Support Nacos auth (#5669)

* Support Nacos auth

docs/en/setup/backend/backend-cluster.md

@@ -107,6 +107,15 @@ cluster:
   # other configurations
 ```
 
+Nacos support authenticate by username or accessKey, empty means no need auth. extra config is bellow:
+```yaml
+nacos:
+  username:
+  password:
+  accessKey:
+  secretKey:
+```
+
 Same as Zookeeper coordinator,
 in some cases, oap default gRPC host and port in core are not suitable for internal communication among the oap nodes.
 The following setting are provided to set the host and port manually, based on your own LAN env.

docs/en/setup/backend/configuration-vocabulary.md

@@ -66,6 +66,10 @@ core|default|role|Option values, `Mixed/Receiver/Aggregator`. **Receiver** mode
 | - | - | namespace| Namespace used by SkyWalking node coordination.| SW_CLUSTER_NACOS_NAMESPACE|public|
 | - | - | internalComHost| The hostname registered in the Nacos for the internal communication of OAP cluster.| - | -|
 | - | - | internalComPort| The port registered in the Nacos for the internal communication of OAP cluster.| - | -1|
+| - | - | username | Nacos Auth username | SW_CLUSTER_NACOS_USERNAME | - |
+| - | - | password | Nacos Auth password | SW_CLUSTER_NACOS_PASSWORD | - |
+| - | - | accessKey | Nacos Auth accessKey | SW_CLUSTER_NACOS_ACCESSKEY | - |
+| - | - | secretKey | Nacos Auth secretKey  | SW_CLUSTER_NACOS_SECRETKEY | - |
 | storage|elasticsearch| - | ElasticSearch 6 storage implementation | - | - |
 | - | - | nameSpace | Prefix of indexes created and used by SkyWalking. | SW_NAMESPACE | - |
 | - | - | clusterNodes | ElasticSearch cluster nodes for client connection.| SW_STORAGE_ES_CLUSTER_NODES |localhost|
@@ -236,7 +240,11 @@ core|default|role|Option values, `Mixed/Receiver/Aggregator`. **Receiver** mode
 | - | nacos | serverAddr | Nacos Server Host | SW_CONFIG_NACOS_SERVER_ADDR | 127.0.0.1|
 | - | - | port | Nacos Server Port | SW_CONFIG_NACOS_SERVER_PORT | 8848 |
 | - | - | group | Nacos Configuration namespace | SW_CONFIG_NACOS_SERVER_NAMESPACE | - |
-| - | - | period | The period of data sync. Unit is second. | SW_CONFIG_ZK_PERIOD | 60 |
+| - | - | period | The period of data sync. Unit is second. | SW_CONFIG_CONFIG_NACOS_PERIOD | 60 |
+| - | - | username | Nacos Auth username | SW_CONFIG_NACOS_USERNAME | - |
+| - | - | password | Nacos Auth password | SW_CONFIG_NACOS_PASSWORD | - |
+| - | - | accessKey | Nacos Auth accessKey | SW_CONFIG_NACOS_ACCESSKEY | - |
+| - | - | secretKey | Nacos Auth secretKey  | SW_CONFIG_NACOS_SECRETKEY | - |
 | exporter | grpc | targetHost | The host of target grpc server for receiving export data. | SW_EXPORTER_GRPC_HOST | 127.0.0.1 |
 | - | - | targetPort | The port of target grpc server for receiving export data. | SW_EXPORTER_GRPC_PORT | 9870 |
 | health-checker | default | checkIntervalSeconds | The period of check OAP internal health status. Unit is second. | SW_HEALTH_CHECKER_INTERVAL_SECONDS | 5 |

oap-server/server-bootstrap/src/main/resources/application.yml

@@ -46,7 +46,12 @@ cluster:
     hostPort: ${SW_CLUSTER_NACOS_HOST_PORT:localhost:8848}
     # Nacos Configuration namespace
     namespace: ${SW_CLUSTER_NACOS_NAMESPACE:"public"}
-
+    # Nacos auth username
+    username: ${SW_CLUSTER_NACOS_USERNAME:""}
+    password: ${SW_CLUSTER_NACOS_PASSWORD:""}
+    # Nacos auth accessKey
+    accessKey: ${SW_CLUSTER_NACOS_ACCESSKEY:""}
+    secretKey: ${SW_CLUSTER_NACOS_SECRETKEY:""}
 core:
   selector: ${SW_CORE:default}
   default:
@@ -357,6 +362,12 @@ configuration:
     namespace: ${SW_CONFIG_NACOS_SERVER_NAMESPACE:}
     # Unit seconds, sync period. Default fetch every 60 seconds.
     period: ${SW_CONFIG_NACOS_PERIOD:60}
+    # Nacos auth username
+    username: ${SW_CONFIG_NACOS_USERNAME:""}
+    password: ${SW_CONFIG_NACOS_PASSWORD:""}
+    # Nacos auth accessKey
+    accessKey: ${SW_CONFIG_NACOS_ACCESSKEY:""}
+    secretKey: ${SW_CONFIG_NACOS_SECRETKEY:""}
 
 exporter:
   selector: ${SW_EXPORTER:-}

oap-server/server-cluster-plugin/cluster-nacos-plugin/src/main/java/org/apache/skywalking/oap/server/cluster/plugin/nacos/ClusterModuleNacosConfig.java

@@ -20,22 +20,20 @@ package org.apache.skywalking.oap.server.cluster.plugin.nacos;
 
 import lombok.Getter;
 import lombok.Setter;
+import lombok.ToString;
 import org.apache.skywalking.oap.server.library.module.ModuleConfig;
 
+@Getter
+@Setter
+@ToString
 public class ClusterModuleNacosConfig extends ModuleConfig {
-    @Setter
-    @Getter
     private String serviceName;
-    @Setter
-    @Getter
     private String hostPort;
-    @Setter
-    @Getter
     private String namespace = "public";
-    @Setter
-    @Getter
     private String internalComHost;
-    @Setter
-    @Getter
     private int internalComPort = -1;
+    private String username;
+    private String password;
+    private String accessKey;
+    private String secretKey;
 }

oap-server/server-cluster-plugin/cluster-nacos-plugin/src/main/java/org/apache/skywalking/oap/server/cluster/plugin/nacos/ClusterModuleNacosProvider.java

@@ -22,6 +22,8 @@ import com.alibaba.nacos.api.PropertyKeyConst;
 import com.alibaba.nacos.api.naming.NamingFactory;
 import com.alibaba.nacos.api.naming.NamingService;
 import java.util.Properties;
+
+import org.apache.skywalking.apm.util.StringUtil;
 import org.apache.skywalking.oap.server.core.CoreModule;
 import org.apache.skywalking.oap.server.core.cluster.ClusterModule;
 import org.apache.skywalking.oap.server.core.cluster.ClusterNodesQuery;
@@ -63,6 +65,16 @@ public class ClusterModuleNacosProvider extends ModuleProvider {
             Properties properties = new Properties();
             properties.put(PropertyKeyConst.SERVER_ADDR, config.getHostPort());
             properties.put(PropertyKeyConst.NAMESPACE, config.getNamespace());
+            if (StringUtil.isNotEmpty(config.getUsername()) && StringUtil.isNotEmpty(config.getAccessKey())) {
+                throw new ModuleStartException("Nacos Auth method should choose either username or accessKey, not both");
+            }
+            if (StringUtil.isNotEmpty(config.getUsername())) {
+                properties.put(PropertyKeyConst.USERNAME, config.getUsername());
+                properties.put(PropertyKeyConst.PASSWORD, config.getPassword());
+            } else if (StringUtil.isNotEmpty(config.getAccessKey())) {
+                properties.put(PropertyKeyConst.ACCESS_KEY, config.getAccessKey());
+                properties.put(PropertyKeyConst.SECRET_KEY, config.getSecretKey());
+            }
             namingService = NamingFactory.createNamingService(properties);
         } catch (Exception e) {
             throw new ModuleStartException(e.getMessage(), e);

oap-server/server-cluster-plugin/cluster-nacos-plugin/src/test/java/org/apache/skywalking/oap/server/cluster/plugin/nacos/ITClusterModuleNacosProviderFunctionalTest.java

@@ -40,9 +40,13 @@ import static org.junit.Assert.assertTrue;
 public class ITClusterModuleNacosProviderFunctionalTest {
 
     private String nacosAddress;
+    private String username;
+    private String password;
 
     @Before
     public void before() {
+        username = "nacos";
+        password = "nacos";
         nacosAddress = System.getProperty("nacos.address");
         assertFalse(StringUtil.isEmpty(nacosAddress));
     }
@@ -164,6 +168,8 @@ public class ITClusterModuleNacosProviderFunctionalTest {
 
         config.setHostPort(nacosAddress);
         config.setServiceName(servicName);
+        config.setUsername(username);
+        config.setPassword(password);
 
         provider.prepare();
         provider.start();
@@ -179,6 +185,8 @@ public class ITClusterModuleNacosProviderFunctionalTest {
 
         config.setHostPort(nacosAddress);
         config.setServiceName(serviceName);
+        config.setUsername(username);
+        config.setPassword(password);
 
         if (!StringUtil.isEmpty(internalComHost)) {
             config.setInternalComHost(internalComHost);

oap-server/server-configuration/configuration-nacos/src/main/java/org/apache/skywalking/oap/server/configuration/nacos/NacosConfigWatcherRegister.java

@@ -30,6 +30,8 @@ import java.util.Properties;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.Executor;
+
+import org.apache.skywalking.apm.util.StringUtil;
 import org.apache.skywalking.oap.server.configuration.api.ConfigTable;
 import org.apache.skywalking.oap.server.configuration.api.ConfigWatcherRegister;
 import org.slf4j.Logger;
@@ -56,6 +58,13 @@ public class NacosConfigWatcherRegister extends ConfigWatcherRegister {
         final Properties properties = new Properties();
         properties.put(PropertyKeyConst.SERVER_ADDR, serverAddr + ":" + port);
         properties.put(PropertyKeyConst.NAMESPACE, settings.getNamespace());
+        if (StringUtil.isNotEmpty(settings.getUsername())) {
+            properties.put(PropertyKeyConst.USERNAME, settings.getUsername());
+            properties.put(PropertyKeyConst.PASSWORD, settings.getPassword());
+        } else if (StringUtil.isNotEmpty(settings.getAccessKey())) {
+            properties.put(PropertyKeyConst.ACCESS_KEY, settings.getAccessKey());
+            properties.put(PropertyKeyConst.SECRET_KEY, settings.getSecretKey());
+        }
         this.configService = NacosFactory.createConfigService(properties);
     }
 

oap-server/server-configuration/configuration-nacos/src/main/java/org/apache/skywalking/oap/server/configuration/nacos/NacosConfigurationProvider.java

@@ -20,6 +20,7 @@ package org.apache.skywalking.oap.server.configuration.nacos;
 
 import com.alibaba.nacos.api.exception.NacosException;
 import com.google.common.base.Strings;
+import org.apache.skywalking.apm.util.StringUtil;
 import org.apache.skywalking.oap.server.configuration.api.AbstractConfigurationProvider;
 import org.apache.skywalking.oap.server.configuration.api.ConfigWatcherRegister;
 import org.apache.skywalking.oap.server.library.module.ModuleConfig;
@@ -61,7 +62,9 @@ public class NacosConfigurationProvider extends AbstractConfigurationProvider {
         if (Strings.isNullOrEmpty(settings.getGroup())) {
             throw new ModuleStartException("Nacos group cannot be null or empty.");
         }
-
+        if (StringUtil.isNotEmpty(settings.getUsername()) && StringUtil.isNotEmpty(settings.getAccessKey())) {
+            throw new ModuleStartException("Nacos Auth method should choose either username or accessKey, not both");
+        }
         try {
             return new NacosConfigWatcherRegister(settings);
         } catch (NacosException e) {

oap-server/server-configuration/configuration-nacos/src/main/java/org/apache/skywalking/oap/server/configuration/nacos/NacosServerSettings.java

@@ -32,4 +32,8 @@ public class NacosServerSettings extends ModuleConfig {
     private int port = 8848;
     private String group;
     private int period = 60;
+    private String username;
+    private String password;
+    private String accessKey;
+    private String secretKey;
 }

oap-server/server-configuration/configuration-nacos/src/test/resources/application.yml

@@ -33,3 +33,9 @@ configuration:
     period: 1
     # the name of current cluster, set the name if you want to upstream system known.
     clusterName: "default"
+    # Nacos auth username
+    username: 'nacos'
+    password: 'nacos'
+    # Nacos auth accessKey
+    accessKey: ''
+    secretKey: ''