diff --git a/bcs-services/bcs-bscp/cmd/auth-server/service/service.go b/bcs-services/bcs-bscp/cmd/auth-server/service/service.go index 16d5152b8d..3f437d8f86 100644 --- a/bcs-services/bcs-bscp/cmd/auth-server/service/service.go +++ b/bcs-services/bcs-bscp/cmd/auth-server/service/service.go @@ -40,6 +40,7 @@ import ( "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/cc" "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/components/bkpaas" "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/criteria/errf" + "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/iam/apigw" iamauth "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/iam/auth" "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/iam/client" "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/iam/meta" @@ -76,6 +77,7 @@ type Service struct { // auth logic module. auth *auth.Auth spaceMgr *space.Manager + pubKey string } // NewService create a service instance. @@ -110,6 +112,10 @@ func NewService(sd serviced.Discover, iamSettings cc.IAM, disableAuth bool, spaceMgr: spaceMgr, } + if errH := s.handlerPrivateVersion(); errH != nil { + return nil, errH + } + if err = s.initLogicModule(); err != nil { return nil, err } @@ -117,6 +123,28 @@ func NewService(sd serviced.Discover, iamSettings cc.IAM, disableAuth bool, return s, nil } +// 处理私有化版本 +func (s *Service) handlerPrivateVersion() error { + s.pubKey = cc.AuthServer().LoginAuth.GWPubKey + if cc.AuthServer().LoginAuth.PrivateVersion { + gw, err := apigw.NewApiGw(cc.AuthServer().Esb) + if err != nil { + return err + } + + result, err := gw.GetApigwPublicKey(apigw.Name) + if err != nil { + return err + } + if result.Code != 0 && result.Data.PublicKey == "" { + return fmt.Errorf("get the gateway public key failed, err: %s", result.Message) + } + s.pubKey = result.Data.PublicKey + } + + return nil +} + // Handler return service's handler. func (s *Service) Handler() (http.Handler, error) { if s.gateway == nil { @@ -255,12 +283,13 @@ func (s *Service) InitAuthCenter(ctx context.Context, req *pbas.InitAuthCenterRe // GetAuthConf get auth login conf func (s *Service) GetAuthConf(_ context.Context, _ *pbas.GetAuthConfReq) (*pbas.GetAuthConfResp, error) { + resp := &pbas.GetAuthConfResp{ LoginAuth: &pbas.LoginAuth{ Host: cc.AuthServer().LoginAuth.Host, InnerHost: cc.AuthServer().LoginAuth.InnerHost, Provider: cc.AuthServer().LoginAuth.Provider, - GwPubkey: cc.AuthServer().LoginAuth.GWPubKey, + GwPubkey: s.pubKey, UseEsb: false, }, Esb: &pbas.ESB{ diff --git a/bcs-services/bcs-bscp/pkg/cc/service.go b/bcs-services/bcs-bscp/pkg/cc/service.go index 4410d5a9e4..1188e9388f 100644 --- a/bcs-services/bcs-bscp/pkg/cc/service.go +++ b/bcs-services/bcs-bscp/pkg/cc/service.go @@ -73,14 +73,13 @@ type Setting interface { // ApiServerSetting defines api server used setting options. type ApiServerSetting struct { - Network Network `yaml:"network"` - Service Service `yaml:"service"` - Log LogOption `yaml:"log"` - Repo Repository `yaml:"repository"` - BKNotice BKNotice `yaml:"bkNotice"` - Esb Esb `yaml:"esb"` - FeatureFlags FeatureFlags `yaml:"featureFlags"` - LoginAuth LoginAuthSettings `yaml:"loginAuth"` + Network Network `yaml:"network"` + Service Service `yaml:"service"` + Log LogOption `yaml:"log"` + Repo Repository `yaml:"repository"` + BKNotice BKNotice `yaml:"bkNotice"` + Esb Esb `yaml:"esb"` + FeatureFlags FeatureFlags `yaml:"featureFlags"` } // trySetFlagBindIP try set flag bind ip. diff --git a/bcs-services/bcs-bscp/pkg/iam/apigw/apigw.go b/bcs-services/bcs-bscp/pkg/iam/apigw/apigw.go index 47cb189a64..8122370a46 100644 --- a/bcs-services/bcs-bscp/pkg/iam/apigw/apigw.go +++ b/bcs-services/bcs-bscp/pkg/iam/apigw/apigw.go @@ -60,7 +60,7 @@ type ApiGw interface { } // NewApiGw 初始化网关 -func NewApiGw(opt cc.ApiServerSetting) (ApiGw, error) { +func NewApiGw(opt cc.Esb) (ApiGw, error) { c, err := client.NewClient(nil) if err != nil { @@ -70,11 +70,12 @@ func NewApiGw(opt cc.ApiServerSetting) (ApiGw, error) { client: c, opt: opt, }, nil + } type apiGw struct { client *http.Client - opt cc.ApiServerSetting + opt cc.Esb } // SyncApi 同步网关,如果网关不存在,创建网关,如果网关已存在,更新网关 @@ -359,7 +360,7 @@ func (a *apiGw) newRequest(method, url string, body []byte) (*http.Request, erro // 设置请求头 req.Header.Set("X-Bkapi-Authorization", fmt.Sprintf(`{"bk_app_code": "%s", "bk_app_secret": "%s"}`, - a.opt.Esb.AppCode, a.opt.Esb.AppSecret)) + a.opt.AppCode, a.opt.AppSecret)) req.Header.Set("Content-Type", "application/json") return req, nil diff --git a/bcs-services/bcs-bscp/pkg/iam/apigw/sync_docs.go b/bcs-services/bcs-bscp/pkg/iam/apigw/sync_docs.go index 43c1245d7a..fd6ab417c6 100644 --- a/bcs-services/bcs-bscp/pkg/iam/apigw/sync_docs.go +++ b/bcs-services/bcs-bscp/pkg/iam/apigw/sync_docs.go @@ -21,7 +21,8 @@ import ( ) const ( - name = "bk-bscp-test" + // Name 网关名 + Name = "bk-bscp-test" env = "prod" description = "bk-bscp-test 网关描述" host = "http://bscp-api.sit.bktencent.com" @@ -37,13 +38,13 @@ func ReleaseSwagger(opt cc.ApiServerSetting, language, version string) error { return fmt.Errorf("reads and returns the content of the named file failed, err: %s", err.Error()) } // 初始化网关 - gw, err := NewApiGw(opt) + gw, err := NewApiGw(opt.Esb) if err != nil { return fmt.Errorf("init api gateway failed, err: %s", err.Error()) } // 创建或者更新网关 - syncApiResp, err := gw.SyncApi(name, &SyncApiReq{ + syncApiResp, err := gw.SyncApi(Name, &SyncApiReq{ Description: description, Maintainers: []string{"admin"}, IsPublic: true, @@ -55,17 +56,6 @@ func ReleaseSwagger(opt cc.ApiServerSetting, language, version string) error { return fmt.Errorf("create or update gateway failed, err: %s", syncApiResp.Message) } - if opt.LoginAuth.PrivateVersion { - result, errK := gw.GetApigwPublicKey(syncApiResp.Data.Name) - if errK != nil { - return errK - } - if result.Code != 0 && result.Data.PublicKey == "" { - return fmt.Errorf("get the gateway public key failed, err: %s", result.Message) - } - opt.LoginAuth.GWPubKey = result.Data.PublicKey - } - // 同步环境 syncStageResp, err := gw.SyncStage(syncApiResp.Data.Name, &SyncStageReq{ Name: env,