feat: call other platforms using virtual user

--story=122806009

Author: Anna-shine

pkg/tenant/logics/tenant.go

@@ -19,8 +19,13 @@ package logics
 
 import (
 	"fmt"
+	"time"
 
+	"configcenter/pkg/tenant"
+	"configcenter/src/apimachinery"
 	"configcenter/src/common"
+	"configcenter/src/common/blog"
+	"configcenter/src/common/types"
 )
 
 // ValidateDisableTenantMode validate disable multi-tenant mode
@@ -35,3 +40,26 @@ func ValidateDisableTenantMode(tenantID string, enableTenantMode bool) (string,
 
 	return tenantID, nil
 }
+
+// InitTenant init tenant, refresh tenants info while server is starting
+func InitTenant(apiMachineryCli apimachinery.ClientSetInterface) error {
+	coreExist := false
+	for retry := 0; retry < 10; retry++ {
+		if _, err := apiMachineryCli.Healthz().HealthCheck(types.CC_MODULE_CORESERVICE); err != nil {
+			blog.Errorf("connect core server failed: %v", err)
+			time.Sleep(time.Second * 2)
+			continue
+		}
+		coreExist = true
+		break
+	}
+	if !coreExist {
+		blog.Errorf("core server not exist")
+		return fmt.Errorf("core server not exist")
+	}
+	err := tenant.Init(&tenant.Options{ApiMachineryCli: apiMachineryCli})
+	if err != nil {
+		return err
+	}
+	return nil
+}

pkg/tenant/tenant.go

@@ -51,6 +51,21 @@ func GetTenant(tenantID string) (*types.Tenant, bool) {
 	return nil, false
 }
 
+// SetTenantUserName set tenant user name
+func SetTenantUserName(tenantID string, userName string) {
+	lock.Lock()
+	defer lock.Unlock()
+	if data, ok := tenantMap[tenantID]; ok {
+		data.UserName = userName
+	}
+	for idx := range allTenants {
+		if allTenants[idx].TenantID == tenantID {
+			allTenants[idx].UserName = userName
+			break
+		}
+	}
+}
+
 // Options is tenant initialize options
 type Options struct {
 	DB              local.DB

pkg/tenant/types/types.go

@@ -31,6 +31,7 @@ type Tenant struct {
 	TenantID string `bson:"tenant_id"`
 	Status   Status `bson:"status"`
 	Database string `bson:"database"`
+	UserName string `bson:"bk_username"`
 }
 
 // Status is the tenant status

src/apiserver/app/server.go

@@ -15,10 +15,8 @@ package app
 import (
 	"context"
 	"fmt"
-	"time"
 
-	"configcenter/pkg/tenant"
-	"configcenter/src/apimachinery"
+	"configcenter/pkg/tenant/logics"
 	"configcenter/src/apimachinery/util"
 	"configcenter/src/apiserver/app/options"
 	"configcenter/src/apiserver/service"
@@ -95,7 +93,7 @@ func Run(ctx context.Context, cancel context.CancelFunc, op *options.ServerOptio
 		ctnr.Add(item)
 	}
 	apiSvr.Core = engine
-	if err = initTenant(engine.CoreAPI); err != nil {
+	if err = logics.InitTenant(engine.CoreAPI); err != nil {
 		return err
 	}
 	err = backbone.StartServer(ctx, cancel, engine, ctnr, false)
@@ -109,28 +107,6 @@ func Run(ctx context.Context, cancel context.CancelFunc, op *options.ServerOptio
 	return nil
 }
 
-func initTenant(apiMachineryCli apimachinery.ClientSetInterface) error {
-	coreExist := false
-	for retry := 0; retry < 10; retry++ {
-		if _, err := apiMachineryCli.Healthz().HealthCheck(types.CC_MODULE_CORESERVICE); err != nil {
-			blog.Errorf("connect core server failed: %v", err)
-			time.Sleep(time.Second * 2)
-			continue
-		}
-		coreExist = true
-		break
-	}
-	if !coreExist {
-		blog.Errorf("core server not exist")
-		return fmt.Errorf("core server not exist")
-	}
-	err := tenant.Init(&tenant.Options{ApiMachineryCli: apiMachineryCli})
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
 // APIServer TODO
 type APIServer struct {
 	Core        *backbone.Engine

src/common/http/header/util/util.go

@@ -23,6 +23,7 @@ import (
 	"net/http"
 
 	"configcenter/src/common"
+	cc "configcenter/src/common/backbone/configcenter"
 	httpheader "configcenter/src/common/http/header"
 	"configcenter/src/common/util"
 )
@@ -56,7 +57,12 @@ func GenCommonHeader(user, tenantID, rid string) http.Header {
 	}
 
 	if tenantID == "" {
-		tenantID = common.BKDefaultTenantID
+		enableMultiTenant, _ := cc.Bool("tenant.enableMultiTenantMode")
+		if enableMultiTenant {
+			tenantID = common.BKDefaultTenantID
+		} else {
+			tenantID = common.BKSingleTenantID
+		}
 	}
 
 	if rid == "" {

src/scene_server/admin_server/app/server.go

@@ -18,6 +18,7 @@ import (
 	"fmt"
 	"time"
 
+	tenantlogics "configcenter/pkg/tenant/logics"
 	iamcli "configcenter/src/ac/iam"
 	"configcenter/src/common/auth"
 	"configcenter/src/common/backbone"
@@ -106,7 +107,11 @@ func Run(ctx context.Context, cancel context.CancelFunc, op *options.ServerOptio
 		return err
 	}
 
-	if err := service.BackgroundTask(*process.Config); err != nil {
+	if err = service.BackgroundTask(*process.Config); err != nil {
+		return err
+	}
+
+	if err = tenantlogics.InitTenant(process.Core.CoreAPI); err != nil {
 		return err
 	}
 	err = backbone.StartServer(ctx, cancel, process.Core, service.WebService(), true)

src/thirdparty/apigw/apigw.go

@@ -26,7 +26,6 @@ import (
 	"configcenter/src/thirdparty/apigw/login"
 	"configcenter/src/thirdparty/apigw/notice"
 	"configcenter/src/thirdparty/apigw/user"
-
 	"github.com/prometheus/client_golang/prometheus"
 )
 
@@ -84,8 +83,13 @@ func NewClientSet(config *apigwutil.ApiGWConfig, metric prometheus.Registerer, n
 		neededCliMap[neededClient] = struct{}{}
 	}
 
+	cs.user, err = user.NewClient(options)
+	if err != nil {
+		return nil, err
+	}
+
 	if _, exists := neededCliMap[Gse]; exists {
-		cs.gse, err = gse.NewClient(options)
+		cs.gse, err = gse.NewClient(options, cs.user)
 		if err != nil {
 			return nil, err
 		}
@@ -99,21 +103,14 @@ func NewClientSet(config *apigwutil.ApiGWConfig, metric prometheus.Registerer, n
 	}
 
 	if _, exists := neededCliMap[Notice]; exists {
-		cs.notice, err = notice.NewClient(options)
+		cs.notice, err = notice.NewClient(options, cs.user)
 		if err != nil {
 			return nil, err
 		}
 	}
 
 	if _, exists := neededCliMap[Login]; exists {
-		cs.login, err = login.NewClient(options)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	if _, exists := neededCliMap[User]; exists {
-		cs.user, err = user.NewClient(options)
+		cs.login, err = login.NewClient(options, cs.user)
 		if err != nil {
 			return nil, err
 		}

src/thirdparty/apigw/apigwutil/user/user.go

@@ -0,0 +1,80 @@
+/*
+ * Tencent is pleased to support the open source community by making
+ * 蓝鲸智云 - 配置平台 (BlueKing - Configuration System) available.
+ * Copyright (C) 2017 THL A29 Limited,
+ * a Tencent company. All rights reserved.
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at http://opensource.org/licenses/MIT
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ * We undertake not to change the open source license (MIT license) applicable
+ * to the current version of the project delivered to anyone in the future.
+ */
+
+package user
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+
+	"configcenter/pkg/tenant"
+	"configcenter/src/common/blog"
+	httpheader "configcenter/src/common/http/header"
+	"configcenter/src/thirdparty/apigw/apigwutil"
+	"configcenter/src/thirdparty/apigw/user"
+)
+
+// ClientI is the cmdb api gateway client
+type ClientI interface {
+	BatchSearchVirtualUser(ctx context.Context, h http.Header, loginNames []string) ([]user.VirtualUserItem, error)
+}
+
+// SetBKAuthHeader set api gateway authorization header
+func SetBKAuthHeader(ctx context.Context, conf *apigwutil.ApiGWConfig, header http.Header,
+	userCli ClientI) (http.Header, error) {
+
+	tenantInfo, exist := tenant.GetTenant(httpheader.GetTenantID(header))
+	if !exist {
+		blog.Errorf("tenant not exist")
+		return header, fmt.Errorf("tenant not exist")
+	}
+
+	authConf := apigwutil.AuthConfig{
+		AppAuthConfig: apigwutil.AppAuthConfig{
+			AppCode:   conf.AppCode,
+			AppSecret: conf.AppSecret,
+		},
+	}
+
+	if len(tenantInfo.UserName) > 0 {
+		authConf.UserName = tenantInfo.UserName
+	} else {
+		resp, err := userCli.BatchSearchVirtualUser(ctx, header, []string{"bk_admin"})
+		if err != nil {
+			blog.Errorf("search virtual user failed, err: %v", err)
+			return header, err
+		}
+
+		if len(resp) != 1 {
+			blog.Errorf("search virtual user failed, resp: %v", resp)
+			return header, fmt.Errorf("search virtual user failed, resp: %v", resp)
+		}
+
+		authConf.UserName = resp[0].VirtualUserName
+		tenant.SetTenantUserName(httpheader.GetTenantID(header), resp[0].VirtualUserName)
+	}
+
+	authInfo, err := json.Marshal(authConf)
+	if err != nil {
+		blog.Errorf("marshal default api auth config %+v failed, err: %v", authConf, err)
+		return header, err
+	}
+
+	return httpheader.SetBkAuth(header, string(authInfo)), nil
+}