Merge branch 'feature-tenant' into 'feature-tenant-watch'

Author: wcy00000000000000

docs/smart/web/extra-data/configure/readme.md

@@ -11,14 +11,14 @@
 | BKPAAS_BK_DOMAIN                       | 用于配置前端需要的cookie domain地址         |             |
 | BK_HTTP_SCHEMA                         | 访问协议                             |             |
 | BKPAAS_SHARED_RES_URL                  | 蓝鲸共享资源URL                        |             |
-| BK_IAM_V3_APP_CODE                     | 权限中心app code                     |             |
 | BKPAAS_NODEMAN_URL                     | 节点管理地址                           |             |
 | BK_CMDB_ENABLE_BK_NOTICE               | 是否启用消息通知, true或false             |             |
 | BK_CMDB_APIGW_JWT_ENABLED              | 是否通过jwt调用apigw, true或false       | true        |
 | BK_CMDB_APIGW_JWT_PUBLICKEY            | cmdb API GATEWAY网关公钥             |             |
 | BK_APIGW_BK_NOTICE_URL                 | 消息通知中心API GATEWAY网关地址            |             |
 | BK_APIGW_BK_CMDB_URL                   | cmdb API GATEWAY网关地址             |             |
 | BK_APIGW_BK_LOGIN_URL                  | 蓝鲸登录API GATEWAY网关地址              |             |
+| BK_APIGW_BK_USER_URL                   | 用户管理API GATEWAY网关地址              |             |
 | BK_CMDB_MONGODB_HOST                   | cmdb mongodb地址                   |             |
 | BK_CMDB_MONGODB_PORT                   | cmdb mongodb端口                   |             |
 | BK_CMDB_MONGODB_USERNAME               | cmdb mongodb用户                   |             |

docs/smart/web/extra-data/configure/web.yaml.tmpl

@@ -10,16 +10,6 @@ es:
   # 全文检索功能开关(取值：off/on)，默认是off，开启是on
   fullTextSearch: "${BK_CMDB_ES_STATUS}"
 
-esb:
-  addr: ${BK_COMPONENT_API_URL}
-  appCode: ${BK_CMDB_APP_CODE}
-  appSecret: ${BK_CMDB_APP_SECRET}
-  insecureSkipVerify: true
-  certFile:
-  keyFile:
-  caFile:
-  password:
-
 # web_server专属配置
 webServer:
   api:
@@ -69,8 +59,6 @@ webServer:
         # 用于解密根据RFC1423加密的证书密钥的PEM块
         password:
   app:
-    authAppCode: ${BK_IAM_V3_APP_CODE}
-    authUrl: ${BK_HTTP_SCHEMA}://${BKPAAS_BK_DOMAIN}/o/bk_iam/apply-custom-perm
     agentAppUrl: ${BKPAAS_NODEMAN_URL}
     # 权限模式，web页面使用，可选值: internal, iam
     authscheme: ${BK_CMDB_AUTH_SCHENE}
@@ -137,6 +125,7 @@ apiGW:
   bkNoticeApiGatewayUrl: ${BK_APIGW_BK_NOTICE_URL}
   bkCmdbApiGatewayUrl: ${BK_APIGW_BK_CMDB_URL}
   bkLoginApiGatewayUrl: ${BK_APIGW_BK_LOGIN_URL}
+  bkUserApiGatewayUrl: ${BK_APIGW_BK_USER_URL}
   appCode: ${BK_CMDB_APP_CODE}
   appSecret: ${BK_CMDB_APP_SECRET}
   username: admin
@@ -175,3 +164,7 @@ redis:
   maxOpenConns: ${BK_CMDB_REDIS_MAX_OPEN_CONNS}
   maxIDleConns: ${BK_CMDB_REDIS_MAX_IDLE_CONNS}
   masterName: ${BK_CMDB_REDIS_MASTER_NAME}
+
+tenant:
+  # 是否开启多租户模式
+  enableMultiTenantMode: ${BKPAAS_MULTI_TENANT_MODE}

docs/support-file/helm/backend/templates/adminserver/configmap.yaml

@@ -251,6 +251,7 @@ data:
       bkNoticeApiGatewayUrl: {{ .Values.bkNoticeApiGatewayUrl }}
       bkCmdbApiGatewayUrl: {{ .Values.bkCmdbApiGatewayUrl }}
       bkLoginApiGatewayUrl: {{ .Values.bkLoginApiGatewayUrl }}
+      bkUserApiGatewayUrl: {{ .Values.bkUserApiGatewayUrl }}
       appCode: {{ .Values.common.apiGW.appCode }}
       appSecret: {{ .Values.common.apiGW.appSecret }}
       username: {{ .Values.common.apiGW.username }}
@@ -295,12 +296,6 @@ data:
     hostsnap:
       dataID: 1100010
 
-    dataid:
-      migrateWay: {{ .Values.migrate.dataid.migrateWay }}
-
-    apiGW:
-      bkUserApiGatewayUrl: {{ .Values.bkUserApiGatewayUrl }}}}
-
     tenant:
       enableMultiTenantMode: {{ .Values.tenant.enableMultiTenantMode }}
       disableVerifyTenant: {{ .Values.tenant.disableVerifyTenant }}

docs/support-file/helm/backend/values.yaml

@@ -870,11 +870,6 @@ migrate:
   ##
   migrateDataId: false
   migrateOldDataId: false
-  ## bk-cmdb migrate dataid parameters
-  ## @param migrate.dataid.migrateWay bk-cmdb migrate dataid way
-  ##
-  dataid:
-    migrateWay: esb
 
 ## @section bk-cmdb iam authentication parameters
 ##

docs/support-file/helm/web/templates/webserver/configmap.yaml

@@ -8,16 +8,6 @@ data:
     es:
       # 全文检索功能开关(取值：off/on)，默认是off，开启是on
       fullTextSearch: {{ .Values.web.es.fullTextSearch | quote }}
-    # esb配置
-    esb:
-      addr: {{ .Values.bkComponentApiUrl }}
-      appCode: {{ .Values.web.esb.appCode }}
-      appSecret: {{ .Values.web.esb.appSecret }}
-      insecureSkipVerify: true
-      certFile:
-      keyFile:
-      caFile:
-      password:
     # web_server专属配置
     webServer:
       api:
@@ -67,8 +57,6 @@ data:
             # 用于解密根据RFC1423加密的证书密钥的PEM块
             password: {{ .Values.web.paas.tls.password }}
       app:
-        authAppCode: {{ .Values.web.webServer.app.authAppCode }}
-        authUrl: {{ .Values.web.webServer.app.authUrl }}
         agentAppUrl: {{ .Values.bkNodemanUrl }}
         #权限模式，web页面使用，可选值: internal, iam
         authscheme: {{ .Values.web.webServer.app.authScheme }}

docs/support-file/helm/web/values.yaml

@@ -185,13 +185,6 @@ bkApiUrlTmpl:
 ## @section bk-cmdb common config parameters
 ##
 web:
-  ## bk-cmdb common config esb parameters
-  ## @param common.esb.appCode bk-cmdb app code used in esb
-  ## @param common.esb.appSecret bk-cmdb app secret used in esb
-  ##
-  esb:
-    appCode: bk_cmdb
-    appSecret:
   ## bk-cmdb common config paas parameters
   ## @param common.paas.tls.insecureSkipVerify paas insecureSkipVerify config
   ## @param common.paas.tls.certFile paas certFile
@@ -244,14 +237,10 @@ web:
       multipleOwner: "0"
       userInfo:
     ## webserver common config app parameters
-    ## @param common.webServer.app.authAppCode bk-iam app code
-    ## @param common.webServer.app.authUrl bk-iam url
     ## @param common.webServer.app.agentAppUrl bk-nodeman url
     ## @param common.webServer.app.authScheme bk-cmdb app authentication scheme
     ##
     app:
-      authAppCode:
-      authUrl:
       authScheme:
     ## webserver common config login parameters
     ## @param common.webServer.login.version bk-cmdb login mode

resources/errors/common/default/common.json

@@ -91,6 +91,7 @@
     "1199091": "至少设置[%s]和[%s]中的一个值",
     "1199092": "当前字段类型状态为单选，请设置合理数据",
     "1199093": "新增租户失败",
+    "1199094": "刷新租户信息失败",
 
     "1109001": "保存操作审计日志失败",
     "1109002": "创建操作审计快照失败",

resources/errors/english/en/common.json

@@ -90,6 +90,7 @@
     "1199091": "at least one of %s and %s must be set",
     "1199092": "current field type status is single choice, please set reasonable data",
     "1199093": "Failed to add tenant",
+    "1199094": "Failed to refresh tenant info",
 
     "1109001": "save audit log failed",
     "1109002": "take audit log snapshot failed",

scripts/init.py

@@ -630,10 +630,6 @@ def generate_config_file(
 # 指定language的路径
 language:
   res: conf/language
-# migrate dataid时的相关配置
-dataid:
-  # 通过何种方式调用gse接口注册dataid, 可选值esb和apigw, 如果填写esb则必须配置common.yaml的esb配置, 如果填写apigw则必须配置common.yaml的apiGW配置,不填默认为esb
-  migrateWay: esb
     '''
 
     template = FileTemplate(migrate_file_template_str)

src/apimachinery/adminserver/adminserver.go

@@ -26,7 +26,6 @@ import (
 // AdminServerClientInterface TODO
 type AdminServerClientInterface interface {
 	ClearDatabase(ctx context.Context, h http.Header) (resp *metadata.Response, err error)
-	Set(ctx context.Context, ownerID string, h http.Header) (resp *metadata.Response, err error)
 	Migrate(ctx context.Context, h http.Header) error
 	RunSyncDBIndex(ctx context.Context, h http.Header) error
 	AddTenant(ctx context.Context, h http.Header) error

src/apimachinery/adminserver/api.go

@@ -35,21 +35,6 @@ func (a *adminServer) ClearDatabase(ctx context.Context, h http.Header) (resp *m
 	return
 }
 
-// Set TODO
-func (a *adminServer) Set(ctx context.Context, ownerID string, h http.Header) (resp *metadata.Response, err error) {
-	resp = new(metadata.Response)
-	subPath := "/migrate/system/hostcrossbiz/%s"
-
-	err = a.client.Post().
-		WithContext(ctx).
-		Body(nil).
-		SubResourcef(subPath, ownerID).
-		WithHeaders(h).
-		Do().
-		Into(resp)
-	return
-}
-
 // Migrate TODO
 func (a *adminServer) Migrate(ctx context.Context, h http.Header) error {
 	resp := new(metadata.Response)

src/apimachinery/apiserver/api.go

@@ -16,7 +16,6 @@ import (
 	"context"
 	"net/http"
 
-	"configcenter/pkg/tenant/types"
 	"configcenter/src/apimachinery/rest"
 	ccErr "configcenter/src/common/errors"
 	"configcenter/src/common/mapstr"
@@ -816,26 +815,3 @@ func (a *apiServer) UpdateBizCustomField(ctx context.Context, bizID, id int64, h
 
 	return nil
 }
-
-// RefreshTenant refresh tenant info
-func (a *apiServer) RefreshTenant(ctx context.Context, h http.Header) ([]types.Tenant, error) {
-
-	resp := new(types.AllTenantsResult)
-	subPath := "/refresh/tenant"
-	err := a.client.Post().
-		WithContext(ctx).
-		SubResourcef(subPath).
-		WithHeaders(h).
-		Do().
-		Into(resp)
-
-	if err != nil {
-		return nil, err
-	}
-
-	if ccErr := resp.CCError(); ccErr != nil {
-		return nil, ccErr
-	}
-
-	return resp.Data, nil
-}

src/apimachinery/apiserver/apiserver.go

@@ -18,7 +18,6 @@ import (
 	"fmt"
 	"net/http"
 
-	"configcenter/pkg/tenant/types"
 	fieldtmpl "configcenter/src/apimachinery/apiserver/field_template"
 	modelquote "configcenter/src/apimachinery/apiserver/model_quote"
 	"configcenter/src/apimachinery/rest"
@@ -125,7 +124,6 @@ type ApiServerClientInterface interface {
 		err error)
 	TransferHostToResPool(ctx context.Context, bizID int64, h http.Header,
 		data *metadata.TransferHostWithAutoClearServiceInstanceOption) error
-	RefreshTenant(ctx context.Context, h http.Header) ([]types.Tenant, error)
 }
 
 // NewApiServerClientInterface TODO

src/apimachinery/clientset.go

@@ -24,6 +24,7 @@ import (
 	"configcenter/src/apimachinery/healthz"
 	"configcenter/src/apimachinery/hostserver"
 	"configcenter/src/apimachinery/procserver"
+	"configcenter/src/apimachinery/refresh"
 	"configcenter/src/apimachinery/taskserver"
 	"configcenter/src/apimachinery/toposerver"
 	"configcenter/src/apimachinery/util"
@@ -45,6 +46,8 @@ type ClientSetInterface interface {
 	CacheService() cacheservice.CacheServiceClientInterface
 
 	Healthz() healthz.HealthzInterface
+
+	Refresh() refresh.RefreshClientInterface
 }
 
 // NewApiMachinery TODO
@@ -214,3 +217,12 @@ func (cs *ClientSet) CacheService() cacheservice.CacheServiceClientInterface {
 	}
 	return cacheservice.NewCacheServiceClient(c, cs.version)
 }
+
+// Refresh return refresh client
+func (cs *ClientSet) Refresh() refresh.RefreshClientInterface {
+	c := &util.Capability{
+		Client:   cs.client,
+		Throttle: cs.throttle,
+	}
+	return refresh.NewRefreshClientInterface(c, cs.discover)
+}

src/apimachinery/refresh/api.go

@@ -0,0 +1,64 @@
+/*
+ * Tencent is pleased to support the open source community by making
+ * 蓝鲸智云 - 配置平台 (BlueKing - Configuration System) available.
+ * Copyright (C) 2017 THL A29 Limited,
+ * a Tencent company. All rights reserved.
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at http://opensource.org/licenses/MIT
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ * We undertake not to change the open source license (MIT license) applicable
+ * to the current version of the project delivered to anyone in the future.
+ */
+
+package refresh
+
+import (
+	"context"
+	"fmt"
+
+	"configcenter/pkg/tenant/types"
+	"configcenter/src/apimachinery/rest"
+	"configcenter/src/common/http/header/util"
+	commontypes "configcenter/src/common/types"
+)
+
+// RefreshTenant refresh tenant info
+func (r *refresh) RefreshTenant(moduleName string) ([]types.Tenant, error) {
+
+	switch moduleName {
+
+	case commontypes.CC_MODULE_APISERVER:
+		r.capability.Discover = r.disc.ApiServer()
+
+	case commontypes.CC_MODULE_TASK:
+		r.capability.Discover = r.disc.TaskServer()
+
+	default:
+		return nil, fmt.Errorf("unsupported refresh module: %s", moduleName)
+	}
+
+	resp := new(types.AllTenantsResult)
+	client := rest.NewRESTClient(r.capability, "/")
+	err := client.Post().
+		WithContext(context.Background()).
+		SubResourcef("/refresh/tenants").
+		Body(nil).
+		WithHeaders(util.GenDefaultHeader()).
+		Do().
+		Into(resp)
+
+	if err != nil {
+		return nil, err
+	}
+
+	if ccErr := resp.CCError(); ccErr != nil {
+		return nil, ccErr
+	}
+
+	return resp.Data, nil
+}

src/thirdparty/esbserver/login/api.go renamed to src/apimachinery/refresh/refresh_apiserver.go

@@ -15,27 +15,28 @@
  * to the current version of the project delivered to anyone in the future.
  */
 
-package login
+package refresh
 
 import (
-	"context"
-	"net/http"
-
-	httpheader "configcenter/src/common/http/header"
-	"configcenter/src/thirdparty/esbserver/esbutil"
+	"configcenter/pkg/tenant/types"
+	"configcenter/src/apimachinery/discovery"
+	"configcenter/src/apimachinery/util"
 )
 
-// GetUser get all user from bk-login
-func (l *login) GetUser(ctx context.Context, h http.Header) (resp *UserResponse, err error) {
-	resp = &UserResponse{}
-	subPath := "/v2/bk_login/get_user/"
+// RefreshClientInterface refresh tenant info, skip tenant verify
+type RefreshClientInterface interface {
+	RefreshTenant(moduleName string) ([]types.Tenant, error)
+}
+
+// NewRefreshClientInterface new refresh tenant info client
+func NewRefreshClientInterface(capability *util.Capability, disc discovery.DiscoveryInterface) RefreshClientInterface {
+	return &refresh{
+		capability: capability,
+		disc:       disc,
+	}
+}
 
-	err = l.client.Get().
-		WithContext(ctx).
-		SubResourcef(subPath).
-		WithParams(map[string]string{"bk_token": httpheader.GetUserToken(h)}).
-		WithHeaders(esbutil.SetEsbAuthHeader(l.config.GetConfig(), h)).
-		Do().
-		Into(resp)
-	return
+type refresh struct {
+	capability *util.Capability
+	disc       discovery.DiscoveryInterface
 }