diff --git a/bcs-services/bcs-bscp/cmd/auth-server/service/service.go b/bcs-services/bcs-bscp/cmd/auth-server/service/service.go index 16d5152b8d..3f437d8f86 100644 --- a/bcs-services/bcs-bscp/cmd/auth-server/service/service.go +++ b/bcs-services/bcs-bscp/cmd/auth-server/service/service.go @@ -40,6 +40,7 @@ import ( "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/cc" "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/components/bkpaas" "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/criteria/errf" + "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/iam/apigw" iamauth "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/iam/auth" "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/iam/client" "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/iam/meta" @@ -76,6 +77,7 @@ type Service struct { // auth logic module. auth *auth.Auth spaceMgr *space.Manager + pubKey string } // NewService create a service instance. @@ -110,6 +112,10 @@ func NewService(sd serviced.Discover, iamSettings cc.IAM, disableAuth bool, spaceMgr: spaceMgr, } + if errH := s.handlerPrivateVersion(); errH != nil { + return nil, errH + } + if err = s.initLogicModule(); err != nil { return nil, err } @@ -117,6 +123,28 @@ func NewService(sd serviced.Discover, iamSettings cc.IAM, disableAuth bool, return s, nil } +// 处理私有化版本 +func (s *Service) handlerPrivateVersion() error { + s.pubKey = cc.AuthServer().LoginAuth.GWPubKey + if cc.AuthServer().LoginAuth.PrivateVersion { + gw, err := apigw.NewApiGw(cc.AuthServer().Esb) + if err != nil { + return err + } + + result, err := gw.GetApigwPublicKey(apigw.Name) + if err != nil { + return err + } + if result.Code != 0 && result.Data.PublicKey == "" { + return fmt.Errorf("get the gateway public key failed, err: %s", result.Message) + } + s.pubKey = result.Data.PublicKey + } + + return nil +} + // Handler return service's handler. func (s *Service) Handler() (http.Handler, error) { if s.gateway == nil { @@ -255,12 +283,13 @@ func (s *Service) InitAuthCenter(ctx context.Context, req *pbas.InitAuthCenterRe // GetAuthConf get auth login conf func (s *Service) GetAuthConf(_ context.Context, _ *pbas.GetAuthConfReq) (*pbas.GetAuthConfResp, error) { + resp := &pbas.GetAuthConfResp{ LoginAuth: &pbas.LoginAuth{ Host: cc.AuthServer().LoginAuth.Host, InnerHost: cc.AuthServer().LoginAuth.InnerHost, Provider: cc.AuthServer().LoginAuth.Provider, - GwPubkey: cc.AuthServer().LoginAuth.GWPubKey, + GwPubkey: s.pubKey, UseEsb: false, }, Esb: &pbas.ESB{ diff --git a/bcs-services/bcs-bscp/pkg/cc/service.go b/bcs-services/bcs-bscp/pkg/cc/service.go index 8af70611c0..1188e9388f 100644 --- a/bcs-services/bcs-bscp/pkg/cc/service.go +++ b/bcs-services/bcs-bscp/pkg/cc/service.go @@ -135,6 +135,8 @@ type LoginAuthSettings struct { Provider string `yaml:"provider"` UseESB bool `yaml:"useEsb"` GWPubKey string `yaml:"gwPubkey"` + // PrivateVersion 是否是私有化版本 + PrivateVersion bool `yaml:"privateVersion"` } // trySetFlagBindIP try set flag bind ip. diff --git a/bcs-services/bcs-bscp/pkg/iam/apigw/apigw.go b/bcs-services/bcs-bscp/pkg/iam/apigw/apigw.go index 47cb189a64..8122370a46 100644 --- a/bcs-services/bcs-bscp/pkg/iam/apigw/apigw.go +++ b/bcs-services/bcs-bscp/pkg/iam/apigw/apigw.go @@ -60,7 +60,7 @@ type ApiGw interface { } // NewApiGw 初始化网关 -func NewApiGw(opt cc.ApiServerSetting) (ApiGw, error) { +func NewApiGw(opt cc.Esb) (ApiGw, error) { c, err := client.NewClient(nil) if err != nil { @@ -70,11 +70,12 @@ func NewApiGw(opt cc.ApiServerSetting) (ApiGw, error) { client: c, opt: opt, }, nil + } type apiGw struct { client *http.Client - opt cc.ApiServerSetting + opt cc.Esb } // SyncApi 同步网关,如果网关不存在,创建网关,如果网关已存在,更新网关 @@ -359,7 +360,7 @@ func (a *apiGw) newRequest(method, url string, body []byte) (*http.Request, erro // 设置请求头 req.Header.Set("X-Bkapi-Authorization", fmt.Sprintf(`{"bk_app_code": "%s", "bk_app_secret": "%s"}`, - a.opt.Esb.AppCode, a.opt.Esb.AppSecret)) + a.opt.AppCode, a.opt.AppSecret)) req.Header.Set("Content-Type", "application/json") return req, nil diff --git a/bcs-services/bcs-bscp/pkg/iam/apigw/sync_docs.go b/bcs-services/bcs-bscp/pkg/iam/apigw/sync_docs.go index 3942e2b099..fd6ab417c6 100644 --- a/bcs-services/bcs-bscp/pkg/iam/apigw/sync_docs.go +++ b/bcs-services/bcs-bscp/pkg/iam/apigw/sync_docs.go @@ -21,27 +21,30 @@ import ( ) const ( - name = "bk-bscp-test" + // Name 网关名 + Name = "bk-bscp-test" env = "prod" description = "bk-bscp-test 网关描述" host = "http://bscp-api.sit.bktencent.com" ) // ReleaseSwagger 导入swagge 文档 -func ReleaseSwagger(opt cc.ApiServerSetting, language, version string) error { // nolint +// nolint:funlen +func ReleaseSwagger(opt cc.ApiServerSetting, language, version string) error { + // 获取需要导入的文档 swaggerData, err := docs.Assets.ReadFile("swagger/bkapigw.swagger.json") if err != nil { return fmt.Errorf("reads and returns the content of the named file failed, err: %s", err.Error()) } // 初始化网关 - gw, err := NewApiGw(opt) + gw, err := NewApiGw(opt.Esb) if err != nil { return fmt.Errorf("init api gateway failed, err: %s", err.Error()) } // 创建或者更新网关 - syncApiResp, err := gw.SyncApi(name, &SyncApiReq{ + syncApiResp, err := gw.SyncApi(Name, &SyncApiReq{ Description: description, Maintainers: []string{"admin"}, IsPublic: true,