feat: Support a new LLM provider type: vertex (higress-group#540)

Author: CH3CHO

backend/sdk/src/main/java/com/alibaba/higress/sdk/model/ai/LlmProviderType.java

@@ -75,4 +75,6 @@ private LlmProviderType() {}
     public static final String TOGETHER_AI = "together-ai";
 
     public static final String BEDROCK = "bedrock";
+
+    public static final String VERTEX = "vertex";
 }

backend/sdk/src/main/java/com/alibaba/higress/sdk/service/ai/LlmProviderHandler.java

@@ -12,6 +12,7 @@
  */
 package com.alibaba.higress.sdk.service.ai;
 
+import java.util.List;
 import java.util.Map;
 
 import com.alibaba.higress.sdk.model.ServiceSource;
@@ -39,5 +40,9 @@ default LlmProvider createProvider() {
 
     ServiceSource buildServiceSource(String providerName, Map<String, Object> providerConfig);
 
+    default List<ServiceSource> getExtraServiceSources(String providerName, Map<String, Object> providerConfig, boolean forDelete) {
+        return null;
+    }
+
     UpstreamService buildUpstreamService(String providerName, Map<String, Object> providerConfig);
 }

backend/sdk/src/main/java/com/alibaba/higress/sdk/service/ai/LlmProviderServiceImpl.java

@@ -26,7 +26,6 @@
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
-import com.alibaba.higress.sdk.util.MapUtil;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.collections4.MapUtils;
 import org.apache.commons.lang3.StringUtils;
@@ -45,6 +44,7 @@
 import com.alibaba.higress.sdk.service.ServiceSourceService;
 import com.alibaba.higress.sdk.service.WasmPluginInstanceService;
 import com.alibaba.higress.sdk.service.kubernetes.crd.mcp.V1McpBridge;
+import com.alibaba.higress.sdk.util.MapUtil;
 
 @SuppressWarnings("unchecked")
 public class LlmProviderServiceImpl implements LlmProviderService {
@@ -80,7 +80,8 @@ public class LlmProviderServiceImpl implements LlmProviderService {
             new DefaultLlmProviderHandler(LlmProviderType.DOUBAO, "ark.cn-beijing.volces.com", 443,
                 V1McpBridge.PROTOCOL_HTTPS),
             new DefaultLlmProviderHandler(LlmProviderType.COZE, "api.coze.cn", 443, V1McpBridge.PROTOCOL_HTTPS),
-            new BedrockLlmProviderHandler()).collect(Collectors.toMap(LlmProviderHandler::getType, p -> p));
+            new BedrockLlmProviderHandler(), new VertexLlmProviderHandler())
+            .collect(Collectors.toMap(LlmProviderHandler::getType, p -> p));
     }
 
     private final ServiceSourceService serviceSourceService;
@@ -150,6 +151,14 @@ public LlmProvider addOrUpdate(LlmProvider provider) {
 
         ServiceSource serviceSource = handler.buildServiceSource(provider.getName(), providerConfig);
 
+        List<ServiceSource> extraServiceSources =
+            handler.getExtraServiceSources(provider.getName(), providerConfig, false);
+        if (CollectionUtils.isNotEmpty(extraServiceSources)) {
+            for (ServiceSource extraSource : extraServiceSources) {
+                serviceSourceService.addOrUpdate(extraSource);
+            }
+        }
+
         UpstreamService upstreamService = handler.buildUpstreamService(provider.getName(), providerConfig);
         WasmPluginInstance serviceInstance = new WasmPluginInstance();
         serviceInstance.setPluginName(instance.getPluginName());
@@ -232,6 +241,14 @@ public void delete(String providerName) {
                     BuiltInPluginName.AI_PROXY);
                 ServiceSource serviceSource = handler.buildServiceSource(providerName, deletedProvider);
                 serviceSourceService.delete(serviceSource.getName());
+
+                List<ServiceSource> extraServiceSources =
+                    handler.getExtraServiceSources(providerName, deletedProvider, true);
+                if (CollectionUtils.isNotEmpty(extraServiceSources)) {
+                    for (ServiceSource extraSource : extraServiceSources) {
+                        serviceSourceService.delete(extraSource.getName());
+                    }
+                }
             }
         }
 
@@ -268,7 +285,7 @@ private SortedMap<String, LlmProvider> getProviders() {
         if (!(providersObj instanceof List<?>)) {
             return new TreeMap<>();
         }
-        List<?> providerList= (List<?>)providersObj;
+        List<?> providerList = (List<?>)providersObj;
         SortedMap<String, LlmProvider> providers = new TreeMap<>();
         for (Object providerObj : providerList) {
             if (!(providerObj instanceof Map<?, ?>)) {

backend/sdk/src/main/java/com/alibaba/higress/sdk/service/ai/VertexLlmProviderHandler.java

@@ -0,0 +1,141 @@
+/*
+ * Copyright (c) 2022-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+package com.alibaba.higress.sdk.service.ai;
+
+import java.util.Collections;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+import java.util.function.BiConsumer;
+
+import org.apache.commons.collections4.MapUtils;
+import org.apache.commons.lang3.StringUtils;
+
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONException;
+import com.alibaba.fastjson.JSONObject;
+import com.alibaba.higress.sdk.constant.HigressConstants;
+import com.alibaba.higress.sdk.exception.ValidationException;
+import com.alibaba.higress.sdk.model.ServiceSource;
+import com.alibaba.higress.sdk.model.ai.LlmProviderEndpoint;
+import com.alibaba.higress.sdk.model.ai.LlmProviderType;
+import com.alibaba.higress.sdk.service.kubernetes.crd.mcp.V1McpBridge;
+
+public class VertexLlmProviderHandler extends AbstractLlmProviderHandler {
+
+    private static final String VERTEX_AUTH_KEY_KEY = "vertexAuthKey";
+    private static final String VERTEX_REGION_KEY = "vertexRegion";
+    private static final String VERTEX_PROJECT_ID_KEY = "vertexProjectId";
+    private static final String VERTEX_AUTH_SERVICE_NAME_KEY = "vertexAuthServiceName";
+    private static final String VERTEX_TOKEN_REFRESH_AHEAD_KEY = "vertexTokenRefreshAhead";
+    private static final String GEMINI_SAFETY_SETTING_KEY = "geminiSafetySetting";
+
+    private static final String DOMAIN_FORMAT = "%s-aiplatform.googleapis.com";
+
+    private static final String DEFAULT_AUTH_SERVICE_NAME =
+        "vertex-auth" + HigressConstants.INTERNAL_RESOURCE_NAME_SUFFIX;
+    private static final String AUTH_SERVICE_DOMAIN = "oauth2.googleapis.com";
+    private static final List<ServiceSource> EXTRA_SERVICE_SOURCES;
+
+    static {
+        ServiceSource authServiceSource = new ServiceSource();
+        authServiceSource.setName(DEFAULT_AUTH_SERVICE_NAME);
+        authServiceSource.setType(V1McpBridge.REGISTRY_TYPE_DNS);
+        authServiceSource.setProtocol(V1McpBridge.PROTOCOL_HTTPS);
+        authServiceSource.setPort(443);
+        authServiceSource.setDomain(AUTH_SERVICE_DOMAIN);
+        EXTRA_SERVICE_SOURCES = Collections.singletonList(authServiceSource);
+    }
+
+    @Override
+    public String getType() {
+        return LlmProviderType.VERTEX;
+    }
+
+    @Override
+    public void normalizeConfigs(Map<String, Object> configurations) {
+        if (MapUtils.isEmpty(configurations)) {
+            throw new ValidationException("Missing Vertex specific configurations.");
+        }
+
+        String region = MapUtils.getString(configurations, VERTEX_REGION_KEY);
+        if (StringUtils.isEmpty(region)) {
+            throw new ValidationException(VERTEX_REGION_KEY + " cannot be empty.");
+        }
+        configurations.put(VERTEX_REGION_KEY, region.toLowerCase(Locale.ROOT));
+
+        String projectId = MapUtils.getString(configurations, VERTEX_PROJECT_ID_KEY);
+        if (StringUtils.isEmpty(projectId)) {
+            throw new ValidationException(VERTEX_PROJECT_ID_KEY + " cannot be empty.");
+        }
+
+        String authKey = MapUtils.getString(configurations, VERTEX_AUTH_KEY_KEY);
+        if (StringUtils.isEmpty(authKey)) {
+            throw new ValidationException(VERTEX_AUTH_KEY_KEY + " cannot be empty.");
+        }
+        JSONObject authKeyObject;
+        try {
+            authKeyObject = JSON.parseObject(authKey);
+        } catch (JSONException ex) {
+            throw new ValidationException(VERTEX_AUTH_KEY_KEY + " must contain a valid JSON object.", ex);
+        }
+        final BiConsumer<JSONObject, String> ensureJsonStringProperty = (jsonObject, key) -> {
+            Object value = jsonObject.get(key);
+            if (!(value instanceof String)) {
+                throw new ValidationException(
+                    VERTEX_AUTH_KEY_KEY + " must contain a valid JSON object with a string property: " + key);
+            }
+        };
+        ensureJsonStringProperty.accept(authKeyObject, "client_email");
+        ensureJsonStringProperty.accept(authKeyObject, "private_key_id");
+        ensureJsonStringProperty.accept(authKeyObject, "private_key");
+        ensureJsonStringProperty.accept(authKeyObject, "token_uri");
+
+        Integer tokenRefreshAhead = MapUtils.getInteger(configurations, VERTEX_TOKEN_REFRESH_AHEAD_KEY);
+        if (tokenRefreshAhead != null && tokenRefreshAhead < 0) {
+            throw new ValidationException(VERTEX_TOKEN_REFRESH_AHEAD_KEY + " must be a non-negative number.");
+        }
+
+        Object rawGeminiSafetySetting = configurations.get(GEMINI_SAFETY_SETTING_KEY);
+        if (rawGeminiSafetySetting != null) {
+            if (!(rawGeminiSafetySetting instanceof Map)) {
+                throw new ValidationException(GEMINI_SAFETY_SETTING_KEY + " must be an object.");
+            }
+            Map<?, ?> geminiSafetySetting = (Map<?, ?>)rawGeminiSafetySetting;
+            for (Map.Entry<?, ?> entry : geminiSafetySetting.entrySet()) {
+                if (!(entry.getKey() instanceof String) || !(entry.getValue() instanceof String)) {
+                    throw new ValidationException(
+                        GEMINI_SAFETY_SETTING_KEY + " must be an object with string key-value pairs.");
+                }
+            }
+        }
+
+        configurations.put(VERTEX_AUTH_SERVICE_NAME_KEY, DEFAULT_AUTH_SERVICE_NAME);
+    }
+
+    @Override
+    protected List<LlmProviderEndpoint> getProviderEndpoints(Map<String, Object> providerConfig) {
+        String region = MapUtils.getString(providerConfig, VERTEX_REGION_KEY);
+        if (StringUtils.isEmpty(region)) {
+            throw new ValidationException(VERTEX_REGION_KEY + " cannot be empty.");
+        }
+        String domain = String.format(DOMAIN_FORMAT, region);
+        return Collections.singletonList(new LlmProviderEndpoint(V1McpBridge.PROTOCOL_HTTPS, domain, 443, "/"));
+    }
+
+    @Override
+    public List<ServiceSource> getExtraServiceSources(String providerName, Map<String, Object> providerConfig,
+        boolean forDelete) {
+        return forDelete ? Collections.emptyList() : EXTRA_SERVICE_SOURCES;
+    }
+}

frontend/src/locales/en-US/translation.json

@@ -254,7 +254,14 @@
         "openaiCustomUrl": "Custom OpenAI Service Base URL",
         "awsRegion": "AWS Region",
         "awsAccessKey": "AWS Access Key ID",
-        "awsSecretKey": "AWS Secret Access Key"
+        "awsSecretKey": "AWS Secret Access Key",
+        "vertexRegion": "Google Cloud Region",
+        "vertexProjectId": "Google Cloud Product ID",
+        "vertexAuthKey": "Google Cloud Service Account Key",
+        "vertexTokenRefreshAhead": "Lead time of rereshing Google Cloud Access Token (sec)",
+        "geminiSafetySettings": "Gemini API Safety Settings",
+        "geminiSafetyCategory": "Harm Category",
+        "geminiSafetyThreshold": "Block Threshold"
       },
       "rules": {
         "tokenRequired": "Please input auth token",
@@ -276,7 +283,18 @@
         "openaiCustomUrlInconsistentContextPaths": "Inconsistent paths found in custom OpenAI service base URLs",
         "awsRegionRequired": "Please input AWS Region",
         "awsAccessKeyRequired": "Please input AWS Access Key ID",
-        "awsSecretKeyRequired": "Please input AWS Secret Access Key"
+        "awsSecretKeyRequired": "Please input AWS Secret Access Key",
+        "vertexRegionRequired": "Please input Google Cloud Region",
+        "vertexProjectIdRequired": "Please input Google Cloud Product ID",
+        "vertexAuthKeyRequired": "Please input  Google Cloud Service Account Key",
+        "vertexAuthKeyBadFormat": "Invalid Google Cloud service account key format, which must be a JSON string.",
+        "vertexAuthKeyBadRequiredProperty": "Required property is missing in the Google Cloud service account key: {{key}}",
+        "geminiSafetyCategoryRequired": "Please input harm category",
+        "geminiSafetyCategoryDuplicated": "Found duplicated harm categories",
+        "geminiSafetyThresholdRequired": "Please input block threshold"
+      },
+      "tooltips": {
+        "vertexTokenRefreshAheadTooltip": "The lead time in seconds of refreshing the access token used to send requests to Vertex API. Leave it blank if the token shall only be refreshed after expired."
       },
       "placeholder": {
         "azureServiceUrlPlaceholder": "It shall contain \"/chat/completions\" in the path and \"api-version\" in the query string",
@@ -295,7 +313,8 @@
         "content_diffNs": "If the Secret and Higress belong to different namespaces:",
         "example": "e.g. ",
         "roleConfig": "Higress can read Secret data in any namespace by default. But if the role configuration is modified, please make sure the ServiceAccount bound to Higress Controller is allowed to read the configured Secret resource."
-      }
+      },
+      "addGeminiSafetySetting": "Add a safety setting"
     },
     "create": "Create AI Service Provider",
     "edit": "Edit AI Service Provider",

frontend/src/locales/zh-CN/translation.json

@@ -254,7 +254,14 @@
         "openaiCustomUrl": "自定义 OpenAI 服务 BaseURL",
         "awsRegion": "AWS Region",
         "awsAccessKey": "AWS Access Key ID",
-        "awsSecretKey": "AWS Secret Access Key"
+        "awsSecretKey": "AWS Secret Access Key",
+        "vertexRegion": "Google Cloud Region",
+        "vertexProjectId": "Google Cloud 项目 ID",
+        "vertexAuthKey": "Google Cloud 服务账号密钥",
+        "vertexTokenRefreshAhead": "Google Cloud 访问令牌刷新提前量（秒）",
+        "geminiSafetySettings": "Gemini API 安全设置",
+        "geminiSafetyCategory": "危害类别",
+        "geminiSafetyThreshold": "屏蔽阈值"
       },
       "rules": {
         "tokenRequired": "请输入凭证",
@@ -276,7 +283,18 @@
         "openaiCustomUrlInconsistentContextPaths": "各个自定义 OpenAI 服务 BaseURL 所使用的路径不一致",
         "awsRegionRequired": "请输入 AWS Region",
         "awsAccessKeyRequired": "请输入 AWS Access Key ID",
-        "awsSecretKeyRequired": "请输入 AWS Secret Access Key"
+        "awsSecretKeyRequired": "请输入 AWS Secret Access Key",
+        "vertexRegionRequired": "请输入 Google Cloud Region",
+        "vertexProjectIdRequired": "请输入 Google Cloud 项目 ID",
+        "vertexAuthKeyRequired": "请输入 Google Cloud 服务账号密钥",
+        "vertexAuthKeyBadFormat": "Google Cloud 服务账号密钥的格式不正确，必须为 JSON 格式的字符串",
+        "vertexAuthKeyBadRequiredProperty": "Google Cloud 服务账号密钥中缺少必要的属性：{{key}}",
+        "geminiSafetyCategoryRequired": "请输入危害类别",
+        "geminiSafetyCategoryDuplicated": "存在重复配置的危害类别",
+        "geminiSafetyThresholdRequired": "请输入屏蔽阈值"
+      },
+      "tooltips": {
+        "vertexTokenRefreshAheadTooltip": "提前刷新用于访问 Vertex API 的访问密钥的时间，单位为秒。留空表示仅在密钥过期时刷新。"
       },
       "placeholder": {
         "azureServiceUrlPlaceholder": "需包含“/chat/completions”路径和“api-version”查询参数",
@@ -295,7 +313,8 @@
         "content_diffNs": "若 Secret 与 Higress 在不同的命名空间：",
         "example": "例如：",
         "roleConfig": "默认配置下，Higress 可以读取任意命名空间下的 Secret 信息。如果你调整过这部分配置，请确保 Higress Controller 的 ServiceAccount 可以读取配置中所引用的 Secret 数据。"
-      }
+      },
+      "addGeminiSafetySetting": "添加安全设置"
     },
     "create": "创建AI服务提供者",
     "edit": "编辑AI服务提供者",