blob: 8b6427dd579335e7d186436ff0e22629650d3708 [file] [log] [blame]
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* See the License for the specific language governing permissions and
* limitations under the License.
package cmd
import (
import (
import (
core_xds ""
leader_memory ""
util_files ""
type ProxyConfig struct {
ComponentManager component.Manager
BootstrapDynamicMetadata map[string]string
Config *dubboctl.Config
BootstrapGenerator envoy.BootstrapConfigFactoryFunc
DataplaneTokenGenerator func(cfg *dubboctl.Config) (component.Component, error)
var features = []string{core_xds.FeatureTCPAccessLogViaNamedPipe}
func defaultDataplaneTokenGenerator(cfg *dubboctl.Config) (component.Component, error) {
if cfg.DataplaneRuntime.Token != "" {
path := filepath.Join(cfg.DataplaneRuntime.ConfigDir, cfg.Dataplane.Name)
if err := writeFile(path, []byte(cfg.DataplaneRuntime.Token), 0o600); err != nil {
runLog.Error(err, "unable to create file with dataplane token")
return nil, err
cfg.DataplaneRuntime.TokenPath = path
if cfg.DataplaneRuntime.TokenPath != "" {
if err := ValidateTokenPath(cfg.DataplaneRuntime.TokenPath); err != nil {
return nil, errors.Wrapf(err, "dataplane token is invalid, in Kubernetes you must mount a serviceAccount token, in universal you must start your proxy with a generated token.")
return component.ComponentFunc(func(<-chan struct{}) error {
return nil
}), nil
func DefaultProxyConfig() *ProxyConfig {
config := dubboctl.DefaultConfig()
return &ProxyConfig{
ComponentManager: component.NewManager(leader_memory.NewNeverLeaderElector()),
BootstrapGenerator: envoy.NewRemoteBootstrapGenerator(runtime.GOOS, features),
Config: &config,
BootstrapDynamicMetadata: map[string]string{},
DataplaneTokenGenerator: defaultDataplaneTokenGenerator,
func ValidateTokenPath(path string) error {
if path == "" {
return nil
empty, err := util_files.FileEmpty(path)
if err != nil {
return errors.Wrapf(err, "could not read file %s", path)
if empty {
return errors.Errorf("token under file %s is empty", path)
rawToken, err := os.ReadFile(path)
if err != nil {
return errors.Wrapf(err, "could not read the token in the file %s", path)
strToken := strings.TrimSpace(string(rawToken))
if !govalidator.Matches(strToken, "^[^\\x00\\n\\r]*$") {
return errors.New("Token shouldn't contain line breaks within the token, only at the start or end")
token, _, err := new(jwt.Parser).ParseUnverified(strToken, &jwt.MapClaims{})
if err != nil {
return errors.Wrap(err, "not valid JWT token. Can't parse it.")
if token.Method.Alg() == "" {
return errors.New("not valid JWT token. No Alg.")
if token.Header == nil {
return errors.New("not valid JWT token. No Header.")
return nil