From 21c83e2b72fa91f954ad35d96b7577a9fd8cab8b Mon Sep 17 00:00:00 2001 From: Ambition <918632536@qq.com> Date: Tue, 9 Jul 2024 15:42:25 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E6=B7=BB=E5=8A=A0=E7=A7=81=E6=9C=89?= =?UTF-8?q?=E5=8C=96=E7=89=88=E6=9C=AC=E5=8F=82=E6=95=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../cmd/auth-server/service/service.go | 31 ++++++++++++++++++- bcs-services/bcs-bscp/pkg/cc/service.go | 20 ++++++++---- bcs-services/bcs-bscp/pkg/cc/types.go | 5 +-- bcs-services/bcs-bscp/pkg/iam/apigw/apigw.go | 7 +++-- .../bcs-bscp/pkg/iam/apigw/sync_docs.go | 16 +++++----- 5 files changed, 60 insertions(+), 19 deletions(-) diff --git a/bcs-services/bcs-bscp/cmd/auth-server/service/service.go b/bcs-services/bcs-bscp/cmd/auth-server/service/service.go index 16d5152b8d..f2d2a1cd58 100644 --- a/bcs-services/bcs-bscp/cmd/auth-server/service/service.go +++ b/bcs-services/bcs-bscp/cmd/auth-server/service/service.go @@ -40,6 +40,7 @@ import ( "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/cc" "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/components/bkpaas" "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/criteria/errf" + "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/iam/apigw" iamauth "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/iam/auth" "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/iam/client" "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/iam/meta" @@ -76,6 +77,7 @@ type Service struct { // auth logic module. auth *auth.Auth spaceMgr *space.Manager + pubKey string } // NewService create a service instance. @@ -110,6 +112,10 @@ func NewService(sd serviced.Discover, iamSettings cc.IAM, disableAuth bool, spaceMgr: spaceMgr, } + if errH := s.handlerAutoRegister(); errH != nil { + return nil, errH + } + if err = s.initLogicModule(); err != nil { return nil, err } @@ -117,6 +123,28 @@ func NewService(sd serviced.Discover, iamSettings cc.IAM, disableAuth bool, return s, nil } +// 注册网关 +func (s *Service) handlerAutoRegister() error { + s.pubKey = cc.AuthServer().LoginAuth.GWPubKey + if cc.AuthServer().ApiGateway.AutoRegister { + gw, err := apigw.NewApiGw(cc.AuthServer().Esb) + if err != nil { + return err + } + + result, err := gw.GetApigwPublicKey(apigw.Name) + if err != nil { + return err + } + if result.Code != 0 && result.Data.PublicKey == "" { + return fmt.Errorf("get the gateway public key failed, err: %s", result.Message) + } + s.pubKey = result.Data.PublicKey + } + + return nil +} + // Handler return service's handler. func (s *Service) Handler() (http.Handler, error) { if s.gateway == nil { @@ -255,12 +283,13 @@ func (s *Service) InitAuthCenter(ctx context.Context, req *pbas.InitAuthCenterRe // GetAuthConf get auth login conf func (s *Service) GetAuthConf(_ context.Context, _ *pbas.GetAuthConfReq) (*pbas.GetAuthConfResp, error) { + resp := &pbas.GetAuthConfResp{ LoginAuth: &pbas.LoginAuth{ Host: cc.AuthServer().LoginAuth.Host, InnerHost: cc.AuthServer().LoginAuth.InnerHost, Provider: cc.AuthServer().LoginAuth.Provider, - GwPubkey: cc.AuthServer().LoginAuth.GWPubKey, + GwPubkey: s.pubKey, UseEsb: false, }, Esb: &pbas.ESB{ diff --git a/bcs-services/bcs-bscp/pkg/cc/service.go b/bcs-services/bcs-bscp/pkg/cc/service.go index 8af70611c0..09b7334d8c 100644 --- a/bcs-services/bcs-bscp/pkg/cc/service.go +++ b/bcs-services/bcs-bscp/pkg/cc/service.go @@ -120,12 +120,13 @@ func (s ApiServerSetting) Validate() error { // AuthServerSetting defines auth server used setting options. type AuthServerSetting struct { - Network Network `yaml:"network"` - Service Service `yaml:"service"` - Log LogOption `yaml:"log"` - LoginAuth LoginAuthSettings `yaml:"loginAuth"` - IAM IAM `yaml:"iam"` - Esb Esb `yaml:"esb"` + Network Network `yaml:"network"` + Service Service `yaml:"service"` + Log LogOption `yaml:"log"` + LoginAuth LoginAuthSettings `yaml:"loginAuth"` + IAM IAM `yaml:"iam"` + Esb Esb `yaml:"esb"` + ApiGateway ApiGateway `yaml:"apiGateway"` } // LoginAuthSettings login conf @@ -137,6 +138,13 @@ type LoginAuthSettings struct { GWPubKey string `yaml:"gwPubkey"` } +// ApiGateway gateway conf +type ApiGateway struct { + // AutoRegister 是否自动注册 + AutoRegister bool `yaml:"autoRegister"` + GWPubKey string `yaml:"gwPubkey"` +} + // trySetFlagBindIP try set flag bind ip. func (s *AuthServerSetting) trySetFlagBindIP(ip net.IP) error { return s.Network.trySetFlagBindIP(ip) diff --git a/bcs-services/bcs-bscp/pkg/cc/types.go b/bcs-services/bcs-bscp/pkg/cc/types.go index b7f6625580..37240df701 100644 --- a/bcs-services/bcs-bscp/pkg/cc/types.go +++ b/bcs-services/bcs-bscp/pkg/cc/types.go @@ -768,8 +768,9 @@ type Esb struct { // AppSecret is the blueking app secret of bscp to request esb. AppSecret string `yaml:"appSecret"` // User is the blueking user of bscp to request esb. - User string `yaml:"user"` - TLS TLSConfig `yaml:"tls"` + User string `yaml:"user"` + TLS TLSConfig `yaml:"tls"` + BscpHost string `yaml:"bscpHost"` } // validate esb runtime. diff --git a/bcs-services/bcs-bscp/pkg/iam/apigw/apigw.go b/bcs-services/bcs-bscp/pkg/iam/apigw/apigw.go index 47cb189a64..8122370a46 100644 --- a/bcs-services/bcs-bscp/pkg/iam/apigw/apigw.go +++ b/bcs-services/bcs-bscp/pkg/iam/apigw/apigw.go @@ -60,7 +60,7 @@ type ApiGw interface { } // NewApiGw 初始化网关 -func NewApiGw(opt cc.ApiServerSetting) (ApiGw, error) { +func NewApiGw(opt cc.Esb) (ApiGw, error) { c, err := client.NewClient(nil) if err != nil { @@ -70,11 +70,12 @@ func NewApiGw(opt cc.ApiServerSetting) (ApiGw, error) { client: c, opt: opt, }, nil + } type apiGw struct { client *http.Client - opt cc.ApiServerSetting + opt cc.Esb } // SyncApi 同步网关,如果网关不存在,创建网关,如果网关已存在,更新网关 @@ -359,7 +360,7 @@ func (a *apiGw) newRequest(method, url string, body []byte) (*http.Request, erro // 设置请求头 req.Header.Set("X-Bkapi-Authorization", fmt.Sprintf(`{"bk_app_code": "%s", "bk_app_secret": "%s"}`, - a.opt.Esb.AppCode, a.opt.Esb.AppSecret)) + a.opt.AppCode, a.opt.AppSecret)) req.Header.Set("Content-Type", "application/json") return req, nil diff --git a/bcs-services/bcs-bscp/pkg/iam/apigw/sync_docs.go b/bcs-services/bcs-bscp/pkg/iam/apigw/sync_docs.go index 3942e2b099..ea93bd21fa 100644 --- a/bcs-services/bcs-bscp/pkg/iam/apigw/sync_docs.go +++ b/bcs-services/bcs-bscp/pkg/iam/apigw/sync_docs.go @@ -21,27 +21,29 @@ import ( ) const ( - name = "bk-bscp-test" + // Name 网关名 + Name = "bk-bscp" env = "prod" - description = "bk-bscp-test 网关描述" - host = "http://bscp-api.sit.bktencent.com" + description = "服务配置平台(bk_bscp)API 网关,包含了服务、配置项/模板、版本、分组、发布等相关资源的查询和操作接口" ) // ReleaseSwagger 导入swagge 文档 -func ReleaseSwagger(opt cc.ApiServerSetting, language, version string) error { // nolint +// nolint:funlen +func ReleaseSwagger(opt cc.ApiServerSetting, language, version string) error { + // 获取需要导入的文档 swaggerData, err := docs.Assets.ReadFile("swagger/bkapigw.swagger.json") if err != nil { return fmt.Errorf("reads and returns the content of the named file failed, err: %s", err.Error()) } // 初始化网关 - gw, err := NewApiGw(opt) + gw, err := NewApiGw(opt.Esb) if err != nil { return fmt.Errorf("init api gateway failed, err: %s", err.Error()) } // 创建或者更新网关 - syncApiResp, err := gw.SyncApi(name, &SyncApiReq{ + syncApiResp, err := gw.SyncApi(Name, &SyncApiReq{ Description: description, Maintainers: []string{"admin"}, IsPublic: true, @@ -62,7 +64,7 @@ func ReleaseSwagger(opt cc.ApiServerSetting, language, version string) error { / Upstreams: Upstreams{ Loadbalance: "roundrobin", Hosts: []Host{{ - Host: host, + Host: opt.Esb.BscpHost, Weight: 100, }}, },