Merge branch 'ft_tenant' of github.com:TencentBlueKing/bk-user into f…

…t_valid_peroid

.github/workflows/bk-login.yml

@@ -0,0 +1,80 @@
+name: bklogin_ci_check
+on:
+  push:
+    branches: [ main, pre_*, ft_*, release/* ]
+    paths:
+      - "src/bk-login/**"
+      - "src/idp-plugins/**"
+  pull_request:
+    branches: [ main, pre_*, ft_*, release/* ]
+    paths:
+      - "src/bk-login/**"
+      - "src/idp-plugins/**"
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: "3.10"
+      - name: create idp plugin symbolic link
+        run: |
+          ln -s $(pwd)/src/idp-plugins/idp_plugins $(pwd)/src/bk-login/bklogin
+      - name: Format & Lint with ruff
+        run: |
+          pip install ruff==0.1.4
+          ruff format src/bk-login --config=src/bk-login/pyproject.toml
+          ruff src/bk-login --config=src/bk-login/pyproject.toml
+      - name: Lint with mypy
+        run: |
+          pip install mypy==1.6.1 types-requests==2.31.0.2 types-setuptools==57.4.18 types-dataclasses==0.1.7 types-redis==3.5.18 types-PyMySQL==1.1.0.1 types-six==0.1.9 types-toml==0.1.5 types-pytz==2023.3.0.0 types-urllib3==1.26.25.14
+          mypy src/bk-login --config-file=src/bk-login/pyproject.toml
+  test:
+    strategy:
+      fail-fast: false
+    runs-on: ubuntu-latest
+    steps:
+      - name: Start MySQL Container
+        uses: samin/[email protected]
+        with:
+          mysql version: "8.0"
+          mysql database: bk-login
+          mysql user: root
+          mysql password: root_pwd
+          mysql root password: root_pwd
+      - name: Start Redis Container
+        uses: supercharge/[email protected]
+        with:
+          redis-version: "3.2.0"
+      - uses: actions/checkout@v3
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.10"
+      - name: create idp plugin symbolic link
+        run: |
+          ln -s $(pwd)/src/idp-plugins/idp_plugins $(pwd)/src/bk-login/bklogin
+      - name: Set up Poetry
+        uses: abatilo/[email protected]
+        with:
+          poetry-version: "1.6.1"
+      - name: Install dependencies
+        working-directory: src/bk-login
+        run: poetry install
+      - name: Run unittest
+        working-directory: src/bk-login
+        run: |
+          # random secret
+          export BK_APP_SECRET="fod6MKVTVi_3M5HgGoj-qI7b3l0dgCzTBwGypnDz4vg="
+          export BK_USER_APP_SECRET="Vi_3M5HgGogCzTBwGypnDz4vgfod6MKVTj-qI7b3l0d="
+          # random secret key
+          export BKKRILL_ENCRYPT_SECRET_KEY="tttHSBLiVdQPItrfy7n9dV7AxAUMZpYVkD6IHMbL0VE="
+          export BK_DOMAIN="example.com"
+          export BK_COMPONENT_API_URL=""
+          export MYSQL_PASSWORD=root_pwd
+          export MYSQL_HOST="127.0.0.1"
+          export DJANGO_SETTINGS_MODULE=bklogin.settings
+          poetry run pytest ./tests

.github/workflows/bk-user.yml

@@ -1,13 +1,15 @@
 name: bkuser_ci_check
 on:
   push:
-    branches: [master, ft_tenant]
+    branches: [ main, pre_*, ft_*, release/* ]
     paths:
       - "src/bk-user/**"
+      - "src/idp-plugins/**"
   pull_request:
-    branches: [master, ft_tenant]
+    branches: [ main, pre_*, ft_*, release/* ]
     paths:
       - "src/bk-user/**"
+      - "src/idp-plugins/**"
 jobs:
   check:
     runs-on: ubuntu-latest
@@ -18,17 +20,17 @@ jobs:
         uses: actions/setup-python@v2
         with:
           python-version: "3.10"
-      - name: Format with black
+      - name: create idp plugin symbolic link
         run: |
-          pip install black==23.7.0 click==8.1.6
-          black src/bk-user --config=src/bk-user/pyproject.toml
-      - name: Lint with ruff
+          ln -s $(pwd)/src/idp-plugins/idp_plugins $(pwd)/src/bk-user/bkuser
+      - name: Format & Lint with ruff
         run: |
-          pip install ruff==0.0.277
+          pip install ruff==0.1.4
+          ruff format src/bk-user --config=src/bk-user/pyproject.toml
           ruff src/bk-user --config=src/bk-user/pyproject.toml
       - name: Lint with mypy
         run: |
-          pip install mypy==1.5.1 types-requests==2.31.0.2 types-setuptools==57.4.18 types-dataclasses==0.1.7 types-redis==3.5.18 types-PyMySQL==1.1.0.1 types-six==0.1.9 types-toml==0.1.5 types-pytz==2023.3.0.0 types-urllib3==1.26.25.14
+          pip install mypy==1.6.1 types-requests==2.31.0.2 types-setuptools==57.4.18 types-dataclasses==0.1.7 types-redis==3.5.18 types-PyMySQL==1.1.0.1 types-six==0.1.9 types-toml==0.1.5 types-pytz==2023.3.0.0 types-urllib3==1.26.25.14
           mypy src/bk-user --config-file=src/bk-user/pyproject.toml
   test:
     strategy:
@@ -52,6 +54,9 @@ jobs:
         uses: actions/setup-python@v4
         with:
           python-version: "3.10"
+      - name: create idp plugin symbolic link
+        run: |
+          ln -s $(pwd)/src/idp-plugins/idp_plugins $(pwd)/src/bk-user/bkuser
       - name: Set up Poetry
         uses: abatilo/[email protected]
         with:

.github/workflows/codeql-analysis.yml

@@ -13,10 +13,10 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ master, develop ]
+    branches: [ main, pre_*, ft_*, release/* ]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ master, develop ]
+    branches: [ main, pre_*, ft_*, release/* ]
   schedule:
     - cron: '22 11 * * 4'
 

.github/workflows/eslint.yml

@@ -2,9 +2,9 @@ name: ESLint
 
 on:
   push:
-    branches: [ master, develop, pre_*, ft_* ]
+    branches: [ main, pre_*, ft_*, release/* ]
   pull_request:
-    branches: [ master, develop, pre_*, ft_* ]
+    branches: [ main, pre_*, ft_*, release/* ]
 
 jobs:
   build:

.github/workflows/idp-plugins.yml

@@ -0,0 +1,29 @@
+name: idp_plugin_ci_check
+on:
+  push:
+    branches: [ main, pre_*, ft_*, release/* ]
+    paths:
+      - "src/idp-plugins/**"
+  pull_request:
+    branches: [ main, pre_*, ft_*, release/* ]
+    paths:
+      - "src/idp-plugins/**"
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: "3.10"
+      - name: Format & Lint with ruff
+        run: |
+          pip install ruff==0.1.4
+          ruff format src/idp-plugins --config=src/idp-plugins/pyproject.toml
+          ruff src/idp-plugins --config=src/idp-plugins/pyproject.toml
+      - name: Lint with mypy
+        run: |
+          pip install mypy==1.6.1 types-requests==2.31.0.2 types-setuptools==57.4.18 types-dataclasses==0.1.7 types-redis==3.5.18 types-PyMySQL==1.1.0.1 types-six==0.1.9 types-toml==0.1.5 types-pytz==2023.3.0.0 types-urllib3==1.26.25.14
+          mypy src/idp-plugins --config-file=src/idp-plugins/pyproject.toml

.gitignore

@@ -217,3 +217,7 @@ pre_commit_hooks
 cliff.toml
 .codecc
 .idea
+
+# igonre symlinks
+src/bk-user/bkuser/idp_plugins
+src/bk-login/bklogin/idp_plugins

.pre-commit-config.yaml

@@ -11,28 +11,51 @@ repos:
       - id: debug-statements
       - id: detect-private-key
       - id: end-of-file-fixer
+        exclude: ^(src/pages/|src/bk-login/pages)
       - id: trailing-whitespace
+        exclude: ^(src/pages/|src/bk-login/pages)
   - repo: local
     hooks:
       - id: Name check
         name: Check sensitive info of name
         verbose: true
         language: system
         entry: bash -c "if [[ -d pre_commit_hooks ]]; then pre_commit_hooks/rtx.sh $@; fi"
-        exclude: ^(.*/\.env|.*/poetry\.lock|.*/pyproject\.toml|src/bk-user/logs|src/pages/node_modules/)
+        exclude: >
+          (?x)^(
+            .*/\.env|
+            .*/poetry\.lock|
+            .*/pyproject\.toml|
+            src/bk-user/logs|
+            src/pages/node_modules/
+          )$
       - id: IP check
         name: Check sensitive info of ip
         verbose: true
         language: system
-        exclude: ^(.*/\.env|.*/poetry\.lock|.*/pyproject\.toml|\.github/workflows/bk-user.yml|src/bk-user/logs|src/pages/node_modules/)
+        exclude: >
+          (?x)^(
+            .*/\.env|
+            .*/poetry\.lock|
+            .*/pyproject\.toml|
+            \.github/workflows/bk-user.yml|
+            \.github/workflows/bk-login.yml|
+            \.github/workflows/idp-plugins.yml|
+            src/bk-user/logs|src/pages/node_modules/|
+            src/bk-login/pages/src/views/components/protocol.vue|
+            src/pages/static/bk_icon_font/iconcool.json|
+            src/pages/static/bk_icon_font/iconcool.js|
+            src/pages/paas-server/index.js|
+            src/bk-login/pages/paas-server/index.js
+          )$
         entry: bash -c "if [[ -d pre_commit_hooks ]]; then pre_commit_hooks/ip.sh $@; fi"
   - repo: local
     hooks:
-      - id: black
-        name: black
+      - id: format
+        name: ruff-formatter
         language: python
         types: [python]
-        entry: black --config=src/bk-user/pyproject.toml
+        entry: ruff format --config=src/bk-user/pyproject.toml --force-exclude
         files: src/bk-user/
       - id: ruff
         name: ruff
@@ -51,3 +74,48 @@ repos:
         require_serial: true
         language: system
         entry: bash -c "cd src/bk-user && lint-imports"
+  - repo: local
+    hooks:
+      - id: format
+        name: ruff-formatter
+        language: python
+        types: [python]
+        entry: ruff format --config=src/bk-login/pyproject.toml --force-exclude
+        files: src/bk-login/
+      - id: ruff
+        name: ruff
+        language: python
+        types: [python]
+        entry: ruff --config=src/bk-login/pyproject.toml --force-exclude --fix
+        files: src/bk-login/
+      - id: mypy
+        name: mypy
+        language: python
+        types: [python]
+        entry: mypy --config-file=src/bk-login/pyproject.toml
+        files: src/bk-login/
+      - id: import-linter
+        name: import-linter
+        require_serial: true
+        language: system
+        entry: bash -c "cd src/bk-login && lint-imports"
+  - repo: local
+    hooks:
+      - id: format
+        name: ruff-formatter
+        language: python
+        types: [python]
+        entry: ruff format --config=src/bk-plugins/pyproject.toml --force-exclude
+        files: src/bk-plugins/
+      - id: ruff
+        name: ruff
+        language: python
+        types: [python]
+        entry: ruff --config=src/idp-plugins/pyproject.toml --force-exclude --fix
+        files: src/idp-plugins/
+      - id: mypy
+        name: mypy
+        language: python
+        types: [python]
+        entry: mypy --config-file=src/idp-plugins/pyproject.toml
+        files: src/idp-plugins/

src/bk-login/Dockerfile

@@ -0,0 +1,40 @@
+FROM node:18.17.1-bullseye-slim AS StaticBuilding
+ENV NPM_VERSION 9.6.7
+
+COPY src/bk-login/pages /
+WORKDIR /
+RUN npm install
+RUN npm run build
+
+FROM python:3.10.12-slim-bullseye
+USER root
+
+RUN rm /etc/apt/sources.list && \
+    echo "deb https://mirrors.tencent.com/debian bullseye main" >> /etc/apt/sources.list && \
+    echo "deb https://mirrors.tencent.com/debian-security bullseye-security main" >> /etc/apt/sources.list && \
+    echo "deb https://mirrors.tencent.com/debian bullseye-updates main" >> /etc/apt/sources.list
+
+RUN mkdir ~/.pip &&  printf '[global]\nindex-url = https://mirrors.tencent.com/pypi/simple/' > ~/.pip/pip.conf
+
+RUN apt-get update && apt-get install -y default-libmysqlclient-dev build-essential pkg-config
+
+ENV LC_ALL=C.UTF-8 \
+    LANG=C.UTF-8
+
+RUN pip install --upgrade pip setuptools
+RUN pip install poetry==1.5.1
+
+WORKDIR /app
+COPY src/bk-login/pyproject.toml /app
+COPY src/bk-login/poetry.lock /app
+RUN poetry config virtualenvs.create false && poetry install --only main
+
+COPY src/bk-login/bklogin /app/bklogin
+COPY src/bk-login/bin /app/bin
+COPY src/bk-login/manage.py /app
+COPY src/idp-plugins/idp_plugins /app/bklogin/idp_plugins
+
+COPY --from=StaticBuilding /dist /app/staticfiles
+COPY --from=StaticBuilding /dist/index.html /app/templates/index.html
+
+CMD ["bash", "/app/bin/start.sh"]

src/bk-login/Makefile

@@ -0,0 +1,29 @@
+export DJANGO_SETTINGS_MODULE=bklogin.settings
+
+help: ## 展示可用 make 命令及说明
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+
+##@ 环境初始化
+
+init: ## 初始化 pre-commit, python 依赖包
+	pip install pre-commit
+	pre-commit install
+	pip install poetry==1.5.1
+	poetry install
+
+
+##@ 研发命令
+
+test: ## 执行项目单元测试（pytest）
+	pytest --maxfail=1 -l --reuse-db tests --disable-warnings
+
+
+i18n-po: ## 将源代码 & 模版中的 message 采集到 django.po
+	python manage.py makemessages -d django -l en -e html,part -e py
+	python manage.py makemessages -d django -l zh_Hans -e html,part -e py
+
+i18n-mo: ## 将 django.po 文件编译成 django.mo 文件
+	python manage.py compilemessages
+
+i18n-all: i18n-po i18n-mo  ## 执行 i18n-po & i18n-mo

src/bk-login/bin/start.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+LISTEN_PORT="${PORT:=8000}"
+gunicorn bklogin.wsgi -w 8 --threads 2 --max-requests 1024 --max-requests-jitter 50 --worker-class gevent -b [::]:$LISTEN_PORT --access-logfile - --error-logfile - --access-logformat '[%(h)s] %({request_id}i)s %(u)s %(t)s "%(r)s" %(s)s %(D)s %(b)s "%(f)s" "%(a)s"'

src/bk-login/bklogin/authentication/__init__.py

@@ -0,0 +1,10 @@
+# -*- coding: utf-8 -*-
+"""
+TencentBlueKing is pleased to support the open source community by making 蓝鲸智云-用户管理(Bk-User) available.
+Copyright (C) 2017-2021 THL A29 Limited, a Tencent company. All rights reserved.
+Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
+You may obtain a copy of the License at http://opensource.org/licenses/MIT
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+specific language governing permissions and limitations under the License.
+"""