Skip to content

Commit

Permalink
feat: IAM权限中心切换APIGW标准化 (closed TencentBlueKing#2433)
Browse files Browse the repository at this point in the history
  • Loading branch information
Huayeaaa committed Sep 14, 2024
1 parent 5030f1e commit c11c6ba
Show file tree
Hide file tree
Showing 8 changed files with 37 additions and 12 deletions.
8 changes: 7 additions & 1 deletion apps/iam/handlers/permission.py
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,13 @@ def get_iam_client(cls):
return DummyIAM(
settings.APP_ID, settings.APP_TOKEN, settings.BK_IAM_INNER_HOST, settings.BK_PAAS_INNER_HOST
)
return IAM(settings.APP_ID, settings.APP_TOKEN, settings.BK_IAM_INNER_HOST, settings.BK_PAAS_INNER_HOST)
return IAM(
settings.APP_ID,
settings.APP_TOKEN,
settings.BK_IAM_INNER_HOST,
settings.BK_PAAS_INNER_HOST,
settings.BK_IAM_APIGATEWAY,
)

def make_request(self, action: Union[ActionMeta, str], resources: List[Resource] = None) -> Request:
"""
Expand Down
4 changes: 2 additions & 2 deletions apps/node_man/constants.py
Original file line number Diff line number Diff line change
Expand Up @@ -78,9 +78,9 @@ class TimeUnit:
# 自动选择接入点ID
DEFAULT_AP_ID = int(os.environ.get("DEFAULT_AP_ID", -1))
# 自动选择安装通道ID
DEFAULT_INSTALL_CHANNEL_ID = int(os.environ.get("DEFAULT_INSTALL_CHANNEL_ID", -1))
DEFAULT_INSTALL_CHANNEL_ID = int(os.environ.get("BKAPP_DEFAULT_INSTALL_CHANNEL_ID", -1))
# 自动选择的云区域ID
AUTOMATIC_CHOICE_CLOUD_ID = int(os.environ.get("AUTOMATIC_CHOICE_CLOUD_ID", -1))
AUTOMATIC_CHOICE_CLOUD_ID = int(os.environ.get("BKAPP_AUTOMATIC_CHOICE_CLOUD_ID", -1))
# 自动选择
AUTOMATIC_CHOICE = os.environ.get("AUTOMATIC_CHOICE", _("自动选择"))
# 默认安装通道
Expand Down
6 changes: 5 additions & 1 deletion apps/node_man/handlers/iam.py
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,11 @@ class IamHandler(APIModel):

if settings.USE_IAM:
_iam = IAM(
settings.APP_CODE, settings.SECRET_KEY, settings.BK_IAM_INNER_HOST, settings.BK_COMPONENT_API_OVERWRITE_URL
settings.APP_CODE,
settings.SECRET_KEY,
settings.BK_IAM_INNER_HOST,
settings.BK_COMPONENT_API_OVERWRITE_URL,
settings.BK_IAM_APIGATEWAY,
)
else:
_iam = object
Expand Down
12 changes: 11 additions & 1 deletion apps/node_man/iam_provider.py
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,9 @@ def list_instance_by_policy(self, filter, page, **options):
"""
return ListResult(results=[], count=0)

def search_instance(self, filter, page, **options):
pass


class CloudResourceProvider(ResourceProvider):
"""
Expand Down Expand Up @@ -320,6 +323,9 @@ def list_instance_by_policy(self, filter, page, **options):
"""
return ListResult(results=[], count=0)

def search_instance(self, filter, page, **options):
pass


class PackageResourceProvider(ResourceProvider):
"""
Expand Down Expand Up @@ -591,7 +597,11 @@ class IamRegister(object):

def __init__(self):
self._iam = IAM(
settings.APP_CODE, settings.SECRET_KEY, settings.BK_IAM_INNER_HOST, settings.BK_COMPONENT_API_OVERWRITE_URL
settings.APP_CODE,
settings.SECRET_KEY,
settings.BK_IAM_INNER_HOST,
settings.BK_COMPONENT_API_OVERWRITE_URL,
settings.BK_IAM_APIGATEWAY,
)

def register_system(self):
Expand Down
3 changes: 2 additions & 1 deletion apps/node_man/tests/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -1177,11 +1177,12 @@ def get_apply_data(self, *args, **kwargs):


class MockIAM(object):
def __init__(self, app_code, secret_key, bk_iam_inner_host, bk_component_api_url):
def __init__(self, app_code, secret_key, bk_iam_inner_host, bk_component_api_url, bk_apigateway_url):
self.app_code = app_code
self.secret_key = secret_key
self.bk_iam_inner_host = bk_iam_inner_host
self.bk_component_api_url = bk_component_api_url
self.bk_apigateway_url = bk_apigateway_url

class _client:
@staticmethod
Expand Down
4 changes: 4 additions & 0 deletions config/default.py
Original file line number Diff line number Diff line change
Expand Up @@ -338,6 +338,10 @@
BK_IAM_CMDB_SYSTEM_ID = os.getenv("BKAPP_IAM_CMDB_SYSTEM_ID", "bk_cmdb")
BK_IAM_MIGRATION_JSON_PATH = os.path.join(PROJECT_ROOT, "support-files/bkiam")
BK_IAM_RESOURCE_API_HOST = env.BK_IAM_RESOURCE_API_HOST
# IAM网关名称
BK_IAM_APIGATEWAY_NAME = "bk-iam"
# IAM网关
BK_IAM_APIGATEWAY = BK_API_URL_TMPL.format(api_name=BK_IAM_APIGATEWAY_NAME) + "/" + env.ENVIRONMENT + "/"

BK_IAM_MIGRATION_APP_NAME = "iam_migrations"
BK_IAM_SKIP = False
Expand Down
2 changes: 1 addition & 1 deletion requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ django-versionlog==1.6.0
tencentcloud-sdk-python==3.0.1210

# Iam SDK
bk-iam==1.1.14
bk-iam==1.3.6

# 自监控
supervisor==4.2.2
Expand Down
10 changes: 5 additions & 5 deletions support-files/kubernetes/helm/bk-nodeman/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -347,11 +347,11 @@ externalRabbitMQ:
| `config.concurrentNumber` | 线程最大并发数 | `50` |
| `config.bkAppNavOpenSourceUrl` | 导航栏开源社区地址 | `https://github.com/TencentBlueKing/bk-nodeman` |
| `config.bkAppNavHelperUrl` | 导航栏技术支持地址 | `https://wpa1.qq.com/KziXGWJs?_type=wpa&qidian=true` |
| `config.bkAppSyncProcStatusTaskInterval` | 插件进程状态同步周期 | `20 * 60` |
| `config.bkAppScriptHooks` | Agent安装前置脚本 | `""` |
| `config.bkAppIEODActiveFirewallPolicyScriptInfo` | WINDOWS IEOD脚本内容 | `""` |
| `config.bkAppDefaultInstallChannelId` | 自动选择安装通道ID | `-1` |
| `config.bkAppAutomaticChoiceCloudId` | 自动选择安装通道对应云区域ID | `-1` |
| `config.bkAppSyncProcStatusTaskInterval` | 插件进程状态同步周期 | `20 * 60` |
| `config.bkAppScriptHooks` | Agent安装前置脚本 | `""` |
| `config.bkAppIEODActiveFirewallPolicyScriptInfo` | WINDOWS IEOD脚本内容 | `""` |
| `config.bkAppDefaultInstallChannelId` | 自动选择安装通道ID | `-1` |
| `config.bkAppAutomaticChoiceCloudId` | 自动选择安装通道对应云区域ID | `-1` |

## 额外的环境变量

Expand Down

0 comments on commit c11c6ba

Please sign in to comment.