh.Domains = append(vh.Domains, fmt.Sprintf("%s.master.svc", ServiceHandshake))
+ vh.Domains = append(vh.Domains, fmt.Sprintf("%s.master.svc", utils.ServiceHandshake))
if err := xds.AddOrUpdateVirtualHost(vh, routeName); err != nil {
nlog.Fatalf("%v", err)
diff --git a/pkg/gateway/commands/root.go b/pkg/gateway/commands/root.go
index 621a4db2..542b137f 100644
--- a/pkg/gateway/commands/root.go
+++ b/pkg/gateway/commands/root.go
@@ -139,13 +139,14 @@ func Run(ctx context.Context, gwConfig *config.GatewayConfig, clients *kubeconfi
// start DomainRoute controller
drInformer := kusciaInformerFactory.Kuscia().V1alpha1().DomainRoutes()
drConfig := &controller.DomainRouteConfig{
- Namespace: gwConfig.DomainID,
- MasterConfig: masterConfig,
- CAKey: gwConfig.CAKey,
- CACert: gwConfig.CACert,
- Prikey: prikey,
- PrikeyData: priKeyData,
- HandshakePort: gwConfig.HandshakePort,
+ Namespace: gwConfig.DomainID,
+ MasterNamespace: masterConfig.Namespace,
+ MasterConfig: masterConfig,
+ CAKey: gwConfig.CAKey,
+ CACert: gwConfig.CACert,
+ Prikey: prikey,
+ PrikeyData: priKeyData,
+ HandshakePort: gwConfig.HandshakePort,
}
drc := controller.NewDomainRouteController(drConfig, clients.KubeClient, clients.KusciaClient, drInformer)
go drc.Run(ctx, concurrentSyncs*2, ctx.Done())
@@ -210,13 +211,3 @@ func StartXds(gwConfig *config.GatewayConfig) error {
xds.InitSnapshot(gwConfig.DomainID, utils.GetHostname(), xdsConfig)
return nil
}
-
-func createClientSets(config *config.GatewayConfig) (*kubeconfig.KubeClients, error) {
- masterURL := ""
- if config.MasterConfig.APIServer.KubeConfig == "" {
- masterURL = clusters.DomainAPIServer
- nlog.Infof("apiserver url is %s", masterURL)
- }
-
- return kubeconfig.CreateClientSetsFromKubeconfig(config.MasterConfig.APIServer.KubeConfig, masterURL)
-}
diff --git a/pkg/gateway/config/cluster_config.go b/pkg/gateway/config/cluster_config.go
index d9c7de4c..fbb8a7a5 100644
--- a/pkg/gateway/config/cluster_config.go
+++ b/pkg/gateway/config/cluster_config.go
@@ -34,6 +34,7 @@ type InterConnClusterConfig struct {
type MasterConfig struct {
Master bool
+ Namespace string
MasterProxy *ClusterConfig
APIServer *ClusterConfig
KusciaStorage *ClusterConfig
diff --git a/pkg/gateway/config/gateway_config.go b/pkg/gateway/config/gateway_config.go
index c942c5ab..2bd8ba31 100644
--- a/pkg/gateway/config/gateway_config.go
+++ b/pkg/gateway/config/gateway_config.go
@@ -23,10 +23,6 @@ import (
"github.com/secretflow/kuscia/pkg/utils/kusciaconfig"
)
-var (
- InternalServer = "http://127.0.0.1:80"
-)
-
type GatewayConfig struct {
RootDir string `yaml:"rootdir,omitempty"`
DomainID string `yaml:"domainID,omitempty"`
diff --git a/pkg/gateway/controller/domain_route.go b/pkg/gateway/controller/domain_route.go
index 1b8fd7a0..e88d4b2a 100644
--- a/pkg/gateway/controller/domain_route.go
+++ b/pkg/gateway/controller/domain_route.go
@@ -27,17 +27,13 @@ import (
gocache "github.com/patrickmn/go-cache"
"google.golang.org/protobuf/proto"
"google.golang.org/protobuf/types/known/anypb"
- corev1 "k8s.io/api/core/v1"
k8serrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
"k8s.io/apimachinery/pkg/util/wait"
"k8s.io/client-go/kubernetes"
- "k8s.io/client-go/kubernetes/scheme"
- typedcorev1 "k8s.io/client-go/kubernetes/typed/core/v1"
"k8s.io/client-go/tools/cache"
- "k8s.io/client-go/tools/record"
"k8s.io/client-go/util/workqueue"
envoycluster "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
@@ -53,11 +49,12 @@ import (
headerDecorator "github.com/secretflow/kuscia-envoy/kuscia/api/filters/http/kuscia_header_decorator/v3"
kusciatokenauth "github.com/secretflow/kuscia-envoy/kuscia/api/filters/http/kuscia_token_auth/v3"
+ "github.com/secretflow/kuscia/pkg/common"
kusciaapisv1alpha1 "github.com/secretflow/kuscia/pkg/crd/apis/kuscia/v1alpha1"
clientset "github.com/secretflow/kuscia/pkg/crd/clientset/versioned"
- kusciascheme "github.com/secretflow/kuscia/pkg/crd/clientset/versioned/scheme"
kusciaextv1alpha1 "github.com/secretflow/kuscia/pkg/crd/informers/externalversions/kuscia/v1alpha1"
kuscialistersv1alpha1 "github.com/secretflow/kuscia/pkg/crd/listers/kuscia/v1alpha1"
+ "github.com/secretflow/kuscia/pkg/gateway/clusters"
"github.com/secretflow/kuscia/pkg/gateway/config"
"github.com/secretflow/kuscia/pkg/gateway/controller/interconn"
"github.com/secretflow/kuscia/pkg/gateway/utils"
@@ -76,30 +73,31 @@ const (
)
type DomainRouteConfig struct {
- Namespace string
- MasterConfig *config.MasterConfig
- CAKey *rsa.PrivateKey
- CACert *x509.Certificate
- Prikey *rsa.PrivateKey
- PrikeyData []byte
- HandshakePort uint32
+ Namespace string
+ MasterNamespace string
+ MasterConfig *config.MasterConfig
+ CAKey *rsa.PrivateKey
+ CACert *x509.Certificate
+ Prikey *rsa.PrivateKey
+ PrikeyData []byte
+ HandshakePort uint32
}
type DomainRouteController struct {
- gateway *kusciaapisv1alpha1.Gateway
- masterConfig *config.MasterConfig
- CaCertData []byte
- CaCert *x509.Certificate
- CaKey *rsa.PrivateKey
- prikey *rsa.PrivateKey
- prikeyData []byte
+ gateway *kusciaapisv1alpha1.Gateway
+ masterNamespace string
+ masterConfig *config.MasterConfig
+ CaCertData []byte
+ CaCert *x509.Certificate
+ CaKey *rsa.PrivateKey
+ prikey *rsa.PrivateKey
+ prikeyData []byte
kubeClient kubernetes.Interface
kusciaClient clientset.Interface
domainRouteLister kuscialistersv1alpha1.DomainRouteLister
domainRouteListerSynced cache.InformerSynced
workqueue workqueue.RateLimitingInterface
- recorder record.EventRecorder
drCache sync.Map
@@ -116,8 +114,6 @@ func NewDomainRouteController(
kubeClient kubernetes.Interface,
kusciaClient clientset.Interface,
DomainRouteInformer kusciaextv1alpha1.DomainRouteInformer) *DomainRouteController {
- // Create event broadcaster, add kuscia types to the default Kubernetes Scheme so Events can be logged for kuscia types.
- recorder := createEventRecorder(kubeClient, drConfig.Namespace)
hostname := utils.GetHostname()
pubPem := tls.EncodePKCS1PublicKey(drConfig.Prikey)
@@ -133,6 +129,7 @@ func NewDomainRouteController(
}
c := &DomainRouteController{
gateway: gateway,
+ masterNamespace: drConfig.MasterNamespace,
CaCertData: drConfig.CACert.Raw,
CaCert: drConfig.CACert,
CaKey: drConfig.CAKey,
@@ -144,7 +141,6 @@ func NewDomainRouteController(
domainRouteLister: DomainRouteInformer.Lister(),
domainRouteListerSynced: DomainRouteInformer.Informer().HasSynced,
workqueue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), domainRouteQueueName),
- recorder: recorder,
handshakePort: drConfig.HandshakePort,
drCache: sync.Map{},
handshakeCache: gocache.New(5*time.Minute, 10*time.Minute),
@@ -154,7 +150,7 @@ func NewDomainRouteController(
DomainRouteInformer.Informer().AddEventHandlerWithResyncPeriod(
cache.ResourceEventHandlerFuncs{
AddFunc: c.addDomainRoute,
- UpdateFunc: func(oldObj, newObj interface{}) {
+ UpdateFunc: func(_, newObj interface{}) {
c.addDomainRoute(newObj)
},
DeleteFunc: c.enqueueDomainRoute,
@@ -218,19 +214,10 @@ func (c *DomainRouteController) checkConnectionHealthy(ctx context.Context, stop
if dr.Spec.AuthenticationType == kusciaapisv1alpha1.DomainAuthenticationToken && dr.Spec.Source == c.gateway.Namespace &&
dr.Status.TokenStatus.RevisionInitializer == c.gateway.Name && dr.Status.TokenStatus.RevisionToken.Token != "" {
nlog.Debugf("checkConnectionHealthy of dr(%s)", dr.Name)
- resp, err := c.checkConnectionStatus(dr)
+ err := c.checkConnectionStatus(dr, c.getDefaultClusterNameByDomainRoute(dr))
if err != nil {
nlog.Warn(err)
}
- if resp != nil && resp.State == NetworkUnreachable {
- c.markDestUnreachable(ctx, dr)
- } else {
- c.refreshHeartbeatTime(dr)
- }
-
- if err == nil {
- c.markDestReachable(ctx, dr)
- }
}
}
case <-stopCh:
@@ -265,7 +252,7 @@ func (c *DomainRouteController) syncHandler(ctx context.Context, key string) err
return err
}
- if dr.Spec.Source == c.gateway.Namespace && dr.Spec.Transit == nil {
+ if dr.Spec.Source == c.gateway.Namespace && dr.Spec.Transit == nil && dr.Spec.Destination != c.masterNamespace {
if err := c.addClusterWithEnvoy(dr); err != nil {
return fmt.Errorf("add envoy cluster failed with %s", err.Error())
}
@@ -278,27 +265,22 @@ func (c *DomainRouteController) syncHandler(ctx context.Context, key string) err
_, ok := c.handshakeCache.Get(dr.Name)
if !ok {
c.handshakeCache.Add(dr.Name, dr.Name, 2*time.Minute)
+ defer c.handshakeCache.Delete(dr.Name)
if err := func() error {
if dr.Spec.Transit == nil {
- if err := setKeepAliveForDstClusters(dr, false); err != nil {
+ if err := c.setKeepAliveForDstClusters(dr, false); err != nil {
return fmt.Errorf("disable keep-alive fail for DomainRoute: %s err: %v", key, err)
}
}
nlog.Infof("DomainRoute %s starts handshake, the last revision is %d", key, dr.Status.TokenStatus.RevisionToken.Revision)
- return c.sourceInitiateHandShake(dr)
+
+ return c.sourceInitiateHandShake(dr, c.getDefaultClusterNameByDomainRoute(dr))
}(); err != nil {
- c.handshakeCache.Delete(dr.Name)
nlog.Error(err)
return err
}
}
return nil
- } else if !dr.Status.TokenStatus.RevisionToken.IsReady {
- nlog.Infof("DomainRoute %s wait token ready for latest revision %d", key, dr.Status.TokenStatus.RevisionToken.Revision)
- if err = c.waitTokenReady(ctx, dr); err != nil {
- return err
- }
- c.handshakeCache.Delete(dr.Name)
}
}
}
@@ -430,7 +412,7 @@ func (c *DomainRouteController) addClusterWithEnvoy(dr *kusciaapisv1alpha1.Domai
}
for _, dp := range dr.Spec.Endpoint.Ports {
- nlog.Infof("add cluster %s protocol:%s port:%d", dp.Name, dp.Protocol, dp.Port)
+ nlog.Infof("add cluster %s-to-%s name:%s protocol:%s port:%d", dr.Spec.Source, dr.Spec.Destination, dp.Name, dp.Protocol, dp.Port)
err := addClusterForDstGateway(dr, dp, transportSocket)
if err != nil {
return err
@@ -441,7 +423,29 @@ func (c *DomainRouteController) addClusterWithEnvoy(dr *kusciaapisv1alpha1.Domai
}
func (c *DomainRouteController) updateEnvoyRule(dr *kusciaapisv1alpha1.DomainRoute, tokens []*Token) error {
- if dr.Spec.Source == c.gateway.Namespace { // internal
+ if dr.Spec.Destination == c.masterNamespace && dr.Spec.Source == c.gateway.Namespace {
+ token := tokens[len(tokens)-1]
+ cl, err := xds.QueryCluster(clusters.GetMasterClusterName())
+ if err != nil {
+ nlog.Error(err)
+ return err
+ }
+ pathPrefix := utils.GetPrefixIfPresent(dr.Spec.Endpoint)
+ if err := clusters.AddMasterProxyVirtualHost(cl.Name, pathPrefix, utils.ServiceMasterProxy, c.gateway.Namespace, token.Token); err != nil {
+ nlog.Error(err)
+ return err
+ }
+ if err = xds.SetKeepAliveForDstCluster(cl, true); err != nil {
+ nlog.Error(err)
+ return err
+ }
+ if err = xds.AddOrUpdateCluster(cl); err != nil {
+ nlog.Error(err)
+ return err
+ }
+ nlog.Info("Update rule to master success")
+ return nil
+ } else if dr.Spec.Source == c.gateway.Namespace { // internal
token := tokens[len(tokens)-1]
grpcDegrade := false
if dr.Labels[grpcDegradeLabel] == "True" {
@@ -465,7 +469,8 @@ func (c *DomainRouteController) updateEnvoyRule(dr *kusciaapisv1alpha1.DomainRou
xds.InternalRoute); err != nil {
return err
}
- return setKeepAliveForDstClusters(dr, true)
+
+ return c.setKeepAliveForDstClusters(dr, true)
} else if dr.Spec.Destination == c.gateway.Namespace { // external
if dr.Spec.Transit == nil {
var tokenVals []string
@@ -535,15 +540,6 @@ func (c *DomainRouteController) deleteEnvoyRule(dr *kusciaapisv1alpha1.DomainRou
return nil
}
-func createEventRecorder(kubeClient kubernetes.Interface, namespace string) record.EventRecorder {
- utilruntime.Must(kusciascheme.AddToScheme(scheme.Scheme))
- nlog.Debug("Creating event broadcaster")
- eventBroadcaster := record.NewBroadcaster()
- eventBroadcaster.StartRecordingToSink(&typedcorev1.EventSinkImpl{Interface: kubeClient.CoreV1().Events(namespace)})
- recorder := eventBroadcaster.NewRecorder(scheme.Scheme, corev1.EventSource{Component: controllerName})
- return recorder
-}
-
func updateRoutingRule(dr *kusciaapisv1alpha1.DomainRoute) error {
ns := dr.Spec.Transit.Domain.DomainID
vh, err := xds.QueryVirtualHost(fmt.Sprintf("%s-to-%s", dr.Spec.Source, ns), xds.InternalRoute)
@@ -636,7 +632,7 @@ func generateInternalRoute(dr *kusciaapisv1alpha1.DomainRoute, dp kusciaapisv1al
return httpRoutes
}
-func generateInternalVirtualHost(dr *kusciaapisv1alpha1.DomainRoute, token string, grpcDegrade bool) *route.VirtualHost {
+func generateInternalRoutes(dr *kusciaapisv1alpha1.DomainRoute, token string, grpcDegrade bool) []*route.Route {
dps := sortDomainPorts(dr.Spec.Endpoint.Ports)
var routes []*route.Route
n := len(dps)
@@ -647,6 +643,11 @@ func generateInternalVirtualHost(dr *kusciaapisv1alpha1.DomainRoute, token strin
}
routes = append(routes, generateInternalRoute(dr, dp, token, isDefaultRoute, grpcDegrade)...)
}
+ return routes
+}
+
+func generateInternalVirtualHost(dr *kusciaapisv1alpha1.DomainRoute, token string, grpcDegrade bool) *route.VirtualHost {
+ routes := generateInternalRoutes(dr, token, grpcDegrade)
connectRoute := &route.Route{
Match: &route.RouteMatch{
@@ -683,13 +684,10 @@ func generateInternalVirtualHost(dr *kusciaapisv1alpha1.DomainRoute, token strin
return vh
}
-func generateClusterName(source, dest, portName string) string {
- return fmt.Sprintf("%s-to-%s-%s", source, dest, portName)
-}
-
-func setKeepAliveForDstClusters(dr *kusciaapisv1alpha1.DomainRoute, enable bool) error {
- for _, dp := range dr.Spec.Endpoint.Ports {
- c, err := xds.QueryCluster(generateClusterName(dr.Spec.Source, dr.Spec.Destination, dp.Name))
+func (c *DomainRouteController) setKeepAliveForDstClusters(dr *kusciaapisv1alpha1.DomainRoute, enable bool) error {
+ clusterNames := c.getClusterNamesByDomainRoute(dr)
+ for _, cn := range clusterNames {
+ c, err := xds.QueryCluster(cn)
if err != nil {
return err
}
@@ -717,7 +715,7 @@ func addClusterForDstGateway(dr *kusciaapisv1alpha1.DomainRoute, dp kusciaapisv1
protocol = xds.GenerateProtocol(dp.IsTLS, false)
}
- clusterName := generateClusterName(dr.Spec.Source, dr.Spec.Destination, dp.Name)
+ clusterName := common.GenerateClusterName(dr.Spec.Source, dr.Spec.Destination, dp.Name)
// before token take effect, we disable keep-alive for DstEnvoy
if dr.Spec.AuthenticationType == kusciaapisv1alpha1.DomainAuthenticationToken {
@@ -743,7 +741,7 @@ func addClusterForDstGateway(dr *kusciaapisv1alpha1.DomainRoute, dp kusciaapisv1
cluster := &envoycluster.Cluster{
Name: clusterName,
LoadAssignment: &endpoint.ClusterLoadAssignment{
- ClusterName: fmt.Sprintf("%s-to-%s-%s", dr.Spec.Source, dr.Spec.Destination, dp.Name),
+ ClusterName: clusterName,
Endpoints: []*endpoint.LocalityLbEndpoints{
{
LbEndpoints: []*endpoint.LbEndpoint{
@@ -802,3 +800,39 @@ func generateRequestHeaders(dr *kusciaapisv1alpha1.DomainRoute) *headerDecorator
}
return sourceHeader
}
+
+func (c *DomainRouteController) getClusterNamesByDomainRoute(dr *kusciaapisv1alpha1.DomainRoute) []string {
+ var names []string
+ if dr.Spec.Destination == c.masterNamespace && c.masterNamespace != c.gateway.Namespace {
+ names = append(names, clusters.GetMasterClusterName())
+ }
+ for _, dp := range dr.Spec.Endpoint.Ports {
+ names = append(names, common.GenerateClusterName(dr.Spec.Source, dr.Spec.Destination, dp.Name))
+ }
+ return names
+}
+
+func (c *DomainRouteController) getDefaultClusterNameByDomainRoute(dr *kusciaapisv1alpha1.DomainRoute) string {
+ if dr.Spec.Destination == c.masterNamespace && c.masterNamespace != c.gateway.Namespace {
+ return clusters.GetMasterClusterName()
+ }
+ dps := sortDomainPorts(dr.Spec.Endpoint.Ports)
+ n := len(dps)
+ for _, dp := range dps {
+ if n == 1 || dp.Protocol == "HTTP" {
+ return common.GenerateClusterName(dr.Spec.Source, dr.Spec.Destination, dp.Name)
+ }
+ }
+ if n > 0 {
+ return common.GenerateClusterName(dr.Spec.Source, dr.Spec.Destination, dps[0].Name)
+ }
+ return ""
+}
+
+func getHandshakeHost(dr *kusciaapisv1alpha1.DomainRoute) string {
+ ns := dr.Spec.Destination
+ if dr.Spec.Transit != nil {
+ ns = dr.Spec.Transit.Domain.DomainID
+ }
+ return fmt.Sprintf("%s.%s.svc", utils.ServiceHandshake, ns)
+}
diff --git a/pkg/gateway/controller/domain_route_test.go b/pkg/gateway/controller/domain_route_test.go
index 0f5226bd..3ae6dbcf 100644
--- a/pkg/gateway/controller/domain_route_test.go
+++ b/pkg/gateway/controller/domain_route_test.go
@@ -40,7 +40,7 @@ import (
"github.com/secretflow/kuscia/pkg/crd/clientset/versioned"
kusciaFake "github.com/secretflow/kuscia/pkg/crd/clientset/versioned/fake"
informers "github.com/secretflow/kuscia/pkg/crd/informers/externalversions"
- "github.com/secretflow/kuscia/pkg/gateway/config"
+ "github.com/secretflow/kuscia/pkg/gateway/utils"
"github.com/secretflow/kuscia/pkg/gateway/xds"
"github.com/secretflow/kuscia/pkg/utils/nlog"
"github.com/secretflow/kuscia/pkg/utils/nlog/zlogwriter"
@@ -104,11 +104,12 @@ func newDomainRouteTestInfo(namespace string, port uint32) *DomainRouteTestInfo
nlog.Fatal(err)
}
config := &DomainRouteConfig{
- Namespace: namespace,
- Prikey: priKey,
- HandshakePort: port,
- CAKey: caKey,
- CACert: caCert,
+ MasterNamespace: "kuscia",
+ Namespace: namespace,
+ Prikey: priKey,
+ HandshakePort: port,
+ CAKey: caKey,
+ CACert: caCert,
}
c := NewDomainRouteController(config, fake.NewSimpleClientset(), kusciaClient, domainRouteInformer)
kusciaInformerFactory.Start(wait.NeverStop)
@@ -335,12 +336,12 @@ func TestTokenHandshake(t *testing.T) {
go c.Run(context.Background(), 1, stopCh)
time.Sleep(1000 * time.Millisecond)
- realInternalServer := config.InternalServer
+ realInternalServer := utils.InternalServer
defer func() {
- config.InternalServer = realInternalServer
+ utils.InternalServer = realInternalServer
}()
- config.InternalServer = fmt.Sprintf("http://localhost:%d", port)
+ utils.InternalServer = fmt.Sprintf("http://localhost:%d", port)
dr := &kusciaapisv1alpha1.DomainRoute{
ObjectMeta: metav1.ObjectMeta{
diff --git a/pkg/gateway/controller/endpoints.go b/pkg/gateway/controller/endpoints.go
index d6fb3e2f..592ec63a 100644
--- a/pkg/gateway/controller/endpoints.go
+++ b/pkg/gateway/controller/endpoints.go
@@ -145,7 +145,7 @@ func (ec *EndpointsController) addServiceEventHandler(serviceInformer corev1info
},
Handler: cache.ResourceEventHandlerFuncs{
AddFunc: ec.updateService,
- UpdateFunc: func(oldObj, newObj interface{}) {
+ UpdateFunc: func(_, newObj interface{}) {
ec.updateService(newObj)
},
DeleteFunc: ec.updateService,
@@ -159,7 +159,7 @@ func (ec *EndpointsController) addEndpointsEventHandler(endpointInformer corev1i
endpointInformer.Informer().AddEventHandlerWithResyncPeriod(
cache.ResourceEventHandlerFuncs{
AddFunc: ec.updateEndpoints,
- UpdateFunc: func(oldObj, newObj interface{}) {
+ UpdateFunc: func(_, newObj interface{}) {
ec.updateEndpoints(newObj)
},
DeleteFunc: ec.updateEndpoints,
diff --git a/pkg/gateway/controller/gateway.go b/pkg/gateway/controller/gateway.go
index dbd90d3a..a4a95034 100644
--- a/pkg/gateway/controller/gateway.go
+++ b/pkg/gateway/controller/gateway.go
@@ -39,12 +39,7 @@ import (
)
const (
- heartbeatPeriod = 3 * time.Second
-)
-
-var (
- networkStatus []kusciaapisv1alpha1.GatewayEndpointStatus
- lock sync.Mutex
+ heartbeatPeriod = 15 * time.Second
)
// GatewayController sync gateway status periodically to master.
@@ -55,9 +50,12 @@ type GatewayController struct {
address string
uptime time.Time
+ lock sync.Mutex
+
kusciaClient kusciaclientset.Interface
gatewayLister kuscialistersv1alpha1.GatewayLister
gatewayListerSynced cache.InformerSynced
+ networkStatus []kusciaapisv1alpha1.GatewayEndpointStatus
}
// NewGatewayController returns a new GatewayController.
@@ -94,11 +92,13 @@ func (c *GatewayController) Run(threadiness int, stopCh <-chan struct{}) {
if ok := cache.WaitForCacheSync(stopCh, c.gatewayListerSynced); !ok {
nlog.Fatal("failed to wait for caches to sync")
}
+
// Update gateway heartbeat immediately
if err := c.syncHandler(); err != nil {
nlog.Errorf("sync gateway error: %v", err)
}
ticker := time.NewTicker(heartbeatPeriod)
+ defer ticker.Stop()
for {
select {
case <-ticker.C:
@@ -113,27 +113,6 @@ func (c *GatewayController) Run(threadiness int, stopCh <-chan struct{}) {
func (c *GatewayController) syncHandler() error {
client := c.kusciaClient.KusciaV1alpha1().Gateways(c.namespace)
-
- status := kusciaapisv1alpha1.GatewayStatus{
- Address: c.address,
- UpTime: metav1.Time{
- Time: c.uptime,
- },
- HeartbeatTime: metav1.Time{
- Time: time.Now(),
- },
- PublicKey: base64.StdEncoding.EncodeToString(c.publicKey),
- Version: meta.KusciaVersionString(),
- }
-
- {
- lock.Lock()
- defer lock.Unlock()
-
- status.NetworkStatus = make([]kusciaapisv1alpha1.GatewayEndpointStatus, len(networkStatus))
- status.NetworkStatus = append(status.NetworkStatus, networkStatus...)
- }
-
gateway, err := c.gatewayLister.Gateways(c.namespace).Get(c.hostname)
if k8serrors.IsNotFound(err) {
gateway = &kusciaapisv1alpha1.Gateway{
@@ -141,22 +120,40 @@ func (c *GatewayController) syncHandler() error {
Name: c.hostname,
Namespace: c.namespace,
},
- Status: status,
}
- _, err = client.Create(context.Background(), gateway, metav1.CreateOptions{})
+ gateway, err = client.Create(context.Background(), gateway, metav1.CreateOptions{})
if err != nil {
nlog.Errorf("create gateway(name:%s namespace:%s) fail: %v", c.hostname, c.namespace, err)
- } else {
- nlog.Infof("create gateway(name:%s namespace:%s) success", c.hostname, c.namespace)
+ return err
}
- return err
+ nlog.Infof("create gateway(name:%s namespace:%s) success", c.hostname, c.namespace)
}
if err != nil {
return err
}
+ status := kusciaapisv1alpha1.GatewayStatus{
+ Address: c.address,
+ UpTime: metav1.Time{
+ Time: c.uptime,
+ },
+ HeartbeatTime: metav1.Time{
+ Time: time.Now(),
+ },
+ PublicKey: base64.StdEncoding.EncodeToString(c.publicKey),
+ Version: meta.KusciaVersionString(),
+ }
+
+ {
+ c.lock.Lock()
+ defer c.lock.Unlock()
+
+ status.NetworkStatus = make([]kusciaapisv1alpha1.GatewayEndpointStatus, len(c.networkStatus))
+ status.NetworkStatus = append(status.NetworkStatus, c.networkStatus...)
+ }
+
gatewayCopy := gateway.DeepCopy()
gatewayCopy.Status = status
@@ -168,11 +165,11 @@ func (c *GatewayController) syncHandler() error {
}
func (c *GatewayController) UpdateStatus(status []*kusciaapisv1alpha1.GatewayEndpointStatus) {
- lock.Lock()
- defer lock.Unlock()
- networkStatus = networkStatus[:0]
+ c.lock.Lock()
+ defer c.lock.Unlock()
+ c.networkStatus = c.networkStatus[:0]
for _, s := range status {
- networkStatus = append(networkStatus, *s)
+ c.networkStatus = append(c.networkStatus, *s)
}
}
diff --git a/pkg/gateway/controller/gateway_test.go b/pkg/gateway/controller/gateway_test.go
index 815e0b10..a1affaa2 100644
--- a/pkg/gateway/controller/gateway_test.go
+++ b/pkg/gateway/controller/gateway_test.go
@@ -217,7 +217,11 @@ func TestGatewayCreate(t *testing.T) {
},
gw.Namespace,
gw,
- ))
+ ), core.NewUpdateSubresourceAction(schema.GroupVersionResource{
+ Group: "kuscia.secretflow",
+ Version: "v1",
+ Resource: "gateways",
+ }, "status", gw.Namespace, gw))
f.doSync()
}
diff --git a/pkg/gateway/controller/handshake.go b/pkg/gateway/controller/handshake.go
index 0c9e6a3c..881e2c2c 100644
--- a/pkg/gateway/controller/handshake.go
+++ b/pkg/gateway/controller/handshake.go
@@ -15,19 +15,15 @@
package controller
import (
- "bytes"
"context"
"crypto/rand"
"crypto/rsa"
"crypto/sha256"
"encoding/base64"
"encoding/json"
- "errors"
"fmt"
- "io"
"net/http"
"strconv"
- "strings"
"time"
k8serrors "k8s.io/apimachinery/pkg/api/errors"
@@ -37,7 +33,7 @@ import (
"github.com/secretflow/kuscia/pkg/common"
kusciaapisv1alpha1 "github.com/secretflow/kuscia/pkg/crd/apis/kuscia/v1alpha1"
"github.com/secretflow/kuscia/pkg/gateway/clusters"
- "github.com/secretflow/kuscia/pkg/gateway/config"
+ "github.com/secretflow/kuscia/pkg/gateway/utils"
"github.com/secretflow/kuscia/pkg/gateway/xds"
"github.com/secretflow/kuscia/pkg/utils/nlog"
tlsutils "github.com/secretflow/kuscia/pkg/utils/tls"
@@ -55,6 +51,10 @@ const (
handShakeTypeRSA = "RSA"
)
+const (
+ kusciaTokenRevision = "Kuscia-Token-Revision"
+)
+
var (
tokenPrefix = []byte("kuscia")
)
@@ -68,7 +68,7 @@ type AfterRegisterDomainHook func(response *handshake.RegisterResponse)
func (c *DomainRouteController) startHandShakeServer(port uint32) {
mux := http.NewServeMux()
- mux.HandleFunc("/handshake", c.handShakeHandle)
+ mux.HandleFunc(utils.GetHandshakePathSuffix(), c.handShakeHandle)
if c.masterConfig != nil && c.masterConfig.Master {
mux.HandleFunc("/register", c.registerHandle)
}
@@ -81,160 +81,61 @@ func (c *DomainRouteController) startHandShakeServer(port uint32) {
nlog.Error(c.handshakeServer.ListenAndServe())
}
-func doHTTP(in interface{}, out interface{}, path, host string, headers map[string]string) error {
- maxRetryTimes := 5
-
- for i := 0; i < maxRetryTimes; i++ {
- inbody, err := json.Marshal(in)
- if err != nil {
- nlog.Errorf("new handshake request fail:%v", err)
- return err
- }
- req, err := http.NewRequest(http.MethodPost, config.InternalServer+path, bytes.NewBuffer(inbody))
- if err != nil {
- nlog.Errorf("new handshake request fail:%v", err)
- return err
- }
- req.Host = host
- req.Header.Set("Content-Type", "application/json")
- for key, val := range headers {
- req.Header.Set(key, val)
- }
- client := &http.Client{}
- resp, err := client.Do(req)
- if err != nil {
- nlog.Errorf("do http request fail:%v", err)
- time.Sleep(time.Second)
- continue
- }
-
- defer resp.Body.Close()
- body, err := io.ReadAll(resp.Body)
- if err != nil {
- return err
- }
-
- if resp.StatusCode != http.StatusOK {
- nlog.Warnf("Request error, path: %s, code: %d, message: %s", path, resp.StatusCode, string(body))
- time.Sleep(time.Second)
- continue
- }
-
- if err = json.Unmarshal(body, out); err != nil {
- nlog.Errorf("Json unmarshal failed, err:%s, body:%s", err.Error(), string(body))
- time.Sleep(time.Second)
- continue
- }
- return nil
- }
-
- return fmt.Errorf("request error, retry at maxtimes:%d, path: %s", maxRetryTimes, path)
+func doHTTPWithDefaultRetry(in interface{}, out interface{}, hp *utils.HTTPParam) error {
+ return utils.DoHTTPWithRetry(in, out, hp, time.Second, 5)
}
-func (c *DomainRouteController) waitTokenReady(ctx context.Context, dr *kusciaapisv1alpha1.DomainRoute) error {
- maxRetryTimes := 60
+func (c *DomainRouteController) waitTokenReady(drName string) error {
+ maxRetryTimes := 30
i := 0
t := time.NewTicker(time.Second)
defer t.Stop()
- var err error
- var out *getResponse
- for {
+ for range t.C {
i++
+ drLatest, err := c.domainRouteLister.DomainRoutes(c.gateway.Namespace).Get(drName)
+ if err != nil {
+ return err
+ }
+ if drLatest.Status.TokenStatus.RevisionToken.IsReady {
+ return nil
+ }
+ if drLatest.Status.TokenStatus.RevisionToken.Token == "" {
+ return fmt.Errorf("token of dr %s was deleted ", drName)
+ }
if i == maxRetryTimes {
- return fmt.Errorf("wait dr %s token ready failed at max retry times:%d, last error: %s", dr.Name, maxRetryTimes, err.Error())
- }
- select {
- case <-ctx.Done():
- return ctx.Err()
- case <-t.C:
- var drLatest *kusciaapisv1alpha1.DomainRoute
- drLatest, err = c.domainRouteLister.DomainRoutes(dr.Namespace).Get(dr.Name)
- if err != nil {
- return err
- }
- if drLatest.Status.TokenStatus.RevisionToken.IsReady {
- return nil
- }
- if drLatest.Status.TokenStatus.RevisionToken.Token == "" {
- return fmt.Errorf("token of dr %s was deleted ", drLatest.Name)
- }
- if drLatest.Status.TokenStatus.RevisionInitializer != c.gateway.Name {
- return fmt.Errorf("dr %s may change initializer ", drLatest.Name)
- }
- out, err = c.checkConnectionStatus(drLatest)
- if err != nil {
- if out != nil && out.State != NetworkUnreachable {
- if out.State == TokenNotReady {
- continue
- } else {
- nlog.Warnf("err:%s, retry time: %d", err.Error(), i)
- return err
- }
- } else {
- nlog.Warnf("err:%s, retry time: %d", err.Error(), i)
- }
- } else {
- nlog.Infof("Destination(%s) token is ready", drLatest.Spec.Destination)
- return nil
- }
+ break
}
}
+ return fmt.Errorf("wait dr %s token ready failed at max retry times:%d", drName, maxRetryTimes)
}
-func (c *DomainRouteController) checkConnectionStatus(dr *kusciaapisv1alpha1.DomainRoute) (*getResponse, error) {
- handshake := "/handshake"
- if !dr.Status.TokenStatus.RevisionToken.IsReady {
- handshake = fmt.Sprintf("%s%s", strings.TrimSuffix(dr.Spec.Endpoint.Ports[0].PathPrefix, "/"), "/handshake")
- }
- req, err := http.NewRequest(http.MethodGet, config.InternalServer+handshake, nil)
- if err != nil {
- nlog.Errorf("new handshake request fail:%v", err)
- return nil, err
- }
- ns := dr.Spec.Destination
- if dr.Spec.Transit != nil {
- ns = dr.Spec.Transit.Domain.DomainID
- }
- req.Host = fmt.Sprintf("%s.%s.svc", clusters.ServiceHandshake, ns)
- req.Header.Set("Content-Type", "application/json")
- req.Header.Set(fmt.Sprintf("%s-Cluster", clusters.ServiceHandshake), fmt.Sprintf("%s-to-%s-%s", dr.Spec.Source, ns, dr.Spec.Endpoint.Ports[0].Name))
- req.Header.Set("Kuscia-Token-Revision", fmt.Sprintf("%d", dr.Status.TokenStatus.RevisionToken.Revision))
- req.Header.Set("Kuscia-Source", dr.Spec.Source)
- req.Header.Set("kuscia-Host", fmt.Sprintf("%s.%s.svc", clusters.ServiceHandshake, ns))
- client := &http.Client{}
- resp, err := client.Do(req)
-
- buildUnreachableResp := func() *getResponse {
- out := &getResponse{
- Namespace: ns,
- State: NetworkUnreachable,
- }
- return out
+func (c *DomainRouteController) checkConnectionStatus(dr *kusciaapisv1alpha1.DomainRoute, clusterName string) error {
+ out := &getResponse{}
+ headers := map[string]string{
+ kusciaTokenRevision: fmt.Sprintf("%d", dr.Status.TokenStatus.RevisionToken.Revision),
}
- if err != nil {
- return buildUnreachableResp(), fmt.Errorf("do http request fail:%v", err)
+ handshakePath := utils.GetHandshakePathSuffix()
+ if !dr.Status.TokenStatus.RevisionToken.IsReady {
+ handshakePath = utils.GetHandshakePathOfEndpoint(dr.Spec.Endpoint)
}
- defer resp.Body.Close()
- body, err := io.ReadAll(resp.Body)
+ hp := &utils.HTTPParam{
+ Method: http.MethodGet,
+ Path: handshakePath,
+ ClusterName: clusterName,
+ KusciaHost: getHandshakeHost(dr),
+ KusciaSource: dr.Spec.Source,
+ Headers: headers}
+ err := utils.DoHTTP(nil, out, hp)
if err != nil {
- return buildUnreachableResp(), fmt.Errorf("read body failed, err:%s, code: %d", err.Error(), resp.StatusCode)
- }
- if resp.StatusCode != http.StatusOK {
- if len(body) > 200 {
- body = body[:200]
- }
- return buildUnreachableResp(), fmt.Errorf("request error, path: %s, code: %d, message: %s", fmt.Sprintf("%s.%s.svc/handshake",
- clusters.ServiceHandshake, ns), resp.StatusCode, string(body))
- }
- out := &getResponse{}
- err = json.Unmarshal(body, out)
- if err != nil {
- return buildUnreachableResp(), err
+ c.markDestUnreachable(context.Background(), dr)
+ return err
}
- return out, c.handleGetResponse(out, dr)
+ c.refreshHeartbeatTime(dr)
+ c.markDestReachable(context.Background(), dr)
+ return c.handleGetResponse(out, dr)
}
func (c *DomainRouteController) handleGetResponse(out *getResponse, dr *kusciaapisv1alpha1.DomainRoute) error {
@@ -245,6 +146,9 @@ func (c *DomainRouteController) handleGetResponse(out *getResponse, dr *kusciaap
dr.Status.TokenStatus.RevisionToken.IsReady = true
dr.Status.IsDestinationUnreachable = false
_, err := c.kusciaClient.KusciaV1alpha1().DomainRoutes(dr.Namespace).UpdateStatus(context.Background(), dr, metav1.UpdateOptions{})
+ if err == nil {
+ nlog.Infof("Domainroute %s found destination token(revsion %d) ready", dr.Name, dr.Status.TokenStatus.RevisionToken.Revision)
+ }
return err
}
return nil
@@ -253,6 +157,9 @@ func (c *DomainRouteController) handleGetResponse(out *getResponse, dr *kusciaap
dr = dr.DeepCopy()
dr.Status.TokenStatus = kusciaapisv1alpha1.DomainRouteTokenStatus{}
_, err := c.kusciaClient.KusciaV1alpha1().DomainRoutes(dr.Namespace).UpdateStatus(context.Background(), dr, metav1.UpdateOptions{})
+ if err == nil {
+ nlog.Infof("Domainroute %s found destination token(revsion %d) not exist", dr.Name, dr.Status.TokenStatus.RevisionToken.Revision)
+ }
return err
}
return nil
@@ -292,7 +199,7 @@ func calcPublicKeyHash(pubStr string) ([]byte, error) {
return msgHash.Sum(nil), nil
}
-func (c *DomainRouteController) sourceInitiateHandShake(dr *kusciaapisv1alpha1.DomainRoute) error {
+func (c *DomainRouteController) sourceInitiateHandShake(dr *kusciaapisv1alpha1.DomainRoute, clusterName string) error {
if dr.Spec.TokenConfig.SourcePublicKey != c.gateway.Status.PublicKey {
nlog.Errorf("DomainRoute %s: mismatch source public key", dr.Name)
return nil
@@ -311,17 +218,14 @@ func (c *DomainRouteController) sourceInitiateHandShake(dr *kusciaapisv1alpha1.D
resp := &handshake.HandShakeResponse{}
if dr.Spec.TokenConfig.TokenGenMethod == kusciaapisv1alpha1.TokenGenUIDRSA {
handshankeReq.Type = handShakeTypeUID
- ns := dr.Spec.Destination
- if dr.Spec.Transit != nil {
- ns = dr.Spec.Transit.Domain.DomainID
- }
- headers := map[string]string{
- fmt.Sprintf("%s-Cluster", clusters.ServiceHandshake): fmt.Sprintf("%s-to-%s-%s", dr.Spec.Source, ns, dr.Spec.Endpoint.Ports[0].Name),
- "Kuscia-Source": dr.Spec.Source,
- "kuscia-Host": fmt.Sprintf("%s.%s.svc", clusters.ServiceHandshake, ns),
- }
- handshake := fmt.Sprintf("%s%s", strings.TrimSuffix(dr.Spec.Endpoint.Ports[0].PathPrefix, "/"), "/handshake")
- err := doHTTP(handshankeReq, resp, handshake, fmt.Sprintf("%s.%s.svc", clusters.ServiceHandshake, ns), headers)
+ handshakePath := utils.GetHandshakePathOfEndpoint(dr.Spec.Endpoint)
+ err := doHTTPWithDefaultRetry(handshankeReq, resp, &utils.HTTPParam{
+ Method: http.MethodPost,
+ Path: handshakePath,
+ KusciaSource: dr.Spec.Source,
+ ClusterName: clusterName,
+ KusciaHost: getHandshakeHost(dr),
+ })
if err != nil {
nlog.Errorf("DomainRoute %s: handshake fail:%v", dr.Name, err)
return err
@@ -373,17 +277,14 @@ func (c *DomainRouteController) sourceInitiateHandShake(dr *kusciaapisv1alpha1.D
Pubhash: base64.StdEncoding.EncodeToString(msgHashSum),
}
- ns := dr.Spec.Destination
- if dr.Spec.Transit != nil {
- ns = dr.Spec.Transit.Domain.DomainID
- }
- headers := map[string]string{
- fmt.Sprintf("%s-Cluster", clusters.ServiceHandshake): fmt.Sprintf("%s-to-%s-%s", dr.Spec.Source, ns, dr.Spec.Endpoint.Ports[0].Name),
- "Kuscia-Source": dr.Spec.Source,
- "kuscia-Host": fmt.Sprintf("%s.%s.svc", clusters.ServiceHandshake, ns),
- }
- handshake := fmt.Sprintf("%s%s", strings.TrimSuffix(dr.Spec.Endpoint.Ports[0].PathPrefix, "/"), "/handshake")
- err = doHTTP(handshankeReq, resp, handshake, fmt.Sprintf("%s.%s.svc", clusters.ServiceHandshake, ns), headers)
+ handshakePath := utils.GetHandshakePathOfEndpoint(dr.Spec.Endpoint)
+ err = doHTTPWithDefaultRetry(handshankeReq, resp, &utils.HTTPParam{
+ Method: http.MethodPost,
+ Path: handshakePath,
+ KusciaSource: dr.Spec.Source,
+ ClusterName: clusterName,
+ KusciaHost: getHandshakeHost(dr),
+ })
if err != nil {
nlog.Errorf("DomainRoute %s: handshake fail:%v", dr.Name, err)
return err
@@ -415,7 +316,7 @@ func (c *DomainRouteController) sourceInitiateHandShake(dr *kusciaapisv1alpha1.D
drCopy.Status.IsDestinationAuthorized = true
drCopy.Status.TokenStatus.RevisionToken.Token = tokenEncrypted
drCopy.Status.TokenStatus.RevisionToken.Revision = int64(resp.Token.Revision)
- drCopy.Status.TokenStatus.RevisionToken.IsReady = false
+ drCopy.Status.TokenStatus.RevisionToken.IsReady = true
drCopy.Status.TokenStatus.RevisionToken.RevisionTime = tn
if drCopy.Spec.TokenConfig.RollingUpdatePeriod == 0 {
drCopy.Status.TokenStatus.RevisionToken.ExpirationTime = metav1.NewTime(tn.AddDate(100, 0, 0))
@@ -454,7 +355,7 @@ func (c *DomainRouteController) handShakeHandle(w http.ResponseWriter, r *http.R
}
domainID := r.Header.Get("Kuscia-Source")
- tokenRevision := r.Header.Get("Kuscia-Token-Revision")
+ tokenRevision := r.Header.Get(kusciaTokenRevision)
resp.State = c.checkTokenStatus(domainID, tokenRevision)
w.Header().Set("Content-Type", "application/json")
@@ -475,21 +376,7 @@ func (c *DomainRouteController) handShakeHandle(w http.ResponseWriter, r *http.R
}
drName := common.GenDomainRouteName(req.DomainId, c.gateway.Namespace)
- dr, err := c.domainRouteLister.DomainRoutes(c.gateway.Namespace).Get(drName)
- if err != nil {
- msg := fmt.Sprintf("DomainRoute %s get error: %v", drName, err)
- nlog.Error(msg)
- http.Error(w, msg, http.StatusNotFound)
- return
- }
- if !(req.Type == handShakeTypeUID && dr.Spec.TokenConfig.TokenGenMethod == kusciaapisv1alpha1.TokenGenUIDRSA) &&
- !(req.Type == handShakeTypeRSA && dr.Spec.TokenConfig.TokenGenMethod == kusciaapisv1alpha1.TokenGenMethodRSA) {
- errMsg := fmt.Sprintf("handshake Type(%s) not match domainroute required(%s)", req.Type, dr.Spec.TokenConfig.TokenGenMethod)
- nlog.Error(errMsg)
- http.Error(w, errMsg, http.StatusInternalServerError)
- return
- }
- resp := c.DestReplyHandshake(&req, dr)
+ resp := c.DestReplyHandshake(&req, drName)
w.Header().Set("Content-Type", "application/json")
err = json.NewEncoder(w).Encode(resp)
if err != nil {
@@ -548,7 +435,17 @@ func buildFailedHandshakeReply(code int32, err error) *handshake.HandShakeRespon
return resp
}
-func (c *DomainRouteController) DestReplyHandshake(req *handshake.HandShakeRequest, dr *kusciaapisv1alpha1.DomainRoute) *handshake.HandShakeResponse {
+func (c *DomainRouteController) DestReplyHandshake(req *handshake.HandShakeRequest, drName string) *handshake.HandShakeResponse {
+ dr, err := c.domainRouteLister.DomainRoutes(c.gateway.Namespace).Get(drName)
+ if err != nil {
+ err = fmt.Errorf("domainRoute %s get error: %v", drName, err)
+ return buildFailedHandshakeReply(500, err)
+ }
+ if !(req.Type == handShakeTypeUID && dr.Spec.TokenConfig.TokenGenMethod == kusciaapisv1alpha1.TokenGenUIDRSA) &&
+ !(req.Type == handShakeTypeRSA && dr.Spec.TokenConfig.TokenGenMethod == kusciaapisv1alpha1.TokenGenMethodRSA) {
+ err = fmt.Errorf("handshake Type(%s) not match domainroute required(%s)", req.Type, dr.Spec.TokenConfig.TokenGenMethod)
+ return buildFailedHandshakeReply(500, err)
+ }
srcPub, err := base64.StdEncoding.DecodeString(dr.Spec.TokenConfig.SourcePublicKey)
if err != nil {
return buildFailedHandshakeReply(500, err)
@@ -651,6 +548,11 @@ func (c *DomainRouteController) DestReplyHandshake(req *handshake.HandShakeReque
expirationTime = drLatest.Status.TokenStatus.RevisionToken.ExpirationTime
}
+ err = c.waitTokenReady(drLatest.Name)
+ if err != nil {
+ return buildFailedHandshakeReply(500, err)
+ }
+
return &handshake.HandShakeResponse{
Status: &v1alpha1.Status{
Code: 0,
@@ -764,7 +666,7 @@ func exists(slice []string, val string) bool {
return false
}
-func HandshakeToMaster(domainID string, path string, prikey *rsa.PrivateKey) error {
+func HandshakeToMaster(domainID string, pathPrefix string, prikey *rsa.PrivateKey) error {
handshankeReq := &handshake.HandShakeRequest{
DomainId: domainID,
RequestTime: time.Now().UnixNano(),
@@ -777,21 +679,34 @@ func HandshakeToMaster(domainID string, path string, prikey *rsa.PrivateKey) err
handshankeReq.Type = handShakeTypeUID
resp := &handshake.HandShakeResponse{}
- headers := map[string]string{
- "Kuscia-Source": domainID,
- fmt.Sprintf("%s-Cluster", clusters.ServiceHandshake): clusters.GetMasterClusterName(),
- "kuscia-Host": fmt.Sprintf("%s.master.svc", clusters.ServiceHandshake),
+ handshakePath := utils.GetHandshakePathOfPrefix(pathPrefix)
+ maxRetryTimes := 50
+ for i := 0; i < maxRetryTimes; i++ {
+ resp = &handshake.HandShakeResponse{}
+ err := utils.DoHTTP(handshankeReq, resp, &utils.HTTPParam{
+ Method: http.MethodPost,
+ Path: handshakePath,
+ KusciaSource: domainID,
+ ClusterName: clusters.GetMasterClusterName(),
+ KusciaHost: fmt.Sprintf("%s.master.svc", utils.ServiceHandshake),
+ })
+ if err != nil {
+ nlog.Warn(err)
+ } else {
+ if resp.Status.Code == 0 {
+ break
+ } else {
+ nlog.Warn(resp.Status.Message)
+ }
+ }
+ time.Sleep(time.Second)
}
- handshake := fmt.Sprintf("%s%s", strings.TrimSuffix(path, "/"), "/handshake")
- err := doHTTP(handshankeReq, resp, handshake, fmt.Sprintf("%s.master.svc", clusters.ServiceHandshake), headers)
- if err != nil {
+
+ if resp.Status.Code != 0 {
+ err := fmt.Errorf("handshake to master fail, return error:%v", resp.Status.Message)
nlog.Error(err)
return err
}
- if resp.Status.Code != 0 {
- nlog.Errorf("Handshake to master fail, return error:%v", resp.Status.Message)
- return errors.New(resp.Status.Message)
- }
token, err := decryptToken(prikey, resp.Token.Token, tokenByteSize)
if err != nil {
nlog.Errorf("Handshake to master decryptToken err:%s", err.Error())
@@ -802,7 +717,7 @@ func HandshakeToMaster(domainID string, path string, prikey *rsa.PrivateKey) err
nlog.Error(err)
return err
}
- if err := clusters.AddMasterProxyVirtualHost(c.Name, path, clusters.ServiceMasterProxy, domainID, base64.StdEncoding.EncodeToString(token)); err != nil {
+ if err := clusters.AddMasterProxyVirtualHost(c.Name, pathPrefix, utils.ServiceMasterProxy, domainID, base64.StdEncoding.EncodeToString(token)); err != nil {
nlog.Error(err)
return err
}
diff --git a/pkg/gateway/controller/interconn/bfia_handler.go b/pkg/gateway/controller/interconn/bfia_handler.go
index 692908f0..046bfcbc 100644
--- a/pkg/gateway/controller/interconn/bfia_handler.go
+++ b/pkg/gateway/controller/interconn/bfia_handler.go
@@ -15,6 +15,8 @@
package interconn
import (
+ "fmt"
+
envoycluster "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
route "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
@@ -36,10 +38,9 @@ const (
type BFIAHandler struct {
}
-func (handler *BFIAHandler) GenerateInternalRoute(dr *kusciaapisv1alpha1.DomainRoute, dp kusciaapisv1alpha1.DomainPort,
- token string) []*route.Route {
-
- transportRouteRouteAction := generateDefaultRouteAction(dr, dp)
+func (handler *BFIAHandler) GenerateInternalRoute(dr *kusciaapisv1alpha1.DomainRoute, dp kusciaapisv1alpha1.DomainPort, token string) []*route.Route {
+ clusterName := fmt.Sprintf("%s-to-%s-%s", dr.Spec.Source, dr.Spec.Destination, dp.Name)
+ transportRouteRouteAction := generateDefaultRouteAction(dr, clusterName)
transportRouteRouteAction.PrefixRewrite = ptpOuterPushPath
transportRoute := &route.Route{
Match: &route.RouteMatch{
@@ -82,7 +83,7 @@ func (handler *BFIAHandler) GenerateInternalRoute(dr *kusciaapisv1alpha1.DomainR
},
},
Action: &route.Route_Route{
- Route: xds.AddDefaultTimeout(generateDefaultRouteAction(dr, dp)),
+ Route: xds.AddDefaultTimeout(generateDefaultRouteAction(dr, clusterName)),
},
RequestHeadersToAdd: []*core.HeaderValueOption{
{
diff --git a/pkg/gateway/controller/interconn/factory.go b/pkg/gateway/controller/interconn/factory.go
index c6d0ea84..ae905b90 100644
--- a/pkg/gateway/controller/interconn/factory.go
+++ b/pkg/gateway/controller/interconn/factory.go
@@ -15,8 +15,6 @@
package interconn
import (
- "fmt"
-
envoycluster "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
route "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
"google.golang.org/protobuf/types/known/wrapperspb"
@@ -67,10 +65,10 @@ func (f *Factory) UpdateDstCluster(dr *kusciaapisv1alpha1.DomainRoute,
}
func generateDefaultRouteAction(dr *kusciaapisv1alpha1.DomainRoute,
- dp kusciaapisv1alpha1.DomainPort) *route.RouteAction {
+ clusterName string) *route.RouteAction {
action := &route.RouteAction{
ClusterSpecifier: &route.RouteAction_Cluster{
- Cluster: fmt.Sprintf("%s-to-%s-%s", dr.Spec.Source, dr.Spec.Destination, dp.Name),
+ Cluster: clusterName,
},
HostRewriteSpecifier: &route.RouteAction_AutoHostRewrite{
AutoHostRewrite: wrapperspb.Bool(true),
diff --git a/pkg/gateway/controller/interconn/kuscia_handler.go b/pkg/gateway/controller/interconn/kuscia_handler.go
index c9a4fcee..da79cddf 100644
--- a/pkg/gateway/controller/interconn/kuscia_handler.go
+++ b/pkg/gateway/controller/interconn/kuscia_handler.go
@@ -27,16 +27,16 @@ import (
route "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
kusciaapisv1alpha1 "github.com/secretflow/kuscia/pkg/crd/apis/kuscia/v1alpha1"
- "github.com/secretflow/kuscia/pkg/gateway/clusters"
+ "github.com/secretflow/kuscia/pkg/gateway/utils"
"github.com/secretflow/kuscia/pkg/gateway/xds"
)
type KusciaHandler struct {
}
-func (handler *KusciaHandler) GenerateInternalRoute(dr *kusciaapisv1alpha1.DomainRoute,
- dp kusciaapisv1alpha1.DomainPort, token string) []*route.Route {
- action := generateDefaultRouteAction(dr, dp)
+func (handler *KusciaHandler) GenerateInternalRoute(dr *kusciaapisv1alpha1.DomainRoute, dp kusciaapisv1alpha1.DomainPort, token string) []*route.Route {
+ clusterName := fmt.Sprintf("%s-to-%s-%s", dr.Spec.Source, dr.Spec.Destination, dp.Name)
+ action := generateDefaultRouteAction(dr, clusterName)
if len(dp.PathPrefix) > 0 {
action.PrefixRewrite = strings.TrimSuffix(dp.PathPrefix, "/") + "/"
}
@@ -86,7 +86,7 @@ func (handler *KusciaHandler) GenerateInternalRoute(dr *kusciaapisv1alpha1.Domai
func (handler *KusciaHandler) UpdateDstCluster(dr *kusciaapisv1alpha1.DomainRoute,
cluster *envoycluster.Cluster) {
- handshake := fmt.Sprintf("%s%s", strings.TrimSuffix(dr.Spec.Endpoint.Ports[0].PathPrefix, "/"), "/handshake")
+ handshakePath := utils.GetHandshakePathOfEndpoint(dr.Spec.Endpoint)
cluster.HealthChecks = []*core.HealthCheck{
{
Timeout: durationpb.New(time.Second),
@@ -97,12 +97,12 @@ func (handler *KusciaHandler) UpdateDstCluster(dr *kusciaapisv1alpha1.DomainRout
HealthChecker: &core.HealthCheck_HttpHealthCheck_{
HttpHealthCheck: &core.HealthCheck_HttpHealthCheck{
Host: dr.Spec.Endpoint.Host,
- Path: handshake,
+ Path: handshakePath,
RequestHeadersToAdd: []*core.HeaderValueOption{
{
Header: &core.HeaderValue{
Key: "Kuscia-Host",
- Value: fmt.Sprintf("%s.%s.svc", clusters.ServiceHandshake, dr.Spec.Destination),
+ Value: fmt.Sprintf("%s.%s.svc", utils.ServiceHandshake, dr.Spec.Destination),
},
},
{
diff --git a/pkg/gateway/controller/regitser_node.go b/pkg/gateway/controller/regitser_node.go
index 10c2cc1f..4dc35d16 100644
--- a/pkg/gateway/controller/regitser_node.go
+++ b/pkg/gateway/controller/regitser_node.go
@@ -39,6 +39,7 @@ import (
"github.com/secretflow/kuscia/pkg/common"
kusciaapisv1alpha1 "github.com/secretflow/kuscia/pkg/crd/apis/kuscia/v1alpha1"
"github.com/secretflow/kuscia/pkg/gateway/clusters"
+ "github.com/secretflow/kuscia/pkg/gateway/utils"
"github.com/secretflow/kuscia/pkg/utils/nlog"
"github.com/secretflow/kuscia/proto/api/v1alpha1/handshake"
)
@@ -75,13 +76,17 @@ func RegisterDomain(namespace, path, csrData string, prikey *rsa.PrivateKey, aft
}
regResp := &handshake.RegisterResponse{}
headers := map[string]string{
- "Kuscia-Source": namespace,
- fmt.Sprintf("%s-Cluster", clusters.ServiceHandshake): clusters.GetMasterClusterName(),
- "kuscia-Host": fmt.Sprintf("%s.master.svc", clusters.ServiceHandshake),
- "jwt-token": tokenstr,
- }
- register := fmt.Sprintf("%s%s", strings.TrimSuffix(path, "/"), "/register")
- err = doHTTP(regReq, regResp, register, fmt.Sprintf("%s.master.svc", clusters.ServiceHandshake), headers)
+ "jwt-token": tokenstr,
+ }
+ registerPath := fmt.Sprintf("%s%s", strings.TrimSuffix(path, "/"), "/register")
+ err = doHTTPWithDefaultRetry(regReq, regResp, &utils.HTTPParam{
+ Method: http.MethodPost,
+ Path: registerPath,
+ KusciaSource: namespace,
+ ClusterName: clusters.GetMasterClusterName(),
+ KusciaHost: fmt.Sprintf("%s.master.svc", utils.ServiceHandshake),
+ Headers: headers,
+ })
if err != nil {
return err
}
@@ -192,7 +197,7 @@ func (c *DomainRouteController) registerHandle(w http.ResponseWriter, r *http.Re
}
return
}
- nlog.Infof("Domain %s update status success", do.Name)
+ nlog.Infof("Domain %s update status success, set token used", do.Name)
}
}
@@ -216,7 +221,7 @@ func (c *DomainRouteController) registerHandle(w http.ResponseWriter, r *http.Re
}
return
}
- nlog.Infof("Domain %s update success", do.Name)
+ nlog.Infof("Domain %s register success, set domain cert", do.Name)
} else {
errmsg := fmt.Errorf("domain %s register failed(token match error)", req.DomainId)
nlog.Error(errmsg)
diff --git a/pkg/gateway/metrics/monitor.go b/pkg/gateway/metrics/monitor.go
index bcacedc3..1cacd311 100644
--- a/pkg/gateway/metrics/monitor.go
+++ b/pkg/gateway/metrics/monitor.go
@@ -26,6 +26,7 @@ import (
"k8s.io/apimachinery/pkg/util/wait"
corelister "k8s.io/client-go/listers/core/v1"
+ "github.com/secretflow/kuscia/pkg/common"
kusciaapisv1alpha1 "github.com/secretflow/kuscia/pkg/crd/apis/kuscia/v1alpha1"
kuscialistersv1alpha1 "github.com/secretflow/kuscia/pkg/crd/listers/kuscia/v1alpha1"
"github.com/secretflow/kuscia/pkg/gateway/controller"
@@ -123,16 +124,17 @@ func (c *ClusterMetricsCollector) collect() {
}
for _, port := range dr.Spec.Endpoint.Ports {
- total, ok := metrics[fmt.Sprintf("cluster.%s-to-%s-%s.membership_total", dr.Spec.Source, dr.Spec.Destination, port.Name)]
+ clusterName := common.GenerateClusterName(dr.Spec.Source, dr.Spec.Destination, port.Name)
+ total, ok := metrics[fmt.Sprintf("cluster.%s.membership_total", clusterName)]
if !ok {
continue
}
- healthy, ok := metrics[fmt.Sprintf("cluster.%s-to-%s-%s.membership_healthy", dr.Spec.Source, dr.Spec.Destination, port.Name)]
+ healthy, ok := metrics[fmt.Sprintf("cluster.%s.membership_healthy", clusterName)]
if !ok {
continue
}
networkStatus = append(networkStatus, &kusciaapisv1alpha1.GatewayEndpointStatus{
- Name: fmt.Sprintf("%s-to-%s-%s", dr.Spec.Source, dr.Spec.Destination, port.Name),
+ Name: clusterName,
Type: "DomainRoute",
TotalEndpointsCount: total,
HealthyEndpointsCount: healthy,
diff --git a/pkg/gateway/utils/clusters.go b/pkg/gateway/utils/clusters.go
new file mode 100644
index 00000000..e8c92489
--- /dev/null
+++ b/pkg/gateway/utils/clusters.go
@@ -0,0 +1,28 @@
+// Copyright 2023 Ant Group Co., Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package utils
+
+var (
+ InternalServer = "http://127.0.0.1:80"
+)
+
+const (
+ DomainAPIServer = "apiserver.master.svc"
+ ServiceMasterProxy = "masterproxy"
+ ServiceAPIServer = "apiserver"
+ ServiceKusciaStorage = "kusciastorage"
+ ServiceHandshake = "kuscia-handshake"
+ ServiceKusciaAPI = "kusciaapi"
+)
diff --git a/pkg/gateway/utils/handshake.go b/pkg/gateway/utils/handshake.go
new file mode 100644
index 00000000..ee446068
--- /dev/null
+++ b/pkg/gateway/utils/handshake.go
@@ -0,0 +1,27 @@
+package utils
+
+import (
+ "fmt"
+ "strings"
+
+ "github.com/secretflow/kuscia/pkg/crd/apis/kuscia/v1alpha1"
+)
+
+func GetPrefixIfPresent(endpoint v1alpha1.DomainEndpoint) string {
+ if len(endpoint.Ports) > 0 {
+ return strings.TrimSuffix(endpoint.Ports[0].PathPrefix, "/")
+ }
+ return ""
+}
+
+func GetHandshakePathSuffix() string {
+ return "/handshake"
+}
+
+func GetHandshakePathOfEndpoint(endpoint v1alpha1.DomainEndpoint) string {
+ return fmt.Sprintf("%s%s", GetPrefixIfPresent(endpoint), GetHandshakePathSuffix())
+}
+
+func GetHandshakePathOfPrefix(pathPrefix string) string {
+ return fmt.Sprintf("%s%s", strings.TrimSuffix(pathPrefix, "/"), GetHandshakePathSuffix())
+}
diff --git a/pkg/gateway/utils/http.go b/pkg/gateway/utils/http.go
index f7ef72c0..959996ae 100644
--- a/pkg/gateway/utils/http.go
+++ b/pkg/gateway/utils/http.go
@@ -15,11 +15,25 @@
package utils
import (
+ "bytes"
+ "encoding/json"
"fmt"
+ "io"
+ "net/http"
"strconv"
"strings"
+ "time"
)
+type HTTPParam struct {
+ Method string
+ Path string
+ ClusterName string
+ KusciaSource string
+ KusciaHost string
+ Headers map[string]string
+}
+
func ParseURL(url string) (string, string, uint32, string, error) {
var protocol, hostPort, host, path string
var port int
@@ -56,3 +70,112 @@ func ParseURL(url string) (string, string, uint32, string, error) {
return protocol, host, uint32(port), path, nil
}
+
+func DoHTTPWithRetry(in interface{}, out interface{}, hp *HTTPParam, waitTime time.Duration, maxRetryTimes int) error {
+ var err error
+ for i := 0; i < maxRetryTimes; i++ {
+ err = DoHTTP(in, out, hp)
+ if err == nil {
+ return nil
+ }
+ time.Sleep(waitTime)
+ }
+
+ return fmt.Errorf("request error, retry at maxtimes:%d, path: %s, err:%s", maxRetryTimes, hp.Path, err.Error())
+}
+
+type ErrType int
+
+const (
+ NewHTTPRequestError ErrType = iota
+ InParameterMarshalToJSONError
+ OutParameterRunMarshalFromJSONError
+ ResponseStatusCodeNotOK
+ DoHTTPError
+ IOError
+)
+
+func DoHTTPWithHandler(in interface{}, out interface{}, hp *HTTPParam, handler func(et ErrType, err error)) {
+ var req *http.Request
+ var err error
+ if hp.Method == http.MethodGet {
+ req, err = http.NewRequest(http.MethodGet, InternalServer+hp.Path, nil)
+ if err != nil && handler != nil {
+ handler(NewHTTPRequestError, err)
+ return
+ }
+ } else {
+ inbody, err := json.Marshal(in)
+ if err != nil && handler != nil {
+ handler(InParameterMarshalToJSONError, err)
+ return
+ }
+ req, err = http.NewRequest(hp.Method, InternalServer+hp.Path, bytes.NewBuffer(inbody))
+ if err != nil && handler != nil {
+ handler(NewHTTPRequestError, err)
+ return
+ }
+ }
+
+ req.Header.Set("Content-Type", "application/json")
+ req.Header.Set(fmt.Sprintf("%s-Cluster", ServiceHandshake), hp.ClusterName)
+ req.Header.Set("Kuscia-Source", hp.KusciaSource)
+ req.Header.Set("kuscia-Host", hp.KusciaHost)
+ for key, val := range hp.Headers {
+ req.Header.Set(key, val)
+ }
+ client := &http.Client{}
+ resp, err := client.Do(req)
+ if err != nil && handler != nil {
+ handler(DoHTTPError, err)
+ return
+ }
+
+ defer resp.Body.Close()
+ body, err := io.ReadAll(resp.Body)
+ if err != nil && handler != nil {
+ handler(IOError, err)
+ return
+ }
+
+ if resp.StatusCode != http.StatusOK && handler != nil {
+ if len(body) > 200 {
+ body = body[:200]
+ }
+ handler(ResponseStatusCodeNotOK, fmt.Errorf("code: %d, message: %s", resp.StatusCode, string(body)))
+ return
+ }
+
+ if err := json.Unmarshal(body, out); err != nil && handler != nil {
+ if len(body) > 200 {
+ body = body[:200]
+ }
+ handler(OutParameterRunMarshalFromJSONError, fmt.Errorf("%s, body:%s", err.Error(), string(body)))
+ return
+ }
+}
+
+func DoHTTP(in interface{}, out interface{}, hp *HTTPParam) error {
+ var e error
+ DoHTTPWithHandler(in, out, hp, func(et ErrType, err error) {
+ switch et {
+ case NewHTTPRequestError:
+ e = fmt.Errorf("%s new fail:%v", genErrorPrefix(hp), err)
+ case InParameterMarshalToJSONError:
+ e = fmt.Errorf("%s in parameter marshal to json fail:%v", genErrorPrefix(hp), err)
+ case OutParameterRunMarshalFromJSONError:
+ e = fmt.Errorf("%s out parameter unmarshal from json fail:%v", genErrorPrefix(hp), err)
+ case ResponseStatusCodeNotOK:
+ e = fmt.Errorf("%s get code is not ok: %v", genErrorPrefix(hp), err)
+ case DoHTTPError:
+ e = fmt.Errorf("%s do fail: %v", genErrorPrefix(hp), err)
+ case IOError:
+ e = fmt.Errorf("%s read body fail: %v", genErrorPrefix(hp), err)
+ }
+ })
+ return e
+}
+
+func genErrorPrefix(hp *HTTPParam) string {
+ return fmt.Sprintf("request(method:%s path:%s cluster:%s host:%s)", hp.Method, hp.Path, hp.ClusterName, hp.KusciaHost)
+}
diff --git a/pkg/gateway/xds/xds.go b/pkg/gateway/xds/xds.go
index 55773cb7..15ca4cc4 100644
--- a/pkg/gateway/xds/xds.go
+++ b/pkg/gateway/xds/xds.go
@@ -445,7 +445,6 @@ func QueryCluster(name string) (*envoycluster.Cluster, error) {
clusters := snapshot.Resources[types.Cluster].Items
rs, ok := clusters[name]
if !ok {
- nlog.Errorf("unknown cluster: %s", name)
return nil, fmt.Errorf("unknown cluster: %s", name)
}
cluster, ok := rs.Resource.(*envoycluster.Cluster)
diff --git a/pkg/kusciaapi/service/domain_route_service.go b/pkg/kusciaapi/service/domain_route_service.go
index 8042c3fe..fc3d298a 100644
--- a/pkg/kusciaapi/service/domain_route_service.go
+++ b/pkg/kusciaapi/service/domain_route_service.go
@@ -102,6 +102,12 @@ func (s domainRouteService) CreateDomainRoute(ctx context.Context, request *kusc
cdrAuthenticationType = v1alpha1.DomainAuthenticationToken
// build cdr token config
tokenConfig := request.TokenConfig
+ if tokenConfig == nil {
+ // set default token config
+ tokenConfig = &kusciaapi.TokenConfig{
+ TokenGenMethod: v1alpha1.TokenGenMethodRSA,
+ }
+ }
cdrTokenConfig = &v1alpha1.TokenConfig{
SourcePublicKey: tokenConfig.SourcePublicKey,
DestinationPublicKey: tokenConfig.DestinationPublicKey,
@@ -111,10 +117,12 @@ func (s domainRouteService) CreateDomainRoute(ctx context.Context, request *kusc
cdrAuthenticationType = v1alpha1.DomainAuthenticationMTLS
// build cdr mtls config
mtlsConfig := request.MtlsConfig
- cdrMtlsConfig = &v1alpha1.DomainRouteMTLSConfig{
- TLSCA: mtlsConfig.TlsCa,
- SourceClientPrivateKey: mtlsConfig.SourceClientPrivateKey,
- SourceClientCert: mtlsConfig.SourceClientCert,
+ if mtlsConfig != nil {
+ cdrMtlsConfig = &v1alpha1.DomainRouteMTLSConfig{
+ TLSCA: mtlsConfig.TlsCa,
+ SourceClientPrivateKey: mtlsConfig.SourceClientPrivateKey,
+ SourceClientCert: mtlsConfig.SourceClientCert,
+ }
}
case string(v1alpha1.DomainAuthenticationNone):
cdrAuthenticationType = v1alpha1.DomainAuthenticationNone
diff --git a/pkg/kusciaapi/service/domain_route_service_test.go b/pkg/kusciaapi/service/domain_route_service_test.go
index 2e2e75e3..65325a09 100644
--- a/pkg/kusciaapi/service/domain_route_service_test.go
+++ b/pkg/kusciaapi/service/domain_route_service_test.go
@@ -100,6 +100,6 @@ func TestConvertDomainRouteProtocol(t *testing.T) {
assert.Nil(t, err)
assert.Equal(t, p, v1alpha1.DomainRouteProtocolGRPC)
- p, isTLS, err = convert2DomainRouteProtocol("xxx")
+ _, _, err = convert2DomainRouteProtocol("xxx")
assert.NotNil(t, err)
}
diff --git a/pkg/kusciaapi/service/domain_service.go b/pkg/kusciaapi/service/domain_service.go
index a23f6f0c..66fb185c 100644
--- a/pkg/kusciaapi/service/domain_service.go
+++ b/pkg/kusciaapi/service/domain_service.go
@@ -33,6 +33,7 @@ import (
"github.com/secretflow/kuscia/pkg/kusciaapi/proxy"
apiutils "github.com/secretflow/kuscia/pkg/kusciaapi/utils"
"github.com/secretflow/kuscia/pkg/utils/nlog"
+ "github.com/secretflow/kuscia/pkg/utils/resources"
"github.com/secretflow/kuscia/pkg/web/constants"
"github.com/secretflow/kuscia/pkg/web/utils"
"github.com/secretflow/kuscia/proto/api/v1alpha1/kusciaapi"
@@ -74,6 +75,13 @@ func (s domainService) CreateDomain(ctx context.Context, request *kusciaapi.Crea
Status: utils.BuildErrorResponseStatus(errorcode.ErrRequestValidate, "domain id can not be empty"),
}
}
+ // do k8s validate
+ if err := resources.ValidateK8sName(domainID, "doamin_id"); err != nil {
+ return &kusciaapi.CreateDomainResponse{
+ Status: utils.BuildErrorResponseStatus(errorcode.ErrRequestValidate, err.Error()),
+ }
+ }
+
role := request.Role
if role != "" && role != string(v1alpha1.Partner) {
return &kusciaapi.CreateDomainResponse{
diff --git a/pkg/kusciaapi/service/domaindata_grant.go b/pkg/kusciaapi/service/domaindata_grant.go
index d75e7942..302f2e6a 100644
--- a/pkg/kusciaapi/service/domaindata_grant.go
+++ b/pkg/kusciaapi/service/domaindata_grant.go
@@ -34,6 +34,7 @@ import (
"github.com/secretflow/kuscia/pkg/kusciaapi/config"
"github.com/secretflow/kuscia/pkg/kusciaapi/errorcode"
"github.com/secretflow/kuscia/pkg/utils/nlog"
+ "github.com/secretflow/kuscia/pkg/utils/resources"
"github.com/secretflow/kuscia/pkg/web/utils"
"github.com/secretflow/kuscia/proto/api/v1alpha1/kusciaapi"
)
@@ -61,25 +62,17 @@ func NewDomainDataGrantService(config *config.KusciaAPIConfig) IDomainDataGrantS
}
func (s *domainDataGrantService) CreateDomainDataGrant(ctx context.Context, request *kusciaapi.CreateDomainDataGrantRequest) *kusciaapi.CreateDomainDataGrantResponse {
- if request.GrantDomain == "" {
- return &kusciaapi.CreateDomainDataGrantResponse{
- Status: utils.BuildErrorResponseStatus(errorcode.ErrRequestValidate, "grantdomain cant be null"),
- }
- }
- if request.GrantDomain == request.DomainId {
- return &kusciaapi.CreateDomainDataGrantResponse{
- Status: utils.BuildErrorResponseStatus(errorcode.ErrRequestValidate, "grantdomain cant be self"),
- }
- }
- if request.DomaindataId == "" {
+ // do validate
+ if validateErr := validateCreateDomainDataGrantRequest(request); validateErr != nil {
return &kusciaapi.CreateDomainDataGrantResponse{
- Status: utils.BuildErrorResponseStatus(errorcode.ErrRequestValidate, "domaindata cant be null"),
+ Status: utils.BuildErrorResponseStatus(errorcode.ErrRequestValidate, validateErr.Error()),
}
}
+
dd, err := s.conf.KusciaClient.KusciaV1alpha1().DomainDatas(request.DomainId).Get(ctx, request.DomaindataId, metav1.GetOptions{})
if err != nil {
return &kusciaapi.CreateDomainDataGrantResponse{
- Status: utils.BuildErrorResponseStatus(errorcode.ErrRequestValidate, "domaindata cant be found"),
+ Status: utils.BuildErrorResponseStatus(errorcode.ErrRequestValidate, fmt.Sprintf("domaindata [%s] not exists", request.DomaindataId)),
}
}
if request.DomaindatagrantId != "" {
@@ -381,3 +374,31 @@ func (s *domainDataGrantService) signDomainDataGrant(dg *v1alpha1.DomainDataGran
dg.Signature = base64.StdEncoding.EncodeToString(sign)
return nil
}
+
+func validateCreateDomainDataGrantRequest(request *kusciaapi.CreateDomainDataGrantRequest) error {
+
+ if request.GrantDomain == "" {
+ return fmt.Errorf("grantdomain cant be null")
+ }
+
+ if request.GrantDomain == request.DomainId {
+ return fmt.Errorf("grantdomain cant be self")
+ }
+
+ if request.DomaindataId == "" {
+ return fmt.Errorf("domaindata cant be null")
+ }
+ // do k8s validate
+ if err := resources.ValidateK8sName(request.DomainId, "domain_id"); err != nil {
+ return err
+ }
+
+ if err := resources.ValidateK8sName(request.DomaindataId, "domaindata_id"); err != nil {
+ return err
+ }
+
+ if request.GetDomaindatagrantId() != "" {
+ return resources.ValidateK8sName(request.GetDomaindatagrantId(), "domaindatagrant_id")
+ }
+ return nil
+}
diff --git a/pkg/kusciaapi/service/domaindata_service.go b/pkg/kusciaapi/service/domaindata_service.go
index 12e3ff62..97ff0873 100644
--- a/pkg/kusciaapi/service/domaindata_service.go
+++ b/pkg/kusciaapi/service/domaindata_service.go
@@ -31,6 +31,7 @@ import (
"github.com/secretflow/kuscia/pkg/kusciaapi/constants"
"github.com/secretflow/kuscia/pkg/kusciaapi/errorcode"
"github.com/secretflow/kuscia/pkg/utils/nlog"
+ "github.com/secretflow/kuscia/pkg/utils/resources"
consts "github.com/secretflow/kuscia/pkg/web/constants"
"github.com/secretflow/kuscia/pkg/web/utils"
pbv1alpha1 "github.com/secretflow/kuscia/proto/api/v1alpha1"
@@ -63,6 +64,12 @@ func (s domainDataService) CreateDomainData(ctx context.Context, request *kuscia
Status: utils.BuildErrorResponseStatus(errorcode.ErrRequestValidate, "domain id can not be empty"),
}
}
+ // do k8s validate
+ if err := resources.ValidateK8sName(request.DomainId, "domain_id"); err != nil {
+ return &kusciaapi.CreateDomainDataResponse{
+ Status: utils.BuildErrorResponseStatus(errorcode.ErrRequestValidate, err.Error()),
+ }
+ }
if err := s.validateRequestWhenLite(request); err != nil {
return &kusciaapi.CreateDomainDataResponse{
Status: utils.BuildErrorResponseStatus(errorcode.ErrRequestValidate, err.Error()),
@@ -70,6 +77,12 @@ func (s domainDataService) CreateDomainData(ctx context.Context, request *kuscia
}
// check whether domainData is existed
if request.DomaindataId != "" {
+ // do k8s validate
+ if err := resources.ValidateK8sName(request.DomaindataId, "domaindata_id"); err != nil {
+ return &kusciaapi.CreateDomainDataResponse{
+ Status: utils.BuildErrorResponseStatus(errorcode.ErrRequestValidate, err.Error()),
+ }
+ }
domainData, err := s.conf.KusciaClient.KusciaV1alpha1().DomainDatas(request.DomainId).Get(ctx, request.DomaindataId, metav1.GetOptions{})
if err == nil && domainData != nil {
// update domainData
diff --git a/pkg/kusciaapi/service/domaindata_service_test.go b/pkg/kusciaapi/service/domaindata_service_test.go
index 87c6da34..3913d012 100644
--- a/pkg/kusciaapi/service/domaindata_service_test.go
+++ b/pkg/kusciaapi/service/domaindata_service_test.go
@@ -30,7 +30,7 @@ import (
var (
dsID = common.DefaultDataSourceID
- domainId = "DomainDataUnitTestNamespace"
+ domainId = "domain-data-unit-test-namespace"
)
func TestCreateDomainData(t *testing.T) {
diff --git a/pkg/kusciaapi/service/domaindata_source.go b/pkg/kusciaapi/service/domaindata_source.go
index fa7be141..e7a2e6d4 100644
--- a/pkg/kusciaapi/service/domaindata_source.go
+++ b/pkg/kusciaapi/service/domaindata_source.go
@@ -31,6 +31,7 @@ import (
"github.com/secretflow/kuscia/pkg/kusciaapi/config"
"github.com/secretflow/kuscia/pkg/kusciaapi/errorcode"
"github.com/secretflow/kuscia/pkg/utils/nlog"
+ "github.com/secretflow/kuscia/pkg/utils/resources"
"github.com/secretflow/kuscia/pkg/utils/tls"
"github.com/secretflow/kuscia/pkg/web/utils"
"github.com/secretflow/kuscia/proto/api/v1alpha1/confmanager"
@@ -409,6 +410,11 @@ func (s domainDataSourceService) validateRequestIdentity(domainID string) error
return errors.New("domain id can not be empty")
}
+ // do k8s validate
+ if err := resources.ValidateK8sName(domainID, "domain_id"); err != nil {
+ return err
+ }
+
if domainID != s.conf.Initiator {
return fmt.Errorf("domain %v can't operate domain %v data source", s.conf.Initiator, domainID)
}
diff --git a/pkg/kusciaapi/service/job_service.go b/pkg/kusciaapi/service/job_service.go
index 29289fd2..fba5d1a8 100644
--- a/pkg/kusciaapi/service/job_service.go
+++ b/pkg/kusciaapi/service/job_service.go
@@ -35,6 +35,7 @@ import (
"github.com/secretflow/kuscia/pkg/kusciaapi/proxy"
"github.com/secretflow/kuscia/pkg/kusciaapi/utils"
"github.com/secretflow/kuscia/pkg/utils/nlog"
+ "github.com/secretflow/kuscia/pkg/utils/resources"
consts "github.com/secretflow/kuscia/pkg/web/constants"
utils2 "github.com/secretflow/kuscia/pkg/web/utils"
"github.com/secretflow/kuscia/proto/api/v1alpha1/kusciaapi"
@@ -541,6 +542,10 @@ func validateCreateJobRequest(request *kusciaapi.CreateJobRequest, domainID stri
if jobID == "" {
return fmt.Errorf("job id can not be empty")
}
+ // do k8s validate
+ if err := resources.ValidateK8sName(request.JobId, "job_id"); err != nil {
+ return err
+ }
// check initiator
initiator := request.Initiator
if initiator == "" {
diff --git a/pkg/kusciaapi/service/serving_service.go b/pkg/kusciaapi/service/serving_service.go
index fbb97e13..caee2e73 100644
--- a/pkg/kusciaapi/service/serving_service.go
+++ b/pkg/kusciaapi/service/serving_service.go
@@ -74,6 +74,13 @@ func (s *servingService) CreateServing(ctx context.Context, request *kusciaapi.C
}
}
+ // do k8s validate
+ if err := resources.ValidateK8sName(request.ServingId, "serving_id"); err != nil {
+ return &kusciaapi.CreateServingResponse{
+ Status: utils2.BuildErrorResponseStatus(errorcode.ErrRequestValidate, err.Error()),
+ }
+ }
+
if request.ServingInputConfig == "" {
return &kusciaapi.CreateServingResponse{
Status: utils2.BuildErrorResponseStatus(errorcode.ErrRequestValidate, "serving input config can not be empty"),
diff --git a/pkg/utils/datastore/datastore_endpoint_check.go b/pkg/utils/datastore/datastore_endpoint_check.go
new file mode 100644
index 00000000..c084344d
--- /dev/null
+++ b/pkg/utils/datastore/datastore_endpoint_check.go
@@ -0,0 +1,91 @@
+// Copyright 2023 Ant Group Co., Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.ame
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package datastore
+
+import (
+ "context"
+ "database/sql"
+ "fmt"
+ "strings"
+ "time"
+
+ "github.com/go-sql-driver/mysql"
+ "github.com/secretflow/kuscia/pkg/utils/nlog"
+)
+
+type EndpointValidator interface {
+ PingDatastoreEndpoint(datastoreEndpoint string) error
+}
+
+type MySQLDatastoreEndpointValidator struct{}
+
+func (mysqlValidator MySQLDatastoreEndpointValidator) PingDatastoreEndpoint(datastoreEndpoint string) error {
+ errorFormat := "DatastoreEndpoint config error: %s"
+ c, err := mysql.ParseDSN(datastoreEndpoint)
+ if err != nil {
+ return fmt.Errorf(errorFormat, err.Error())
+ }
+
+ return pingDatastoreEndpointByDriverName(c.FormatDSN(), "mysql")
+}
+
+func CheckDatastoreEndpoint(datastoreEndpoint string) error {
+
+ if datastoreEndpoint == "" {
+ nlog.Warn("Kuscia 'datastoreEndpoint' config is empty, will use sqlite.")
+ return nil
+ }
+
+ parts := strings.SplitN(datastoreEndpoint, "://", 2)
+ if len(parts) < 2 {
+ return fmt.Errorf("Configured 'datastoreEndpoint' is invalid, expected format: mysql://username:password@tcp(hostname:3306)/database-name")
+ }
+
+ driveName := parts[0]
+ datastoreDSN := parts[1]
+
+ var datastoreEndpointValidator EndpointValidator
+
+ switch driveName {
+ case "mysql":
+ datastoreEndpointValidator = MySQLDatastoreEndpointValidator{}
+ default:
+ errMsg := fmt.Sprintf("Kuscia 'datastoreEndpoint' config: Driver Name is '%s' Not supported", driveName)
+ return fmt.Errorf("%s", errMsg)
+ }
+ return datastoreEndpointValidator.PingDatastoreEndpoint(datastoreDSN)
+}
+
+func pingDatastoreEndpointByDriverName(datastoreEndpoint, driveName string) error {
+
+ db, err := sql.Open(driveName, datastoreEndpoint)
+ if err != nil {
+ return fmt.Errorf("Open datastore endpoint error: %s", err.Error())
+ }
+
+ defer db.Close()
+
+ // timeout 5s
+ ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+ defer cancel()
+
+ // db ping
+ err = db.PingContext(ctx)
+ if err != nil {
+ return fmt.Errorf("Ping datastore endpoint error: %s", err.Error())
+ }
+ nlog.Infof("Datastore endpoint is effective.")
+ return nil
+}
diff --git a/pkg/utils/datastore/datastore_endpoint_check_test.go b/pkg/utils/datastore/datastore_endpoint_check_test.go
new file mode 100644
index 00000000..687dd81d
--- /dev/null
+++ b/pkg/utils/datastore/datastore_endpoint_check_test.go
@@ -0,0 +1,119 @@
+package datastore
+
+import (
+ "fmt"
+ "net"
+ "os"
+ "testing"
+)
+
+var (
+ user string
+ pass string
+ prot string
+ addr string
+ dbname string
+ dsn string
+ netAddr string
+ available bool
+)
+
+// See https://github.com/go-sql-driver/mysql/wiki/Testing
+// The password used here is 'password'
+// for example: docker run -d --name mysql-svc -e MYSQL_ROOT_PASSWORD=password -e MYSQL_DATABASE=test --memory=512m -p 3306:3306 --network=kuscia-exchange mysql:8.0
+// go-sql-driver/mysql support MySQL (5.6+)
+func init() {
+ // get environment variables
+ env := func(key, defaultValue string) string {
+ if value := os.Getenv(key); value != "" {
+ return value
+ }
+ return defaultValue
+ }
+ user = env("MYSQL_TEST_USER", "root")
+ pass = env("MYSQL_TEST_PASS", "password")
+ prot = env("MYSQL_TEST_PROT", "tcp")
+ addr = env("MYSQL_TEST_ADDR", "localhost:3306")
+ dbname = env("MYSQL_TEST_DBNAME", "test")
+ netAddr = fmt.Sprintf("%s(%s)", prot, addr)
+ dsn = fmt.Sprintf("%s:%s@%s/%s?timeout=30s", user, pass, netAddr, dbname)
+ c, err := net.Dial(prot, addr)
+ if err == nil {
+ available = true
+ c.Close()
+ }
+}
+
+func TestCheckDatastoreEndpoint(t *testing.T) {
+
+ if !available {
+ t.Skipf("MySQL server not running on %s", netAddr)
+ }
+
+ type args struct {
+ datastoreEndpoint string
+ }
+ tests := []struct {
+ name string
+ args args
+ wantErr bool
+ }{
+ {
+ name: "empty datastoreEndpoint will use sqlite",
+ args: args{datastoreEndpoint: ""},
+ wantErr: false,
+ },
+ {
+ name: "mysql datastoreEndpoint 1",
+ args: args{datastoreEndpoint: "mysql://root:password@tcp(127.0.0.1:3306)/test?charset=utf8mb4&parseTime=True&loc=Local"},
+ wantErr: false,
+ },
+ {
+ name: "mysql datastoreEndpoint 2",
+ args: args{datastoreEndpoint: "mysql://root:password@tcp(127.0.0.1:3306)/test1?charset=utf8mb4&parseTime=True&loc=Local"},
+ wantErr: true,
+ },
+ {
+ name: "mysql datastoreEndpoint 3",
+ args: args{datastoreEndpoint: "mysql://root:password1@tcp(127.0.0.1:3306)/test?charset=utf8mb4&parseTime=True&loc=Local"},
+ wantErr: true,
+ },
+ {
+ name: "mysql datastoreEndpoint 4",
+ args: args{datastoreEndpoint: "mysql://root1:password@tcp(127.0.0.1:3306)/test?charset=utf8mb4&parseTime=True&loc=Local"},
+ wantErr: true,
+ },
+ {
+ name: "mysql datastoreEndpoint 5",
+ args: args{datastoreEndpoint: "mysql://root:password@tcp(localhost:3306)/test?charset=utf8mb4&parseTime=True&loc=Local"},
+ wantErr: false,
+ },
+ {
+ name: "mysql datastoreEndpoint 6",
+ args: args{datastoreEndpoint: "mysql://root1:password@tcp(mysql.scv:3306)/test?charset=utf8mb4&parseTime=True&loc=localdsad"},
+ wantErr: true,
+ },
+ {
+ name: "mysql datastoreEndpoint 7",
+ args: args{datastoreEndpoint: "mysql://root:password@tcp(mysql.scv:3306)/test?charset=utf8mb4&parseTime=True&loc=Local"},
+ wantErr: true,
+ },
+ {
+ name: "mysql datastoreEndpoint 8",
+ args: args{datastoreEndpoint: "mysql://qwesad@3dwq3e41:eqwe"},
+ wantErr: true,
+ },
+ {
+ name: "unsupported datastoreEndpoint",
+ args: args{datastoreEndpoint: "sqlite://test.db"},
+ wantErr: true,
+ },
+ }
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ if err := CheckDatastoreEndpoint(tt.args.datastoreEndpoint); (err != nil) != tt.wantErr {
+ t.Errorf("CheckDatastoreEndpoint() error = %v, wantErr %v", err, tt.wantErr)
+ }
+ })
+ }
+}
diff --git a/pkg/utils/paths/paths.go b/pkg/utils/paths/paths.go
index ea442046..312acb57 100644
--- a/pkg/utils/paths/paths.go
+++ b/pkg/utils/paths/paths.go
@@ -62,6 +62,15 @@ func CheckFileExist(path string) bool {
return false
}
+func CheckAllFileExist(paths ...string) error {
+ for _, filePath := range paths {
+ if !CheckFileExist(filePath) {
+ return fmt.Errorf("file [%s] is not exist", filePath)
+ }
+ }
+ return nil
+}
+
// CheckExists checks if specified file, directory, or symlink exists. The behavior
// of the test depends on the linkBehaviour argument. See LinkTreatment for
// more details.
diff --git a/pkg/utils/process/process.go b/pkg/utils/process/process.go
new file mode 100644
index 00000000..fa06a83b
--- /dev/null
+++ b/pkg/utils/process/process.go
@@ -0,0 +1,48 @@
+// Copyright 2023 Ant Group Co., Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package process
+
+import (
+ "strings"
+
+ "github.com/secretflow/kuscia/pkg/utils/nlog"
+ "github.com/shirou/gopsutil/v3/process"
+)
+
+// CheckProcessExists check whether process exists by name
+func CheckExists(processName string) bool {
+ // currently running processes.
+ processes, err := process.Processes()
+
+ if err != nil {
+ nlog.Errorf("CheckProcessExists: get process failed %s", err.Error())
+ return false
+ }
+ isExist := false
+ for _, p := range processes {
+ name, err := p.Name()
+ if err != nil {
+ nlog.Warnf("CheckProcessExists: get process name failed %s", err.Error())
+ continue
+ }
+
+ if strings.EqualFold(name, processName) {
+ isExist = true
+ break
+ }
+ }
+
+ return isExist
+}
diff --git a/pkg/utils/queue/queue.go b/pkg/utils/queue/queue.go
index d12d0376..882040e5 100644
--- a/pkg/utils/queue/queue.go
+++ b/pkg/utils/queue/queue.go
@@ -112,7 +112,7 @@ func HandleQueueItem(ctx context.Context, queueID string, q workqueue.RateLimiti
}
// We've exceeded the maximum retries, so we must forget the key.
q.Forget(key)
- nlog.Warnf("Forgetting: queue id[%v], key[%v] (%v), due to maximum retries[%v] reached, last error: %q",
+ nlog.Warnf("Forgetting: queue id[%v], key[%v] (%v), due to maximum retries[%v] reached, last error: %q",
queueID, key, time.Since(startTime), maxRetries, err.Error())
return
}
@@ -213,7 +213,7 @@ func HandleQueueItemWithoutRetry(ctx context.Context, queueID string, q workqueu
nlog.Debugf("Start processing item: queue id[%v], key[%v]", queueID, key)
// Run the handler, passing it the namespace/name string of the Pod resource to be synced.
if err := handler(ctx, key); err != nil {
- nlog.Warnf("Handle queue id[%v] key[%v] (%v) failed: %v", queueID, key, time.Since(startTime), err.Error())
+ nlog.Warnf("Handle queue id[%v] key[%v] (%v) failed: %v", queueID, key, time.Since(startTime), err.Error())
} else {
nlog.Infof("Finish processing item: queue id[%v], key[%v] (%v)", queueID, key, time.Since(startTime))
}
diff --git a/pkg/utils/resources/common.go b/pkg/utils/resources/common.go
index 922bf1a0..11e741c3 100644
--- a/pkg/utils/resources/common.go
+++ b/pkg/utils/resources/common.go
@@ -15,14 +15,20 @@
package resources
import (
+ "errors"
+ "fmt"
"strconv"
corelisters "k8s.io/client-go/listers/core/v1"
"github.com/secretflow/kuscia/pkg/common"
kusciaapisv1alpha1 "github.com/secretflow/kuscia/pkg/crd/apis/kuscia/v1alpha1"
+
+ "regexp"
)
+const k3sRegex = `^[a-z0-9]([a-z0-9.-]{0,61}[a-z0-9])?$`
+
// CompareResourceVersion is used to compare resource version.
func CompareResourceVersion(rv1, rv2 string) bool {
irv1, _ := strconv.Atoi(rv1)
@@ -66,3 +72,15 @@ func IsOuterBFIAInterConnDomain(nsLister corelisters.NamespaceLister, domainID s
return false
}
+
+// ValidateK8sName checks dns subdomain names
+func ValidateK8sName(val string, feildName string) error {
+
+ match, _ := regexp.MatchString(k3sRegex, val)
+ if !match {
+ errorMsg := fmt.Sprintf("Field '%s' is invalid, Invalid value: '%s': regex used for validation is '%s' ", feildName, val, k3sRegex)
+ return errors.New(errorMsg)
+ }
+
+ return nil
+}
diff --git a/pkg/utils/resources/common_test.go b/pkg/utils/resources/common_test.go
index 6e4a75a7..e7128402 100644
--- a/pkg/utils/resources/common_test.go
+++ b/pkg/utils/resources/common_test.go
@@ -15,6 +15,7 @@
package resources
import (
+ "fmt"
"testing"
)
@@ -54,3 +55,94 @@ func TestCompareResourceVersion(t *testing.T) {
})
}
}
+
+type domainStruct struct {
+ Domain_name string
+ Domain_id string
+ want bool
+}
+
+var domains = []domainStruct{
+ {
+ Domain_name: "1",
+ Domain_id: "QWERdasda.12.23",
+ want: false,
+ },
+ {
+ Domain_name: "2",
+ Domain_id: "adsdsada.12.23",
+ want: true,
+ },
+ {
+ Domain_name: "lenth=63 is true",
+ Domain_id: "adsdsada.12.23wqdqdqdqwdqwddddddddddddddddddddddddddddddddddddd",
+ want: true,
+ },
+ {
+ Domain_name: "lenth=64 is false",
+ Domain_id: "adsdsada.12.23wqdqdqdqwdqwdddddddddddddddddddddddddddddddddddddd",
+ want: false,
+ },
+ {
+ Domain_name: "5",
+ Domain_id: "adswqdqdqdqwdqwddddddddddddddddddddddddddddddddddddddddd",
+ want: true,
+ },
+ {
+ Domain_name: "empty",
+ Domain_id: "",
+ want: false,
+ },
+ {
+ Domain_name: "Chinese is false",
+ Domain_id: "中文",
+ want: false,
+ },
+ {
+ Domain_name: "8",
+ Domain_id: "!@#$%^&*()!@#¥%……&*()——+",
+ want: false,
+ },
+ {
+ Domain_name: "9",
+ Domain_id: "qwe_qwe",
+ want: false,
+ },
+ {
+ Domain_name: "10",
+ Domain_id: "qwe.",
+ want: false,
+ },
+ {
+ Domain_name: "11",
+ Domain_id: "qwe-",
+ want: false,
+ },
+ {
+ Domain_name: "12",
+ Domain_id: "_qwer",
+ want: false,
+ },
+ {
+ Domain_name: "13",
+ Domain_id: "-qwer",
+ want: false,
+ },
+}
+
+func TestValidateK8sName(t *testing.T) {
+
+ for _, domain := range domains {
+ t.Run(domain.Domain_name, func(t *testing.T) {
+
+ err := ValidateK8sName(domain.Domain_id, "domain_id")
+ got := err == nil
+ if !got {
+ fmt.Printf("%s error message: %s \n", domain.Domain_name, err.Error())
+ }
+ if got != domain.want {
+ t.Errorf(" got %v, want %v", got, domain.want)
+ }
+ })
+ }
+}
diff --git a/proto/api/v1alpha1/BUILD.bazel b/proto/api/v1alpha1/BUILD.bazel
new file mode 100644
index 00000000..5dbf623c
--- /dev/null
+++ b/proto/api/v1alpha1/BUILD.bazel
@@ -0,0 +1,22 @@
+# Copyright 2023 Ant Group Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+package(default_visibility = ["//visibility:public"])
+
+proto_library(
+ name = "common_proto",
+ srcs = ["common.proto"],
+ import_prefix = "kuscia",
+ deps = ["@com_google_protobuf//:any_proto"],
+)
diff --git a/proto/api/v1alpha1/appconfig/BUILD.bazel b/proto/api/v1alpha1/appconfig/BUILD.bazel
index 39189954..dc1ad4a5 100644
--- a/proto/api/v1alpha1/appconfig/BUILD.bazel
+++ b/proto/api/v1alpha1/appconfig/BUILD.bazel
@@ -1,3 +1,17 @@
+# Copyright 2023 Ant Group Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
load("@rules_cc//cc:defs.bzl", "cc_proto_library")
package(default_visibility = ["//visibility:public"])
diff --git a/proto/api/v1alpha1/datamesh/BUILD.bazel b/proto/api/v1alpha1/datamesh/BUILD.bazel
new file mode 100644
index 00000000..7497d64f
--- /dev/null
+++ b/proto/api/v1alpha1/datamesh/BUILD.bazel
@@ -0,0 +1,48 @@
+# Copyright 2023 Ant Group Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+load("@rules_cc//cc:defs.bzl", "cc_proto_library")
+
+package(default_visibility = ["//visibility:public"])
+
+proto_library(
+ name = "domaindata_proto",
+ srcs = ["domaindata.proto"],
+ import_prefix = "kuscia",
+ deps = ["//proto/api/v1alpha1:common_proto"],
+)
+
+proto_library(
+ name = "domaindatasource_proto",
+ srcs = ["domaindatasource.proto"],
+ import_prefix = "kuscia",
+ deps = ["//proto/api/v1alpha1:common_proto"],
+)
+
+proto_library(
+ name = "flightdm_proto",
+ srcs = [
+ "flightdm.proto",
+ ],
+ import_prefix = "kuscia",
+ deps = [
+ ":domaindata_proto",
+ ":domaindatasource_proto",
+ ],
+)
+
+cc_proto_library(
+ name = "flightdm_cc_proto",
+ deps = [":flightdm_proto"],
+)
diff --git a/python/kuscia/proto/api/v1alpha1/common_pb2.py b/python/kuscia/proto/api/v1alpha1/common_pb2.py
index d5f435dd..0ed3f0b5 100644
--- a/python/kuscia/proto/api/v1alpha1/common_pb2.py
+++ b/python/kuscia/proto/api/v1alpha1/common_pb2.py
@@ -16,12 +16,13 @@
from google.protobuf import any_pb2 as google_dot_protobuf_dot_any__pb2
-DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n&kuscia/proto/api/v1alpha1/common.proto\x12\x19kuscia.proto.api.v1alpha1\x1a\x19google/protobuf/any.proto\"\x9a\x01\n\rRequestHeader\x12S\n\x0e\x63ustom_headers\x18\x01 \x03(\x0b\x32;.kuscia.proto.api.v1alpha1.RequestHeader.CustomHeadersEntry\x1a\x34\n\x12\x43ustomHeadersEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"N\n\x06Status\x12\x0c\n\x04\x63ode\x18\x01 \x01(\x05\x12\x0f\n\x07message\x18\x02 \x01(\t\x12%\n\x07\x64\x65tails\x18\x03 \x03(\x0b\x32\x14.google.protobuf.Any\"P\n\tPartition\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x35\n\x06\x66ields\x18\x02 \x03(\x0b\x32%.kuscia.proto.api.v1alpha1.DataColumn\"O\n\nDataColumn\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x0c\n\x04type\x18\x02 \x01(\t\x12\x0f\n\x07\x63omment\x18\x03 \x01(\t\x12\x14\n\x0cnot_nullable\x18\x04 \x01(\x08*\"\n\nFileFormat\x12\x0b\n\x07UNKNOWN\x10\x00\x12\x07\n\x03\x43SV\x10\x01\x42Q\n\x1eorg.secretflow.v1alpha1.commonZ/github.com/secretflow/kuscia/proto/api/v1alpha1b\x06proto3')
+DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n&kuscia/proto/api/v1alpha1/common.proto\x12\x19kuscia.proto.api.v1alpha1\x1a\x19google/protobuf/any.proto\"\x9a\x01\n\rRequestHeader\x12S\n\x0e\x63ustom_headers\x18\x01 \x03(\x0b\x32;.kuscia.proto.api.v1alpha1.RequestHeader.CustomHeadersEntry\x1a\x34\n\x12\x43ustomHeadersEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"N\n\x06Status\x12\x0c\n\x04\x63ode\x18\x01 \x01(\x05\x12\x0f\n\x07message\x18\x02 \x01(\t\x12%\n\x07\x64\x65tails\x18\x03 \x03(\x0b\x32\x14.google.protobuf.Any\"P\n\tPartition\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x35\n\x06\x66ields\x18\x02 \x03(\x0b\x32%.kuscia.proto.api.v1alpha1.DataColumn\"O\n\nDataColumn\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x0c\n\x04type\x18\x02 \x01(\t\x12\x0f\n\x07\x63omment\x18\x03 \x01(\t\x12\x14\n\x0cnot_nullable\x18\x04 \x01(\x08*.\n\nFileFormat\x12\x0b\n\x07UNKNOWN\x10\x00\x12\x07\n\x03\x43SV\x10\x01\x12\n\n\x06\x42INARY\x10\x02\x42Q\n\x1eorg.secretflow.v1alpha1.commonZ/github.com/secretflow/kuscia/proto/api/v1alpha1b\x06proto3')
_FILEFORMAT = DESCRIPTOR.enum_types_by_name['FileFormat']
FileFormat = enum_type_wrapper.EnumTypeWrapper(_FILEFORMAT)
UNKNOWN = 0
CSV = 1
+BINARY = 2
_REQUESTHEADER = DESCRIPTOR.message_types_by_name['RequestHeader']
@@ -72,7 +73,7 @@
_REQUESTHEADER_CUSTOMHEADERSENTRY._options = None
_REQUESTHEADER_CUSTOMHEADERSENTRY._serialized_options = b'8\001'
_FILEFORMAT._serialized_start=496
- _FILEFORMAT._serialized_end=530
+ _FILEFORMAT._serialized_end=542
_REQUESTHEADER._serialized_start=97
_REQUESTHEADER._serialized_end=251
_REQUESTHEADER_CUSTOMHEADERSENTRY._serialized_start=199
diff --git a/python/kuscia/proto/api/v1alpha1/datamesh/domaindatagrant_pb2.py b/python/kuscia/proto/api/v1alpha1/datamesh/domaindatagrant_pb2.py
index fb411f59..12ab0fdd 100644
--- a/python/kuscia/proto/api/v1alpha1/datamesh/domaindatagrant_pb2.py
+++ b/python/kuscia/proto/api/v1alpha1/datamesh/domaindatagrant_pb2.py
@@ -15,7 +15,7 @@
from kuscia.proto.api.v1alpha1 import common_pb2 as kuscia_dot_proto_dot_api_dot_v1alpha1_dot_common__pb2
-DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n8kuscia/proto/api/v1alpha1/datamesh/domaindatagrant.proto\x12\"kuscia.proto.api.v1alpha1.datamesh\x1a&kuscia/proto/api/v1alpha1/common.proto\"\x85\x01\n\nGrantLimit\x12\x17\n\x0f\x65xpiration_time\x18\x01 \x01(\x03\x12\x11\n\tuse_count\x18\x02 \x01(\x05\x12\x0f\n\x07\x66low_id\x18\x03 \x01(\t\x12\x11\n\tcomponets\x18\x04 \x03(\t\x12\x11\n\tinitiator\x18\x05 \x01(\t\x12\x14\n\x0cinput_config\x18\x06 \x01(\t\"\xd3\x02\n\x13\x44omainDataGrantData\x12\x1a\n\x12\x64omaindatagrant_id\x18\x01 \x01(\t\x12\x0e\n\x06\x61uthor\x18\x02 \x01(\t\x12\x15\n\rdomaindata_id\x18\x03 \x01(\t\x12\x14\n\x0cgrant_domain\x18\x04 \x01(\t\x12=\n\x05limit\x18\x05 \x01(\x0b\x32..kuscia.proto.api.v1alpha1.datamesh.GrantLimit\x12]\n\x0b\x64\x65scription\x18\x06 \x03(\x0b\x32H.kuscia.proto.api.v1alpha1.datamesh.DomainDataGrantData.DescriptionEntry\x12\x11\n\tsignature\x18\x07 \x01(\t\x1a\x32\n\x10\x44\x65scriptionEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xfc\x02\n\x1c\x43reateDomainDataGrantRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x1a\n\x12\x64omaindatagrant_id\x18\x02 \x01(\t\x12\x15\n\rdomaindata_id\x18\x03 \x01(\t\x12\x14\n\x0cgrant_domain\x18\x04 \x01(\t\x12=\n\x05limit\x18\x05 \x01(\x0b\x32..kuscia.proto.api.v1alpha1.datamesh.GrantLimit\x12\x66\n\x0b\x64\x65scription\x18\x06 \x03(\x0b\x32Q.kuscia.proto.api.v1alpha1.datamesh.CreateDomainDataGrantRequest.DescriptionEntry\x1a\x32\n\x10\x44\x65scriptionEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xa7\x01\n\x1d\x43reateDomainDataGrantResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12S\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32\x45.kuscia.proto.api.v1alpha1.datamesh.CreateDomainDataGrantResponseData\"?\n!CreateDomainDataGrantResponseData\x12\x1a\n\x12\x64omaindatagrant_id\x18\x01 \x01(\t\"\xfc\x02\n\x1cUpdateDomainDataGrantRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x1a\n\x12\x64omaindatagrant_id\x18\x02 \x01(\t\x12\x15\n\rdomaindata_id\x18\x03 \x01(\t\x12\x14\n\x0cgrant_domain\x18\x04 \x01(\t\x12=\n\x05limit\x18\x05 \x01(\x0b\x32..kuscia.proto.api.v1alpha1.datamesh.GrantLimit\x12\x66\n\x0b\x64\x65scription\x18\x06 \x03(\x0b\x32Q.kuscia.proto.api.v1alpha1.datamesh.UpdateDomainDataGrantRequest.DescriptionEntry\x1a\x32\n\x10\x44\x65scriptionEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"R\n\x1dUpdateDomainDataGrantResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\"t\n\x1c\x44\x65leteDomainDataGrantRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x1a\n\x12\x64omaindatagrant_id\x18\x02 \x01(\t\"R\n\x1d\x44\x65leteDomainDataGrantResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\"s\n\x1bQueryDomainDataGrantRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x1a\n\x12\x64omaindatagrant_id\x18\x02 \x01(\t\"\x98\x01\n\x1cQueryDomainDataGrantResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12\x45\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32\x37.kuscia.proto.api.v1alpha1.datamesh.DomainDataGrantData2\x91\x05\n\x16\x44omainDataGrantService\x12\x9c\x01\n\x15\x43reateDomainDataGrant\x12@.kuscia.proto.api.v1alpha1.datamesh.CreateDomainDataGrantRequest\x1a\x41.kuscia.proto.api.v1alpha1.datamesh.CreateDomainDataGrantResponse\x12\x99\x01\n\x14QueryDomainDataGrant\x12?.kuscia.proto.api.v1alpha1.datamesh.QueryDomainDataGrantRequest\x1a@.kuscia.proto.api.v1alpha1.datamesh.QueryDomainDataGrantResponse\x12\x9c\x01\n\x15UpdateDomainDataGrant\x12@.kuscia.proto.api.v1alpha1.datamesh.UpdateDomainDataGrantRequest\x1a\x41.kuscia.proto.api.v1alpha1.datamesh.UpdateDomainDataGrantResponse\x12\x9c\x01\n\x15\x44\x65leteDomainDataGrant\x12@.kuscia.proto.api.v1alpha1.datamesh.DeleteDomainDataGrantRequest\x1a\x41.kuscia.proto.api.v1alpha1.datamesh.DeleteDomainDataGrantResponseB\\\n org.secretflow.v1alpha1.datameshZ8github.com/secretflow/kuscia/proto/api/v1alpha1/datameshb\x06proto3')
+DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n8kuscia/proto/api/v1alpha1/datamesh/domaindatagrant.proto\x12\"kuscia.proto.api.v1alpha1.datamesh\x1a&kuscia/proto/api/v1alpha1/common.proto\"\x86\x01\n\nGrantLimit\x12\x17\n\x0f\x65xpiration_time\x18\x01 \x01(\x03\x12\x11\n\tuse_count\x18\x02 \x01(\x05\x12\x0f\n\x07\x66low_id\x18\x03 \x01(\t\x12\x12\n\ncomponents\x18\x04 \x03(\t\x12\x11\n\tinitiator\x18\x05 \x01(\t\x12\x14\n\x0cinput_config\x18\x06 \x01(\t\"\xd3\x02\n\x13\x44omainDataGrantData\x12\x1a\n\x12\x64omaindatagrant_id\x18\x01 \x01(\t\x12\x0e\n\x06\x61uthor\x18\x02 \x01(\t\x12\x15\n\rdomaindata_id\x18\x03 \x01(\t\x12\x14\n\x0cgrant_domain\x18\x04 \x01(\t\x12=\n\x05limit\x18\x05 \x01(\x0b\x32..kuscia.proto.api.v1alpha1.datamesh.GrantLimit\x12]\n\x0b\x64\x65scription\x18\x06 \x03(\x0b\x32H.kuscia.proto.api.v1alpha1.datamesh.DomainDataGrantData.DescriptionEntry\x12\x11\n\tsignature\x18\x07 \x01(\t\x1a\x32\n\x10\x44\x65scriptionEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xfc\x02\n\x1c\x43reateDomainDataGrantRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x1a\n\x12\x64omaindatagrant_id\x18\x02 \x01(\t\x12\x15\n\rdomaindata_id\x18\x03 \x01(\t\x12\x14\n\x0cgrant_domain\x18\x04 \x01(\t\x12=\n\x05limit\x18\x05 \x01(\x0b\x32..kuscia.proto.api.v1alpha1.datamesh.GrantLimit\x12\x66\n\x0b\x64\x65scription\x18\x06 \x03(\x0b\x32Q.kuscia.proto.api.v1alpha1.datamesh.CreateDomainDataGrantRequest.DescriptionEntry\x1a\x32\n\x10\x44\x65scriptionEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xa7\x01\n\x1d\x43reateDomainDataGrantResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12S\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32\x45.kuscia.proto.api.v1alpha1.datamesh.CreateDomainDataGrantResponseData\"?\n!CreateDomainDataGrantResponseData\x12\x1a\n\x12\x64omaindatagrant_id\x18\x01 \x01(\t\"\xfc\x02\n\x1cUpdateDomainDataGrantRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x1a\n\x12\x64omaindatagrant_id\x18\x02 \x01(\t\x12\x15\n\rdomaindata_id\x18\x03 \x01(\t\x12\x14\n\x0cgrant_domain\x18\x04 \x01(\t\x12=\n\x05limit\x18\x05 \x01(\x0b\x32..kuscia.proto.api.v1alpha1.datamesh.GrantLimit\x12\x66\n\x0b\x64\x65scription\x18\x06 \x03(\x0b\x32Q.kuscia.proto.api.v1alpha1.datamesh.UpdateDomainDataGrantRequest.DescriptionEntry\x1a\x32\n\x10\x44\x65scriptionEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"R\n\x1dUpdateDomainDataGrantResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\"t\n\x1c\x44\x65leteDomainDataGrantRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x1a\n\x12\x64omaindatagrant_id\x18\x02 \x01(\t\"R\n\x1d\x44\x65leteDomainDataGrantResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\"s\n\x1bQueryDomainDataGrantRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x1a\n\x12\x64omaindatagrant_id\x18\x02 \x01(\t\"\x98\x01\n\x1cQueryDomainDataGrantResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12\x45\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32\x37.kuscia.proto.api.v1alpha1.datamesh.DomainDataGrantData2\x91\x05\n\x16\x44omainDataGrantService\x12\x9c\x01\n\x15\x43reateDomainDataGrant\x12@.kuscia.proto.api.v1alpha1.datamesh.CreateDomainDataGrantRequest\x1a\x41.kuscia.proto.api.v1alpha1.datamesh.CreateDomainDataGrantResponse\x12\x99\x01\n\x14QueryDomainDataGrant\x12?.kuscia.proto.api.v1alpha1.datamesh.QueryDomainDataGrantRequest\x1a@.kuscia.proto.api.v1alpha1.datamesh.QueryDomainDataGrantResponse\x12\x9c\x01\n\x15UpdateDomainDataGrant\x12@.kuscia.proto.api.v1alpha1.datamesh.UpdateDomainDataGrantRequest\x1a\x41.kuscia.proto.api.v1alpha1.datamesh.UpdateDomainDataGrantResponse\x12\x9c\x01\n\x15\x44\x65leteDomainDataGrant\x12@.kuscia.proto.api.v1alpha1.datamesh.DeleteDomainDataGrantRequest\x1a\x41.kuscia.proto.api.v1alpha1.datamesh.DeleteDomainDataGrantResponseB\\\n org.secretflow.v1alpha1.datameshZ8github.com/secretflow/kuscia/proto/api/v1alpha1/datameshb\x06proto3')
@@ -146,33 +146,33 @@
_UPDATEDOMAINDATAGRANTREQUEST_DESCRIPTIONENTRY._options = None
_UPDATEDOMAINDATAGRANTREQUEST_DESCRIPTIONENTRY._serialized_options = b'8\001'
_GRANTLIMIT._serialized_start=137
- _GRANTLIMIT._serialized_end=270
- _DOMAINDATAGRANTDATA._serialized_start=273
- _DOMAINDATAGRANTDATA._serialized_end=612
- _DOMAINDATAGRANTDATA_DESCRIPTIONENTRY._serialized_start=562
- _DOMAINDATAGRANTDATA_DESCRIPTIONENTRY._serialized_end=612
- _CREATEDOMAINDATAGRANTREQUEST._serialized_start=615
- _CREATEDOMAINDATAGRANTREQUEST._serialized_end=995
- _CREATEDOMAINDATAGRANTREQUEST_DESCRIPTIONENTRY._serialized_start=562
- _CREATEDOMAINDATAGRANTREQUEST_DESCRIPTIONENTRY._serialized_end=612
- _CREATEDOMAINDATAGRANTRESPONSE._serialized_start=998
- _CREATEDOMAINDATAGRANTRESPONSE._serialized_end=1165
- _CREATEDOMAINDATAGRANTRESPONSEDATA._serialized_start=1167
- _CREATEDOMAINDATAGRANTRESPONSEDATA._serialized_end=1230
- _UPDATEDOMAINDATAGRANTREQUEST._serialized_start=1233
- _UPDATEDOMAINDATAGRANTREQUEST._serialized_end=1613
- _UPDATEDOMAINDATAGRANTREQUEST_DESCRIPTIONENTRY._serialized_start=562
- _UPDATEDOMAINDATAGRANTREQUEST_DESCRIPTIONENTRY._serialized_end=612
- _UPDATEDOMAINDATAGRANTRESPONSE._serialized_start=1615
- _UPDATEDOMAINDATAGRANTRESPONSE._serialized_end=1697
- _DELETEDOMAINDATAGRANTREQUEST._serialized_start=1699
- _DELETEDOMAINDATAGRANTREQUEST._serialized_end=1815
- _DELETEDOMAINDATAGRANTRESPONSE._serialized_start=1817
- _DELETEDOMAINDATAGRANTRESPONSE._serialized_end=1899
- _QUERYDOMAINDATAGRANTREQUEST._serialized_start=1901
- _QUERYDOMAINDATAGRANTREQUEST._serialized_end=2016
- _QUERYDOMAINDATAGRANTRESPONSE._serialized_start=2019
- _QUERYDOMAINDATAGRANTRESPONSE._serialized_end=2171
- _DOMAINDATAGRANTSERVICE._serialized_start=2174
- _DOMAINDATAGRANTSERVICE._serialized_end=2831
+ _GRANTLIMIT._serialized_end=271
+ _DOMAINDATAGRANTDATA._serialized_start=274
+ _DOMAINDATAGRANTDATA._serialized_end=613
+ _DOMAINDATAGRANTDATA_DESCRIPTIONENTRY._serialized_start=563
+ _DOMAINDATAGRANTDATA_DESCRIPTIONENTRY._serialized_end=613
+ _CREATEDOMAINDATAGRANTREQUEST._serialized_start=616
+ _CREATEDOMAINDATAGRANTREQUEST._serialized_end=996
+ _CREATEDOMAINDATAGRANTREQUEST_DESCRIPTIONENTRY._serialized_start=563
+ _CREATEDOMAINDATAGRANTREQUEST_DESCRIPTIONENTRY._serialized_end=613
+ _CREATEDOMAINDATAGRANTRESPONSE._serialized_start=999
+ _CREATEDOMAINDATAGRANTRESPONSE._serialized_end=1166
+ _CREATEDOMAINDATAGRANTRESPONSEDATA._serialized_start=1168
+ _CREATEDOMAINDATAGRANTRESPONSEDATA._serialized_end=1231
+ _UPDATEDOMAINDATAGRANTREQUEST._serialized_start=1234
+ _UPDATEDOMAINDATAGRANTREQUEST._serialized_end=1614
+ _UPDATEDOMAINDATAGRANTREQUEST_DESCRIPTIONENTRY._serialized_start=563
+ _UPDATEDOMAINDATAGRANTREQUEST_DESCRIPTIONENTRY._serialized_end=613
+ _UPDATEDOMAINDATAGRANTRESPONSE._serialized_start=1616
+ _UPDATEDOMAINDATAGRANTRESPONSE._serialized_end=1698
+ _DELETEDOMAINDATAGRANTREQUEST._serialized_start=1700
+ _DELETEDOMAINDATAGRANTREQUEST._serialized_end=1816
+ _DELETEDOMAINDATAGRANTRESPONSE._serialized_start=1818
+ _DELETEDOMAINDATAGRANTRESPONSE._serialized_end=1900
+ _QUERYDOMAINDATAGRANTREQUEST._serialized_start=1902
+ _QUERYDOMAINDATAGRANTREQUEST._serialized_end=2017
+ _QUERYDOMAINDATAGRANTRESPONSE._serialized_start=2020
+ _QUERYDOMAINDATAGRANTRESPONSE._serialized_end=2172
+ _DOMAINDATAGRANTSERVICE._serialized_start=2175
+ _DOMAINDATAGRANTSERVICE._serialized_end=2832
# @@protoc_insertion_point(module_scope)
diff --git a/python/kuscia/proto/api/v1alpha1/datamesh/domaindatasource_pb2.py b/python/kuscia/proto/api/v1alpha1/datamesh/domaindatasource_pb2.py
index 3f277f9d..3a2188af 100644
--- a/python/kuscia/proto/api/v1alpha1/datamesh/domaindatasource_pb2.py
+++ b/python/kuscia/proto/api/v1alpha1/datamesh/domaindatasource_pb2.py
@@ -15,17 +15,10 @@
from kuscia.proto.api.v1alpha1 import common_pb2 as kuscia_dot_proto_dot_api_dot_v1alpha1_dot_common__pb2
-DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n9kuscia/proto/api/v1alpha1/datamesh/domaindatasource.proto\x12\"kuscia.proto.api.v1alpha1.datamesh\x1a&kuscia/proto/api/v1alpha1/common.proto\"\xf9\x01\n\x1d\x43reateDomainDataSourceRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x15\n\rdatasource_id\x18\x02 \x01(\t\x12\x0c\n\x04name\x18\x03 \x01(\t\x12\x0c\n\x04type\x18\x04 \x01(\t\x12@\n\x04info\x18\x05 \x01(\x0b\x32\x32.kuscia.proto.api.v1alpha1.datamesh.DataSourceInfo\x12\x10\n\x08info_key\x18\x06 \x01(\t\x12\x17\n\x0f\x61\x63\x63\x65ss_directly\x18\x07 \x01(\x08\"\xa9\x01\n\x1e\x43reateDomainDataSourceResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12T\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32\x46.kuscia.proto.api.v1alpha1.datamesh.CreateDomainDataSourceResponseData\";\n\"CreateDomainDataSourceResponseData\x12\x15\n\rdatasource_id\x18\x01 \x01(\t\"\xf9\x01\n\x1dUpdateDomainDataSourceRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x15\n\rdatasource_id\x18\x02 \x01(\t\x12\x0c\n\x04name\x18\x03 \x01(\t\x12\x0c\n\x04type\x18\x04 \x01(\t\x12@\n\x04info\x18\x05 \x01(\x0b\x32\x32.kuscia.proto.api.v1alpha1.datamesh.DataSourceInfo\x12\x10\n\x08info_key\x18\x06 \x01(\t\x12\x17\n\x0f\x61\x63\x63\x65ss_directly\x18\x07 \x01(\x08\"S\n\x1eUpdateDomainDataSourceResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\"p\n\x1d\x44\x65leteDomainDataSourceRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x15\n\rdatasource_id\x18\x02 \x01(\t\"S\n\x1e\x44\x65leteDomainDataSourceResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\"o\n\x1cQueryDomainDataSourceRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x15\n\rdatasource_id\x18\x02 \x01(\t\"\x96\x01\n\x1dQueryDomainDataSourceResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12\x42\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32\x34.kuscia.proto.api.v1alpha1.datamesh.DomainDataSource\"\xc2\x01\n\x10\x44omainDataSource\x12\x15\n\rdatasource_id\x18\x01 \x01(\t\x12\x0c\n\x04name\x18\x02 \x01(\t\x12\x0c\n\x04type\x18\x03 \x01(\t\x12\x0e\n\x06status\x18\x04 \x01(\t\x12@\n\x04info\x18\x05 \x01(\x0b\x32\x32.kuscia.proto.api.v1alpha1.datamesh.DataSourceInfo\x12\x10\n\x08info_key\x18\x06 \x01(\t\x12\x17\n\x0f\x61\x63\x63\x65ss_directly\x18\x07 \x01(\x08\"\xec\x01\n\x0e\x44\x61taSourceInfo\x12H\n\x07localfs\x18\x01 \x01(\x0b\x32\x37.kuscia.proto.api.v1alpha1.datamesh.LocalDataSourceInfo\x12\x42\n\x03oss\x18\x02 \x01(\x0b\x32\x35.kuscia.proto.api.v1alpha1.datamesh.OssDataSourceInfo\x12L\n\x08\x64\x61tabase\x18\x03 \x01(\x0b\x32:.kuscia.proto.api.v1alpha1.datamesh.DatabaseDataSourceInfo\"#\n\x13LocalDataSourceInfo\x12\x0c\n\x04path\x18\x01 \x01(\t\"\xb3\x01\n\x11OssDataSourceInfo\x12\x10\n\x08\x65ndpoint\x18\x01 \x01(\t\x12\x0e\n\x06\x62ucket\x18\x02 \x01(\t\x12\x0e\n\x06prefix\x18\x03 \x01(\t\x12\x15\n\raccess_key_id\x18\x04 \x01(\t\x12\x19\n\x11\x61\x63\x63\x65ss_key_secret\x18\x05 \x01(\t\x12\x13\n\x0bvirtualhost\x18\x06 \x01(\x08\x12\x0f\n\x07version\x18\x07 \x01(\t\x12\x14\n\x0cstorage_type\x18\x08 \x01(\t\"J\n\x16\x44\x61tabaseDataSourceInfo\x12\x10\n\x08\x65ndpoint\x18\x01 \x01(\t\x12\x0c\n\x04user\x18\x02 \x01(\t\x12\x10\n\x08password\x18\x03 \x01(\t2\x9e\x05\n\x17\x44omainDataSourceService\x12\x9f\x01\n\x16\x43reateDomainDataSource\x12\x41.kuscia.proto.api.v1alpha1.datamesh.CreateDomainDataSourceRequest\x1a\x42.kuscia.proto.api.v1alpha1.datamesh.CreateDomainDataSourceResponse\x12\x9c\x01\n\x15QueryDomainDataSource\x12@.kuscia.proto.api.v1alpha1.datamesh.QueryDomainDataSourceRequest\x1a\x41.kuscia.proto.api.v1alpha1.datamesh.QueryDomainDataSourceResponse\x12\x9f\x01\n\x16UpdateDomainDataSource\x12\x41.kuscia.proto.api.v1alpha1.datamesh.UpdateDomainDataSourceRequest\x1a\x42.kuscia.proto.api.v1alpha1.datamesh.UpdateDomainDataSourceResponse\x12\x9f\x01\n\x16\x44\x65leteDomainDataSource\x12\x41.kuscia.proto.api.v1alpha1.datamesh.DeleteDomainDataSourceRequest\x1a\x42.kuscia.proto.api.v1alpha1.datamesh.DeleteDomainDataSourceResponseB\\\n org.secretflow.v1alpha1.datameshZ8github.com/secretflow/kuscia/proto/api/v1alpha1/datameshb\x06proto3')
+DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n9kuscia/proto/api/v1alpha1/datamesh/domaindatasource.proto\x12\"kuscia.proto.api.v1alpha1.datamesh\x1a&kuscia/proto/api/v1alpha1/common.proto\"o\n\x1cQueryDomainDataSourceRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x15\n\rdatasource_id\x18\x02 \x01(\t\"\x96\x01\n\x1dQueryDomainDataSourceResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12\x42\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32\x34.kuscia.proto.api.v1alpha1.datamesh.DomainDataSource\"\xc2\x01\n\x10\x44omainDataSource\x12\x15\n\rdatasource_id\x18\x01 \x01(\t\x12\x0c\n\x04name\x18\x02 \x01(\t\x12\x0c\n\x04type\x18\x03 \x01(\t\x12\x0e\n\x06status\x18\x04 \x01(\t\x12@\n\x04info\x18\x05 \x01(\x0b\x32\x32.kuscia.proto.api.v1alpha1.datamesh.DataSourceInfo\x12\x10\n\x08info_key\x18\x06 \x01(\t\x12\x17\n\x0f\x61\x63\x63\x65ss_directly\x18\x07 \x01(\x08\"\xec\x01\n\x0e\x44\x61taSourceInfo\x12H\n\x07localfs\x18\x01 \x01(\x0b\x32\x37.kuscia.proto.api.v1alpha1.datamesh.LocalDataSourceInfo\x12\x42\n\x03oss\x18\x02 \x01(\x0b\x32\x35.kuscia.proto.api.v1alpha1.datamesh.OssDataSourceInfo\x12L\n\x08\x64\x61tabase\x18\x03 \x01(\x0b\x32:.kuscia.proto.api.v1alpha1.datamesh.DatabaseDataSourceInfo\"#\n\x13LocalDataSourceInfo\x12\x0c\n\x04path\x18\x01 \x01(\t\"\xb3\x01\n\x11OssDataSourceInfo\x12\x10\n\x08\x65ndpoint\x18\x01 \x01(\t\x12\x0e\n\x06\x62ucket\x18\x02 \x01(\t\x12\x0e\n\x06prefix\x18\x03 \x01(\t\x12\x15\n\raccess_key_id\x18\x04 \x01(\t\x12\x19\n\x11\x61\x63\x63\x65ss_key_secret\x18\x05 \x01(\t\x12\x13\n\x0bvirtualhost\x18\x06 \x01(\x08\x12\x0f\n\x07version\x18\x07 \x01(\t\x12\x14\n\x0cstorage_type\x18\x08 \x01(\t\"\\\n\x16\x44\x61tabaseDataSourceInfo\x12\x10\n\x08\x65ndpoint\x18\x01 \x01(\t\x12\x0c\n\x04user\x18\x02 \x01(\t\x12\x10\n\x08password\x18\x03 \x01(\t\x12\x10\n\x08\x64\x61tabase\x18\x04 \x01(\t2\xb8\x01\n\x17\x44omainDataSourceService\x12\x9c\x01\n\x15QueryDomainDataSource\x12@.kuscia.proto.api.v1alpha1.datamesh.QueryDomainDataSourceRequest\x1a\x41.kuscia.proto.api.v1alpha1.datamesh.QueryDomainDataSourceResponseB\\\n org.secretflow.v1alpha1.datameshZ8github.com/secretflow/kuscia/proto/api/v1alpha1/datameshb\x06proto3')
-_CREATEDOMAINDATASOURCEREQUEST = DESCRIPTOR.message_types_by_name['CreateDomainDataSourceRequest']
-_CREATEDOMAINDATASOURCERESPONSE = DESCRIPTOR.message_types_by_name['CreateDomainDataSourceResponse']
-_CREATEDOMAINDATASOURCERESPONSEDATA = DESCRIPTOR.message_types_by_name['CreateDomainDataSourceResponseData']
-_UPDATEDOMAINDATASOURCEREQUEST = DESCRIPTOR.message_types_by_name['UpdateDomainDataSourceRequest']
-_UPDATEDOMAINDATASOURCERESPONSE = DESCRIPTOR.message_types_by_name['UpdateDomainDataSourceResponse']
-_DELETEDOMAINDATASOURCEREQUEST = DESCRIPTOR.message_types_by_name['DeleteDomainDataSourceRequest']
-_DELETEDOMAINDATASOURCERESPONSE = DESCRIPTOR.message_types_by_name['DeleteDomainDataSourceResponse']
_QUERYDOMAINDATASOURCEREQUEST = DESCRIPTOR.message_types_by_name['QueryDomainDataSourceRequest']
_QUERYDOMAINDATASOURCERESPONSE = DESCRIPTOR.message_types_by_name['QueryDomainDataSourceResponse']
_DOMAINDATASOURCE = DESCRIPTOR.message_types_by_name['DomainDataSource']
@@ -33,55 +26,6 @@
_LOCALDATASOURCEINFO = DESCRIPTOR.message_types_by_name['LocalDataSourceInfo']
_OSSDATASOURCEINFO = DESCRIPTOR.message_types_by_name['OssDataSourceInfo']
_DATABASEDATASOURCEINFO = DESCRIPTOR.message_types_by_name['DatabaseDataSourceInfo']
-CreateDomainDataSourceRequest = _reflection.GeneratedProtocolMessageType('CreateDomainDataSourceRequest', (_message.Message,), {
- 'DESCRIPTOR' : _CREATEDOMAINDATASOURCEREQUEST,
- '__module__' : 'kuscia.proto.api.v1alpha1.datamesh.domaindatasource_pb2'
- # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.datamesh.CreateDomainDataSourceRequest)
- })
-_sym_db.RegisterMessage(CreateDomainDataSourceRequest)
-
-CreateDomainDataSourceResponse = _reflection.GeneratedProtocolMessageType('CreateDomainDataSourceResponse', (_message.Message,), {
- 'DESCRIPTOR' : _CREATEDOMAINDATASOURCERESPONSE,
- '__module__' : 'kuscia.proto.api.v1alpha1.datamesh.domaindatasource_pb2'
- # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.datamesh.CreateDomainDataSourceResponse)
- })
-_sym_db.RegisterMessage(CreateDomainDataSourceResponse)
-
-CreateDomainDataSourceResponseData = _reflection.GeneratedProtocolMessageType('CreateDomainDataSourceResponseData', (_message.Message,), {
- 'DESCRIPTOR' : _CREATEDOMAINDATASOURCERESPONSEDATA,
- '__module__' : 'kuscia.proto.api.v1alpha1.datamesh.domaindatasource_pb2'
- # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.datamesh.CreateDomainDataSourceResponseData)
- })
-_sym_db.RegisterMessage(CreateDomainDataSourceResponseData)
-
-UpdateDomainDataSourceRequest = _reflection.GeneratedProtocolMessageType('UpdateDomainDataSourceRequest', (_message.Message,), {
- 'DESCRIPTOR' : _UPDATEDOMAINDATASOURCEREQUEST,
- '__module__' : 'kuscia.proto.api.v1alpha1.datamesh.domaindatasource_pb2'
- # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.datamesh.UpdateDomainDataSourceRequest)
- })
-_sym_db.RegisterMessage(UpdateDomainDataSourceRequest)
-
-UpdateDomainDataSourceResponse = _reflection.GeneratedProtocolMessageType('UpdateDomainDataSourceResponse', (_message.Message,), {
- 'DESCRIPTOR' : _UPDATEDOMAINDATASOURCERESPONSE,
- '__module__' : 'kuscia.proto.api.v1alpha1.datamesh.domaindatasource_pb2'
- # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.datamesh.UpdateDomainDataSourceResponse)
- })
-_sym_db.RegisterMessage(UpdateDomainDataSourceResponse)
-
-DeleteDomainDataSourceRequest = _reflection.GeneratedProtocolMessageType('DeleteDomainDataSourceRequest', (_message.Message,), {
- 'DESCRIPTOR' : _DELETEDOMAINDATASOURCEREQUEST,
- '__module__' : 'kuscia.proto.api.v1alpha1.datamesh.domaindatasource_pb2'
- # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.datamesh.DeleteDomainDataSourceRequest)
- })
-_sym_db.RegisterMessage(DeleteDomainDataSourceRequest)
-
-DeleteDomainDataSourceResponse = _reflection.GeneratedProtocolMessageType('DeleteDomainDataSourceResponse', (_message.Message,), {
- 'DESCRIPTOR' : _DELETEDOMAINDATASOURCERESPONSE,
- '__module__' : 'kuscia.proto.api.v1alpha1.datamesh.domaindatasource_pb2'
- # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.datamesh.DeleteDomainDataSourceResponse)
- })
-_sym_db.RegisterMessage(DeleteDomainDataSourceResponse)
-
QueryDomainDataSourceRequest = _reflection.GeneratedProtocolMessageType('QueryDomainDataSourceRequest', (_message.Message,), {
'DESCRIPTOR' : _QUERYDOMAINDATASOURCEREQUEST,
'__module__' : 'kuscia.proto.api.v1alpha1.datamesh.domaindatasource_pb2'
@@ -136,34 +80,20 @@
DESCRIPTOR._options = None
DESCRIPTOR._serialized_options = b'\n org.secretflow.v1alpha1.datameshZ8github.com/secretflow/kuscia/proto/api/v1alpha1/datamesh'
- _CREATEDOMAINDATASOURCEREQUEST._serialized_start=138
- _CREATEDOMAINDATASOURCEREQUEST._serialized_end=387
- _CREATEDOMAINDATASOURCERESPONSE._serialized_start=390
- _CREATEDOMAINDATASOURCERESPONSE._serialized_end=559
- _CREATEDOMAINDATASOURCERESPONSEDATA._serialized_start=561
- _CREATEDOMAINDATASOURCERESPONSEDATA._serialized_end=620
- _UPDATEDOMAINDATASOURCEREQUEST._serialized_start=623
- _UPDATEDOMAINDATASOURCEREQUEST._serialized_end=872
- _UPDATEDOMAINDATASOURCERESPONSE._serialized_start=874
- _UPDATEDOMAINDATASOURCERESPONSE._serialized_end=957
- _DELETEDOMAINDATASOURCEREQUEST._serialized_start=959
- _DELETEDOMAINDATASOURCEREQUEST._serialized_end=1071
- _DELETEDOMAINDATASOURCERESPONSE._serialized_start=1073
- _DELETEDOMAINDATASOURCERESPONSE._serialized_end=1156
- _QUERYDOMAINDATASOURCEREQUEST._serialized_start=1158
- _QUERYDOMAINDATASOURCEREQUEST._serialized_end=1269
- _QUERYDOMAINDATASOURCERESPONSE._serialized_start=1272
- _QUERYDOMAINDATASOURCERESPONSE._serialized_end=1422
- _DOMAINDATASOURCE._serialized_start=1425
- _DOMAINDATASOURCE._serialized_end=1619
- _DATASOURCEINFO._serialized_start=1622
- _DATASOURCEINFO._serialized_end=1858
- _LOCALDATASOURCEINFO._serialized_start=1860
- _LOCALDATASOURCEINFO._serialized_end=1895
- _OSSDATASOURCEINFO._serialized_start=1898
- _OSSDATASOURCEINFO._serialized_end=2077
- _DATABASEDATASOURCEINFO._serialized_start=2079
- _DATABASEDATASOURCEINFO._serialized_end=2153
- _DOMAINDATASOURCESERVICE._serialized_start=2156
- _DOMAINDATASOURCESERVICE._serialized_end=2826
+ _QUERYDOMAINDATASOURCEREQUEST._serialized_start=137
+ _QUERYDOMAINDATASOURCEREQUEST._serialized_end=248
+ _QUERYDOMAINDATASOURCERESPONSE._serialized_start=251
+ _QUERYDOMAINDATASOURCERESPONSE._serialized_end=401
+ _DOMAINDATASOURCE._serialized_start=404
+ _DOMAINDATASOURCE._serialized_end=598
+ _DATASOURCEINFO._serialized_start=601
+ _DATASOURCEINFO._serialized_end=837
+ _LOCALDATASOURCEINFO._serialized_start=839
+ _LOCALDATASOURCEINFO._serialized_end=874
+ _OSSDATASOURCEINFO._serialized_start=877
+ _OSSDATASOURCEINFO._serialized_end=1056
+ _DATABASEDATASOURCEINFO._serialized_start=1058
+ _DATABASEDATASOURCEINFO._serialized_end=1150
+ _DOMAINDATASOURCESERVICE._serialized_start=1153
+ _DOMAINDATASOURCESERVICE._serialized_end=1337
# @@protoc_insertion_point(module_scope)
diff --git a/python/kuscia/proto/api/v1alpha1/datamesh/domaindatasource_pb2_grpc.py b/python/kuscia/proto/api/v1alpha1/datamesh/domaindatasource_pb2_grpc.py
index 3a3c01f4..78b3c240 100644
--- a/python/kuscia/proto/api/v1alpha1/datamesh/domaindatasource_pb2_grpc.py
+++ b/python/kuscia/proto/api/v1alpha1/datamesh/domaindatasource_pb2_grpc.py
@@ -14,78 +14,30 @@ def __init__(self, channel):
Args:
channel: A grpc.Channel.
"""
- self.CreateDomainDataSource = channel.unary_unary(
- '/kuscia.proto.api.v1alpha1.datamesh.DomainDataSourceService/CreateDomainDataSource',
- request_serializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_datamesh_dot_domaindatasource__pb2.CreateDomainDataSourceRequest.SerializeToString,
- response_deserializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_datamesh_dot_domaindatasource__pb2.CreateDomainDataSourceResponse.FromString,
- )
self.QueryDomainDataSource = channel.unary_unary(
'/kuscia.proto.api.v1alpha1.datamesh.DomainDataSourceService/QueryDomainDataSource',
request_serializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_datamesh_dot_domaindatasource__pb2.QueryDomainDataSourceRequest.SerializeToString,
response_deserializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_datamesh_dot_domaindatasource__pb2.QueryDomainDataSourceResponse.FromString,
)
- self.UpdateDomainDataSource = channel.unary_unary(
- '/kuscia.proto.api.v1alpha1.datamesh.DomainDataSourceService/UpdateDomainDataSource',
- request_serializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_datamesh_dot_domaindatasource__pb2.UpdateDomainDataSourceRequest.SerializeToString,
- response_deserializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_datamesh_dot_domaindatasource__pb2.UpdateDomainDataSourceResponse.FromString,
- )
- self.DeleteDomainDataSource = channel.unary_unary(
- '/kuscia.proto.api.v1alpha1.datamesh.DomainDataSourceService/DeleteDomainDataSource',
- request_serializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_datamesh_dot_domaindatasource__pb2.DeleteDomainDataSourceRequest.SerializeToString,
- response_deserializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_datamesh_dot_domaindatasource__pb2.DeleteDomainDataSourceResponse.FromString,
- )
class DomainDataSourceServiceServicer(object):
"""Missing associated documentation comment in .proto file."""
- def CreateDomainDataSource(self, request, context):
- """Missing associated documentation comment in .proto file."""
- context.set_code(grpc.StatusCode.UNIMPLEMENTED)
- context.set_details('Method not implemented!')
- raise NotImplementedError('Method not implemented!')
-
def QueryDomainDataSource(self, request, context):
"""Missing associated documentation comment in .proto file."""
context.set_code(grpc.StatusCode.UNIMPLEMENTED)
context.set_details('Method not implemented!')
raise NotImplementedError('Method not implemented!')
- def UpdateDomainDataSource(self, request, context):
- """Missing associated documentation comment in .proto file."""
- context.set_code(grpc.StatusCode.UNIMPLEMENTED)
- context.set_details('Method not implemented!')
- raise NotImplementedError('Method not implemented!')
-
- def DeleteDomainDataSource(self, request, context):
- """Missing associated documentation comment in .proto file."""
- context.set_code(grpc.StatusCode.UNIMPLEMENTED)
- context.set_details('Method not implemented!')
- raise NotImplementedError('Method not implemented!')
-
def add_DomainDataSourceServiceServicer_to_server(servicer, server):
rpc_method_handlers = {
- 'CreateDomainDataSource': grpc.unary_unary_rpc_method_handler(
- servicer.CreateDomainDataSource,
- request_deserializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_datamesh_dot_domaindatasource__pb2.CreateDomainDataSourceRequest.FromString,
- response_serializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_datamesh_dot_domaindatasource__pb2.CreateDomainDataSourceResponse.SerializeToString,
- ),
'QueryDomainDataSource': grpc.unary_unary_rpc_method_handler(
servicer.QueryDomainDataSource,
request_deserializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_datamesh_dot_domaindatasource__pb2.QueryDomainDataSourceRequest.FromString,
response_serializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_datamesh_dot_domaindatasource__pb2.QueryDomainDataSourceResponse.SerializeToString,
),
- 'UpdateDomainDataSource': grpc.unary_unary_rpc_method_handler(
- servicer.UpdateDomainDataSource,
- request_deserializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_datamesh_dot_domaindatasource__pb2.UpdateDomainDataSourceRequest.FromString,
- response_serializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_datamesh_dot_domaindatasource__pb2.UpdateDomainDataSourceResponse.SerializeToString,
- ),
- 'DeleteDomainDataSource': grpc.unary_unary_rpc_method_handler(
- servicer.DeleteDomainDataSource,
- request_deserializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_datamesh_dot_domaindatasource__pb2.DeleteDomainDataSourceRequest.FromString,
- response_serializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_datamesh_dot_domaindatasource__pb2.DeleteDomainDataSourceResponse.SerializeToString,
- ),
}
generic_handler = grpc.method_handlers_generic_handler(
'kuscia.proto.api.v1alpha1.datamesh.DomainDataSourceService', rpc_method_handlers)
@@ -96,23 +48,6 @@ def add_DomainDataSourceServiceServicer_to_server(servicer, server):
class DomainDataSourceService(object):
"""Missing associated documentation comment in .proto file."""
- @staticmethod
- def CreateDomainDataSource(request,
- target,
- options=(),
- channel_credentials=None,
- call_credentials=None,
- insecure=False,
- compression=None,
- wait_for_ready=None,
- timeout=None,
- metadata=None):
- return grpc.experimental.unary_unary(request, target, '/kuscia.proto.api.v1alpha1.datamesh.DomainDataSourceService/CreateDomainDataSource',
- kuscia_dot_proto_dot_api_dot_v1alpha1_dot_datamesh_dot_domaindatasource__pb2.CreateDomainDataSourceRequest.SerializeToString,
- kuscia_dot_proto_dot_api_dot_v1alpha1_dot_datamesh_dot_domaindatasource__pb2.CreateDomainDataSourceResponse.FromString,
- options, channel_credentials,
- insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
-
@staticmethod
def QueryDomainDataSource(request,
target,
@@ -129,37 +64,3 @@ def QueryDomainDataSource(request,
kuscia_dot_proto_dot_api_dot_v1alpha1_dot_datamesh_dot_domaindatasource__pb2.QueryDomainDataSourceResponse.FromString,
options, channel_credentials,
insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
-
- @staticmethod
- def UpdateDomainDataSource(request,
- target,
- options=(),
- channel_credentials=None,
- call_credentials=None,
- insecure=False,
- compression=None,
- wait_for_ready=None,
- timeout=None,
- metadata=None):
- return grpc.experimental.unary_unary(request, target, '/kuscia.proto.api.v1alpha1.datamesh.DomainDataSourceService/UpdateDomainDataSource',
- kuscia_dot_proto_dot_api_dot_v1alpha1_dot_datamesh_dot_domaindatasource__pb2.UpdateDomainDataSourceRequest.SerializeToString,
- kuscia_dot_proto_dot_api_dot_v1alpha1_dot_datamesh_dot_domaindatasource__pb2.UpdateDomainDataSourceResponse.FromString,
- options, channel_credentials,
- insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
-
- @staticmethod
- def DeleteDomainDataSource(request,
- target,
- options=(),
- channel_credentials=None,
- call_credentials=None,
- insecure=False,
- compression=None,
- wait_for_ready=None,
- timeout=None,
- metadata=None):
- return grpc.experimental.unary_unary(request, target, '/kuscia.proto.api.v1alpha1.datamesh.DomainDataSourceService/DeleteDomainDataSource',
- kuscia_dot_proto_dot_api_dot_v1alpha1_dot_datamesh_dot_domaindatasource__pb2.DeleteDomainDataSourceRequest.SerializeToString,
- kuscia_dot_proto_dot_api_dot_v1alpha1_dot_datamesh_dot_domaindatasource__pb2.DeleteDomainDataSourceResponse.FromString,
- options, channel_credentials,
- insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
diff --git a/python/kuscia/proto/api/v1alpha1/datamesh/flightdm_pb2.py b/python/kuscia/proto/api/v1alpha1/datamesh/flightdm_pb2.py
index 0682fdba..2cba5d52 100644
--- a/python/kuscia/proto/api/v1alpha1/datamesh/flightdm_pb2.py
+++ b/python/kuscia/proto/api/v1alpha1/datamesh/flightdm_pb2.py
@@ -17,7 +17,7 @@
from kuscia.proto.api.v1alpha1.datamesh import domaindatasource_pb2 as kuscia_dot_proto_dot_api_dot_v1alpha1_dot_datamesh_dot_domaindatasource__pb2
-DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n1kuscia/proto/api/v1alpha1/datamesh/flightdm.proto\x12\"kuscia.proto.api.v1alpha1.datamesh\x1a\x33kuscia/proto/api/v1alpha1/datamesh/domaindata.proto\x1a\x39kuscia/proto/api/v1alpha1/datamesh/domaindatasource.proto\"*\n\x0f\x43SVWriteOptions\x12\x17\n\x0f\x66ield_delimiter\x18\x01 \x01(\t\"i\n\x10\x46ileWriteOptions\x12J\n\x0b\x63sv_options\x18\x02 \x01(\x0b\x32\x33.kuscia.proto.api.v1alpha1.datamesh.CSVWriteOptionsH\x00\x42\t\n\x07Options\"3\n\x1a\x43ommandGetDomainDataSchema\x12\x15\n\rdomaindata_id\x18\x01 \x01(\t\"\xd9\x01\n\x16\x43ommandDomainDataQuery\x12\x15\n\rdomaindata_id\x18\x01 \x01(\t\x12\x0f\n\x07\x63olumns\x18\x02 \x03(\t\x12\x45\n\x0c\x63ontent_type\x18\x03 \x01(\x0e\x32/.kuscia.proto.api.v1alpha1.datamesh.ContentType\x12P\n\x12\x66ile_write_options\x18\x04 \x01(\x0b\x32\x34.kuscia.proto.api.v1alpha1.datamesh.FileWriteOptions\"\xbd\x03\n\x17\x43ommandDomainDataUpdate\x12\x15\n\rdomaindata_id\x18\x01 \x01(\t\x12W\n\x12\x64omaindata_request\x18\x02 \x01(\x0b\x32;.kuscia.proto.api.v1alpha1.datamesh.CreateDomainDataRequest\x12\x45\n\x0c\x63ontent_type\x18\x03 \x01(\x0e\x32/.kuscia.proto.api.v1alpha1.datamesh.ContentType\x12P\n\x12\x66ile_write_options\x18\x04 \x01(\x0b\x32\x34.kuscia.proto.api.v1alpha1.datamesh.FileWriteOptions\x12\x64\n\rextra_options\x18\x05 \x03(\x0b\x32M.kuscia.proto.api.v1alpha1.datamesh.CommandDomainDataUpdate.ExtraOptionsEntry\x1a\x33\n\x11\x45xtraOptionsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"2\n\x15TicketDomainDataQuery\x12\x19\n\x11\x64omaindata_handle\x18\x01 \x01(\t\"m\n\x1d\x41\x63tionCreateDomainDataRequest\x12L\n\x07request\x18\x01 \x01(\x0b\x32;.kuscia.proto.api.v1alpha1.datamesh.CreateDomainDataRequest\"p\n\x1e\x41\x63tionCreateDomainDataResponse\x12N\n\x08response\x18\x01 \x01(\x0b\x32<.kuscia.proto.api.v1alpha1.datamesh.CreateDomainDataResponse\"k\n\x1c\x41\x63tionQueryDomainDataRequest\x12K\n\x07request\x18\x01 \x01(\x0b\x32:.kuscia.proto.api.v1alpha1.datamesh.QueryDomainDataRequest\"n\n\x1d\x41\x63tionQueryDomainDataResponse\x12M\n\x08response\x18\x01 \x01(\x0b\x32;.kuscia.proto.api.v1alpha1.datamesh.QueryDomainDataResponse\"m\n\x1d\x41\x63tionUpdateDomainDataRequest\x12L\n\x07request\x18\x01 \x01(\x0b\x32;.kuscia.proto.api.v1alpha1.datamesh.UpdateDomainDataRequest\"p\n\x1e\x41\x63tionUpdateDomainDataResponse\x12N\n\x08response\x18\x01 \x01(\x0b\x32<.kuscia.proto.api.v1alpha1.datamesh.UpdateDomainDataResponse\"\x88\x01\n\x1d\x41\x63tionDeleteDomainDataRequest\x12L\n\x07request\x18\x01 \x01(\x0b\x32;.kuscia.proto.api.v1alpha1.datamesh.DeleteDomainDataRequest\x12\x19\n\x11physical_deletion\x18\x02 \x01(\x08\"p\n\x1e\x41\x63tionDeleteDomainDataResponse\x12N\n\x08response\x18\x01 \x01(\x0b\x32<.kuscia.proto.api.v1alpha1.datamesh.DeleteDomainDataResponse\"y\n#ActionCreateDomainDataSourceRequest\x12R\n\x07request\x18\x01 \x01(\x0b\x32\x41.kuscia.proto.api.v1alpha1.datamesh.CreateDomainDataSourceRequest\"|\n$ActionCreateDomainDataSourceResponse\x12T\n\x08response\x18\x01 \x01(\x0b\x32\x42.kuscia.proto.api.v1alpha1.datamesh.CreateDomainDataSourceResponse\"w\n\"ActionQueryDomainDataSourceRequest\x12Q\n\x07request\x18\x01 \x01(\x0b\x32@.kuscia.proto.api.v1alpha1.datamesh.QueryDomainDataSourceRequest\"z\n#ActionQueryDomainDataSourceResponse\x12S\n\x08response\x18\x01 \x01(\x0b\x32\x41.kuscia.proto.api.v1alpha1.datamesh.QueryDomainDataSourceResponse**\n\x0b\x43ontentType\x12\t\n\x05Table\x10\x00\x12\x07\n\x03RAW\x10\x01\x12\x07\n\x03\x43SV\x10\x02\x42\\\n org.secretflow.v1alpha1.datameshZ8github.com/secretflow/kuscia/proto/api/v1alpha1/datameshb\x06proto3')
+DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n1kuscia/proto/api/v1alpha1/datamesh/flightdm.proto\x12\"kuscia.proto.api.v1alpha1.datamesh\x1a\x33kuscia/proto/api/v1alpha1/datamesh/domaindata.proto\x1a\x39kuscia/proto/api/v1alpha1/datamesh/domaindatasource.proto\"*\n\x0f\x43SVWriteOptions\x12\x17\n\x0f\x66ield_delimiter\x18\x01 \x01(\t\"i\n\x10\x46ileWriteOptions\x12J\n\x0b\x63sv_options\x18\x02 \x01(\x0b\x32\x33.kuscia.proto.api.v1alpha1.datamesh.CSVWriteOptionsH\x00\x42\t\n\x07Options\"3\n\x1a\x43ommandGetDomainDataSchema\x12\x15\n\rdomaindata_id\x18\x01 \x01(\t\"\xd9\x01\n\x16\x43ommandDomainDataQuery\x12\x15\n\rdomaindata_id\x18\x01 \x01(\t\x12\x0f\n\x07\x63olumns\x18\x02 \x03(\t\x12\x45\n\x0c\x63ontent_type\x18\x03 \x01(\x0e\x32/.kuscia.proto.api.v1alpha1.datamesh.ContentType\x12P\n\x12\x66ile_write_options\x18\x04 \x01(\x0b\x32\x34.kuscia.proto.api.v1alpha1.datamesh.FileWriteOptions\"\xbd\x03\n\x17\x43ommandDomainDataUpdate\x12\x15\n\rdomaindata_id\x18\x01 \x01(\t\x12W\n\x12\x64omaindata_request\x18\x02 \x01(\x0b\x32;.kuscia.proto.api.v1alpha1.datamesh.CreateDomainDataRequest\x12\x45\n\x0c\x63ontent_type\x18\x03 \x01(\x0e\x32/.kuscia.proto.api.v1alpha1.datamesh.ContentType\x12P\n\x12\x66ile_write_options\x18\x04 \x01(\x0b\x32\x34.kuscia.proto.api.v1alpha1.datamesh.FileWriteOptions\x12\x64\n\rextra_options\x18\x05 \x03(\x0b\x32M.kuscia.proto.api.v1alpha1.datamesh.CommandDomainDataUpdate.ExtraOptionsEntry\x1a\x33\n\x11\x45xtraOptionsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"2\n\x15TicketDomainDataQuery\x12\x19\n\x11\x64omaindata_handle\x18\x01 \x01(\t\"m\n\x1d\x41\x63tionCreateDomainDataRequest\x12L\n\x07request\x18\x01 \x01(\x0b\x32;.kuscia.proto.api.v1alpha1.datamesh.CreateDomainDataRequest\"p\n\x1e\x41\x63tionCreateDomainDataResponse\x12N\n\x08response\x18\x01 \x01(\x0b\x32<.kuscia.proto.api.v1alpha1.datamesh.CreateDomainDataResponse\"k\n\x1c\x41\x63tionQueryDomainDataRequest\x12K\n\x07request\x18\x01 \x01(\x0b\x32:.kuscia.proto.api.v1alpha1.datamesh.QueryDomainDataRequest\"n\n\x1d\x41\x63tionQueryDomainDataResponse\x12M\n\x08response\x18\x01 \x01(\x0b\x32;.kuscia.proto.api.v1alpha1.datamesh.QueryDomainDataResponse\"m\n\x1d\x41\x63tionUpdateDomainDataRequest\x12L\n\x07request\x18\x01 \x01(\x0b\x32;.kuscia.proto.api.v1alpha1.datamesh.UpdateDomainDataRequest\"p\n\x1e\x41\x63tionUpdateDomainDataResponse\x12N\n\x08response\x18\x01 \x01(\x0b\x32<.kuscia.proto.api.v1alpha1.datamesh.UpdateDomainDataResponse\"\x88\x01\n\x1d\x41\x63tionDeleteDomainDataRequest\x12L\n\x07request\x18\x01 \x01(\x0b\x32;.kuscia.proto.api.v1alpha1.datamesh.DeleteDomainDataRequest\x12\x19\n\x11physical_deletion\x18\x02 \x01(\x08\"p\n\x1e\x41\x63tionDeleteDomainDataResponse\x12N\n\x08response\x18\x01 \x01(\x0b\x32<.kuscia.proto.api.v1alpha1.datamesh.DeleteDomainDataResponse\"w\n\"ActionQueryDomainDataSourceRequest\x12Q\n\x07request\x18\x01 \x01(\x0b\x32@.kuscia.proto.api.v1alpha1.datamesh.QueryDomainDataSourceRequest\"z\n#ActionQueryDomainDataSourceResponse\x12S\n\x08response\x18\x01 \x01(\x0b\x32\x41.kuscia.proto.api.v1alpha1.datamesh.QueryDomainDataSourceResponse**\n\x0b\x43ontentType\x12\t\n\x05Table\x10\x00\x12\x07\n\x03RAW\x10\x01\x12\x07\n\x03\x43SV\x10\x02\x42\\\n org.secretflow.v1alpha1.datameshZ8github.com/secretflow/kuscia/proto/api/v1alpha1/datameshb\x06proto3')
_CONTENTTYPE = DESCRIPTOR.enum_types_by_name['ContentType']
ContentType = enum_type_wrapper.EnumTypeWrapper(_CONTENTTYPE)
@@ -41,8 +41,6 @@
_ACTIONUPDATEDOMAINDATARESPONSE = DESCRIPTOR.message_types_by_name['ActionUpdateDomainDataResponse']
_ACTIONDELETEDOMAINDATAREQUEST = DESCRIPTOR.message_types_by_name['ActionDeleteDomainDataRequest']
_ACTIONDELETEDOMAINDATARESPONSE = DESCRIPTOR.message_types_by_name['ActionDeleteDomainDataResponse']
-_ACTIONCREATEDOMAINDATASOURCEREQUEST = DESCRIPTOR.message_types_by_name['ActionCreateDomainDataSourceRequest']
-_ACTIONCREATEDOMAINDATASOURCERESPONSE = DESCRIPTOR.message_types_by_name['ActionCreateDomainDataSourceResponse']
_ACTIONQUERYDOMAINDATASOURCEREQUEST = DESCRIPTOR.message_types_by_name['ActionQueryDomainDataSourceRequest']
_ACTIONQUERYDOMAINDATASOURCERESPONSE = DESCRIPTOR.message_types_by_name['ActionQueryDomainDataSourceResponse']
CSVWriteOptions = _reflection.GeneratedProtocolMessageType('CSVWriteOptions', (_message.Message,), {
@@ -151,20 +149,6 @@
})
_sym_db.RegisterMessage(ActionDeleteDomainDataResponse)
-ActionCreateDomainDataSourceRequest = _reflection.GeneratedProtocolMessageType('ActionCreateDomainDataSourceRequest', (_message.Message,), {
- 'DESCRIPTOR' : _ACTIONCREATEDOMAINDATASOURCEREQUEST,
- '__module__' : 'kuscia.proto.api.v1alpha1.datamesh.flightdm_pb2'
- # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.datamesh.ActionCreateDomainDataSourceRequest)
- })
-_sym_db.RegisterMessage(ActionCreateDomainDataSourceRequest)
-
-ActionCreateDomainDataSourceResponse = _reflection.GeneratedProtocolMessageType('ActionCreateDomainDataSourceResponse', (_message.Message,), {
- 'DESCRIPTOR' : _ACTIONCREATEDOMAINDATASOURCERESPONSE,
- '__module__' : 'kuscia.proto.api.v1alpha1.datamesh.flightdm_pb2'
- # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.datamesh.ActionCreateDomainDataSourceResponse)
- })
-_sym_db.RegisterMessage(ActionCreateDomainDataSourceResponse)
-
ActionQueryDomainDataSourceRequest = _reflection.GeneratedProtocolMessageType('ActionQueryDomainDataSourceRequest', (_message.Message,), {
'DESCRIPTOR' : _ACTIONQUERYDOMAINDATASOURCEREQUEST,
'__module__' : 'kuscia.proto.api.v1alpha1.datamesh.flightdm_pb2'
@@ -185,8 +169,8 @@
DESCRIPTOR._serialized_options = b'\n org.secretflow.v1alpha1.datameshZ8github.com/secretflow/kuscia/proto/api/v1alpha1/datamesh'
_COMMANDDOMAINDATAUPDATE_EXTRAOPTIONSENTRY._options = None
_COMMANDDOMAINDATAUPDATE_EXTRAOPTIONSENTRY._serialized_options = b'8\001'
- _CONTENTTYPE._serialized_start=2543
- _CONTENTTYPE._serialized_end=2585
+ _CONTENTTYPE._serialized_start=2294
+ _CONTENTTYPE._serialized_end=2336
_CSVWRITEOPTIONS._serialized_start=201
_CSVWRITEOPTIONS._serialized_end=243
_FILEWRITEOPTIONS._serialized_start=245
@@ -217,12 +201,8 @@
_ACTIONDELETEDOMAINDATAREQUEST._serialized_end=1933
_ACTIONDELETEDOMAINDATARESPONSE._serialized_start=1935
_ACTIONDELETEDOMAINDATARESPONSE._serialized_end=2047
- _ACTIONCREATEDOMAINDATASOURCEREQUEST._serialized_start=2049
- _ACTIONCREATEDOMAINDATASOURCEREQUEST._serialized_end=2170
- _ACTIONCREATEDOMAINDATASOURCERESPONSE._serialized_start=2172
- _ACTIONCREATEDOMAINDATASOURCERESPONSE._serialized_end=2296
- _ACTIONQUERYDOMAINDATASOURCEREQUEST._serialized_start=2298
- _ACTIONQUERYDOMAINDATASOURCEREQUEST._serialized_end=2417
- _ACTIONQUERYDOMAINDATASOURCERESPONSE._serialized_start=2419
- _ACTIONQUERYDOMAINDATASOURCERESPONSE._serialized_end=2541
+ _ACTIONQUERYDOMAINDATASOURCEREQUEST._serialized_start=2049
+ _ACTIONQUERYDOMAINDATASOURCEREQUEST._serialized_end=2168
+ _ACTIONQUERYDOMAINDATASOURCERESPONSE._serialized_start=2170
+ _ACTIONQUERYDOMAINDATASOURCERESPONSE._serialized_end=2292
# @@protoc_insertion_point(module_scope)
diff --git a/python/kuscia/proto/api/v1alpha1/handshake/handshake_pb2.py b/python/kuscia/proto/api/v1alpha1/handshake/handshake_pb2.py
index 878cfb27..b2b3f519 100644
--- a/python/kuscia/proto/api/v1alpha1/handshake/handshake_pb2.py
+++ b/python/kuscia/proto/api/v1alpha1/handshake/handshake_pb2.py
@@ -15,7 +15,7 @@
from kuscia.proto.api.v1alpha1 import common_pb2 as kuscia_dot_proto_dot_api_dot_v1alpha1_dot_common__pb2
-DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n3kuscia/proto/api/v1alpha1/handshake/handshake.proto\x12#kuscia.proto.api.v1alpha1.handshake\x1a&kuscia/proto/api/v1alpha1/common.proto\".\n\x0bTokenConfig\x12\r\n\x05token\x18\x01 \x01(\t\x12\x10\n\x08revision\x18\x02 \x01(\x03\"\x91\x01\n\x10HandShakeRequest\x12\x11\n\tdomain_id\x18\x01 \x01(\t\x12\x0c\n\x04type\x18\x02 \x01(\t\x12\x46\n\x0ctoken_config\x18\x03 \x01(\x0b\x32\x30.kuscia.proto.api.v1alpha1.handshake.TokenConfig\x12\x14\n\x0crequest_time\x18\x04 \x01(\x03\"A\n\x05Token\x12\r\n\x05token\x18\x01 \x01(\t\x12\x17\n\x0f\x65xpiration_time\x18\x02 \x01(\x03\x12\x10\n\x08revision\x18\x03 \x01(\x05\"\x81\x01\n\x11HandShakeResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12\x39\n\x05token\x18\x02 \x01(\x0b\x32*.kuscia.proto.api.v1alpha1.handshake.Token\"G\n\x0fRegisterRequest\x12\x11\n\tdomain_id\x18\x01 \x01(\t\x12\x0b\n\x03\x63sr\x18\x02 \x01(\t\x12\x14\n\x0crequest_time\x18\x03 \x01(\x03\"S\n\x10RegisterResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12\x0c\n\x04\x63\x65rt\x18\x03 \x01(\tB^\n!com.secretflow.v1alpha1.handshakeZ9github.com/secretflow/kuscia/proto/api/v1alpha1/handshakeb\x06proto3')
+DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n3kuscia/proto/api/v1alpha1/handshake/handshake.proto\x12#kuscia.proto.api.v1alpha1.handshake\x1a&kuscia/proto/api/v1alpha1/common.proto\"?\n\x0bTokenConfig\x12\r\n\x05token\x18\x01 \x01(\t\x12\x10\n\x08revision\x18\x02 \x01(\x03\x12\x0f\n\x07pubhash\x18\x03 \x01(\t\"\x91\x01\n\x10HandShakeRequest\x12\x11\n\tdomain_id\x18\x01 \x01(\t\x12\x0c\n\x04type\x18\x02 \x01(\t\x12\x46\n\x0ctoken_config\x18\x03 \x01(\x0b\x32\x30.kuscia.proto.api.v1alpha1.handshake.TokenConfig\x12\x14\n\x0crequest_time\x18\x04 \x01(\x03\"A\n\x05Token\x12\r\n\x05token\x18\x01 \x01(\t\x12\x17\n\x0f\x65xpiration_time\x18\x02 \x01(\x03\x12\x10\n\x08revision\x18\x03 \x01(\x05\"\x81\x01\n\x11HandShakeResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12\x39\n\x05token\x18\x02 \x01(\x0b\x32*.kuscia.proto.api.v1alpha1.handshake.Token\"G\n\x0fRegisterRequest\x12\x11\n\tdomain_id\x18\x01 \x01(\t\x12\x0b\n\x03\x63sr\x18\x02 \x01(\t\x12\x14\n\x0crequest_time\x18\x03 \x01(\x03\"S\n\x10RegisterResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12\x0c\n\x04\x63\x65rt\x18\x03 \x01(\tB^\n!com.secretflow.v1alpha1.handshakeZ9github.com/secretflow/kuscia/proto/api/v1alpha1/handshakeb\x06proto3')
@@ -72,15 +72,15 @@
DESCRIPTOR._options = None
DESCRIPTOR._serialized_options = b'\n!com.secretflow.v1alpha1.handshakeZ9github.com/secretflow/kuscia/proto/api/v1alpha1/handshake'
_TOKENCONFIG._serialized_start=132
- _TOKENCONFIG._serialized_end=178
- _HANDSHAKEREQUEST._serialized_start=181
- _HANDSHAKEREQUEST._serialized_end=326
- _TOKEN._serialized_start=328
- _TOKEN._serialized_end=393
- _HANDSHAKERESPONSE._serialized_start=396
- _HANDSHAKERESPONSE._serialized_end=525
- _REGISTERREQUEST._serialized_start=527
- _REGISTERREQUEST._serialized_end=598
- _REGISTERRESPONSE._serialized_start=600
- _REGISTERRESPONSE._serialized_end=683
+ _TOKENCONFIG._serialized_end=195
+ _HANDSHAKEREQUEST._serialized_start=198
+ _HANDSHAKEREQUEST._serialized_end=343
+ _TOKEN._serialized_start=345
+ _TOKEN._serialized_end=410
+ _HANDSHAKERESPONSE._serialized_start=413
+ _HANDSHAKERESPONSE._serialized_end=542
+ _REGISTERREQUEST._serialized_start=544
+ _REGISTERREQUEST._serialized_end=615
+ _REGISTERRESPONSE._serialized_start=617
+ _REGISTERRESPONSE._serialized_end=700
# @@protoc_insertion_point(module_scope)
diff --git a/python/kuscia/proto/api/v1alpha1/kusciaapi/certificate_pb2.py b/python/kuscia/proto/api/v1alpha1/kusciaapi/certificate_pb2.py
new file mode 100644
index 00000000..1afc6656
--- /dev/null
+++ b/python/kuscia/proto/api/v1alpha1/kusciaapi/certificate_pb2.py
@@ -0,0 +1,49 @@
+# -*- coding: utf-8 -*-
+# Generated by the protocol buffer compiler. DO NOT EDIT!
+# source: kuscia/proto/api/v1alpha1/kusciaapi/certificate.proto
+"""Generated protocol buffer code."""
+from google.protobuf import descriptor as _descriptor
+from google.protobuf import descriptor_pool as _descriptor_pool
+from google.protobuf import message as _message
+from google.protobuf import reflection as _reflection
+from google.protobuf import symbol_database as _symbol_database
+# @@protoc_insertion_point(imports)
+
+_sym_db = _symbol_database.Default()
+
+
+from kuscia.proto.api.v1alpha1 import common_pb2 as kuscia_dot_proto_dot_api_dot_v1alpha1_dot_common__pb2
+
+
+DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n5kuscia/proto/api/v1alpha1/kusciaapi/certificate.proto\x12#kuscia.proto.api.v1alpha1.kusciaapi\x1a&kuscia/proto/api/v1alpha1/common.proto\"\xd4\x01\n\x17GenerateKeyCertsRequest\x12\x13\n\x0b\x63ommon_name\x18\x01 \x01(\t\x12\x0f\n\x07\x63ountry\x18\x02 \x01(\t\x12\x14\n\x0corganization\x18\x03 \x01(\t\x12\x19\n\x11organization_unit\x18\x04 \x01(\t\x12\x10\n\x08locality\x18\x05 \x01(\t\x12\x10\n\x08province\x18\x06 \x01(\t\x12\x16\n\x0estreet_address\x18\x07 \x01(\t\x12\x14\n\x0c\x64uration_sec\x18\x08 \x01(\x03\x12\x10\n\x08key_type\x18\t \x01(\t\"n\n\x18GenerateKeyCertsResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12\x0b\n\x03key\x18\x02 \x01(\t\x12\x12\n\ncert_chain\x18\x03 \x03(\t2\xa6\x01\n\x12\x43\x65rtificateService\x12\x8f\x01\n\x10GenerateKeyCerts\x12<.kuscia.proto.api.v1alpha1.kusciaapi.GenerateKeyCertsRequest\x1a=.kuscia.proto.api.v1alpha1.kusciaapi.GenerateKeyCertsResponseB^\n!org.secretflow.v1alpha1.kusciaapiZ9github.com/secretflow/kuscia/proto/api/v1alpha1/kusciaapib\x06proto3')
+
+
+
+_GENERATEKEYCERTSREQUEST = DESCRIPTOR.message_types_by_name['GenerateKeyCertsRequest']
+_GENERATEKEYCERTSRESPONSE = DESCRIPTOR.message_types_by_name['GenerateKeyCertsResponse']
+GenerateKeyCertsRequest = _reflection.GeneratedProtocolMessageType('GenerateKeyCertsRequest', (_message.Message,), {
+ 'DESCRIPTOR' : _GENERATEKEYCERTSREQUEST,
+ '__module__' : 'kuscia.proto.api.v1alpha1.kusciaapi.certificate_pb2'
+ # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.kusciaapi.GenerateKeyCertsRequest)
+ })
+_sym_db.RegisterMessage(GenerateKeyCertsRequest)
+
+GenerateKeyCertsResponse = _reflection.GeneratedProtocolMessageType('GenerateKeyCertsResponse', (_message.Message,), {
+ 'DESCRIPTOR' : _GENERATEKEYCERTSRESPONSE,
+ '__module__' : 'kuscia.proto.api.v1alpha1.kusciaapi.certificate_pb2'
+ # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.kusciaapi.GenerateKeyCertsResponse)
+ })
+_sym_db.RegisterMessage(GenerateKeyCertsResponse)
+
+_CERTIFICATESERVICE = DESCRIPTOR.services_by_name['CertificateService']
+if _descriptor._USE_C_DESCRIPTORS == False:
+
+ DESCRIPTOR._options = None
+ DESCRIPTOR._serialized_options = b'\n!org.secretflow.v1alpha1.kusciaapiZ9github.com/secretflow/kuscia/proto/api/v1alpha1/kusciaapi'
+ _GENERATEKEYCERTSREQUEST._serialized_start=135
+ _GENERATEKEYCERTSREQUEST._serialized_end=347
+ _GENERATEKEYCERTSRESPONSE._serialized_start=349
+ _GENERATEKEYCERTSRESPONSE._serialized_end=459
+ _CERTIFICATESERVICE._serialized_start=462
+ _CERTIFICATESERVICE._serialized_end=628
+# @@protoc_insertion_point(module_scope)
diff --git a/python/kuscia/proto/api/v1alpha1/kusciaapi/certificate_pb2_grpc.py b/python/kuscia/proto/api/v1alpha1/kusciaapi/certificate_pb2_grpc.py
new file mode 100644
index 00000000..74c7a498
--- /dev/null
+++ b/python/kuscia/proto/api/v1alpha1/kusciaapi/certificate_pb2_grpc.py
@@ -0,0 +1,66 @@
+# Generated by the gRPC Python protocol compiler plugin. DO NOT EDIT!
+"""Client and server classes corresponding to protobuf-defined services."""
+import grpc
+
+from kuscia.proto.api.v1alpha1.kusciaapi import certificate_pb2 as kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_certificate__pb2
+
+
+class CertificateServiceStub(object):
+ """Missing associated documentation comment in .proto file."""
+
+ def __init__(self, channel):
+ """Constructor.
+
+ Args:
+ channel: A grpc.Channel.
+ """
+ self.GenerateKeyCerts = channel.unary_unary(
+ '/kuscia.proto.api.v1alpha1.kusciaapi.CertificateService/GenerateKeyCerts',
+ request_serializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_certificate__pb2.GenerateKeyCertsRequest.SerializeToString,
+ response_deserializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_certificate__pb2.GenerateKeyCertsResponse.FromString,
+ )
+
+
+class CertificateServiceServicer(object):
+ """Missing associated documentation comment in .proto file."""
+
+ def GenerateKeyCerts(self, request, context):
+ """Missing associated documentation comment in .proto file."""
+ context.set_code(grpc.StatusCode.UNIMPLEMENTED)
+ context.set_details('Method not implemented!')
+ raise NotImplementedError('Method not implemented!')
+
+
+def add_CertificateServiceServicer_to_server(servicer, server):
+ rpc_method_handlers = {
+ 'GenerateKeyCerts': grpc.unary_unary_rpc_method_handler(
+ servicer.GenerateKeyCerts,
+ request_deserializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_certificate__pb2.GenerateKeyCertsRequest.FromString,
+ response_serializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_certificate__pb2.GenerateKeyCertsResponse.SerializeToString,
+ ),
+ }
+ generic_handler = grpc.method_handlers_generic_handler(
+ 'kuscia.proto.api.v1alpha1.kusciaapi.CertificateService', rpc_method_handlers)
+ server.add_generic_rpc_handlers((generic_handler,))
+
+
+ # This class is part of an EXPERIMENTAL API.
+class CertificateService(object):
+ """Missing associated documentation comment in .proto file."""
+
+ @staticmethod
+ def GenerateKeyCerts(request,
+ target,
+ options=(),
+ channel_credentials=None,
+ call_credentials=None,
+ insecure=False,
+ compression=None,
+ wait_for_ready=None,
+ timeout=None,
+ metadata=None):
+ return grpc.experimental.unary_unary(request, target, '/kuscia.proto.api.v1alpha1.kusciaapi.CertificateService/GenerateKeyCerts',
+ kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_certificate__pb2.GenerateKeyCertsRequest.SerializeToString,
+ kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_certificate__pb2.GenerateKeyCertsResponse.FromString,
+ options, channel_credentials,
+ insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
diff --git a/python/kuscia/proto/api/v1alpha1/kusciaapi/domain_pb2.py b/python/kuscia/proto/api/v1alpha1/kusciaapi/domain_pb2.py
index fef377bb..fb2f9f69 100644
--- a/python/kuscia/proto/api/v1alpha1/kusciaapi/domain_pb2.py
+++ b/python/kuscia/proto/api/v1alpha1/kusciaapi/domain_pb2.py
@@ -15,7 +15,7 @@
from kuscia.proto.api.v1alpha1 import common_pb2 as kuscia_dot_proto_dot_api_dot_v1alpha1_dot_common__pb2
-DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n0kuscia/proto/api/v1alpha1/kusciaapi/domain.proto\x12#kuscia.proto.api.v1alpha1.kusciaapi\x1a&kuscia/proto/api/v1alpha1/common.proto\"\xc4\x01\n\x13\x43reateDomainRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x11\n\tdomain_id\x18\x02 \x01(\t\x12\x0c\n\x04role\x18\x03 \x01(\t\x12\x0c\n\x04\x63\x65rt\x18\x04 \x01(\t\x12\x44\n\x0b\x61uth_center\x18\x05 \x01(\x0b\x32/.kuscia.proto.api.v1alpha1.kusciaapi.AuthCenter\"I\n\x14\x43reateDomainResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\"b\n\x13\x44\x65leteDomainRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x11\n\tdomain_id\x18\x02 \x01(\t\"I\n\x14\x44\x65leteDomainResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\"a\n\x12QueryDomainRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x11\n\tdomain_id\x18\x02 \x01(\t\"\x94\x01\n\x13QueryDomainResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12J\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32<.kuscia.proto.api.v1alpha1.kusciaapi.QueryDomainResponseData\"\xc5\x03\n\x17QueryDomainResponseData\x12\x11\n\tdomain_id\x18\x01 \x01(\t\x12\x0c\n\x04role\x18\x02 \x01(\t\x12\x0c\n\x04\x63\x65rt\x18\x03 \x01(\t\x12\x46\n\rnode_statuses\x18\x04 \x03(\x0b\x32/.kuscia.proto.api.v1alpha1.kusciaapi.NodeStatus\x12U\n\x15\x64\x65ploy_token_statuses\x18\x05 \x03(\x0b\x32\x36.kuscia.proto.api.v1alpha1.kusciaapi.DeployTokenStatus\x12\x62\n\x0b\x61nnotations\x18\x06 \x03(\x0b\x32M.kuscia.proto.api.v1alpha1.kusciaapi.QueryDomainResponseData.AnnotationsEntry\x12\x44\n\x0b\x61uth_center\x18\x07 \x01(\x0b\x32/.kuscia.proto.api.v1alpha1.kusciaapi.AuthCenter\x1a\x32\n\x10\x41nnotationsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"v\n\nNodeStatus\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x0e\n\x06status\x18\x02 \x01(\t\x12\x0f\n\x07version\x18\x03 \x01(\t\x12\x1b\n\x13last_heartbeat_time\x18\x04 \x01(\t\x12\x1c\n\x14last_transition_time\x18\x05 \x01(\t\"\xc4\x01\n\x13UpdateDomainRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x11\n\tdomain_id\x18\x02 \x01(\t\x12\x0c\n\x04role\x18\x03 \x01(\t\x12\x0c\n\x04\x63\x65rt\x18\x04 \x01(\t\x12\x44\n\x0b\x61uth_center\x18\x05 \x01(\x0b\x32/.kuscia.proto.api.v1alpha1.kusciaapi.AuthCenter\"I\n\x14UpdateDomainResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\"g\n\x17\x42\x61tchQueryDomainRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x12\n\ndomain_ids\x18\x02 \x03(\t\"\xa4\x01\n\x18\x42\x61tchQueryDomainResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12U\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32G.kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryDomainStatusResponseData\"b\n\"BatchQueryDomainStatusResponseData\x12<\n\x07\x64omains\x18\x01 \x03(\x0b\x32+.kuscia.proto.api.v1alpha1.kusciaapi.Domain\"\xd6\x01\n\x06\x44omain\x12\x11\n\tdomain_id\x18\x01 \x01(\t\x12\x0c\n\x04role\x18\x02 \x01(\t\x12\x0c\n\x04\x63\x65rt\x18\x03 \x01(\t\x12\x46\n\rnode_statuses\x18\x04 \x03(\x0b\x32/.kuscia.proto.api.v1alpha1.kusciaapi.NodeStatus\x12U\n\x15\x64\x65ploy_token_statuses\x18\x05 \x03(\x0b\x32\x36.kuscia.proto.api.v1alpha1.kusciaapi.DeployTokenStatus\"O\n\x11\x44\x65ployTokenStatus\x12\r\n\x05token\x18\x01 \x01(\t\x12\r\n\x05state\x18\x02 \x01(\t\x12\x1c\n\x14last_transition_time\x18\x03 \x01(\t\"C\n\nAuthCenter\x12\x1b\n\x13\x61uthentication_type\x18\x01 \x01(\t\x12\x18\n\x10token_gen_method\x18\x02 \x01(\t2\xb6\x05\n\rDomainService\x12\x83\x01\n\x0c\x43reateDomain\x12\x38.kuscia.proto.api.v1alpha1.kusciaapi.CreateDomainRequest\x1a\x39.kuscia.proto.api.v1alpha1.kusciaapi.CreateDomainResponse\x12\x80\x01\n\x0bQueryDomain\x12\x37.kuscia.proto.api.v1alpha1.kusciaapi.QueryDomainRequest\x1a\x38.kuscia.proto.api.v1alpha1.kusciaapi.QueryDomainResponse\x12\x83\x01\n\x0cUpdateDomain\x12\x38.kuscia.proto.api.v1alpha1.kusciaapi.UpdateDomainRequest\x1a\x39.kuscia.proto.api.v1alpha1.kusciaapi.UpdateDomainResponse\x12\x83\x01\n\x0c\x44\x65leteDomain\x12\x38.kuscia.proto.api.v1alpha1.kusciaapi.DeleteDomainRequest\x1a\x39.kuscia.proto.api.v1alpha1.kusciaapi.DeleteDomainResponse\x12\x8f\x01\n\x10\x42\x61tchQueryDomain\x12<.kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryDomainRequest\x1a=.kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryDomainResponseB^\n!org.secretflow.v1alpha1.kusciaapiZ9github.com/secretflow/kuscia/proto/api/v1alpha1/kusciaapib\x06proto3')
+DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n0kuscia/proto/api/v1alpha1/kusciaapi/domain.proto\x12#kuscia.proto.api.v1alpha1.kusciaapi\x1a&kuscia/proto/api/v1alpha1/common.proto\"\xc4\x01\n\x13\x43reateDomainRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x11\n\tdomain_id\x18\x02 \x01(\t\x12\x0c\n\x04role\x18\x03 \x01(\t\x12\x0c\n\x04\x63\x65rt\x18\x04 \x01(\t\x12\x44\n\x0b\x61uth_center\x18\x05 \x01(\x0b\x32/.kuscia.proto.api.v1alpha1.kusciaapi.AuthCenter\"I\n\x14\x43reateDomainResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\"b\n\x13\x44\x65leteDomainRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x11\n\tdomain_id\x18\x02 \x01(\t\"I\n\x14\x44\x65leteDomainResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\"a\n\x12QueryDomainRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x11\n\tdomain_id\x18\x02 \x01(\t\"\x94\x01\n\x13QueryDomainResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12J\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32<.kuscia.proto.api.v1alpha1.kusciaapi.QueryDomainResponseData\"\xc5\x03\n\x17QueryDomainResponseData\x12\x11\n\tdomain_id\x18\x01 \x01(\t\x12\x0c\n\x04role\x18\x02 \x01(\t\x12\x0c\n\x04\x63\x65rt\x18\x03 \x01(\t\x12\x46\n\rnode_statuses\x18\x04 \x03(\x0b\x32/.kuscia.proto.api.v1alpha1.kusciaapi.NodeStatus\x12U\n\x15\x64\x65ploy_token_statuses\x18\x05 \x03(\x0b\x32\x36.kuscia.proto.api.v1alpha1.kusciaapi.DeployTokenStatus\x12\x62\n\x0b\x61nnotations\x18\x06 \x03(\x0b\x32M.kuscia.proto.api.v1alpha1.kusciaapi.QueryDomainResponseData.AnnotationsEntry\x12\x44\n\x0b\x61uth_center\x18\x07 \x01(\x0b\x32/.kuscia.proto.api.v1alpha1.kusciaapi.AuthCenter\x1a\x32\n\x10\x41nnotationsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"v\n\nNodeStatus\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x0e\n\x06status\x18\x02 \x01(\t\x12\x0f\n\x07version\x18\x03 \x01(\t\x12\x1b\n\x13last_heartbeat_time\x18\x04 \x01(\t\x12\x1c\n\x14last_transition_time\x18\x05 \x01(\t\"\xc4\x01\n\x13UpdateDomainRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x11\n\tdomain_id\x18\x02 \x01(\t\x12\x0c\n\x04role\x18\x03 \x01(\t\x12\x0c\n\x04\x63\x65rt\x18\x04 \x01(\t\x12\x44\n\x0b\x61uth_center\x18\x05 \x01(\x0b\x32/.kuscia.proto.api.v1alpha1.kusciaapi.AuthCenter\"I\n\x14UpdateDomainResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\"g\n\x17\x42\x61tchQueryDomainRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x12\n\ndomain_ids\x18\x02 \x03(\t\"\x9e\x01\n\x18\x42\x61tchQueryDomainResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12O\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32\x41.kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryDomainResponseData\"\\\n\x1c\x42\x61tchQueryDomainResponseData\x12<\n\x07\x64omains\x18\x01 \x03(\x0b\x32+.kuscia.proto.api.v1alpha1.kusciaapi.Domain\"\x7f\n\x06\x44omain\x12\x11\n\tdomain_id\x18\x01 \x01(\t\x12\x0c\n\x04role\x18\x02 \x01(\t\x12\x0c\n\x04\x63\x65rt\x18\x03 \x01(\t\x12\x46\n\rnode_statuses\x18\x04 \x03(\x0b\x32/.kuscia.proto.api.v1alpha1.kusciaapi.NodeStatus\"O\n\x11\x44\x65ployTokenStatus\x12\r\n\x05token\x18\x01 \x01(\t\x12\r\n\x05state\x18\x02 \x01(\t\x12\x1c\n\x14last_transition_time\x18\x03 \x01(\t\"C\n\nAuthCenter\x12\x1b\n\x13\x61uthentication_type\x18\x01 \x01(\t\x12\x18\n\x10token_gen_method\x18\x02 \x01(\t2\xb6\x05\n\rDomainService\x12\x83\x01\n\x0c\x43reateDomain\x12\x38.kuscia.proto.api.v1alpha1.kusciaapi.CreateDomainRequest\x1a\x39.kuscia.proto.api.v1alpha1.kusciaapi.CreateDomainResponse\x12\x80\x01\n\x0bQueryDomain\x12\x37.kuscia.proto.api.v1alpha1.kusciaapi.QueryDomainRequest\x1a\x38.kuscia.proto.api.v1alpha1.kusciaapi.QueryDomainResponse\x12\x83\x01\n\x0cUpdateDomain\x12\x38.kuscia.proto.api.v1alpha1.kusciaapi.UpdateDomainRequest\x1a\x39.kuscia.proto.api.v1alpha1.kusciaapi.UpdateDomainResponse\x12\x83\x01\n\x0c\x44\x65leteDomain\x12\x38.kuscia.proto.api.v1alpha1.kusciaapi.DeleteDomainRequest\x1a\x39.kuscia.proto.api.v1alpha1.kusciaapi.DeleteDomainResponse\x12\x8f\x01\n\x10\x42\x61tchQueryDomain\x12<.kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryDomainRequest\x1a=.kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryDomainResponseB^\n!org.secretflow.v1alpha1.kusciaapiZ9github.com/secretflow/kuscia/proto/api/v1alpha1/kusciaapib\x06proto3')
@@ -32,7 +32,7 @@
_UPDATEDOMAINRESPONSE = DESCRIPTOR.message_types_by_name['UpdateDomainResponse']
_BATCHQUERYDOMAINREQUEST = DESCRIPTOR.message_types_by_name['BatchQueryDomainRequest']
_BATCHQUERYDOMAINRESPONSE = DESCRIPTOR.message_types_by_name['BatchQueryDomainResponse']
-_BATCHQUERYDOMAINSTATUSRESPONSEDATA = DESCRIPTOR.message_types_by_name['BatchQueryDomainStatusResponseData']
+_BATCHQUERYDOMAINRESPONSEDATA = DESCRIPTOR.message_types_by_name['BatchQueryDomainResponseData']
_DOMAIN = DESCRIPTOR.message_types_by_name['Domain']
_DEPLOYTOKENSTATUS = DESCRIPTOR.message_types_by_name['DeployTokenStatus']
_AUTHCENTER = DESCRIPTOR.message_types_by_name['AuthCenter']
@@ -128,12 +128,12 @@
})
_sym_db.RegisterMessage(BatchQueryDomainResponse)
-BatchQueryDomainStatusResponseData = _reflection.GeneratedProtocolMessageType('BatchQueryDomainStatusResponseData', (_message.Message,), {
- 'DESCRIPTOR' : _BATCHQUERYDOMAINSTATUSRESPONSEDATA,
+BatchQueryDomainResponseData = _reflection.GeneratedProtocolMessageType('BatchQueryDomainResponseData', (_message.Message,), {
+ 'DESCRIPTOR' : _BATCHQUERYDOMAINRESPONSEDATA,
'__module__' : 'kuscia.proto.api.v1alpha1.kusciaapi.domain_pb2'
- # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryDomainStatusResponseData)
+ # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryDomainResponseData)
})
-_sym_db.RegisterMessage(BatchQueryDomainStatusResponseData)
+_sym_db.RegisterMessage(BatchQueryDomainResponseData)
Domain = _reflection.GeneratedProtocolMessageType('Domain', (_message.Message,), {
'DESCRIPTOR' : _DOMAIN,
@@ -188,15 +188,15 @@
_BATCHQUERYDOMAINREQUEST._serialized_start=1678
_BATCHQUERYDOMAINREQUEST._serialized_end=1781
_BATCHQUERYDOMAINRESPONSE._serialized_start=1784
- _BATCHQUERYDOMAINRESPONSE._serialized_end=1948
- _BATCHQUERYDOMAINSTATUSRESPONSEDATA._serialized_start=1950
- _BATCHQUERYDOMAINSTATUSRESPONSEDATA._serialized_end=2048
- _DOMAIN._serialized_start=2051
- _DOMAIN._serialized_end=2265
- _DEPLOYTOKENSTATUS._serialized_start=2267
- _DEPLOYTOKENSTATUS._serialized_end=2346
- _AUTHCENTER._serialized_start=2348
- _AUTHCENTER._serialized_end=2415
- _DOMAINSERVICE._serialized_start=2418
- _DOMAINSERVICE._serialized_end=3112
+ _BATCHQUERYDOMAINRESPONSE._serialized_end=1942
+ _BATCHQUERYDOMAINRESPONSEDATA._serialized_start=1944
+ _BATCHQUERYDOMAINRESPONSEDATA._serialized_end=2036
+ _DOMAIN._serialized_start=2038
+ _DOMAIN._serialized_end=2165
+ _DEPLOYTOKENSTATUS._serialized_start=2167
+ _DEPLOYTOKENSTATUS._serialized_end=2246
+ _AUTHCENTER._serialized_start=2248
+ _AUTHCENTER._serialized_end=2315
+ _DOMAINSERVICE._serialized_start=2318
+ _DOMAINSERVICE._serialized_end=3012
# @@protoc_insertion_point(module_scope)
diff --git a/python/kuscia/proto/api/v1alpha1/kusciaapi/domaindatagrant_pb2.py b/python/kuscia/proto/api/v1alpha1/kusciaapi/domaindatagrant_pb2.py
index 052fe2ae..f9ae06c4 100644
--- a/python/kuscia/proto/api/v1alpha1/kusciaapi/domaindatagrant_pb2.py
+++ b/python/kuscia/proto/api/v1alpha1/kusciaapi/domaindatagrant_pb2.py
@@ -15,7 +15,7 @@
from kuscia.proto.api.v1alpha1 import common_pb2 as kuscia_dot_proto_dot_api_dot_v1alpha1_dot_common__pb2
-DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n9kuscia/proto/api/v1alpha1/kusciaapi/domaindatagrant.proto\x12#kuscia.proto.api.v1alpha1.kusciaapi\x1a&kuscia/proto/api/v1alpha1/common.proto\"\xa4\x03\n\x1c\x43reateDomainDataGrantRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x1a\n\x12\x64omaindatagrant_id\x18\x02 \x01(\t\x12\x15\n\rdomaindata_id\x18\x03 \x01(\t\x12\x14\n\x0cgrant_domain\x18\x04 \x01(\t\x12>\n\x05limit\x18\x05 \x01(\x0b\x32/.kuscia.proto.api.v1alpha1.kusciaapi.GrantLimit\x12g\n\x0b\x64\x65scription\x18\x06 \x03(\x0b\x32R.kuscia.proto.api.v1alpha1.kusciaapi.CreateDomainDataGrantRequest.DescriptionEntry\x12\x11\n\tsignature\x18\x07 \x01(\t\x12\x11\n\tdomain_id\x18\x08 \x01(\t\x1a\x32\n\x10\x44\x65scriptionEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xa8\x01\n\x1d\x43reateDomainDataGrantResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12T\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32\x46.kuscia.proto.api.v1alpha1.kusciaapi.CreateDomainDataGrantResponseData\"?\n!CreateDomainDataGrantResponseData\x12\x1a\n\x12\x64omaindatagrant_id\x18\x01 \x01(\t\"\xa5\x01\n\x0f\x44omainDataGrant\x12\x46\n\x04\x64\x61ta\x18\x01 \x01(\x0b\x32\x38.kuscia.proto.api.v1alpha1.kusciaapi.DomainDataGrantData\x12J\n\x06status\x18\x02 \x01(\x0b\x32:.kuscia.proto.api.v1alpha1.kusciaapi.DomainDataGrantStatus\"x\n\x15\x44omainDataGrantStatus\x12\r\n\x05phase\x18\x01 \x01(\t\x12\x0f\n\x07message\x18\x02 \x01(\t\x12?\n\x07records\x18\x03 \x03(\x0b\x32..kuscia.proto.api.v1alpha1.kusciaapi.UseRecord\"U\n\tUseRecord\x12\x10\n\x08use_time\x18\x01 \x01(\x03\x12\x14\n\x0cgrant_domain\x18\x02 \x01(\t\x12\x10\n\x08\x63omponet\x18\x03 \x01(\t\x12\x0e\n\x06output\x18\x04 \x01(\t\"\xe8\x02\n\x13\x44omainDataGrantData\x12\x1a\n\x12\x64omaindatagrant_id\x18\x01 \x01(\t\x12\x0e\n\x06\x61uthor\x18\x02 \x01(\t\x12\x15\n\rdomaindata_id\x18\x03 \x01(\t\x12\x14\n\x0cgrant_domain\x18\x04 \x01(\t\x12>\n\x05limit\x18\x05 \x01(\x0b\x32/.kuscia.proto.api.v1alpha1.kusciaapi.GrantLimit\x12^\n\x0b\x64\x65scription\x18\x06 \x03(\x0b\x32I.kuscia.proto.api.v1alpha1.kusciaapi.DomainDataGrantData.DescriptionEntry\x12\x11\n\tsignature\x18\x07 \x01(\t\x12\x11\n\tdomain_id\x18\x08 \x01(\t\x1a\x32\n\x10\x44\x65scriptionEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\x85\x01\n\nGrantLimit\x12\x17\n\x0f\x65xpiration_time\x18\x01 \x01(\x03\x12\x11\n\tuse_count\x18\x02 \x01(\x05\x12\x0f\n\x07\x66low_id\x18\x03 \x01(\t\x12\x11\n\tcomponets\x18\x04 \x03(\t\x12\x11\n\tinitiator\x18\x05 \x01(\t\x12\x14\n\x0cinput_config\x18\x06 \x01(\t\"\xa4\x03\n\x1cUpdateDomainDataGrantRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x1a\n\x12\x64omaindatagrant_id\x18\x02 \x01(\t\x12\x15\n\rdomaindata_id\x18\x03 \x01(\t\x12\x14\n\x0cgrant_domain\x18\x04 \x01(\t\x12>\n\x05limit\x18\x05 \x01(\x0b\x32/.kuscia.proto.api.v1alpha1.kusciaapi.GrantLimit\x12g\n\x0b\x64\x65scription\x18\x06 \x03(\x0b\x32R.kuscia.proto.api.v1alpha1.kusciaapi.UpdateDomainDataGrantRequest.DescriptionEntry\x12\x11\n\tsignature\x18\x07 \x01(\t\x12\x11\n\tdomain_id\x18\x08 \x01(\t\x1a\x32\n\x10\x44\x65scriptionEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"R\n\x1dUpdateDomainDataGrantResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\"\x87\x01\n\x1c\x44\x65leteDomainDataGrantRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x11\n\tdomain_id\x18\x02 \x01(\t\x12\x1a\n\x12\x64omaindatagrant_id\x18\x03 \x01(\t\"R\n\x1d\x44\x65leteDomainDataGrantResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\"P\n\x1fQueryDomainDataGrantRequestData\x12\x11\n\tdomain_id\x18\x01 \x01(\t\x12\x1a\n\x12\x64omaindatagrant_id\x18\x02 \x01(\t\"\xab\x01\n\x1bQueryDomainDataGrantRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12R\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32\x44.kuscia.proto.api.v1alpha1.kusciaapi.QueryDomainDataGrantRequestData\"\x95\x01\n\x1cQueryDomainDataGrantResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12\x42\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32\x34.kuscia.proto.api.v1alpha1.kusciaapi.DomainDataGrant\"\xb0\x01\n BatchQueryDomainDataGrantRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12R\n\x04\x64\x61ta\x18\x02 \x03(\x0b\x32\x44.kuscia.proto.api.v1alpha1.kusciaapi.QueryDomainDataGrantRequestData\"\x9a\x01\n!BatchQueryDomainDataGrantResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12\x42\n\x04\x64\x61ta\x18\x02 \x03(\x0b\x32\x34.kuscia.proto.api.v1alpha1.kusciaapi.DomainDataGrant\"\xa9\x01\n\x1aListDomainDataGrantRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12Q\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32\x43.kuscia.proto.api.v1alpha1.kusciaapi.ListDomainDataGrantRequestData\"d\n\x1eListDomainDataGrantRequestData\x12\x11\n\tdomain_id\x18\x01 \x01(\t\x12\x14\n\x0cgrant_domain\x18\x02 \x01(\t\x12\x19\n\x11\x64omaindata_vendor\x18\x03 \x01(\t\"\x98\x01\n\x1bListDomainDataGrantResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12\x46\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32\x38.kuscia.proto.api.v1alpha1.kusciaapi.DomainDataGrantList\"i\n\x13\x44omainDataGrantList\x12R\n\x14\x64omaindatagrant_list\x18\x01 \x03(\x0b\x32\x34.kuscia.proto.api.v1alpha1.kusciaapi.DomainDataGrant2\xe1\x07\n\x16\x44omainDataGrantService\x12\x9e\x01\n\x15\x43reateDomainDataGrant\x12\x41.kuscia.proto.api.v1alpha1.kusciaapi.CreateDomainDataGrantRequest\x1a\x42.kuscia.proto.api.v1alpha1.kusciaapi.CreateDomainDataGrantResponse\x12\x9e\x01\n\x15UpdateDomainDataGrant\x12\x41.kuscia.proto.api.v1alpha1.kusciaapi.UpdateDomainDataGrantRequest\x1a\x42.kuscia.proto.api.v1alpha1.kusciaapi.UpdateDomainDataGrantResponse\x12\x9e\x01\n\x15\x44\x65leteDomainDataGrant\x12\x41.kuscia.proto.api.v1alpha1.kusciaapi.DeleteDomainDataGrantRequest\x1a\x42.kuscia.proto.api.v1alpha1.kusciaapi.DeleteDomainDataGrantResponse\x12\x9b\x01\n\x14QueryDomainDataGrant\x12@.kuscia.proto.api.v1alpha1.kusciaapi.QueryDomainDataGrantRequest\x1a\x41.kuscia.proto.api.v1alpha1.kusciaapi.QueryDomainDataGrantResponse\x12\xaa\x01\n\x19\x42\x61tchQueryDomainDataGrant\x12\x45.kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryDomainDataGrantRequest\x1a\x46.kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryDomainDataGrantResponse\x12\x98\x01\n\x13ListDomainDataGrant\x12?.kuscia.proto.api.v1alpha1.kusciaapi.ListDomainDataGrantRequest\x1a@.kuscia.proto.api.v1alpha1.kusciaapi.ListDomainDataGrantResponseB^\n!org.secretflow.v1alpha1.kusciaapiZ9github.com/secretflow/kuscia/proto/api/v1alpha1/kusciaapib\x06proto3')
+DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n9kuscia/proto/api/v1alpha1/kusciaapi/domaindatagrant.proto\x12#kuscia.proto.api.v1alpha1.kusciaapi\x1a&kuscia/proto/api/v1alpha1/common.proto\"\xa4\x03\n\x1c\x43reateDomainDataGrantRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x1a\n\x12\x64omaindatagrant_id\x18\x02 \x01(\t\x12\x15\n\rdomaindata_id\x18\x03 \x01(\t\x12\x14\n\x0cgrant_domain\x18\x04 \x01(\t\x12>\n\x05limit\x18\x05 \x01(\x0b\x32/.kuscia.proto.api.v1alpha1.kusciaapi.GrantLimit\x12g\n\x0b\x64\x65scription\x18\x06 \x03(\x0b\x32R.kuscia.proto.api.v1alpha1.kusciaapi.CreateDomainDataGrantRequest.DescriptionEntry\x12\x11\n\tsignature\x18\x07 \x01(\t\x12\x11\n\tdomain_id\x18\x08 \x01(\t\x1a\x32\n\x10\x44\x65scriptionEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xa8\x01\n\x1d\x43reateDomainDataGrantResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12T\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32\x46.kuscia.proto.api.v1alpha1.kusciaapi.CreateDomainDataGrantResponseData\"?\n!CreateDomainDataGrantResponseData\x12\x1a\n\x12\x64omaindatagrant_id\x18\x01 \x01(\t\"\xa5\x01\n\x0f\x44omainDataGrant\x12\x46\n\x04\x64\x61ta\x18\x01 \x01(\x0b\x32\x38.kuscia.proto.api.v1alpha1.kusciaapi.DomainDataGrantData\x12J\n\x06status\x18\x02 \x01(\x0b\x32:.kuscia.proto.api.v1alpha1.kusciaapi.DomainDataGrantStatus\"x\n\x15\x44omainDataGrantStatus\x12\r\n\x05phase\x18\x01 \x01(\t\x12\x0f\n\x07message\x18\x02 \x01(\t\x12?\n\x07records\x18\x03 \x03(\x0b\x32..kuscia.proto.api.v1alpha1.kusciaapi.UseRecord\"V\n\tUseRecord\x12\x10\n\x08use_time\x18\x01 \x01(\x03\x12\x14\n\x0cgrant_domain\x18\x02 \x01(\t\x12\x11\n\tcomponent\x18\x03 \x01(\t\x12\x0e\n\x06output\x18\x04 \x01(\t\"\xe8\x02\n\x13\x44omainDataGrantData\x12\x1a\n\x12\x64omaindatagrant_id\x18\x01 \x01(\t\x12\x0e\n\x06\x61uthor\x18\x02 \x01(\t\x12\x15\n\rdomaindata_id\x18\x03 \x01(\t\x12\x14\n\x0cgrant_domain\x18\x04 \x01(\t\x12>\n\x05limit\x18\x05 \x01(\x0b\x32/.kuscia.proto.api.v1alpha1.kusciaapi.GrantLimit\x12^\n\x0b\x64\x65scription\x18\x06 \x03(\x0b\x32I.kuscia.proto.api.v1alpha1.kusciaapi.DomainDataGrantData.DescriptionEntry\x12\x11\n\tsignature\x18\x07 \x01(\t\x12\x11\n\tdomain_id\x18\x08 \x01(\t\x1a\x32\n\x10\x44\x65scriptionEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\x86\x01\n\nGrantLimit\x12\x17\n\x0f\x65xpiration_time\x18\x01 \x01(\x03\x12\x11\n\tuse_count\x18\x02 \x01(\x05\x12\x0f\n\x07\x66low_id\x18\x03 \x01(\t\x12\x12\n\ncomponents\x18\x04 \x03(\t\x12\x11\n\tinitiator\x18\x05 \x01(\t\x12\x14\n\x0cinput_config\x18\x06 \x01(\t\"\xa4\x03\n\x1cUpdateDomainDataGrantRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x1a\n\x12\x64omaindatagrant_id\x18\x02 \x01(\t\x12\x15\n\rdomaindata_id\x18\x03 \x01(\t\x12\x14\n\x0cgrant_domain\x18\x04 \x01(\t\x12>\n\x05limit\x18\x05 \x01(\x0b\x32/.kuscia.proto.api.v1alpha1.kusciaapi.GrantLimit\x12g\n\x0b\x64\x65scription\x18\x06 \x03(\x0b\x32R.kuscia.proto.api.v1alpha1.kusciaapi.UpdateDomainDataGrantRequest.DescriptionEntry\x12\x11\n\tsignature\x18\x07 \x01(\t\x12\x11\n\tdomain_id\x18\x08 \x01(\t\x1a\x32\n\x10\x44\x65scriptionEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"R\n\x1dUpdateDomainDataGrantResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\"\x87\x01\n\x1c\x44\x65leteDomainDataGrantRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x11\n\tdomain_id\x18\x02 \x01(\t\x12\x1a\n\x12\x64omaindatagrant_id\x18\x03 \x01(\t\"R\n\x1d\x44\x65leteDomainDataGrantResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\"P\n\x1fQueryDomainDataGrantRequestData\x12\x11\n\tdomain_id\x18\x01 \x01(\t\x12\x1a\n\x12\x64omaindatagrant_id\x18\x02 \x01(\t\"\x86\x01\n\x1bQueryDomainDataGrantRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x11\n\tdomain_id\x18\x02 \x01(\t\x12\x1a\n\x12\x64omaindatagrant_id\x18\x03 \x01(\t\"\x95\x01\n\x1cQueryDomainDataGrantResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12\x42\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32\x34.kuscia.proto.api.v1alpha1.kusciaapi.DomainDataGrant\"\xb0\x01\n BatchQueryDomainDataGrantRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12R\n\x04\x64\x61ta\x18\x02 \x03(\x0b\x32\x44.kuscia.proto.api.v1alpha1.kusciaapi.QueryDomainDataGrantRequestData\"\x9a\x01\n!BatchQueryDomainDataGrantResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12\x42\n\x04\x64\x61ta\x18\x02 \x03(\x0b\x32\x34.kuscia.proto.api.v1alpha1.kusciaapi.DomainDataGrant\"\xa9\x01\n\x1aListDomainDataGrantRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12Q\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32\x43.kuscia.proto.api.v1alpha1.kusciaapi.ListDomainDataGrantRequestData\"d\n\x1eListDomainDataGrantRequestData\x12\x11\n\tdomain_id\x18\x01 \x01(\t\x12\x14\n\x0cgrant_domain\x18\x02 \x01(\t\x12\x19\n\x11\x64omaindata_vendor\x18\x03 \x01(\t\"\x98\x01\n\x1bListDomainDataGrantResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12\x46\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32\x38.kuscia.proto.api.v1alpha1.kusciaapi.DomainDataGrantList\"i\n\x13\x44omainDataGrantList\x12R\n\x14\x64omaindatagrant_list\x18\x01 \x03(\x0b\x32\x34.kuscia.proto.api.v1alpha1.kusciaapi.DomainDataGrant2\xe1\x07\n\x16\x44omainDataGrantService\x12\x9e\x01\n\x15\x43reateDomainDataGrant\x12\x41.kuscia.proto.api.v1alpha1.kusciaapi.CreateDomainDataGrantRequest\x1a\x42.kuscia.proto.api.v1alpha1.kusciaapi.CreateDomainDataGrantResponse\x12\x9e\x01\n\x15UpdateDomainDataGrant\x12\x41.kuscia.proto.api.v1alpha1.kusciaapi.UpdateDomainDataGrantRequest\x1a\x42.kuscia.proto.api.v1alpha1.kusciaapi.UpdateDomainDataGrantResponse\x12\x9e\x01\n\x15\x44\x65leteDomainDataGrant\x12\x41.kuscia.proto.api.v1alpha1.kusciaapi.DeleteDomainDataGrantRequest\x1a\x42.kuscia.proto.api.v1alpha1.kusciaapi.DeleteDomainDataGrantResponse\x12\x9b\x01\n\x14QueryDomainDataGrant\x12@.kuscia.proto.api.v1alpha1.kusciaapi.QueryDomainDataGrantRequest\x1a\x41.kuscia.proto.api.v1alpha1.kusciaapi.QueryDomainDataGrantResponse\x12\xaa\x01\n\x19\x42\x61tchQueryDomainDataGrant\x12\x45.kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryDomainDataGrantRequest\x1a\x46.kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryDomainDataGrantResponse\x12\x98\x01\n\x13ListDomainDataGrant\x12?.kuscia.proto.api.v1alpha1.kusciaapi.ListDomainDataGrantRequest\x1a@.kuscia.proto.api.v1alpha1.kusciaapi.ListDomainDataGrantResponseB^\n!org.secretflow.v1alpha1.kusciaapiZ9github.com/secretflow/kuscia/proto/api/v1alpha1/kusciaapib\x06proto3')
@@ -238,41 +238,41 @@
_DOMAINDATAGRANTSTATUS._serialized_start=965
_DOMAINDATAGRANTSTATUS._serialized_end=1085
_USERECORD._serialized_start=1087
- _USERECORD._serialized_end=1172
- _DOMAINDATAGRANTDATA._serialized_start=1175
- _DOMAINDATAGRANTDATA._serialized_end=1535
+ _USERECORD._serialized_end=1173
+ _DOMAINDATAGRANTDATA._serialized_start=1176
+ _DOMAINDATAGRANTDATA._serialized_end=1536
_DOMAINDATAGRANTDATA_DESCRIPTIONENTRY._serialized_start=509
_DOMAINDATAGRANTDATA_DESCRIPTIONENTRY._serialized_end=559
- _GRANTLIMIT._serialized_start=1538
- _GRANTLIMIT._serialized_end=1671
- _UPDATEDOMAINDATAGRANTREQUEST._serialized_start=1674
- _UPDATEDOMAINDATAGRANTREQUEST._serialized_end=2094
+ _GRANTLIMIT._serialized_start=1539
+ _GRANTLIMIT._serialized_end=1673
+ _UPDATEDOMAINDATAGRANTREQUEST._serialized_start=1676
+ _UPDATEDOMAINDATAGRANTREQUEST._serialized_end=2096
_UPDATEDOMAINDATAGRANTREQUEST_DESCRIPTIONENTRY._serialized_start=509
_UPDATEDOMAINDATAGRANTREQUEST_DESCRIPTIONENTRY._serialized_end=559
- _UPDATEDOMAINDATAGRANTRESPONSE._serialized_start=2096
- _UPDATEDOMAINDATAGRANTRESPONSE._serialized_end=2178
- _DELETEDOMAINDATAGRANTREQUEST._serialized_start=2181
- _DELETEDOMAINDATAGRANTREQUEST._serialized_end=2316
- _DELETEDOMAINDATAGRANTRESPONSE._serialized_start=2318
- _DELETEDOMAINDATAGRANTRESPONSE._serialized_end=2400
- _QUERYDOMAINDATAGRANTREQUESTDATA._serialized_start=2402
- _QUERYDOMAINDATAGRANTREQUESTDATA._serialized_end=2482
- _QUERYDOMAINDATAGRANTREQUEST._serialized_start=2485
- _QUERYDOMAINDATAGRANTREQUEST._serialized_end=2656
- _QUERYDOMAINDATAGRANTRESPONSE._serialized_start=2659
- _QUERYDOMAINDATAGRANTRESPONSE._serialized_end=2808
- _BATCHQUERYDOMAINDATAGRANTREQUEST._serialized_start=2811
- _BATCHQUERYDOMAINDATAGRANTREQUEST._serialized_end=2987
- _BATCHQUERYDOMAINDATAGRANTRESPONSE._serialized_start=2990
- _BATCHQUERYDOMAINDATAGRANTRESPONSE._serialized_end=3144
- _LISTDOMAINDATAGRANTREQUEST._serialized_start=3147
- _LISTDOMAINDATAGRANTREQUEST._serialized_end=3316
- _LISTDOMAINDATAGRANTREQUESTDATA._serialized_start=3318
- _LISTDOMAINDATAGRANTREQUESTDATA._serialized_end=3418
- _LISTDOMAINDATAGRANTRESPONSE._serialized_start=3421
- _LISTDOMAINDATAGRANTRESPONSE._serialized_end=3573
- _DOMAINDATAGRANTLIST._serialized_start=3575
- _DOMAINDATAGRANTLIST._serialized_end=3680
- _DOMAINDATAGRANTSERVICE._serialized_start=3683
- _DOMAINDATAGRANTSERVICE._serialized_end=4676
+ _UPDATEDOMAINDATAGRANTRESPONSE._serialized_start=2098
+ _UPDATEDOMAINDATAGRANTRESPONSE._serialized_end=2180
+ _DELETEDOMAINDATAGRANTREQUEST._serialized_start=2183
+ _DELETEDOMAINDATAGRANTREQUEST._serialized_end=2318
+ _DELETEDOMAINDATAGRANTRESPONSE._serialized_start=2320
+ _DELETEDOMAINDATAGRANTRESPONSE._serialized_end=2402
+ _QUERYDOMAINDATAGRANTREQUESTDATA._serialized_start=2404
+ _QUERYDOMAINDATAGRANTREQUESTDATA._serialized_end=2484
+ _QUERYDOMAINDATAGRANTREQUEST._serialized_start=2487
+ _QUERYDOMAINDATAGRANTREQUEST._serialized_end=2621
+ _QUERYDOMAINDATAGRANTRESPONSE._serialized_start=2624
+ _QUERYDOMAINDATAGRANTRESPONSE._serialized_end=2773
+ _BATCHQUERYDOMAINDATAGRANTREQUEST._serialized_start=2776
+ _BATCHQUERYDOMAINDATAGRANTREQUEST._serialized_end=2952
+ _BATCHQUERYDOMAINDATAGRANTRESPONSE._serialized_start=2955
+ _BATCHQUERYDOMAINDATAGRANTRESPONSE._serialized_end=3109
+ _LISTDOMAINDATAGRANTREQUEST._serialized_start=3112
+ _LISTDOMAINDATAGRANTREQUEST._serialized_end=3281
+ _LISTDOMAINDATAGRANTREQUESTDATA._serialized_start=3283
+ _LISTDOMAINDATAGRANTREQUESTDATA._serialized_end=3383
+ _LISTDOMAINDATAGRANTRESPONSE._serialized_start=3386
+ _LISTDOMAINDATAGRANTRESPONSE._serialized_end=3538
+ _DOMAINDATAGRANTLIST._serialized_start=3540
+ _DOMAINDATAGRANTLIST._serialized_end=3645
+ _DOMAINDATAGRANTSERVICE._serialized_start=3648
+ _DOMAINDATAGRANTSERVICE._serialized_end=4641
# @@protoc_insertion_point(module_scope)
diff --git a/python/kuscia/proto/api/v1alpha1/kusciaapi/domaindatasource_pb2.py b/python/kuscia/proto/api/v1alpha1/kusciaapi/domaindatasource_pb2.py
new file mode 100644
index 00000000..7472d4a0
--- /dev/null
+++ b/python/kuscia/proto/api/v1alpha1/kusciaapi/domaindatasource_pb2.py
@@ -0,0 +1,209 @@
+# -*- coding: utf-8 -*-
+# Generated by the protocol buffer compiler. DO NOT EDIT!
+# source: kuscia/proto/api/v1alpha1/kusciaapi/domaindatasource.proto
+"""Generated protocol buffer code."""
+from google.protobuf import descriptor as _descriptor
+from google.protobuf import descriptor_pool as _descriptor_pool
+from google.protobuf import message as _message
+from google.protobuf import reflection as _reflection
+from google.protobuf import symbol_database as _symbol_database
+# @@protoc_insertion_point(imports)
+
+_sym_db = _symbol_database.Default()
+
+
+from kuscia.proto.api.v1alpha1 import common_pb2 as kuscia_dot_proto_dot_api_dot_v1alpha1_dot_common__pb2
+
+
+DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n:kuscia/proto/api/v1alpha1/kusciaapi/domaindatasource.proto\x12#kuscia.proto.api.v1alpha1.kusciaapi\x1a&kuscia/proto/api/v1alpha1/common.proto\"\xd4\x02\n\x1d\x43reateDomainDataSourceRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x11\n\tdomain_id\x18\x02 \x01(\t\x12\x15\n\rdatasource_id\x18\x03 \x01(\t\x12\x0c\n\x04type\x18\x04 \x01(\t\x12\x11\n\x04name\x18\x05 \x01(\tH\x00\x88\x01\x01\x12\x46\n\x04info\x18\x06 \x01(\x0b\x32\x33.kuscia.proto.api.v1alpha1.kusciaapi.DataSourceInfoH\x01\x88\x01\x01\x12\x15\n\x08info_key\x18\x07 \x01(\tH\x02\x88\x01\x01\x12\x1c\n\x0f\x61\x63\x63\x65ss_directly\x18\x08 \x01(\x08H\x03\x88\x01\x01\x42\x07\n\x05_nameB\x07\n\x05_infoB\x0b\n\t_info_keyB\x12\n\x10_access_directly\"\xaa\x01\n\x1e\x43reateDomainDataSourceResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12U\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32G.kuscia.proto.api.v1alpha1.kusciaapi.CreateDomainDataSourceResponseData\";\n\"CreateDomainDataSourceResponseData\x12\x15\n\rdatasource_id\x18\x01 \x01(\t\"\xd4\x02\n\x1dUpdateDomainDataSourceRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x11\n\tdomain_id\x18\x02 \x01(\t\x12\x15\n\rdatasource_id\x18\x03 \x01(\t\x12\x0c\n\x04type\x18\x04 \x01(\t\x12\x11\n\x04name\x18\x05 \x01(\tH\x00\x88\x01\x01\x12\x46\n\x04info\x18\x06 \x01(\x0b\x32\x33.kuscia.proto.api.v1alpha1.kusciaapi.DataSourceInfoH\x01\x88\x01\x01\x12\x15\n\x08info_key\x18\x07 \x01(\tH\x02\x88\x01\x01\x12\x1c\n\x0f\x61\x63\x63\x65ss_directly\x18\x08 \x01(\x08H\x03\x88\x01\x01\x42\x07\n\x05_nameB\x07\n\x05_infoB\x0b\n\t_info_keyB\x12\n\x10_access_directly\"S\n\x1eUpdateDomainDataSourceResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\"\x83\x01\n\x1d\x44\x65leteDomainDataSourceRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x11\n\tdomain_id\x18\x02 \x01(\t\x12\x15\n\rdatasource_id\x18\x03 \x01(\t\"S\n\x1e\x44\x65leteDomainDataSourceResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\"\x82\x01\n\x1cQueryDomainDataSourceRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x11\n\tdomain_id\x18\x02 \x01(\t\x12\x15\n\rdatasource_id\x18\x03 \x01(\t\"\x97\x01\n\x1dQueryDomainDataSourceResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12\x43\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32\x35.kuscia.proto.api.v1alpha1.kusciaapi.DomainDataSource\"L\n QueryDomainDataSourceRequestData\x12\x11\n\tdomain_id\x18\x01 \x01(\t\x12\x15\n\rdatasource_id\x18\x02 \x01(\t\"\xb2\x01\n!BatchQueryDomainDataSourceRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12S\n\x04\x64\x61ta\x18\x02 \x03(\x0b\x32\x45.kuscia.proto.api.v1alpha1.kusciaapi.QueryDomainDataSourceRequestData\"\xa0\x01\n\"BatchQueryDomainDataSourceResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12G\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32\x39.kuscia.proto.api.v1alpha1.kusciaapi.DomainDataSourceList\"f\n\x14\x44omainDataSourceList\x12N\n\x0f\x64\x61tasource_list\x18\x01 \x03(\x0b\x32\x35.kuscia.proto.api.v1alpha1.kusciaapi.DomainDataSource\"\xd6\x01\n\x10\x44omainDataSource\x12\x11\n\tdomain_id\x18\x01 \x01(\t\x12\x15\n\rdatasource_id\x18\x02 \x01(\t\x12\x0c\n\x04name\x18\x03 \x01(\t\x12\x0c\n\x04type\x18\x04 \x01(\t\x12\x0e\n\x06status\x18\x05 \x01(\t\x12\x41\n\x04info\x18\x06 \x01(\x0b\x32\x33.kuscia.proto.api.v1alpha1.kusciaapi.DataSourceInfo\x12\x10\n\x08info_key\x18\x07 \x01(\t\x12\x17\n\x0f\x61\x63\x63\x65ss_directly\x18\x08 \x01(\x08\"\xef\x01\n\x0e\x44\x61taSourceInfo\x12I\n\x07localfs\x18\x01 \x01(\x0b\x32\x38.kuscia.proto.api.v1alpha1.kusciaapi.LocalDataSourceInfo\x12\x43\n\x03oss\x18\x02 \x01(\x0b\x32\x36.kuscia.proto.api.v1alpha1.kusciaapi.OssDataSourceInfo\x12M\n\x08\x64\x61tabase\x18\x03 \x01(\x0b\x32;.kuscia.proto.api.v1alpha1.kusciaapi.DatabaseDataSourceInfo\"#\n\x13LocalDataSourceInfo\x12\x0c\n\x04path\x18\x01 \x01(\t\"\xb3\x01\n\x11OssDataSourceInfo\x12\x10\n\x08\x65ndpoint\x18\x01 \x01(\t\x12\x0e\n\x06\x62ucket\x18\x02 \x01(\t\x12\x0e\n\x06prefix\x18\x03 \x01(\t\x12\x15\n\raccess_key_id\x18\x04 \x01(\t\x12\x19\n\x11\x61\x63\x63\x65ss_key_secret\x18\x05 \x01(\t\x12\x13\n\x0bvirtualhost\x18\x06 \x01(\x08\x12\x0f\n\x07version\x18\x07 \x01(\t\x12\x14\n\x0cstorage_type\x18\x08 \x01(\t\"\\\n\x16\x44\x61tabaseDataSourceInfo\x12\x10\n\x08\x65ndpoint\x18\x01 \x01(\t\x12\x0c\n\x04user\x18\x02 \x01(\t\x12\x10\n\x08password\x18\x03 \x01(\t\x12\x10\n\x08\x64\x61tabase\x18\x04 \x01(\t2\xd6\x06\n\x17\x44omainDataSourceService\x12\xa1\x01\n\x16\x43reateDomainDataSource\x12\x42.kuscia.proto.api.v1alpha1.kusciaapi.CreateDomainDataSourceRequest\x1a\x43.kuscia.proto.api.v1alpha1.kusciaapi.CreateDomainDataSourceResponse\x12\x9e\x01\n\x15QueryDomainDataSource\x12\x41.kuscia.proto.api.v1alpha1.kusciaapi.QueryDomainDataSourceRequest\x1a\x42.kuscia.proto.api.v1alpha1.kusciaapi.QueryDomainDataSourceResponse\x12\xa1\x01\n\x16UpdateDomainDataSource\x12\x42.kuscia.proto.api.v1alpha1.kusciaapi.UpdateDomainDataSourceRequest\x1a\x43.kuscia.proto.api.v1alpha1.kusciaapi.UpdateDomainDataSourceResponse\x12\xa1\x01\n\x16\x44\x65leteDomainDataSource\x12\x42.kuscia.proto.api.v1alpha1.kusciaapi.DeleteDomainDataSourceRequest\x1a\x43.kuscia.proto.api.v1alpha1.kusciaapi.DeleteDomainDataSourceResponse\x12\xad\x01\n\x1a\x42\x61tchQueryDomainDataSource\x12\x46.kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryDomainDataSourceRequest\x1aG.kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryDomainDataSourceResponseB^\n!org.secretflow.v1alpha1.kusciaapiZ9github.com/secretflow/kuscia/proto/api/v1alpha1/kusciaapib\x06proto3')
+
+
+
+_CREATEDOMAINDATASOURCEREQUEST = DESCRIPTOR.message_types_by_name['CreateDomainDataSourceRequest']
+_CREATEDOMAINDATASOURCERESPONSE = DESCRIPTOR.message_types_by_name['CreateDomainDataSourceResponse']
+_CREATEDOMAINDATASOURCERESPONSEDATA = DESCRIPTOR.message_types_by_name['CreateDomainDataSourceResponseData']
+_UPDATEDOMAINDATASOURCEREQUEST = DESCRIPTOR.message_types_by_name['UpdateDomainDataSourceRequest']
+_UPDATEDOMAINDATASOURCERESPONSE = DESCRIPTOR.message_types_by_name['UpdateDomainDataSourceResponse']
+_DELETEDOMAINDATASOURCEREQUEST = DESCRIPTOR.message_types_by_name['DeleteDomainDataSourceRequest']
+_DELETEDOMAINDATASOURCERESPONSE = DESCRIPTOR.message_types_by_name['DeleteDomainDataSourceResponse']
+_QUERYDOMAINDATASOURCEREQUEST = DESCRIPTOR.message_types_by_name['QueryDomainDataSourceRequest']
+_QUERYDOMAINDATASOURCERESPONSE = DESCRIPTOR.message_types_by_name['QueryDomainDataSourceResponse']
+_QUERYDOMAINDATASOURCEREQUESTDATA = DESCRIPTOR.message_types_by_name['QueryDomainDataSourceRequestData']
+_BATCHQUERYDOMAINDATASOURCEREQUEST = DESCRIPTOR.message_types_by_name['BatchQueryDomainDataSourceRequest']
+_BATCHQUERYDOMAINDATASOURCERESPONSE = DESCRIPTOR.message_types_by_name['BatchQueryDomainDataSourceResponse']
+_DOMAINDATASOURCELIST = DESCRIPTOR.message_types_by_name['DomainDataSourceList']
+_DOMAINDATASOURCE = DESCRIPTOR.message_types_by_name['DomainDataSource']
+_DATASOURCEINFO = DESCRIPTOR.message_types_by_name['DataSourceInfo']
+_LOCALDATASOURCEINFO = DESCRIPTOR.message_types_by_name['LocalDataSourceInfo']
+_OSSDATASOURCEINFO = DESCRIPTOR.message_types_by_name['OssDataSourceInfo']
+_DATABASEDATASOURCEINFO = DESCRIPTOR.message_types_by_name['DatabaseDataSourceInfo']
+CreateDomainDataSourceRequest = _reflection.GeneratedProtocolMessageType('CreateDomainDataSourceRequest', (_message.Message,), {
+ 'DESCRIPTOR' : _CREATEDOMAINDATASOURCEREQUEST,
+ '__module__' : 'kuscia.proto.api.v1alpha1.kusciaapi.domaindatasource_pb2'
+ # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.kusciaapi.CreateDomainDataSourceRequest)
+ })
+_sym_db.RegisterMessage(CreateDomainDataSourceRequest)
+
+CreateDomainDataSourceResponse = _reflection.GeneratedProtocolMessageType('CreateDomainDataSourceResponse', (_message.Message,), {
+ 'DESCRIPTOR' : _CREATEDOMAINDATASOURCERESPONSE,
+ '__module__' : 'kuscia.proto.api.v1alpha1.kusciaapi.domaindatasource_pb2'
+ # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.kusciaapi.CreateDomainDataSourceResponse)
+ })
+_sym_db.RegisterMessage(CreateDomainDataSourceResponse)
+
+CreateDomainDataSourceResponseData = _reflection.GeneratedProtocolMessageType('CreateDomainDataSourceResponseData', (_message.Message,), {
+ 'DESCRIPTOR' : _CREATEDOMAINDATASOURCERESPONSEDATA,
+ '__module__' : 'kuscia.proto.api.v1alpha1.kusciaapi.domaindatasource_pb2'
+ # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.kusciaapi.CreateDomainDataSourceResponseData)
+ })
+_sym_db.RegisterMessage(CreateDomainDataSourceResponseData)
+
+UpdateDomainDataSourceRequest = _reflection.GeneratedProtocolMessageType('UpdateDomainDataSourceRequest', (_message.Message,), {
+ 'DESCRIPTOR' : _UPDATEDOMAINDATASOURCEREQUEST,
+ '__module__' : 'kuscia.proto.api.v1alpha1.kusciaapi.domaindatasource_pb2'
+ # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.kusciaapi.UpdateDomainDataSourceRequest)
+ })
+_sym_db.RegisterMessage(UpdateDomainDataSourceRequest)
+
+UpdateDomainDataSourceResponse = _reflection.GeneratedProtocolMessageType('UpdateDomainDataSourceResponse', (_message.Message,), {
+ 'DESCRIPTOR' : _UPDATEDOMAINDATASOURCERESPONSE,
+ '__module__' : 'kuscia.proto.api.v1alpha1.kusciaapi.domaindatasource_pb2'
+ # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.kusciaapi.UpdateDomainDataSourceResponse)
+ })
+_sym_db.RegisterMessage(UpdateDomainDataSourceResponse)
+
+DeleteDomainDataSourceRequest = _reflection.GeneratedProtocolMessageType('DeleteDomainDataSourceRequest', (_message.Message,), {
+ 'DESCRIPTOR' : _DELETEDOMAINDATASOURCEREQUEST,
+ '__module__' : 'kuscia.proto.api.v1alpha1.kusciaapi.domaindatasource_pb2'
+ # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.kusciaapi.DeleteDomainDataSourceRequest)
+ })
+_sym_db.RegisterMessage(DeleteDomainDataSourceRequest)
+
+DeleteDomainDataSourceResponse = _reflection.GeneratedProtocolMessageType('DeleteDomainDataSourceResponse', (_message.Message,), {
+ 'DESCRIPTOR' : _DELETEDOMAINDATASOURCERESPONSE,
+ '__module__' : 'kuscia.proto.api.v1alpha1.kusciaapi.domaindatasource_pb2'
+ # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.kusciaapi.DeleteDomainDataSourceResponse)
+ })
+_sym_db.RegisterMessage(DeleteDomainDataSourceResponse)
+
+QueryDomainDataSourceRequest = _reflection.GeneratedProtocolMessageType('QueryDomainDataSourceRequest', (_message.Message,), {
+ 'DESCRIPTOR' : _QUERYDOMAINDATASOURCEREQUEST,
+ '__module__' : 'kuscia.proto.api.v1alpha1.kusciaapi.domaindatasource_pb2'
+ # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.kusciaapi.QueryDomainDataSourceRequest)
+ })
+_sym_db.RegisterMessage(QueryDomainDataSourceRequest)
+
+QueryDomainDataSourceResponse = _reflection.GeneratedProtocolMessageType('QueryDomainDataSourceResponse', (_message.Message,), {
+ 'DESCRIPTOR' : _QUERYDOMAINDATASOURCERESPONSE,
+ '__module__' : 'kuscia.proto.api.v1alpha1.kusciaapi.domaindatasource_pb2'
+ # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.kusciaapi.QueryDomainDataSourceResponse)
+ })
+_sym_db.RegisterMessage(QueryDomainDataSourceResponse)
+
+QueryDomainDataSourceRequestData = _reflection.GeneratedProtocolMessageType('QueryDomainDataSourceRequestData', (_message.Message,), {
+ 'DESCRIPTOR' : _QUERYDOMAINDATASOURCEREQUESTDATA,
+ '__module__' : 'kuscia.proto.api.v1alpha1.kusciaapi.domaindatasource_pb2'
+ # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.kusciaapi.QueryDomainDataSourceRequestData)
+ })
+_sym_db.RegisterMessage(QueryDomainDataSourceRequestData)
+
+BatchQueryDomainDataSourceRequest = _reflection.GeneratedProtocolMessageType('BatchQueryDomainDataSourceRequest', (_message.Message,), {
+ 'DESCRIPTOR' : _BATCHQUERYDOMAINDATASOURCEREQUEST,
+ '__module__' : 'kuscia.proto.api.v1alpha1.kusciaapi.domaindatasource_pb2'
+ # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryDomainDataSourceRequest)
+ })
+_sym_db.RegisterMessage(BatchQueryDomainDataSourceRequest)
+
+BatchQueryDomainDataSourceResponse = _reflection.GeneratedProtocolMessageType('BatchQueryDomainDataSourceResponse', (_message.Message,), {
+ 'DESCRIPTOR' : _BATCHQUERYDOMAINDATASOURCERESPONSE,
+ '__module__' : 'kuscia.proto.api.v1alpha1.kusciaapi.domaindatasource_pb2'
+ # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryDomainDataSourceResponse)
+ })
+_sym_db.RegisterMessage(BatchQueryDomainDataSourceResponse)
+
+DomainDataSourceList = _reflection.GeneratedProtocolMessageType('DomainDataSourceList', (_message.Message,), {
+ 'DESCRIPTOR' : _DOMAINDATASOURCELIST,
+ '__module__' : 'kuscia.proto.api.v1alpha1.kusciaapi.domaindatasource_pb2'
+ # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.kusciaapi.DomainDataSourceList)
+ })
+_sym_db.RegisterMessage(DomainDataSourceList)
+
+DomainDataSource = _reflection.GeneratedProtocolMessageType('DomainDataSource', (_message.Message,), {
+ 'DESCRIPTOR' : _DOMAINDATASOURCE,
+ '__module__' : 'kuscia.proto.api.v1alpha1.kusciaapi.domaindatasource_pb2'
+ # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.kusciaapi.DomainDataSource)
+ })
+_sym_db.RegisterMessage(DomainDataSource)
+
+DataSourceInfo = _reflection.GeneratedProtocolMessageType('DataSourceInfo', (_message.Message,), {
+ 'DESCRIPTOR' : _DATASOURCEINFO,
+ '__module__' : 'kuscia.proto.api.v1alpha1.kusciaapi.domaindatasource_pb2'
+ # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.kusciaapi.DataSourceInfo)
+ })
+_sym_db.RegisterMessage(DataSourceInfo)
+
+LocalDataSourceInfo = _reflection.GeneratedProtocolMessageType('LocalDataSourceInfo', (_message.Message,), {
+ 'DESCRIPTOR' : _LOCALDATASOURCEINFO,
+ '__module__' : 'kuscia.proto.api.v1alpha1.kusciaapi.domaindatasource_pb2'
+ # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.kusciaapi.LocalDataSourceInfo)
+ })
+_sym_db.RegisterMessage(LocalDataSourceInfo)
+
+OssDataSourceInfo = _reflection.GeneratedProtocolMessageType('OssDataSourceInfo', (_message.Message,), {
+ 'DESCRIPTOR' : _OSSDATASOURCEINFO,
+ '__module__' : 'kuscia.proto.api.v1alpha1.kusciaapi.domaindatasource_pb2'
+ # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.kusciaapi.OssDataSourceInfo)
+ })
+_sym_db.RegisterMessage(OssDataSourceInfo)
+
+DatabaseDataSourceInfo = _reflection.GeneratedProtocolMessageType('DatabaseDataSourceInfo', (_message.Message,), {
+ 'DESCRIPTOR' : _DATABASEDATASOURCEINFO,
+ '__module__' : 'kuscia.proto.api.v1alpha1.kusciaapi.domaindatasource_pb2'
+ # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.kusciaapi.DatabaseDataSourceInfo)
+ })
+_sym_db.RegisterMessage(DatabaseDataSourceInfo)
+
+_DOMAINDATASOURCESERVICE = DESCRIPTOR.services_by_name['DomainDataSourceService']
+if _descriptor._USE_C_DESCRIPTORS == False:
+
+ DESCRIPTOR._options = None
+ DESCRIPTOR._serialized_options = b'\n!org.secretflow.v1alpha1.kusciaapiZ9github.com/secretflow/kuscia/proto/api/v1alpha1/kusciaapi'
+ _CREATEDOMAINDATASOURCEREQUEST._serialized_start=140
+ _CREATEDOMAINDATASOURCEREQUEST._serialized_end=480
+ _CREATEDOMAINDATASOURCERESPONSE._serialized_start=483
+ _CREATEDOMAINDATASOURCERESPONSE._serialized_end=653
+ _CREATEDOMAINDATASOURCERESPONSEDATA._serialized_start=655
+ _CREATEDOMAINDATASOURCERESPONSEDATA._serialized_end=714
+ _UPDATEDOMAINDATASOURCEREQUEST._serialized_start=717
+ _UPDATEDOMAINDATASOURCEREQUEST._serialized_end=1057
+ _UPDATEDOMAINDATASOURCERESPONSE._serialized_start=1059
+ _UPDATEDOMAINDATASOURCERESPONSE._serialized_end=1142
+ _DELETEDOMAINDATASOURCEREQUEST._serialized_start=1145
+ _DELETEDOMAINDATASOURCEREQUEST._serialized_end=1276
+ _DELETEDOMAINDATASOURCERESPONSE._serialized_start=1278
+ _DELETEDOMAINDATASOURCERESPONSE._serialized_end=1361
+ _QUERYDOMAINDATASOURCEREQUEST._serialized_start=1364
+ _QUERYDOMAINDATASOURCEREQUEST._serialized_end=1494
+ _QUERYDOMAINDATASOURCERESPONSE._serialized_start=1497
+ _QUERYDOMAINDATASOURCERESPONSE._serialized_end=1648
+ _QUERYDOMAINDATASOURCEREQUESTDATA._serialized_start=1650
+ _QUERYDOMAINDATASOURCEREQUESTDATA._serialized_end=1726
+ _BATCHQUERYDOMAINDATASOURCEREQUEST._serialized_start=1729
+ _BATCHQUERYDOMAINDATASOURCEREQUEST._serialized_end=1907
+ _BATCHQUERYDOMAINDATASOURCERESPONSE._serialized_start=1910
+ _BATCHQUERYDOMAINDATASOURCERESPONSE._serialized_end=2070
+ _DOMAINDATASOURCELIST._serialized_start=2072
+ _DOMAINDATASOURCELIST._serialized_end=2174
+ _DOMAINDATASOURCE._serialized_start=2177
+ _DOMAINDATASOURCE._serialized_end=2391
+ _DATASOURCEINFO._serialized_start=2394
+ _DATASOURCEINFO._serialized_end=2633
+ _LOCALDATASOURCEINFO._serialized_start=2635
+ _LOCALDATASOURCEINFO._serialized_end=2670
+ _OSSDATASOURCEINFO._serialized_start=2673
+ _OSSDATASOURCEINFO._serialized_end=2852
+ _DATABASEDATASOURCEINFO._serialized_start=2854
+ _DATABASEDATASOURCEINFO._serialized_end=2946
+ _DOMAINDATASOURCESERVICE._serialized_start=2949
+ _DOMAINDATASOURCESERVICE._serialized_end=3803
+# @@protoc_insertion_point(module_scope)
diff --git a/python/kuscia/proto/api/v1alpha1/kusciaapi/domaindatasource_pb2_grpc.py b/python/kuscia/proto/api/v1alpha1/kusciaapi/domaindatasource_pb2_grpc.py
new file mode 100644
index 00000000..f58d31b2
--- /dev/null
+++ b/python/kuscia/proto/api/v1alpha1/kusciaapi/domaindatasource_pb2_grpc.py
@@ -0,0 +1,198 @@
+# Generated by the gRPC Python protocol compiler plugin. DO NOT EDIT!
+"""Client and server classes corresponding to protobuf-defined services."""
+import grpc
+
+from kuscia.proto.api.v1alpha1.kusciaapi import domaindatasource_pb2 as kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2
+
+
+class DomainDataSourceServiceStub(object):
+ """Missing associated documentation comment in .proto file."""
+
+ def __init__(self, channel):
+ """Constructor.
+
+ Args:
+ channel: A grpc.Channel.
+ """
+ self.CreateDomainDataSource = channel.unary_unary(
+ '/kuscia.proto.api.v1alpha1.kusciaapi.DomainDataSourceService/CreateDomainDataSource',
+ request_serializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.CreateDomainDataSourceRequest.SerializeToString,
+ response_deserializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.CreateDomainDataSourceResponse.FromString,
+ )
+ self.QueryDomainDataSource = channel.unary_unary(
+ '/kuscia.proto.api.v1alpha1.kusciaapi.DomainDataSourceService/QueryDomainDataSource',
+ request_serializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.QueryDomainDataSourceRequest.SerializeToString,
+ response_deserializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.QueryDomainDataSourceResponse.FromString,
+ )
+ self.UpdateDomainDataSource = channel.unary_unary(
+ '/kuscia.proto.api.v1alpha1.kusciaapi.DomainDataSourceService/UpdateDomainDataSource',
+ request_serializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.UpdateDomainDataSourceRequest.SerializeToString,
+ response_deserializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.UpdateDomainDataSourceResponse.FromString,
+ )
+ self.DeleteDomainDataSource = channel.unary_unary(
+ '/kuscia.proto.api.v1alpha1.kusciaapi.DomainDataSourceService/DeleteDomainDataSource',
+ request_serializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.DeleteDomainDataSourceRequest.SerializeToString,
+ response_deserializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.DeleteDomainDataSourceResponse.FromString,
+ )
+ self.BatchQueryDomainDataSource = channel.unary_unary(
+ '/kuscia.proto.api.v1alpha1.kusciaapi.DomainDataSourceService/BatchQueryDomainDataSource',
+ request_serializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.BatchQueryDomainDataSourceRequest.SerializeToString,
+ response_deserializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.BatchQueryDomainDataSourceResponse.FromString,
+ )
+
+
+class DomainDataSourceServiceServicer(object):
+ """Missing associated documentation comment in .proto file."""
+
+ def CreateDomainDataSource(self, request, context):
+ """Missing associated documentation comment in .proto file."""
+ context.set_code(grpc.StatusCode.UNIMPLEMENTED)
+ context.set_details('Method not implemented!')
+ raise NotImplementedError('Method not implemented!')
+
+ def QueryDomainDataSource(self, request, context):
+ """Missing associated documentation comment in .proto file."""
+ context.set_code(grpc.StatusCode.UNIMPLEMENTED)
+ context.set_details('Method not implemented!')
+ raise NotImplementedError('Method not implemented!')
+
+ def UpdateDomainDataSource(self, request, context):
+ """Missing associated documentation comment in .proto file."""
+ context.set_code(grpc.StatusCode.UNIMPLEMENTED)
+ context.set_details('Method not implemented!')
+ raise NotImplementedError('Method not implemented!')
+
+ def DeleteDomainDataSource(self, request, context):
+ """Missing associated documentation comment in .proto file."""
+ context.set_code(grpc.StatusCode.UNIMPLEMENTED)
+ context.set_details('Method not implemented!')
+ raise NotImplementedError('Method not implemented!')
+
+ def BatchQueryDomainDataSource(self, request, context):
+ """Missing associated documentation comment in .proto file."""
+ context.set_code(grpc.StatusCode.UNIMPLEMENTED)
+ context.set_details('Method not implemented!')
+ raise NotImplementedError('Method not implemented!')
+
+
+def add_DomainDataSourceServiceServicer_to_server(servicer, server):
+ rpc_method_handlers = {
+ 'CreateDomainDataSource': grpc.unary_unary_rpc_method_handler(
+ servicer.CreateDomainDataSource,
+ request_deserializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.CreateDomainDataSourceRequest.FromString,
+ response_serializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.CreateDomainDataSourceResponse.SerializeToString,
+ ),
+ 'QueryDomainDataSource': grpc.unary_unary_rpc_method_handler(
+ servicer.QueryDomainDataSource,
+ request_deserializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.QueryDomainDataSourceRequest.FromString,
+ response_serializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.QueryDomainDataSourceResponse.SerializeToString,
+ ),
+ 'UpdateDomainDataSource': grpc.unary_unary_rpc_method_handler(
+ servicer.UpdateDomainDataSource,
+ request_deserializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.UpdateDomainDataSourceRequest.FromString,
+ response_serializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.UpdateDomainDataSourceResponse.SerializeToString,
+ ),
+ 'DeleteDomainDataSource': grpc.unary_unary_rpc_method_handler(
+ servicer.DeleteDomainDataSource,
+ request_deserializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.DeleteDomainDataSourceRequest.FromString,
+ response_serializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.DeleteDomainDataSourceResponse.SerializeToString,
+ ),
+ 'BatchQueryDomainDataSource': grpc.unary_unary_rpc_method_handler(
+ servicer.BatchQueryDomainDataSource,
+ request_deserializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.BatchQueryDomainDataSourceRequest.FromString,
+ response_serializer=kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.BatchQueryDomainDataSourceResponse.SerializeToString,
+ ),
+ }
+ generic_handler = grpc.method_handlers_generic_handler(
+ 'kuscia.proto.api.v1alpha1.kusciaapi.DomainDataSourceService', rpc_method_handlers)
+ server.add_generic_rpc_handlers((generic_handler,))
+
+
+ # This class is part of an EXPERIMENTAL API.
+class DomainDataSourceService(object):
+ """Missing associated documentation comment in .proto file."""
+
+ @staticmethod
+ def CreateDomainDataSource(request,
+ target,
+ options=(),
+ channel_credentials=None,
+ call_credentials=None,
+ insecure=False,
+ compression=None,
+ wait_for_ready=None,
+ timeout=None,
+ metadata=None):
+ return grpc.experimental.unary_unary(request, target, '/kuscia.proto.api.v1alpha1.kusciaapi.DomainDataSourceService/CreateDomainDataSource',
+ kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.CreateDomainDataSourceRequest.SerializeToString,
+ kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.CreateDomainDataSourceResponse.FromString,
+ options, channel_credentials,
+ insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
+
+ @staticmethod
+ def QueryDomainDataSource(request,
+ target,
+ options=(),
+ channel_credentials=None,
+ call_credentials=None,
+ insecure=False,
+ compression=None,
+ wait_for_ready=None,
+ timeout=None,
+ metadata=None):
+ return grpc.experimental.unary_unary(request, target, '/kuscia.proto.api.v1alpha1.kusciaapi.DomainDataSourceService/QueryDomainDataSource',
+ kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.QueryDomainDataSourceRequest.SerializeToString,
+ kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.QueryDomainDataSourceResponse.FromString,
+ options, channel_credentials,
+ insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
+
+ @staticmethod
+ def UpdateDomainDataSource(request,
+ target,
+ options=(),
+ channel_credentials=None,
+ call_credentials=None,
+ insecure=False,
+ compression=None,
+ wait_for_ready=None,
+ timeout=None,
+ metadata=None):
+ return grpc.experimental.unary_unary(request, target, '/kuscia.proto.api.v1alpha1.kusciaapi.DomainDataSourceService/UpdateDomainDataSource',
+ kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.UpdateDomainDataSourceRequest.SerializeToString,
+ kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.UpdateDomainDataSourceResponse.FromString,
+ options, channel_credentials,
+ insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
+
+ @staticmethod
+ def DeleteDomainDataSource(request,
+ target,
+ options=(),
+ channel_credentials=None,
+ call_credentials=None,
+ insecure=False,
+ compression=None,
+ wait_for_ready=None,
+ timeout=None,
+ metadata=None):
+ return grpc.experimental.unary_unary(request, target, '/kuscia.proto.api.v1alpha1.kusciaapi.DomainDataSourceService/DeleteDomainDataSource',
+ kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.DeleteDomainDataSourceRequest.SerializeToString,
+ kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.DeleteDomainDataSourceResponse.FromString,
+ options, channel_credentials,
+ insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
+
+ @staticmethod
+ def BatchQueryDomainDataSource(request,
+ target,
+ options=(),
+ channel_credentials=None,
+ call_credentials=None,
+ insecure=False,
+ compression=None,
+ wait_for_ready=None,
+ timeout=None,
+ metadata=None):
+ return grpc.experimental.unary_unary(request, target, '/kuscia.proto.api.v1alpha1.kusciaapi.DomainDataSourceService/BatchQueryDomainDataSource',
+ kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.BatchQueryDomainDataSourceRequest.SerializeToString,
+ kuscia_dot_proto_dot_api_dot_v1alpha1_dot_kusciaapi_dot_domaindatasource__pb2.BatchQueryDomainDataSourceResponse.FromString,
+ options, channel_credentials,
+ insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
diff --git a/python/kuscia/proto/api/v1alpha1/kusciaapi/job_pb2.py b/python/kuscia/proto/api/v1alpha1/kusciaapi/job_pb2.py
index 638058c4..d7857dd8 100644
--- a/python/kuscia/proto/api/v1alpha1/kusciaapi/job_pb2.py
+++ b/python/kuscia/proto/api/v1alpha1/kusciaapi/job_pb2.py
@@ -16,20 +16,22 @@
from kuscia.proto.api.v1alpha1 import common_pb2 as kuscia_dot_proto_dot_api_dot_v1alpha1_dot_common__pb2
-DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n-kuscia/proto/api/v1alpha1/kusciaapi/job.proto\x12#kuscia.proto.api.v1alpha1.kusciaapi\x1a&kuscia/proto/api/v1alpha1/common.proto\"\xc2\x01\n\x10\x43reateJobRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x0e\n\x06job_id\x18\x02 \x01(\t\x12\x11\n\tinitiator\x18\x03 \x01(\t\x12\x17\n\x0fmax_parallelism\x18\x04 \x01(\x05\x12\x38\n\x05tasks\x18\x05 \x03(\x0b\x32).kuscia.proto.api.v1alpha1.kusciaapi.Task\"\x90\x01\n\x11\x43reateJobResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12H\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32:.kuscia.proto.api.v1alpha1.kusciaapi.CreateJobResponseData\"\'\n\x15\x43reateJobResponseData\x12\x0e\n\x06job_id\x18\x01 \x01(\t\"\xb9\x01\n\x04Task\x12\x11\n\tapp_image\x18\x01 \x01(\t\x12;\n\x07parties\x18\x02 \x03(\x0b\x32*.kuscia.proto.api.v1alpha1.kusciaapi.Party\x12\r\n\x05\x61lias\x18\x03 \x01(\t\x12\x0f\n\x07task_id\x18\x04 \x01(\t\x12\x14\n\x0c\x64\x65pendencies\x18\x05 \x03(\t\x12\x19\n\x11task_input_config\x18\x06 \x01(\t\x12\x10\n\x08priority\x18\x07 \x01(\x05\"(\n\x05Party\x12\x11\n\tdomain_id\x18\x01 \x01(\t\x12\x0c\n\x04role\x18\x02 \x01(\t\"\\\n\x10\x44\x65leteJobRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x0e\n\x06job_id\x18\x02 \x01(\t\"\x90\x01\n\x11\x44\x65leteJobResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12H\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32:.kuscia.proto.api.v1alpha1.kusciaapi.DeleteJobResponseData\"\'\n\x15\x44\x65leteJobResponseData\x12\x0e\n\x06job_id\x18\x01 \x01(\t\"Z\n\x0eStopJobRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x0e\n\x06job_id\x18\x02 \x01(\t\"\x8c\x01\n\x0fStopJobResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12\x46\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32\x38.kuscia.proto.api.v1alpha1.kusciaapi.StopJobResponseData\"%\n\x13StopJobResponseData\x12\x0e\n\x06job_id\x18\x01 \x01(\t\"[\n\x0fQueryJobRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x0e\n\x06job_id\x18\x02 \x01(\t\"\x8e\x01\n\x10QueryJobResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12G\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32\x39.kuscia.proto.api.v1alpha1.kusciaapi.QueryJobResponseData\"\xd8\x01\n\x14QueryJobResponseData\x12\x0e\n\x06job_id\x18\x01 \x01(\t\x12\x11\n\tinitiator\x18\x02 \x01(\t\x12\x17\n\x0fmax_parallelism\x18\x03 \x01(\x05\x12>\n\x05tasks\x18\x04 \x03(\x0b\x32/.kuscia.proto.api.v1alpha1.kusciaapi.TaskConfig\x12\x44\n\x06status\x18\x05 \x01(\x0b\x32\x34.kuscia.proto.api.v1alpha1.kusciaapi.JobStatusDetail\"\xac\x01\n\x0fJobStatusDetail\x12\r\n\x05state\x18\x01 \x01(\t\x12\x0f\n\x07\x65rr_msg\x18\x02 \x01(\t\x12\x13\n\x0b\x63reate_time\x18\x03 \x01(\t\x12\x12\n\nstart_time\x18\x04 \x01(\t\x12\x10\n\x08\x65nd_time\x18\x05 \x01(\t\x12>\n\x05tasks\x18\x06 \x03(\x0b\x32/.kuscia.proto.api.v1alpha1.kusciaapi.TaskStatus\"\xbf\x01\n\nTaskConfig\x12\x11\n\tapp_image\x18\x01 \x01(\t\x12;\n\x07parties\x18\x02 \x03(\x0b\x32*.kuscia.proto.api.v1alpha1.kusciaapi.Party\x12\r\n\x05\x61lias\x18\x03 \x01(\t\x12\x0f\n\x07task_id\x18\x04 \x01(\t\x12\x14\n\x0c\x64\x65pendencies\x18\x05 \x03(\t\x12\x19\n\x11task_input_config\x18\x06 \x01(\t\x12\x10\n\x08priority\x18\x07 \x01(\x05\"\xbb\x01\n\nTaskStatus\x12\x0f\n\x07task_id\x18\x01 \x01(\t\x12\r\n\x05state\x18\x02 \x01(\t\x12\x0f\n\x07\x65rr_msg\x18\x03 \x01(\t\x12\x13\n\x0b\x63reate_time\x18\x04 \x01(\t\x12\x12\n\nstart_time\x18\x05 \x01(\t\x12\x10\n\x08\x65nd_time\x18\x06 \x01(\t\x12\x41\n\x07parties\x18\x07 \x03(\x0b\x32\x30.kuscia.proto.api.v1alpha1.kusciaapi.PartyStatus\"@\n\x0bPartyStatus\x12\x11\n\tdomain_id\x18\x01 \x01(\t\x12\r\n\x05state\x18\x02 \x01(\t\x12\x0f\n\x07\x65rr_msg\x18\x03 \x01(\t\"g\n\x1a\x42\x61tchQueryJobStatusRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x0f\n\x07job_ids\x18\x02 \x03(\t\"\xa4\x01\n\x1b\x42\x61tchQueryJobStatusResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12R\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32\x44.kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryJobStatusResponseData\"_\n\x1f\x42\x61tchQueryJobStatusResponseData\x12<\n\x04jobs\x18\x01 \x03(\x0b\x32..kuscia.proto.api.v1alpha1.kusciaapi.JobStatus\"\x90\x01\n\x11JobStatusResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12H\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32:.kuscia.proto.api.v1alpha1.kusciaapi.JobStatusResponseData\"m\n\x15JobStatusResponseData\x12\x0e\n\x06job_id\x18\x01 \x01(\t\x12\x44\n\x06status\x18\x02 \x01(\x0b\x32\x34.kuscia.proto.api.v1alpha1.kusciaapi.JobStatusDetail\"a\n\tJobStatus\x12\x0e\n\x06job_id\x18\x01 \x01(\t\x12\x44\n\x06status\x18\x02 \x01(\x0b\x32\x34.kuscia.proto.api.v1alpha1.kusciaapi.JobStatusDetail\"d\n\x0fWatchJobRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x17\n\x0ftimeout_seconds\x18\x02 \x01(\x03\"\x95\x01\n\x15WatchJobEventResponse\x12<\n\x04type\x18\x01 \x01(\x0e\x32..kuscia.proto.api.v1alpha1.kusciaapi.EventType\x12>\n\x06object\x18\x02 \x01(\x0b\x32..kuscia.proto.api.v1alpha1.kusciaapi.JobStatus*@\n\tTaskState\x12\x0b\n\x07Pending\x10\x00\x12\x0b\n\x07Running\x10\x01\x12\r\n\tSucceeded\x10\x02\x12\n\n\x06\x46\x61iled\x10\x03*<\n\tEventType\x12\t\n\x05\x41\x44\x44\x45\x44\x10\x00\x12\x0c\n\x08MODIFIED\x10\x01\x12\x0b\n\x07\x44\x45LETED\x10\x02\x12\t\n\x05\x45RROR\x10\x03\x32\x8e\x06\n\nJobService\x12z\n\tCreateJob\x12\x35.kuscia.proto.api.v1alpha1.kusciaapi.CreateJobRequest\x1a\x36.kuscia.proto.api.v1alpha1.kusciaapi.CreateJobResponse\x12w\n\x08QueryJob\x12\x34.kuscia.proto.api.v1alpha1.kusciaapi.QueryJobRequest\x1a\x35.kuscia.proto.api.v1alpha1.kusciaapi.QueryJobResponse\x12\x98\x01\n\x13\x42\x61tchQueryJobStatus\x12?.kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryJobStatusRequest\x1a@.kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryJobStatusResponse\x12t\n\x07StopJob\x12\x33.kuscia.proto.api.v1alpha1.kusciaapi.StopJobRequest\x1a\x34.kuscia.proto.api.v1alpha1.kusciaapi.StopJobResponse\x12z\n\tDeleteJob\x12\x35.kuscia.proto.api.v1alpha1.kusciaapi.DeleteJobRequest\x1a\x36.kuscia.proto.api.v1alpha1.kusciaapi.DeleteJobResponse\x12~\n\x08WatchJob\x12\x34.kuscia.proto.api.v1alpha1.kusciaapi.WatchJobRequest\x1a:.kuscia.proto.api.v1alpha1.kusciaapi.WatchJobEventResponse0\x01\x42^\n!org.secretflow.v1alpha1.kusciaapiZ9github.com/secretflow/kuscia/proto/api/v1alpha1/kusciaapib\x06proto3')
+DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n-kuscia/proto/api/v1alpha1/kusciaapi/job.proto\x12#kuscia.proto.api.v1alpha1.kusciaapi\x1a&kuscia/proto/api/v1alpha1/common.proto\"\xc2\x01\n\x10\x43reateJobRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x0e\n\x06job_id\x18\x02 \x01(\t\x12\x11\n\tinitiator\x18\x03 \x01(\t\x12\x17\n\x0fmax_parallelism\x18\x04 \x01(\x05\x12\x38\n\x05tasks\x18\x05 \x03(\x0b\x32).kuscia.proto.api.v1alpha1.kusciaapi.Task\"\x90\x01\n\x11\x43reateJobResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12H\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32:.kuscia.proto.api.v1alpha1.kusciaapi.CreateJobResponseData\"\'\n\x15\x43reateJobResponseData\x12\x0e\n\x06job_id\x18\x01 \x01(\t\"\xb9\x01\n\x04Task\x12\x11\n\tapp_image\x18\x01 \x01(\t\x12;\n\x07parties\x18\x02 \x03(\x0b\x32*.kuscia.proto.api.v1alpha1.kusciaapi.Party\x12\r\n\x05\x61lias\x18\x03 \x01(\t\x12\x0f\n\x07task_id\x18\x04 \x01(\t\x12\x14\n\x0c\x64\x65pendencies\x18\x05 \x03(\t\x12\x19\n\x11task_input_config\x18\x06 \x01(\t\x12\x10\n\x08priority\x18\x07 \x01(\x05\"(\n\x05Party\x12\x11\n\tdomain_id\x18\x01 \x01(\t\x12\x0c\n\x04role\x18\x02 \x01(\t\"\\\n\x10\x44\x65leteJobRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x0e\n\x06job_id\x18\x02 \x01(\t\"\x90\x01\n\x11\x44\x65leteJobResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12H\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32:.kuscia.proto.api.v1alpha1.kusciaapi.DeleteJobResponseData\"\'\n\x15\x44\x65leteJobResponseData\x12\x0e\n\x06job_id\x18\x01 \x01(\t\"Z\n\x0eStopJobRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x0e\n\x06job_id\x18\x02 \x01(\t\"\x8c\x01\n\x0fStopJobResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12\x46\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32\x38.kuscia.proto.api.v1alpha1.kusciaapi.StopJobResponseData\"%\n\x13StopJobResponseData\x12\x0e\n\x06job_id\x18\x01 \x01(\t\"[\n\x0fQueryJobRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x0e\n\x06job_id\x18\x02 \x01(\t\"\x8e\x01\n\x10QueryJobResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12G\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32\x39.kuscia.proto.api.v1alpha1.kusciaapi.QueryJobResponseData\"\xd8\x01\n\x14QueryJobResponseData\x12\x0e\n\x06job_id\x18\x01 \x01(\t\x12\x11\n\tinitiator\x18\x02 \x01(\t\x12\x17\n\x0fmax_parallelism\x18\x03 \x01(\x05\x12>\n\x05tasks\x18\x04 \x03(\x0b\x32/.kuscia.proto.api.v1alpha1.kusciaapi.TaskConfig\x12\x44\n\x06status\x18\x05 \x01(\x0b\x32\x34.kuscia.proto.api.v1alpha1.kusciaapi.JobStatusDetail\"\xac\x01\n\x0fJobStatusDetail\x12\r\n\x05state\x18\x01 \x01(\t\x12\x0f\n\x07\x65rr_msg\x18\x02 \x01(\t\x12\x13\n\x0b\x63reate_time\x18\x03 \x01(\t\x12\x12\n\nstart_time\x18\x04 \x01(\t\x12\x10\n\x08\x65nd_time\x18\x05 \x01(\t\x12>\n\x05tasks\x18\x06 \x03(\x0b\x32/.kuscia.proto.api.v1alpha1.kusciaapi.TaskStatus\"\xbf\x01\n\nTaskConfig\x12\x11\n\tapp_image\x18\x01 \x01(\t\x12;\n\x07parties\x18\x02 \x03(\x0b\x32*.kuscia.proto.api.v1alpha1.kusciaapi.Party\x12\r\n\x05\x61lias\x18\x03 \x01(\t\x12\x0f\n\x07task_id\x18\x04 \x01(\t\x12\x14\n\x0c\x64\x65pendencies\x18\x05 \x03(\t\x12\x19\n\x11task_input_config\x18\x06 \x01(\t\x12\x10\n\x08priority\x18\x07 \x01(\x05\"\xbb\x01\n\nTaskStatus\x12\x0f\n\x07task_id\x18\x01 \x01(\t\x12\r\n\x05state\x18\x02 \x01(\t\x12\x0f\n\x07\x65rr_msg\x18\x03 \x01(\t\x12\x13\n\x0b\x63reate_time\x18\x04 \x01(\t\x12\x12\n\nstart_time\x18\x05 \x01(\t\x12\x10\n\x08\x65nd_time\x18\x06 \x01(\t\x12\x41\n\x07parties\x18\x07 \x03(\x0b\x32\x30.kuscia.proto.api.v1alpha1.kusciaapi.PartyStatus\"\x8a\x01\n\x0bPartyStatus\x12\x11\n\tdomain_id\x18\x01 \x01(\t\x12\r\n\x05state\x18\x02 \x01(\t\x12\x0f\n\x07\x65rr_msg\x18\x03 \x01(\t\x12H\n\tendpoints\x18\x04 \x03(\x0b\x32\x35.kuscia.proto.api.v1alpha1.kusciaapi.JobPartyEndpoint\"g\n\x1a\x42\x61tchQueryJobStatusRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x0f\n\x07job_ids\x18\x02 \x03(\t\"\xa4\x01\n\x1b\x42\x61tchQueryJobStatusResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12R\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32\x44.kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryJobStatusResponseData\"_\n\x1f\x42\x61tchQueryJobStatusResponseData\x12<\n\x04jobs\x18\x01 \x03(\x0b\x32..kuscia.proto.api.v1alpha1.kusciaapi.JobStatus\"\x90\x01\n\x11JobStatusResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12H\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32:.kuscia.proto.api.v1alpha1.kusciaapi.JobStatusResponseData\"m\n\x15JobStatusResponseData\x12\x0e\n\x06job_id\x18\x01 \x01(\t\x12\x44\n\x06status\x18\x02 \x01(\x0b\x32\x34.kuscia.proto.api.v1alpha1.kusciaapi.JobStatusDetail\"a\n\tJobStatus\x12\x0e\n\x06job_id\x18\x01 \x01(\t\x12\x44\n\x06status\x18\x02 \x01(\x0b\x32\x34.kuscia.proto.api.v1alpha1.kusciaapi.JobStatusDetail\"d\n\x0fWatchJobRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x17\n\x0ftimeout_seconds\x18\x02 \x01(\x03\"\x95\x01\n\x15WatchJobEventResponse\x12<\n\x04type\x18\x01 \x01(\x0e\x32..kuscia.proto.api.v1alpha1.kusciaapi.EventType\x12>\n\x06object\x18\x02 \x01(\x0b\x32..kuscia.proto.api.v1alpha1.kusciaapi.JobStatus\"F\n\x10JobPartyEndpoint\x12\x11\n\tport_name\x18\x01 \x01(\t\x12\r\n\x05scope\x18\x02 \x01(\t\x12\x10\n\x08\x65ndpoint\x18\x03 \x01(\t*I\n\x05State\x12\x0b\n\x07Unknown\x10\x00\x12\x0b\n\x07Pending\x10\x01\x12\x0b\n\x07Running\x10\x02\x12\r\n\tSucceeded\x10\x03\x12\n\n\x06\x46\x61iled\x10\x04*K\n\tEventType\x12\t\n\x05\x41\x44\x44\x45\x44\x10\x00\x12\x0c\n\x08MODIFIED\x10\x01\x12\x0b\n\x07\x44\x45LETED\x10\x02\x12\t\n\x05\x45RROR\x10\x03\x12\r\n\tHEARTBEAT\x10\x04\x32\x8e\x06\n\nJobService\x12z\n\tCreateJob\x12\x35.kuscia.proto.api.v1alpha1.kusciaapi.CreateJobRequest\x1a\x36.kuscia.proto.api.v1alpha1.kusciaapi.CreateJobResponse\x12w\n\x08QueryJob\x12\x34.kuscia.proto.api.v1alpha1.kusciaapi.QueryJobRequest\x1a\x35.kuscia.proto.api.v1alpha1.kusciaapi.QueryJobResponse\x12\x98\x01\n\x13\x42\x61tchQueryJobStatus\x12?.kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryJobStatusRequest\x1a@.kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryJobStatusResponse\x12t\n\x07StopJob\x12\x33.kuscia.proto.api.v1alpha1.kusciaapi.StopJobRequest\x1a\x34.kuscia.proto.api.v1alpha1.kusciaapi.StopJobResponse\x12z\n\tDeleteJob\x12\x35.kuscia.proto.api.v1alpha1.kusciaapi.DeleteJobRequest\x1a\x36.kuscia.proto.api.v1alpha1.kusciaapi.DeleteJobResponse\x12~\n\x08WatchJob\x12\x34.kuscia.proto.api.v1alpha1.kusciaapi.WatchJobRequest\x1a:.kuscia.proto.api.v1alpha1.kusciaapi.WatchJobEventResponse0\x01\x42^\n!org.secretflow.v1alpha1.kusciaapiZ9github.com/secretflow/kuscia/proto/api/v1alpha1/kusciaapib\x06proto3')
-_TASKSTATE = DESCRIPTOR.enum_types_by_name['TaskState']
-TaskState = enum_type_wrapper.EnumTypeWrapper(_TASKSTATE)
+_STATE = DESCRIPTOR.enum_types_by_name['State']
+State = enum_type_wrapper.EnumTypeWrapper(_STATE)
_EVENTTYPE = DESCRIPTOR.enum_types_by_name['EventType']
EventType = enum_type_wrapper.EnumTypeWrapper(_EVENTTYPE)
-Pending = 0
-Running = 1
-Succeeded = 2
-Failed = 3
+Unknown = 0
+Pending = 1
+Running = 2
+Succeeded = 3
+Failed = 4
ADDED = 0
MODIFIED = 1
DELETED = 2
ERROR = 3
+HEARTBEAT = 4
_CREATEJOBREQUEST = DESCRIPTOR.message_types_by_name['CreateJobRequest']
@@ -58,6 +60,7 @@
_JOBSTATUS = DESCRIPTOR.message_types_by_name['JobStatus']
_WATCHJOBREQUEST = DESCRIPTOR.message_types_by_name['WatchJobRequest']
_WATCHJOBEVENTRESPONSE = DESCRIPTOR.message_types_by_name['WatchJobEventResponse']
+_JOBPARTYENDPOINT = DESCRIPTOR.message_types_by_name['JobPartyEndpoint']
CreateJobRequest = _reflection.GeneratedProtocolMessageType('CreateJobRequest', (_message.Message,), {
'DESCRIPTOR' : _CREATEJOBREQUEST,
'__module__' : 'kuscia.proto.api.v1alpha1.kusciaapi.job_pb2'
@@ -240,15 +243,22 @@
})
_sym_db.RegisterMessage(WatchJobEventResponse)
+JobPartyEndpoint = _reflection.GeneratedProtocolMessageType('JobPartyEndpoint', (_message.Message,), {
+ 'DESCRIPTOR' : _JOBPARTYENDPOINT,
+ '__module__' : 'kuscia.proto.api.v1alpha1.kusciaapi.job_pb2'
+ # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.kusciaapi.JobPartyEndpoint)
+ })
+_sym_db.RegisterMessage(JobPartyEndpoint)
+
_JOBSERVICE = DESCRIPTOR.services_by_name['JobService']
if _descriptor._USE_C_DESCRIPTORS == False:
DESCRIPTOR._options = None
DESCRIPTOR._serialized_options = b'\n!org.secretflow.v1alpha1.kusciaapiZ9github.com/secretflow/kuscia/proto/api/v1alpha1/kusciaapi'
- _TASKSTATE._serialized_start=3359
- _TASKSTATE._serialized_end=3423
- _EVENTTYPE._serialized_start=3425
- _EVENTTYPE._serialized_end=3485
+ _STATE._serialized_start=3506
+ _STATE._serialized_end=3579
+ _EVENTTYPE._serialized_start=3581
+ _EVENTTYPE._serialized_end=3656
_CREATEJOBREQUEST._serialized_start=127
_CREATEJOBREQUEST._serialized_end=321
_CREATEJOBRESPONSE._serialized_start=324
@@ -283,24 +293,26 @@
_TASKCONFIG._serialized_end=2121
_TASKSTATUS._serialized_start=2124
_TASKSTATUS._serialized_end=2311
- _PARTYSTATUS._serialized_start=2313
- _PARTYSTATUS._serialized_end=2377
- _BATCHQUERYJOBSTATUSREQUEST._serialized_start=2379
- _BATCHQUERYJOBSTATUSREQUEST._serialized_end=2482
- _BATCHQUERYJOBSTATUSRESPONSE._serialized_start=2485
- _BATCHQUERYJOBSTATUSRESPONSE._serialized_end=2649
- _BATCHQUERYJOBSTATUSRESPONSEDATA._serialized_start=2651
- _BATCHQUERYJOBSTATUSRESPONSEDATA._serialized_end=2746
- _JOBSTATUSRESPONSE._serialized_start=2749
- _JOBSTATUSRESPONSE._serialized_end=2893
- _JOBSTATUSRESPONSEDATA._serialized_start=2895
- _JOBSTATUSRESPONSEDATA._serialized_end=3004
- _JOBSTATUS._serialized_start=3006
- _JOBSTATUS._serialized_end=3103
- _WATCHJOBREQUEST._serialized_start=3105
- _WATCHJOBREQUEST._serialized_end=3205
- _WATCHJOBEVENTRESPONSE._serialized_start=3208
- _WATCHJOBEVENTRESPONSE._serialized_end=3357
- _JOBSERVICE._serialized_start=3488
- _JOBSERVICE._serialized_end=4270
+ _PARTYSTATUS._serialized_start=2314
+ _PARTYSTATUS._serialized_end=2452
+ _BATCHQUERYJOBSTATUSREQUEST._serialized_start=2454
+ _BATCHQUERYJOBSTATUSREQUEST._serialized_end=2557
+ _BATCHQUERYJOBSTATUSRESPONSE._serialized_start=2560
+ _BATCHQUERYJOBSTATUSRESPONSE._serialized_end=2724
+ _BATCHQUERYJOBSTATUSRESPONSEDATA._serialized_start=2726
+ _BATCHQUERYJOBSTATUSRESPONSEDATA._serialized_end=2821
+ _JOBSTATUSRESPONSE._serialized_start=2824
+ _JOBSTATUSRESPONSE._serialized_end=2968
+ _JOBSTATUSRESPONSEDATA._serialized_start=2970
+ _JOBSTATUSRESPONSEDATA._serialized_end=3079
+ _JOBSTATUS._serialized_start=3081
+ _JOBSTATUS._serialized_end=3178
+ _WATCHJOBREQUEST._serialized_start=3180
+ _WATCHJOBREQUEST._serialized_end=3280
+ _WATCHJOBEVENTRESPONSE._serialized_start=3283
+ _WATCHJOBEVENTRESPONSE._serialized_end=3432
+ _JOBPARTYENDPOINT._serialized_start=3434
+ _JOBPARTYENDPOINT._serialized_end=3504
+ _JOBSERVICE._serialized_start=3659
+ _JOBSERVICE._serialized_end=4441
# @@protoc_insertion_point(module_scope)
diff --git a/python/kuscia/proto/api/v1alpha1/kusciaapi/serving_pb2.py b/python/kuscia/proto/api/v1alpha1/kusciaapi/serving_pb2.py
index fcf0b163..60470624 100644
--- a/python/kuscia/proto/api/v1alpha1/kusciaapi/serving_pb2.py
+++ b/python/kuscia/proto/api/v1alpha1/kusciaapi/serving_pb2.py
@@ -15,7 +15,7 @@
from kuscia.proto.api.v1alpha1 import common_pb2 as kuscia_dot_proto_dot_api_dot_v1alpha1_dot_common__pb2
-DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n1kuscia/proto/api/v1alpha1/kusciaapi/serving.proto\x12#kuscia.proto.api.v1alpha1.kusciaapi\x1a&kuscia/proto/api/v1alpha1/common.proto\"\xd9\x01\n\x14\x43reateServingRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x12\n\nserving_id\x18\x02 \x01(\t\x12\x1c\n\x14serving_input_config\x18\x03 \x01(\t\x12\x11\n\tinitiator\x18\x04 \x01(\t\x12\x42\n\x07parties\x18\x05 \x03(\x0b\x32\x31.kuscia.proto.api.v1alpha1.kusciaapi.ServingParty\"J\n\x15\x43reateServingResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\"c\n\x13QueryServingRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x12\n\nserving_id\x18\x02 \x01(\t\"\x96\x01\n\x14QueryServingResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12K\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32=.kuscia.proto.api.v1alpha1.kusciaapi.QueryServingResponseData\"\xd9\x01\n\x18QueryServingResponseData\x12\x1c\n\x14serving_input_config\x18\x01 \x01(\t\x12\x11\n\tinitiator\x18\x02 \x01(\t\x12\x42\n\x07parties\x18\x03 \x03(\x0b\x32\x31.kuscia.proto.api.v1alpha1.kusciaapi.ServingParty\x12H\n\x06status\x18\x04 \x01(\x0b\x32\x38.kuscia.proto.api.v1alpha1.kusciaapi.ServingStatusDetail\"\xc6\x01\n\x14UpdateServingRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x12\n\nserving_id\x18\x02 \x01(\t\x12\x1c\n\x14serving_input_config\x18\x03 \x01(\t\x12\x42\n\x07parties\x18\x04 \x03(\x0b\x32\x31.kuscia.proto.api.v1alpha1.kusciaapi.ServingParty\"J\n\x15UpdateServingResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\"d\n\x14\x44\x65leteServingRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x12\n\nserving_id\x18\x02 \x01(\t\"J\n\x15\x44\x65leteServingResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\"o\n\x1e\x42\x61tchQueryServingStatusRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x13\n\x0bserving_ids\x18\x02 \x03(\t\"\xac\x01\n\x1f\x42\x61tchQueryServingStatusResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12V\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32H.kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryServingStatusResponseData\"k\n#BatchQueryServingStatusResponseData\x12\x44\n\x08servings\x18\x01 \x03(\x0b\x32\x32.kuscia.proto.api.v1alpha1.kusciaapi.ServingStatus\"\xf6\x01\n\x0cServingParty\x12\x11\n\tdomain_id\x18\x01 \x01(\t\x12\x0c\n\x04role\x18\x02 \x01(\t\x12\x11\n\tapp_image\x18\x03 \x01(\t\x12\x15\n\x08replicas\x18\x04 \x01(\x05H\x00\x88\x01\x01\x12L\n\x0fupdate_strategy\x18\x05 \x01(\x0b\x32\x33.kuscia.proto.api.v1alpha1.kusciaapi.UpdateStrategy\x12@\n\tresources\x18\x06 \x03(\x0b\x32-.kuscia.proto.api.v1alpha1.kusciaapi.ResourceB\x0b\n\t_replicas\"l\n\x08Resource\x12\x16\n\x0e\x63ontainer_name\x18\x01 \x01(\t\x12\x0f\n\x07min_cpu\x18\x02 \x01(\t\x12\x0f\n\x07max_cpu\x18\x03 \x01(\t\x12\x12\n\nmin_memory\x18\x04 \x01(\t\x12\x12\n\nmax_memory\x18\x05 \x01(\t\"J\n\x0eUpdateStrategy\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x11\n\tmax_surge\x18\x02 \x01(\t\x12\x17\n\x0fmax_unavailable\x18\x03 \x01(\t\"m\n\rServingStatus\x12\x12\n\nserving_id\x18\x01 \x01(\t\x12H\n\x06status\x18\x02 \x01(\x0b\x32\x38.kuscia.proto.api.v1alpha1.kusciaapi.ServingStatusDetail\"\xdd\x01\n\x13ServingStatusDetail\x12\r\n\x05state\x18\x01 \x01(\t\x12\x0e\n\x06reason\x18\x02 \x01(\t\x12\x0f\n\x07message\x18\x03 \x01(\t\x12\x15\n\rtotal_parties\x18\x04 \x01(\x05\x12\x19\n\x11\x61vailable_parties\x18\x05 \x01(\x05\x12\x13\n\x0b\x63reate_time\x18\x06 \x01(\t\x12O\n\x0eparty_statuses\x18\x07 \x03(\x0b\x32\x37.kuscia.proto.api.v1alpha1.kusciaapi.PartyServingStatus\"\x80\x02\n\x12PartyServingStatus\x12\x11\n\tdomain_id\x18\x01 \x01(\t\x12\x0c\n\x04role\x18\x02 \x01(\t\x12\r\n\x05state\x18\x03 \x01(\t\x12\x10\n\x08replicas\x18\x04 \x01(\x05\x12\x1a\n\x12\x61vailable_replicas\x18\x05 \x01(\x05\x12\x1c\n\x14unavailable_replicas\x18\x06 \x01(\x05\x12\x17\n\x0fupdatedReplicas\x18\x07 \x01(\x05\x12\x13\n\x0b\x63reate_time\x18\x08 \x01(\t\x12@\n\tendpoints\x18\t \x03(\x0b\x32-.kuscia.proto.api.v1alpha1.kusciaapi.Endpoint\"\x1c\n\x08\x45ndpoint\x12\x10\n\x08\x65ndpoint\x18\x01 \x01(\t2\xd8\x05\n\x0eServingService\x12\x86\x01\n\rCreateServing\x12\x39.kuscia.proto.api.v1alpha1.kusciaapi.CreateServingRequest\x1a:.kuscia.proto.api.v1alpha1.kusciaapi.CreateServingResponse\x12\x83\x01\n\x0cQueryServing\x12\x38.kuscia.proto.api.v1alpha1.kusciaapi.QueryServingRequest\x1a\x39.kuscia.proto.api.v1alpha1.kusciaapi.QueryServingResponse\x12\x86\x01\n\rUpdateServing\x12\x39.kuscia.proto.api.v1alpha1.kusciaapi.UpdateServingRequest\x1a:.kuscia.proto.api.v1alpha1.kusciaapi.UpdateServingResponse\x12\x86\x01\n\rDeleteServing\x12\x39.kuscia.proto.api.v1alpha1.kusciaapi.DeleteServingRequest\x1a:.kuscia.proto.api.v1alpha1.kusciaapi.DeleteServingResponse\x12\xa4\x01\n\x17\x42\x61tchQueryServingStatus\x12\x43.kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryServingStatusRequest\x1a\x44.kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryServingStatusResponseB^\n!org.secretflow.v1alpha1.kusciaapiZ9github.com/secretflow/kuscia/proto/api/v1alpha1/kusciaapib\x06proto3')
+DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n1kuscia/proto/api/v1alpha1/kusciaapi/serving.proto\x12#kuscia.proto.api.v1alpha1.kusciaapi\x1a&kuscia/proto/api/v1alpha1/common.proto\"\xd9\x01\n\x14\x43reateServingRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x12\n\nserving_id\x18\x02 \x01(\t\x12\x1c\n\x14serving_input_config\x18\x03 \x01(\t\x12\x11\n\tinitiator\x18\x04 \x01(\t\x12\x42\n\x07parties\x18\x05 \x03(\x0b\x32\x31.kuscia.proto.api.v1alpha1.kusciaapi.ServingParty\"J\n\x15\x43reateServingResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\"c\n\x13QueryServingRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x12\n\nserving_id\x18\x02 \x01(\t\"\x96\x01\n\x14QueryServingResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12K\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32=.kuscia.proto.api.v1alpha1.kusciaapi.QueryServingResponseData\"\xd9\x01\n\x18QueryServingResponseData\x12\x1c\n\x14serving_input_config\x18\x01 \x01(\t\x12\x11\n\tinitiator\x18\x02 \x01(\t\x12\x42\n\x07parties\x18\x03 \x03(\x0b\x32\x31.kuscia.proto.api.v1alpha1.kusciaapi.ServingParty\x12H\n\x06status\x18\x04 \x01(\x0b\x32\x38.kuscia.proto.api.v1alpha1.kusciaapi.ServingStatusDetail\"\xc6\x01\n\x14UpdateServingRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x12\n\nserving_id\x18\x02 \x01(\t\x12\x1c\n\x14serving_input_config\x18\x03 \x01(\t\x12\x42\n\x07parties\x18\x04 \x03(\x0b\x32\x31.kuscia.proto.api.v1alpha1.kusciaapi.ServingParty\"J\n\x15UpdateServingResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\"d\n\x14\x44\x65leteServingRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x12\n\nserving_id\x18\x02 \x01(\t\"J\n\x15\x44\x65leteServingResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\"o\n\x1e\x42\x61tchQueryServingStatusRequest\x12\x38\n\x06header\x18\x01 \x01(\x0b\x32(.kuscia.proto.api.v1alpha1.RequestHeader\x12\x13\n\x0bserving_ids\x18\x02 \x03(\t\"\xac\x01\n\x1f\x42\x61tchQueryServingStatusResponse\x12\x31\n\x06status\x18\x01 \x01(\x0b\x32!.kuscia.proto.api.v1alpha1.Status\x12V\n\x04\x64\x61ta\x18\x02 \x01(\x0b\x32H.kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryServingStatusResponseData\"k\n#BatchQueryServingStatusResponseData\x12\x44\n\x08servings\x18\x01 \x03(\x0b\x32\x32.kuscia.proto.api.v1alpha1.kusciaapi.ServingStatus\"\xf6\x01\n\x0cServingParty\x12\x11\n\tdomain_id\x18\x01 \x01(\t\x12\x0c\n\x04role\x18\x02 \x01(\t\x12\x11\n\tapp_image\x18\x03 \x01(\t\x12\x15\n\x08replicas\x18\x04 \x01(\x05H\x00\x88\x01\x01\x12L\n\x0fupdate_strategy\x18\x05 \x01(\x0b\x32\x33.kuscia.proto.api.v1alpha1.kusciaapi.UpdateStrategy\x12@\n\tresources\x18\x06 \x03(\x0b\x32-.kuscia.proto.api.v1alpha1.kusciaapi.ResourceB\x0b\n\t_replicas\"l\n\x08Resource\x12\x16\n\x0e\x63ontainer_name\x18\x01 \x01(\t\x12\x0f\n\x07min_cpu\x18\x02 \x01(\t\x12\x0f\n\x07max_cpu\x18\x03 \x01(\t\x12\x12\n\nmin_memory\x18\x04 \x01(\t\x12\x12\n\nmax_memory\x18\x05 \x01(\t\"J\n\x0eUpdateStrategy\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x11\n\tmax_surge\x18\x02 \x01(\t\x12\x17\n\x0fmax_unavailable\x18\x03 \x01(\t\"m\n\rServingStatus\x12\x12\n\nserving_id\x18\x01 \x01(\t\x12H\n\x06status\x18\x02 \x01(\x0b\x32\x38.kuscia.proto.api.v1alpha1.kusciaapi.ServingStatusDetail\"\xdd\x01\n\x13ServingStatusDetail\x12\r\n\x05state\x18\x01 \x01(\t\x12\x0e\n\x06reason\x18\x02 \x01(\t\x12\x0f\n\x07message\x18\x03 \x01(\t\x12\x15\n\rtotal_parties\x18\x04 \x01(\x05\x12\x19\n\x11\x61vailable_parties\x18\x05 \x01(\x05\x12\x13\n\x0b\x63reate_time\x18\x06 \x01(\t\x12O\n\x0eparty_statuses\x18\x07 \x03(\x0b\x32\x37.kuscia.proto.api.v1alpha1.kusciaapi.PartyServingStatus\"\x8c\x02\n\x12PartyServingStatus\x12\x11\n\tdomain_id\x18\x01 \x01(\t\x12\x0c\n\x04role\x18\x02 \x01(\t\x12\r\n\x05state\x18\x03 \x01(\t\x12\x10\n\x08replicas\x18\x04 \x01(\x05\x12\x1a\n\x12\x61vailable_replicas\x18\x05 \x01(\x05\x12\x1c\n\x14unavailable_replicas\x18\x06 \x01(\x05\x12\x17\n\x0fupdatedReplicas\x18\x07 \x01(\x05\x12\x13\n\x0b\x63reate_time\x18\x08 \x01(\t\x12L\n\tendpoints\x18\t \x03(\x0b\x32\x39.kuscia.proto.api.v1alpha1.kusciaapi.ServingPartyEndpoint\"J\n\x14ServingPartyEndpoint\x12\x11\n\tport_name\x18\x01 \x01(\t\x12\r\n\x05scope\x18\x02 \x01(\t\x12\x10\n\x08\x65ndpoint\x18\x03 \x01(\t2\xd8\x05\n\x0eServingService\x12\x86\x01\n\rCreateServing\x12\x39.kuscia.proto.api.v1alpha1.kusciaapi.CreateServingRequest\x1a:.kuscia.proto.api.v1alpha1.kusciaapi.CreateServingResponse\x12\x83\x01\n\x0cQueryServing\x12\x38.kuscia.proto.api.v1alpha1.kusciaapi.QueryServingRequest\x1a\x39.kuscia.proto.api.v1alpha1.kusciaapi.QueryServingResponse\x12\x86\x01\n\rUpdateServing\x12\x39.kuscia.proto.api.v1alpha1.kusciaapi.UpdateServingRequest\x1a:.kuscia.proto.api.v1alpha1.kusciaapi.UpdateServingResponse\x12\x86\x01\n\rDeleteServing\x12\x39.kuscia.proto.api.v1alpha1.kusciaapi.DeleteServingRequest\x1a:.kuscia.proto.api.v1alpha1.kusciaapi.DeleteServingResponse\x12\xa4\x01\n\x17\x42\x61tchQueryServingStatus\x12\x43.kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryServingStatusRequest\x1a\x44.kuscia.proto.api.v1alpha1.kusciaapi.BatchQueryServingStatusResponseB^\n!org.secretflow.v1alpha1.kusciaapiZ9github.com/secretflow/kuscia/proto/api/v1alpha1/kusciaapib\x06proto3')
@@ -37,7 +37,7 @@
_SERVINGSTATUS = DESCRIPTOR.message_types_by_name['ServingStatus']
_SERVINGSTATUSDETAIL = DESCRIPTOR.message_types_by_name['ServingStatusDetail']
_PARTYSERVINGSTATUS = DESCRIPTOR.message_types_by_name['PartyServingStatus']
-_ENDPOINT = DESCRIPTOR.message_types_by_name['Endpoint']
+_SERVINGPARTYENDPOINT = DESCRIPTOR.message_types_by_name['ServingPartyEndpoint']
CreateServingRequest = _reflection.GeneratedProtocolMessageType('CreateServingRequest', (_message.Message,), {
'DESCRIPTOR' : _CREATESERVINGREQUEST,
'__module__' : 'kuscia.proto.api.v1alpha1.kusciaapi.serving_pb2'
@@ -164,12 +164,12 @@
})
_sym_db.RegisterMessage(PartyServingStatus)
-Endpoint = _reflection.GeneratedProtocolMessageType('Endpoint', (_message.Message,), {
- 'DESCRIPTOR' : _ENDPOINT,
+ServingPartyEndpoint = _reflection.GeneratedProtocolMessageType('ServingPartyEndpoint', (_message.Message,), {
+ 'DESCRIPTOR' : _SERVINGPARTYENDPOINT,
'__module__' : 'kuscia.proto.api.v1alpha1.kusciaapi.serving_pb2'
- # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.kusciaapi.Endpoint)
+ # @@protoc_insertion_point(class_scope:kuscia.proto.api.v1alpha1.kusciaapi.ServingPartyEndpoint)
})
-_sym_db.RegisterMessage(Endpoint)
+_sym_db.RegisterMessage(ServingPartyEndpoint)
_SERVINGSERVICE = DESCRIPTOR.services_by_name['ServingService']
if _descriptor._USE_C_DESCRIPTORS == False:
@@ -211,9 +211,9 @@
_SERVINGSTATUSDETAIL._serialized_start=2299
_SERVINGSTATUSDETAIL._serialized_end=2520
_PARTYSERVINGSTATUS._serialized_start=2523
- _PARTYSERVINGSTATUS._serialized_end=2779
- _ENDPOINT._serialized_start=2781
- _ENDPOINT._serialized_end=2809
- _SERVINGSERVICE._serialized_start=2812
- _SERVINGSERVICE._serialized_end=3540
+ _PARTYSERVINGSTATUS._serialized_end=2791
+ _SERVINGPARTYENDPOINT._serialized_start=2793
+ _SERVINGPARTYENDPOINT._serialized_end=2867
+ _SERVINGSERVICE._serialized_start=2870
+ _SERVINGSERVICE._serialized_end=3598
# @@protoc_insertion_point(module_scope)
diff --git a/python/version.py b/python/version.py
index 53598703..69c71fa1 100644
--- a/python/version.py
+++ b/python/version.py
@@ -13,4 +13,4 @@
# limitations under the License.
-__version__ = "0.0.2.dev231025"
+__version__ = "0.0.2.dev240103"
diff --git a/scripts/deploy/deploy.sh b/scripts/deploy/deploy.sh
index 70d728ea..dabb1352 100755
--- a/scripts/deploy/deploy.sh
+++ b/scripts/deploy/deploy.sh
@@ -41,6 +41,13 @@ function arch_check() {
fi
}
+function pre_check() {
+ if ! mkdir -p "$1" 2>/dev/null; then
+ echo -e "${RED}User does not have access to create the directory: $1${NC}"
+ exit 1
+ fi
+}
+
if [[ ${KUSCIA_IMAGE} == "" ]]; then
KUSCIA_IMAGE=secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow/kuscia:latest
fi
@@ -51,7 +58,7 @@ if [[ "$SECRETFLOW_IMAGE" == "" ]]; then
fi
log "SECRETFLOW_IMAGE=${SECRETFLOW_IMAGE}"
-SF_IMAGE_REGISTRY="secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow"
+SF_IMAGE_REGISTRY=""
CTR_ROOT=/home/kuscia
CTR_CERT_ROOT=${CTR_ROOT}/var/certs
MASTER_MEMORY_LIMIT=2G
@@ -336,6 +343,7 @@ function deploy_autonomy() {
--env NAMESPACE=${DOMAIN_ID} \
"${KUSCIA_IMAGE}" bin/kuscia start -c etc/conf/kuscia.yaml
+ docker exec -it "${domain_ctr}" sh scripts/deploy/init_kusciaapi_client_certs.sh
probe_gateway_crd "${domain_ctr}" "${DOMAIN_ID}" "${domain_ctr}" 60
log "Container ${domain_ctr} started successfully"
@@ -401,6 +409,7 @@ function deploy_lite() {
--env NAMESPACE=${DOMAIN_ID} \
"${KUSCIA_IMAGE}" bin/kuscia start -c etc/conf/kuscia.yaml
+ docker exec -it "${domain_ctr}" sh scripts/deploy/init_kusciaapi_client_certs.sh
probe_datamesh "$domain_ctr"
log "Lite domain '${DOMAIN_ID}' started successfully"
@@ -445,6 +454,8 @@ function deploy_master() {
-v ${kuscia_conf_file}:/home/kuscia/etc/conf/kuscia.yaml \
${env_flag} ${mount_flag} \
"${KUSCIA_IMAGE}" bin/kuscia start -c etc/conf/kuscia.yaml
+
+ docker exec -it "${domain_ctr}" sh scripts/deploy/init_kusciaapi_client_certs.sh
probe_gateway_crd "${domain_ctr}" ${master_domain_id} "${domain_ctr}" 60
log "Master '${master_domain_id}' started successfully"
fi
@@ -596,6 +607,10 @@ function init() {
[[ ${DOMAIN_LOG_DIR} == "" ]] && DOMAIN_LOG_DIR="${ROOT}/kuscia-${deploy_mode}-${DOMAIN_ID}-log"
[[ ${DOMAIN_HOST_IP} == "" ]] && DOMAIN_HOST_IP=$(getIPV4Address)
+ pre_check "${DOMAIN_CERTS_DIR}"
+ pre_check "${DOMAIN_DATA_DIR}"
+ pre_check "${DOMAIN_LOG_DIR}"
+
log "ROOT=${ROOT}"
log "DOMAIN_ID=${DOMAIN_ID}"
log "DOMAIN_HOST_IP=${DOMAIN_HOST_IP}"
@@ -607,10 +622,6 @@ function init() {
log "KUSCIAAPI_HTTP_PORT=${KUSCIAAPI_HTTP_PORT}"
log "KUSCIAAPI_GRPC_PORT=${KUSCIAAPI_GRPC_PORT}"
- mkdir -p "${DOMAIN_CERTS_DIR}"
- mkdir -p "${DOMAIN_DATA_DIR}"
- mkdir -p "${DOMAIN_LOG_DIR}"
-
build_kuscia_network
}
diff --git a/scripts/deploy/start_standalone.sh b/scripts/deploy/start_standalone.sh
index 96a8a33d..2b28a6f8 100755
--- a/scripts/deploy/start_standalone.sh
+++ b/scripts/deploy/start_standalone.sh
@@ -51,9 +51,9 @@ FORCE_START=false
MASTER_MEMORY_LIMIT=2G
LITE_MEMORY_LIMIT=4G
AUTONOMY_MEMORY_LIMIT=6G
-SF_IMAGE_NAME="secretflow/secretflow-lite-anolis8"
+SF_IMAGE_NAME="secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow/secretflow-lite-anolis8"
SF_IMAGE_TAG="1.3.0.dev20231120"
-SF_IMAGE_REGISTRY="secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow"
+SF_IMAGE_REGISTRY=""
NETWORK_NAME="kuscia-exchange"
SECRETPAD_USER_NAME=""
SECRETPAD_PASSWORD=""
diff --git a/scripts/templates/cluster_domain_route.token.yaml b/scripts/templates/cluster_domain_route.token.yaml
index 92ec39dd..541e6b95 100644
--- a/scripts/templates/cluster_domain_route.token.yaml
+++ b/scripts/templates/cluster_domain_route.token.yaml
@@ -17,5 +17,6 @@ spec:
authenticationType: Token
tokenConfig:
tokenGenMethod: RSA-GEN
+ rollingUpdatePeriod: 600
requestHeadersToAdd:
Authorization: Bearer {{.TOKEN}}
\ No newline at end of file
diff --git a/scripts/templates/kuscia-autonomy.yaml b/scripts/templates/kuscia-autonomy.yaml
index 05be1737..f48aa8c9 100644
--- a/scripts/templates/kuscia-autonomy.yaml
+++ b/scripts/templates/kuscia-autonomy.yaml
@@ -2,7 +2,8 @@
mode: Autonomy
# 节点ID
domainID: {{.DOMAIN_ID}}
-# 节点私钥配置, 用于节点间的通信认证, 节点应用的证书签发, 经过 base64 编码
+# 节点私钥配置, 用于节点间的通信认证(通过 2 方的证书来生成通讯的身份令牌), 节点应用的证书签发(为了加强通讯安全性,kuscia 会给每一个任务引擎分配 MTLS 证书,不论引擎访问其他模块(包括外部),还是其他模块访问引擎,都走 MTLS 通讯,以免内部攻破引擎。)
+# 节点私钥可以通过命令 'docker run -it --rm secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow/kuscia scripts/deploy/generate_rsa_key.sh' 生成
# 示例:LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNRDhDQVFBQ0NRREdsY1Y3MTd5V3l3SURBUUFCQWdrQXR5RGVueG0wUGVFQ0JRRHJVTGUvQWdVQTJBcUQ5UUlFCmFuYkxtd0lFZWFaYUxRSUZBSjZ1S2tjPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
domainKeyData: {{.DOMAIN_KEY_DATA}}
diff --git a/scripts/templates/kuscia-lite.yaml b/scripts/templates/kuscia-lite.yaml
index ffd083e1..0b8c1fc4 100644
--- a/scripts/templates/kuscia-lite.yaml
+++ b/scripts/templates/kuscia-lite.yaml
@@ -2,7 +2,8 @@
mode: Lite
# 节点ID
domainID: {{.DOMAIN_ID}}
-# 节点私钥配置, 用于节点间的通信认证, 节点应用的证书签发, 经过 base64 编码。
+# 节点私钥配置, 用于节点间的通信认证(通过 2 方的证书来生成通讯的身份令牌), 节点应用的证书签发(为了加强通讯安全性,kuscia 会给每一个任务引擎分配 MTLS 证书,不论引擎访问其他模块(包括外部),还是其他模块访问引擎,都走 MTLS 通讯,以免内部攻破引擎。)
+# 节点私钥可以通过命令 'docker run -it --rm secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow/kuscia scripts/deploy/generate_rsa_key.sh' 生成
# 示例:LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNRDhDQVFBQ0NRREdsY1Y3MTd5V3l3SURBUUFCQWdrQXR5RGVueG0wUGVFQ0JRRHJVTGUvQWdVQTJBcUQ5UUlFCmFuYkxtd0lFZWFaYUxRSUZBSjZ1S2tjPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
domainKeyData: {{.DOMAIN_KEY_DATA}}
@@ -10,7 +11,9 @@ domainKeyData: {{.DOMAIN_KEY_DATA}}
logLevel: INFO
# master
-# 节点连接 master 的部署 token,用于节点向 master 注册证书, 只在节点第一次向 master 注册证书时有效
+# 当节点首次部署链接 Master 时,Master 通过该 Token 来验证节点的身份(Token 由 Master 颁发),因为安全原因,该 Token 在节点部署成功后,立即失效
+# 多机部署时,请保持该 Token 不变即可
+# 如果节点私钥丢失,请在 Master 删除节点公钥,并重新申请 Token 部署
liteDeployToken: {{.DEPLOY_TOKEN}}
# 节点连接 master 的地址
# 示例:https://172.18.0.2:1080
diff --git a/scripts/templates/kuscia-master.yaml b/scripts/templates/kuscia-master.yaml
index 32508204..28ea3a4d 100644
--- a/scripts/templates/kuscia-master.yaml
+++ b/scripts/templates/kuscia-master.yaml
@@ -2,7 +2,8 @@
mode: Master
# 节点ID
domainID: {{.DOMAIN_ID}}
-# 节点私钥配置, 用于节点间的通信认证, 节点应用的证书签发, 经过 base64 编码
+# 节点私钥配置, 用于节点间的通信认证(通过 2 方的证书来生成通讯的身份令牌), 节点应用的证书签发(为了加强通讯安全性,kuscia 会给每一个任务引擎分配 MTLS 证书,不论引擎访问其他模块(包括外部),还是其他模块访问引擎,都走 MTLS 通讯,以免内部攻破引擎。)
+# 节点私钥可以通过命令 'docker run -it --rm secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow/kuscia scripts/deploy/generate_rsa_key.sh' 生成
# 示例:LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNRDhDQVFBQ0NRREdsY1Y3MTd5V3l3SURBUUFCQWdrQXR5RGVueG0wUGVFQ0JRRHJVTGUvQWdVQTJBcUQ5UUlFCmFuYkxtd0lFZWFaYUxRSUZBSjZ1S2tjPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
domainKeyData: {{.DOMAIN_KEY_DATA}}
# 日志级别 INFO、DEBUG、WARN
diff --git a/scripts/test/suite/center/base.sh b/scripts/test/suite/center/base.sh
index cad3619e..b77b1637 100755
--- a/scripts/test/suite/center/base.sh
+++ b/scripts/test/suite/center/base.sh
@@ -61,4 +61,76 @@ function test_centralized_kuscia_api_grpc_available() {
unset status_message
}
+# set and verify cluster domain route rolling period.
+# Args:
+# ctr: container name
+# cdr_name: cluster domain route name
+# loop_count: period count to be verified
+function try_centralized_token_rolling() {
+ local ctr=$1
+ local cdr_name=$2
+ local loop_count=$3
+ local period=15
+
+ # set rolling period(s)
+ set_cdr_token_rolling_period ${ctr} $cdr_name $period
+
+ # get initial token reversion
+ local prev_src_revision=$(get_cdr_src_token_revision ${ctr} $cdr_name)
+ local prev_dst_revision=$(get_cdr_dst_token_revision ${ctr} $cdr_name)
+
+ for ((i=1; i tmp.json
+ # dr removal
+ docker exec "$bob_ctr" kubectl delete cdr $cdr_name
+
+ sleep $period
+ local ready=$(get_dr_revision_token_ready $alice_ctr $dr_name $src_domain)
+ assertEquals "false" "$ready"
+
+ # dr restore
+ docker cp tmp.json $bob_ctr:/home/kuscia/
+ docker exec "$bob_ctr" kubectl create -f /home/kuscia/tmp.json
+
+ sleep $period
+ local ready=$(get_dr_revision_token_ready $alice_ctr $dr_name $src_domain)
+ assertEquals "true" "$ready"
+
+ # run task
+ test_p2p_kuscia_job
+}
+
+function test_p2p_token_rolling_cert_misconfig() {
+ local alice_ctr="root-kuscia-autonomy-alice"
+ local bob_ctr="root-kuscia-autonomy-bob"
+ local dr_name="alice-bob"
+ local cdr_name="alice-bob"
+ local dst_domain="bob"
+ local src_domain="alice"
+ local period=30
+ local dst_cert=$(docker exec "$alice_ctr" kubectl get domain $dst_domain -o jsonpath='{.spec.cert}')
+ local mis_cert=$(docker exec "$alice_ctr" kubectl get domain $src_domain -o jsonpath='{.spec.cert}') # use alice domain cert as misconfigured cert
+ # cert mis config
+ docker exec "$alice_ctr" kubectl patch domain $dst_domain --type json -p="[{\"op\": \"replace\", \"path\": \"/spec/cert\", \"value\": ${mis_cert}}]"
+
+ sleep $period
+ local ready=$(get_dr_revision_token_ready $alice_ctr $dr_name $src_domain)
+ assertEquals "false" "$ready"
+
+ # cert restore
+ docker exec "$alice_ctr" kubectl patch domain $dst_domain --type json -p="[{\"op\": \"replace\", \"path\": \"/spec/cert\", \"value\": ${dst_cert}}]"
+
+ sleep $period
+ local ready=$(get_dr_revision_token_ready $alice_ctr $dr_name $src_domain)
+ assertEquals "true" "$ready"
+
+ # run task
+ test_p2p_kuscia_job
+}
+
. ./test/vendor/shunit2
\ No newline at end of file
diff --git a/scripts/user/create_example_job.sh b/scripts/user/create_example_job.sh
index 5225d4e9..2c881d96 100755
--- a/scripts/user/create_example_job.sh
+++ b/scripts/user/create_example_job.sh
@@ -34,7 +34,7 @@ if [[ ${JOB_EXAMPLE} == "" ]]; then
JOB_EXAMPLE="PSI"
fi
-if [[ ${JOB_EXAMPLE} != "PSI" && ${JOB_EXAMPLE} != "PSI_WITH_DP" ]] && ${JOB_EXAMPLE} != "NSJAIL_PSI" ]]; then
+if [[ ${JOB_EXAMPLE} != "PSI" && ${JOB_EXAMPLE} != "PSI_WITH_DP" && ${JOB_EXAMPLE} != "NSJAIL_PSI" ]]; then
printf "invalid arguments: JOB_EXAMPLE=%s\n\n%s" "${JOB_EXAMPLE}" "${USAGE}" >&2
exit 1
fi