TencentBlueKing · evanlixin · Aug 12, 2024 · Jul 3, 2024 · Jul 3, 2024 · Jul 3, 2024
diff --git a/bcs-services/bcs-user-manager/app/app.go b/bcs-services/bcs-user-manager/app/app.go
@@ -105,6 +105,7 @@ func parseConfig(op *options.UserManagerOptions) (*config.UserMgrConfig, error)
 	userMgrConfig.BcsAPI = &op.BcsAPI
 	userMgrConfig.Encrypt = op.Encrypt
 	userMgrConfig.Activity = op.Activity
+	userMgrConfig.EnableTokenSync = op.EnableTokenSync
 
 	config.Tke = op.TKE
 	secretID, err := encrypt.DesDecryptFromBase([]byte(config.Tke.SecretID))

diff --git a/bcs-services/bcs-user-manager/app/user-manager/store.go b/bcs-services/bcs-user-manager/app/user-manager/store.go
@@ -158,6 +158,24 @@ func createBootstrapUsers(users []options.BootStrapUser) error {
 // syncTokenToRedis will fetch user token from bcs_tokens, and store it to redis
 func syncTokenToRedis() {
 	tokenStore := sqlstore.NewTokenStore(sqlstore.GCoreDB, config.GlobalCryptor)
+	ticker := time.NewTicker(10 * time.Minute)
+	defer ticker.Stop()
+
+	if !config.GetGlobalConfig().EnableTokenSync {
+		syncToken(tokenStore)
+		return
+	}
+
+	for {
+		syncToken(tokenStore)
+		// nolint
+		select {
+		case <-ticker.C:
+		}
+	}
+}
+
+func syncToken(tokenStore sqlstore.TokenStore) {
 	tokens := tokenStore.GetAllNotExpiredTokens()
 	blog.Infof("sync token to redis, total %d", len(tokens))
 	done := 0

diff --git a/bcs-services/bcs-user-manager/config/config.go b/bcs-services/bcs-user-manager/config/config.go
@@ -83,11 +83,12 @@ type UserMgrConfig struct {
 
 	VerifyClientTLS bool
 
-	DSN            string
-	RedisDSN       string
-	BootStrapUsers []options.BootStrapUser
-	TKE            options.TKEOptions
-	PeerToken      string
+	DSN             string
+	RedisDSN        string
+	EnableTokenSync bool
+	BootStrapUsers  []options.BootStrapUser
+	TKE             options.TKEOptions
+	PeerToken       string
 
 	IAMConfig  options.IAMConfig
 	EtcdConfig registry.CMDOptions

diff --git a/bcs-services/bcs-user-manager/options/options.go b/bcs-services/bcs-user-manager/options/options.go
@@ -32,6 +32,7 @@ type UserManagerOptions struct {
 	JWTKeyConfig
 
 	VerifyClientTLS bool            `json:"verify_client_tls" value:"false" usage:"verify client when brings up a tls server" mapstructure:"verify_client_tls"`
+	EnableTokenSync bool            `json:"enable_token_sync" value:"" usage:"enable sync token to redis periodically"`
 	RedisDSN        string          `json:"redis_dsn" value:"" usage:"dsn for connect to redis"`
 	DSN             string          `json:"mysql_dsn" value:"" usage:"dsn for connect to mysql"`
 	BootStrapUsers  []BootStrapUser `json:"bootstrap_users"`

diff --git a/install/conf/bcs-services/bcs-user-manager/bcs-user-manager.json.template b/install/conf/bcs-services/bcs-user-manager/bcs-user-manager.json.template
@@ -20,6 +20,7 @@
   "verify_client_tls": false,
   "mysql_dsn": "${coreDatabaseDsn}",
   "redis_dsn": "${redisDsn}",
+  "enable_token_sync": ${enableTokenSync},
   "bootstrap_users": [
     {
       "name": "${adminUser}",

diff --git a/install/conf/bcs-services/bcs-user-manager/container-start.sh b/install/conf/bcs-services/bcs-user-manager/container-start.sh
@@ -15,6 +15,7 @@ bcsTokenNotifyTitle="${bcsTokenNotifyTitle:-TKEx(蓝鲸容器平台) API 密钥
 bcsTokenNotifyContent="${bcsTokenNotifyContent:-你好，{{ .Username \}\}:<br>您的 API 密钥过期时间为: {{ .ExpiredAt \}\}，如有需要请前往 API 密钥页面及时续期。}" \
 bcsTokenNotifyESBEmailPath="${bcsTokenNotifyESBEmailPath:-/api/c/compapi/v2/cmsi/send_mail/}" \
 bcsTokenNotifyESBRtxPath="${bcsTokenNotifyESBRtxPath:-/api/c/compapi/v2/cmsi/send_rtx/}" \
+enableTokenSync="${enableTokenSync:-false}" \
 envsubst | tee ${module}.json
 fi