Merge 'feature/support_rds_auth' into 'master'

chore：add rds connect

See merge request: !883

Author: volc-sdk-team

volcengine-java-sdk-core/src/main/java/com/volcengine/feature/rds/auth/ConnectUtils.java

@@ -0,0 +1,120 @@
+package com.volcengine.feature.rds.auth;
+
+import com.volcengine.ApiClient;
+import com.volcengine.ApiException;
+import com.volcengine.Pair;
+import com.volcengine.endpoint.ResolveEndpointOption;
+import com.volcengine.endpoint.ResolvedEndpoint;
+import com.volcengine.endpoint.StandardEndpointProvider;
+import com.volcengine.interceptor.*;
+import com.volcengine.sign.ServiceInfo;
+
+import org.apache.commons.lang.StringUtils;
+
+import java.util.*;
+
+/**
+ * RDS MySQL database connection utility class.
+ * Generates a presigned URL that can be used as the authentication token (password) for database connections.
+ */
+public class ConnectUtils {
+
+    private static final String SERVICE_NAME = "rds_mysql";
+    private static final String ACTION = "ConnectDatabase";
+    private static final String VERSION = "2022-01-01";
+    private static final int DEFAULT_EXPIRES_SECONDS = 900; // 15 minutes
+
+    /**
+     * Generate an authorization token for database connection (used as password).
+     * Aligned with Go SDK's BuildAuthToken implementation.
+     *
+     * @param apiClient  ApiClient containing Credentials, Region, DisableSSL, and UseDualStack settings
+     * @param dbUser     Database user account
+     * @param instanceId Database instance ID
+     * @param expires    Expiration time in seconds, defaults to 900 seconds (15 minutes) if <= 0
+     * @return Presigned URL string that can be used as the authorization token for database connection
+     * @throws ApiException if parameters are invalid or signing fails
+     */
+    public static String buildAuthToken(ApiClient apiClient, String dbUser, String instanceId, int expires) throws ApiException {
+        // Parameter validation
+        if (apiClient == null) {
+            throw new IllegalArgumentException("apiClient must not be null");
+        }
+
+        if (StringUtils.isEmpty(apiClient.getRegion())) {
+            throw new IllegalArgumentException("region must not be empty");
+        }
+
+        if (StringUtils.isEmpty(dbUser)) {
+            throw new IllegalArgumentException("dbUser must not be empty");
+        }
+
+        if (StringUtils.isEmpty(instanceId)) {
+            throw new IllegalArgumentException("instanceId must not be empty");
+        }
+
+        // Use default expires if <= 0
+        if (expires <= 0) {
+            expires = DEFAULT_EXPIRES_SECONDS;
+        }
+
+        // Resolve endpoint: prefer user-configured endpoint, fallback to StandardEndpointProvider
+        String endpoint = getEndpoint(apiClient);
+
+        // SSL handling, ResolveEndpointInterceptor dose not support this
+        String schema = apiClient.getDisableSSL() ? "http" : "https";
+
+        // Build InterceptorContext with presigned flag
+        InterceptorContext context = new InterceptorContext(apiClient.getHttpClient(), null);
+        context.setApiClient(apiClient);
+
+        RequestInterceptorContext reqCtx = context.getRequestContext();
+        reqCtx.setPresigned(true);
+        reqCtx.setSchema(schema);
+        reqCtx.setHost(endpoint);
+        reqCtx.setMethod("GET");
+        reqCtx.setServiceInfo(new ServiceInfo(SERVICE_NAME, "GET"));
+        reqCtx.setHeaderParams(new HashMap<>());
+
+        List<Pair> queryParams = new ArrayList<>();
+        queryParams.add(new Pair("Action", ACTION));
+        queryParams.add(new Pair("Version", VERSION));
+        queryParams.add(new Pair("X-Expires", String.valueOf(expires)));
+        queryParams.add(new Pair("DBUser", dbUser));
+        queryParams.add(new Pair("InstanceId", instanceId));
+        reqCtx.setQueryParams(queryParams);
+
+        // Execute sign interceptor for presigning
+        new SignRequestInterceptor().intercept(context);
+
+        return reqCtx.getPresignedUrl();
+    }
+
+    /**
+     * Resolve endpoint host from ApiClient.
+     * If the user has configured a custom endpoint (via apiClient.setEndpoint), it takes priority.
+     * Strips schema prefix if present to return pure host.
+     * Falls back to StandardEndpointProvider for region-based resolution when no custom endpoint is set.
+     *
+     * @return endpoint host without schema
+     */
+    private static String getEndpoint(ApiClient apiClient) {
+        if (StringUtils.isNotEmpty(apiClient.getEndpoint())) {
+            String ep = apiClient.getEndpoint();
+            if (ep.startsWith("https://")) {
+                return ep.substring("https://".length());
+            }
+            if (ep.startsWith("http://")) {
+                return ep.substring("http://".length());
+            }
+            return ep;
+        }
+        StandardEndpointProvider endpointProvider = new StandardEndpointProvider();
+        ResolveEndpointOption option = new ResolveEndpointOption();
+        option.setService(SERVICE_NAME);
+        option.setRegion(apiClient.getRegion());
+        option.setUseDualStack(apiClient.getUseDualStack());
+        ResolvedEndpoint resolved = endpointProvider.endpointFor(option);
+        return resolved.getEndpoint();
+    }
+}

volcengine-java-sdk-core/src/main/java/com/volcengine/interceptor/RequestInterceptorContext.java

@@ -22,6 +22,9 @@ public class RequestInterceptorContext {
     private ProgressRequestBody.ProgressRequestListener progressRequestListener;
     private boolean isCommon;
 
+    private boolean presigned = false;
+    private String presignedUrl;
+
     private ServiceInfo serviceInfo;
     private Request request;
 
@@ -120,4 +123,20 @@ public Request getRequest() {
     public void setRequest(Request request) {
         this.request = request;
     }
+
+    public boolean isPresigned() {
+        return presigned;
+    }
+
+    public void setPresigned(boolean presigned) {
+        this.presigned = presigned;
+    }
+
+    public String getPresignedUrl() {
+        return presignedUrl;
+    }
+
+    public void setPresignedUrl(String presignedUrl) {
+        this.presignedUrl = presignedUrl;
+    }
 }

volcengine-java-sdk-core/src/main/java/com/volcengine/interceptor/SignRequestInterceptor.java

@@ -14,8 +14,7 @@
 import org.apache.commons.lang.StringUtils;
 
 import java.io.IOException;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 
 public class SignRequestInterceptor implements RequestInterceptor {
 
@@ -35,17 +34,8 @@ public InterceptorContext intercept(InterceptorContext context) throws ApiExcept
         ServiceInfo serviceInfo = context.getRequestContext().getServiceInfo();
         String[] authNames = context.getRequestContext().getAuthNames();
         RequestBody reqBody = context.getRequestContext().getRequestBody();
-        ProgressRequestBody.ProgressRequestListener progressRequestListener = context.getInitInterceptorContext().getProgressRequestListener();
 
         //sign
-        final Buffer buffer = new Buffer();
-        try {
-            if (reqBody != null) {
-                reqBody.writeTo(buffer);
-            }
-        } catch (IOException e) {
-            throw new ApiException(e);
-        }
         VolcstackSign volcengineSign = new VolcstackSign();
         if (context.getApiClient().getCredentials() != null) {
             volcengineSign.setCredentials(context.getApiClient().getCredentials());
@@ -74,8 +64,39 @@ public InterceptorContext intercept(InterceptorContext context) throws ApiExcept
         if (StringUtils.isEmpty(volcengineSign.getRegion())) {
             throw new RuntimeException("Region must set when ApiClient init");
         }
+
+        // Presigned branch
+        if (context.getRequestContext().isPresigned()) {
+            Map<String, String> queryParamsMap = new HashMap<>();
+            for (Pair p : queryParams) {
+                queryParamsMap.put(p.getName(), p.getValue());
+            }
+
+            String host = context.getRequestContext().getHost();
+            try {
+                Map<String, String> presignedParams = volcengineSign.presign(queryParamsMap, host);
+                String presignedUrl = buildPresignedUrl(
+                        context.getRequestContext().getSchema(), host, presignedParams);
+                context.getRequestContext().setPresignedUrl(presignedUrl);
+            } catch (Exception e) {
+                throw new ApiException(e);
+            }
+            return context;
+        }
+
+        // Normal sign branch
+        final Buffer buffer = new Buffer();
+        try {
+            if (reqBody != null) {
+                reqBody.writeTo(buffer);
+            }
+        } catch (IOException e) {
+            throw new ApiException(e);
+        }
         volcengineSign.applyToParams(queryParams, headerParams, buffer.readUtf8());
 
+        ProgressRequestBody.ProgressRequestListener progressRequestListener = context.getInitInterceptorContext().getProgressRequestListener();
+
         //build final call
         StringBuilder url = new StringBuilder();
         url.append(context.getRequestContext().getSchema());
@@ -101,4 +122,23 @@ public InterceptorContext intercept(InterceptorContext context) throws ApiExcept
         context.getRequestContext().setRequest(request);
         return context;
     }
+
+    private static String buildPresignedUrl(String scheme, String host, Map<String, String> presignedParams) {
+        StringBuilder url = new StringBuilder();
+        url.append(scheme).append("://").append(host).append("?");
+
+        List<String> keys = new ArrayList<>(presignedParams.keySet());
+        Collections.sort(keys);
+
+        for (int i = 0; i < keys.size(); i++) {
+            String key = keys.get(i);
+            String value = presignedParams.get(key);
+            url.append(key).append("=").append(value);
+            if (i < keys.size() - 1) {
+                url.append("&");
+            }
+        }
+
+        return url.toString();
+    }
 }