From a1fc6a398104152e1fe8927bc9b1c415279f5ff2 Mon Sep 17 00:00:00 2001 From: dcd <1151627903@qq.com> Date: Wed, 11 Sep 2024 11:18:12 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20IAM=E6=9D=83=E9=99=90=E4=B8=AD=E5=BF=83?= =?UTF-8?q?=E5=88=87=E6=8D=A2APIGW=E6=A0=87=E5=87=86=E5=8C=96=20(closed=20?= =?UTF-8?q?#2433)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/iam/handlers/permission.py | 8 +++++++- apps/node_man/constants.py | 4 ++-- apps/node_man/handlers/iam.py | 6 +++++- apps/node_man/iam_provider.py | 12 +++++++++++- apps/node_man/tests/utils.py | 3 ++- config/default.py | 4 ++++ requirements.txt | 2 +- support-files/kubernetes/helm/bk-nodeman/README.md | 10 +++++----- 8 files changed, 37 insertions(+), 12 deletions(-) diff --git a/apps/iam/handlers/permission.py b/apps/iam/handlers/permission.py index 3be4815cd..209e6e7ca 100644 --- a/apps/iam/handlers/permission.py +++ b/apps/iam/handlers/permission.py @@ -62,7 +62,13 @@ def get_iam_client(cls): return DummyIAM( settings.APP_ID, settings.APP_TOKEN, settings.BK_IAM_INNER_HOST, settings.BK_PAAS_INNER_HOST ) - return IAM(settings.APP_ID, settings.APP_TOKEN, settings.BK_IAM_INNER_HOST, settings.BK_PAAS_INNER_HOST) + return IAM( + settings.APP_ID, + settings.APP_TOKEN, + settings.BK_IAM_INNER_HOST, + settings.BK_PAAS_INNER_HOST, + settings.BK_IAM_APIGATEWAY, + ) def make_request(self, action: Union[ActionMeta, str], resources: List[Resource] = None) -> Request: """ diff --git a/apps/node_man/constants.py b/apps/node_man/constants.py index 6d7bd9560..6f6479569 100644 --- a/apps/node_man/constants.py +++ b/apps/node_man/constants.py @@ -78,9 +78,9 @@ class TimeUnit: # 自动选择接入点ID DEFAULT_AP_ID = int(os.environ.get("DEFAULT_AP_ID", -1)) # 自动选择安装通道ID -DEFAULT_INSTALL_CHANNEL_ID = int(os.environ.get("DEFAULT_INSTALL_CHANNEL_ID", -1)) +DEFAULT_INSTALL_CHANNEL_ID = int(os.environ.get("BKAPP_DEFAULT_INSTALL_CHANNEL_ID", -1)) # 自动选择的云区域ID -AUTOMATIC_CHOICE_CLOUD_ID = int(os.environ.get("AUTOMATIC_CHOICE_CLOUD_ID", -1)) +AUTOMATIC_CHOICE_CLOUD_ID = int(os.environ.get("BKAPP_AUTOMATIC_CHOICE_CLOUD_ID", -1)) # 自动选择 AUTOMATIC_CHOICE = os.environ.get("AUTOMATIC_CHOICE", _("自动选择")) # 默认安装通道 diff --git a/apps/node_man/handlers/iam.py b/apps/node_man/handlers/iam.py index dd6b20a42..08646d938 100644 --- a/apps/node_man/handlers/iam.py +++ b/apps/node_man/handlers/iam.py @@ -41,7 +41,11 @@ class IamHandler(APIModel): if settings.USE_IAM: _iam = IAM( - settings.APP_CODE, settings.SECRET_KEY, settings.BK_IAM_INNER_HOST, settings.BK_COMPONENT_API_OVERWRITE_URL + settings.APP_CODE, + settings.SECRET_KEY, + settings.BK_IAM_INNER_HOST, + settings.BK_COMPONENT_API_OVERWRITE_URL, + settings.BK_IAM_APIGATEWAY, ) else: _iam = object diff --git a/apps/node_man/iam_provider.py b/apps/node_man/iam_provider.py index d9c349e90..0a7d136f7 100644 --- a/apps/node_man/iam_provider.py +++ b/apps/node_man/iam_provider.py @@ -126,6 +126,9 @@ def list_instance_by_policy(self, filter, page, **options): """ return ListResult(results=[], count=0) + def search_instance(self, filter, page, **options): + pass + class CloudResourceProvider(ResourceProvider): """ @@ -320,6 +323,9 @@ def list_instance_by_policy(self, filter, page, **options): """ return ListResult(results=[], count=0) + def search_instance(self, filter, page, **options): + pass + class PackageResourceProvider(ResourceProvider): """ @@ -591,7 +597,11 @@ class IamRegister(object): def __init__(self): self._iam = IAM( - settings.APP_CODE, settings.SECRET_KEY, settings.BK_IAM_INNER_HOST, settings.BK_COMPONENT_API_OVERWRITE_URL + settings.APP_CODE, + settings.SECRET_KEY, + settings.BK_IAM_INNER_HOST, + settings.BK_COMPONENT_API_OVERWRITE_URL, + settings.BK_IAM_APIGATEWAY, ) def register_system(self): diff --git a/apps/node_man/tests/utils.py b/apps/node_man/tests/utils.py index 576f7883d..33763da55 100644 --- a/apps/node_man/tests/utils.py +++ b/apps/node_man/tests/utils.py @@ -1177,11 +1177,12 @@ def get_apply_data(self, *args, **kwargs): class MockIAM(object): - def __init__(self, app_code, secret_key, bk_iam_inner_host, bk_component_api_url): + def __init__(self, app_code, secret_key, bk_iam_inner_host, bk_component_api_url, bk_apigateway_url): self.app_code = app_code self.secret_key = secret_key self.bk_iam_inner_host = bk_iam_inner_host self.bk_component_api_url = bk_component_api_url + self.bk_apigateway_url = bk_apigateway_url class _client: @staticmethod diff --git a/config/default.py b/config/default.py index 9634e0e0b..cefd0a66b 100644 --- a/config/default.py +++ b/config/default.py @@ -338,6 +338,10 @@ BK_IAM_CMDB_SYSTEM_ID = os.getenv("BKAPP_IAM_CMDB_SYSTEM_ID", "bk_cmdb") BK_IAM_MIGRATION_JSON_PATH = os.path.join(PROJECT_ROOT, "support-files/bkiam") BK_IAM_RESOURCE_API_HOST = env.BK_IAM_RESOURCE_API_HOST +# IAM网关名称 +BK_IAM_APIGATEWAY_NAME = "bk-iam" +# IAM网关 +BK_IAM_APIGATEWAY = BK_API_URL_TMPL.format(api_name=BK_IAM_APIGATEWAY_NAME) + "/" + env.ENVIRONMENT BK_IAM_MIGRATION_APP_NAME = "iam_migrations" BK_IAM_SKIP = False diff --git a/requirements.txt b/requirements.txt index 16705651f..78d970810 100644 --- a/requirements.txt +++ b/requirements.txt @@ -63,7 +63,7 @@ django-versionlog==1.6.0 tencentcloud-sdk-python==3.0.1210 # Iam SDK -bk-iam==1.1.14 +bk-iam==1.3.6 # 自监控 supervisor==4.2.2 diff --git a/support-files/kubernetes/helm/bk-nodeman/README.md b/support-files/kubernetes/helm/bk-nodeman/README.md index ce463e9cf..4ca3b7a0b 100644 --- a/support-files/kubernetes/helm/bk-nodeman/README.md +++ b/support-files/kubernetes/helm/bk-nodeman/README.md @@ -347,11 +347,11 @@ externalRabbitMQ: | `config.concurrentNumber` | 线程最大并发数 | `50` | | `config.bkAppNavOpenSourceUrl` | 导航栏开源社区地址 | `https://github.com/TencentBlueKing/bk-nodeman` | | `config.bkAppNavHelperUrl` | 导航栏技术支持地址 | `https://wpa1.qq.com/KziXGWJs?_type=wpa&qidian=true` | -| `config.bkAppSyncProcStatusTaskInterval` | 插件进程状态同步周期 | `20 * 60` | -| `config.bkAppScriptHooks` | Agent安装前置脚本 | `""` | -| `config.bkAppIEODActiveFirewallPolicyScriptInfo` | WINDOWS IEOD脚本内容 | `""` | -| `config.bkAppDefaultInstallChannelId` | 自动选择安装通道ID | `-1` | -| `config.bkAppAutomaticChoiceCloudId` | 自动选择安装通道对应云区域ID | `-1` | +| `config.bkAppSyncProcStatusTaskInterval` | 插件进程状态同步周期 | `20 * 60` | +| `config.bkAppScriptHooks` | Agent安装前置脚本 | `""` | +| `config.bkAppIEODActiveFirewallPolicyScriptInfo` | WINDOWS IEOD脚本内容 | `""` | +| `config.bkAppDefaultInstallChannelId` | 自动选择安装通道ID | `-1` | +| `config.bkAppAutomaticChoiceCloudId` | 自动选择安装通道对应云区域ID | `-1` | ## 额外的环境变量