feat: call other platforms using virtual user

--story=122806009

Author: Anna-shine

pkg/tenant/logics/tenant.go

@@ -19,8 +19,13 @@ package logics
 
 import (
 	"fmt"
+	"time"
 
+	"configcenter/pkg/tenant"
+	"configcenter/src/apimachinery"
 	"configcenter/src/common"
+	"configcenter/src/common/blog"
+	"configcenter/src/common/types"
 )
 
 // ValidateDisableTenantMode validate disable multi-tenant mode
@@ -35,3 +40,26 @@ func ValidateDisableTenantMode(tenantID string, enableTenantMode bool) (string,
 
 	return tenantID, nil
 }
+
+// InitTenant init tenant, refresh tenants info while server is starting
+func InitTenant(apiMachineryCli apimachinery.ClientSetInterface) error {
+	coreExist := false
+	for retry := 0; retry < 10; retry++ {
+		if _, err := apiMachineryCli.Healthz().HealthCheck(types.CC_MODULE_CORESERVICE); err != nil {
+			blog.Errorf("connect core server failed: %v", err)
+			time.Sleep(time.Second * 2)
+			continue
+		}
+		coreExist = true
+		break
+	}
+	if !coreExist {
+		blog.Errorf("core server not exist")
+		return fmt.Errorf("core server not exist")
+	}
+	err := tenant.Init(&tenant.Options{ApiMachineryCli: apiMachineryCli})
+	if err != nil {
+		return err
+	}
+	return nil
+}

src/apiserver/app/server.go

@@ -15,10 +15,8 @@ package app
 import (
 	"context"
 	"fmt"
-	"time"
 
-	"configcenter/pkg/tenant"
-	"configcenter/src/apimachinery"
+	"configcenter/pkg/tenant/logics"
 	"configcenter/src/apimachinery/util"
 	"configcenter/src/apiserver/app/options"
 	"configcenter/src/apiserver/service"
@@ -95,7 +93,7 @@ func Run(ctx context.Context, cancel context.CancelFunc, op *options.ServerOptio
 		ctnr.Add(item)
 	}
 	apiSvr.Core = engine
-	if err = initTenant(engine.CoreAPI); err != nil {
+	if err = logics.InitTenant(engine.CoreAPI); err != nil {
 		return err
 	}
 	err = backbone.StartServer(ctx, cancel, engine, ctnr, false)
@@ -109,28 +107,6 @@ func Run(ctx context.Context, cancel context.CancelFunc, op *options.ServerOptio
 	return nil
 }
 
-func initTenant(apiMachineryCli apimachinery.ClientSetInterface) error {
-	coreExist := false
-	for retry := 0; retry < 10; retry++ {
-		if _, err := apiMachineryCli.Healthz().HealthCheck(types.CC_MODULE_CORESERVICE); err != nil {
-			blog.Errorf("connect core server failed: %v", err)
-			time.Sleep(time.Second * 2)
-			continue
-		}
-		coreExist = true
-		break
-	}
-	if !coreExist {
-		blog.Errorf("core server not exist")
-		return fmt.Errorf("core server not exist")
-	}
-	err := tenant.Init(&tenant.Options{ApiMachineryCli: apiMachineryCli})
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
 // APIServer TODO
 type APIServer struct {
 	Core        *backbone.Engine

src/common/http/header/util/util.go

@@ -23,6 +23,7 @@ import (
 	"net/http"
 
 	"configcenter/src/common"
+	cc "configcenter/src/common/backbone/configcenter"
 	httpheader "configcenter/src/common/http/header"
 	"configcenter/src/common/util"
 )
@@ -46,6 +47,16 @@ func CCHeader(header http.Header) http.Header {
 	return newHeader
 }
 
+// GetDefaultTenant get default tenant
+func GetDefaultTenant() string {
+	enableMultiTenant, _ := cc.Bool("tenant.enableMultiTenantMode")
+	if enableMultiTenant {
+		return common.BKDefaultTenantID
+	}
+
+	return common.BKSingleTenantID
+}
+
 // GenCommonHeader generate common cmdb http header, use default value if parameter is not set
 func GenCommonHeader(user, tenantID, rid string) http.Header {
 	header := make(http.Header)
@@ -56,7 +67,7 @@ func GenCommonHeader(user, tenantID, rid string) http.Header {
 	}
 
 	if tenantID == "" {
-		tenantID = common.BKDefaultTenantID
+		tenantID = GetDefaultTenant()
 	}
 
 	if rid == "" {

src/common/metadata/audit.go

@@ -1357,7 +1357,7 @@ var auditEnDict = []resourceTypeInfo{
 	},
 	{
 		ID:   TenantTemplateRes,
-		Name: "tenant template",
+		Name: "Tenant Template",
 		Operations: []actionTypeInfo{
 			actionInfoEnMap[AuditCreate],
 			actionInfoEnMap[AuditUpdate],

src/scene_server/admin_server/app/server.go

@@ -106,7 +106,7 @@ func Run(ctx context.Context, cancel context.CancelFunc, op *options.ServerOptio
 		return err
 	}
 
-	if err := service.BackgroundTask(*process.Config); err != nil {
+	if err = service.BackgroundTask(*process.Config); err != nil {
 		return err
 	}
 	err = backbone.StartServer(ctx, cancel, process.Core, service.WebService(), true)

src/scene_server/admin_server/service/tenant.go

@@ -37,8 +37,6 @@ import (
 	"configcenter/src/storage/dal/mongo/local"
 	daltypes "configcenter/src/storage/dal/types"
 	"configcenter/src/storage/driver/mongodb"
-	"configcenter/src/thirdparty/apigw/user"
-
 	"github.com/emicklei/go-restful/v3"
 )
 
@@ -74,12 +72,12 @@ func (s *Service) addTenant(req *restful.Request, resp *restful.Response) {
 			resp.WriteError(http.StatusInternalServerError, result)
 		}
 
-		tenantMap := make(map[string]user.Status)
+		tenantMap := make(map[string]types.Status)
 		for _, tenant := range tenants {
 			tenantMap[tenant.ID] = tenant.Status
 		}
 
-		if status, ok := tenantMap[kit.TenantID]; !ok || status != user.EnabledStatus {
+		if status, ok := tenantMap[kit.TenantID]; !ok || status != types.EnabledStatus {
 			blog.Errorf("tenant %s invalid, rid: %s", kit.TenantID, kit.Rid)
 			result := &metadata.RespError{
 				Msg: defErr.Errorf(common.CCErrCommAddTenantErr,

src/thirdparty/apigw/apigw.go

@@ -84,8 +84,13 @@ func NewClientSet(config *apigwutil.ApiGWConfig, metric prometheus.Registerer, n
 		neededCliMap[neededClient] = struct{}{}
 	}
 
+	cs.user, err = user.NewClient(options)
+	if err != nil {
+		return nil, err
+	}
+
 	if _, exists := neededCliMap[Gse]; exists {
-		cs.gse, err = gse.NewClient(options)
+		cs.gse, err = gse.NewClient(options, cs.user)
 		if err != nil {
 			return nil, err
 		}
@@ -99,21 +104,14 @@ func NewClientSet(config *apigwutil.ApiGWConfig, metric prometheus.Registerer, n
 	}
 
 	if _, exists := neededCliMap[Notice]; exists {
-		cs.notice, err = notice.NewClient(options)
+		cs.notice, err = notice.NewClient(options, cs.user)
 		if err != nil {
 			return nil, err
 		}
 	}
 
 	if _, exists := neededCliMap[Login]; exists {
-		cs.login, err = login.NewClient(options)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	if _, exists := neededCliMap[User]; exists {
-		cs.user, err = user.NewClient(options)
+		cs.login, err = login.NewClient(options, cs.user)
 		if err != nil {
 			return nil, err
 		}

src/thirdparty/apigw/apigwutil/user/user.go

@@ -0,0 +1,107 @@
+/*
+ * Tencent is pleased to support the open source community by making
+ * 蓝鲸智云 - 配置平台 (BlueKing - Configuration System) available.
+ * Copyright (C) 2017 THL A29 Limited,
+ * a Tencent company. All rights reserved.
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at http://opensource.org/licenses/MIT
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ * We undertake not to change the open source license (MIT license) applicable
+ * to the current version of the project delivered to anyone in the future.
+ */
+
+package user
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"sync"
+
+	"configcenter/src/common/blog"
+	httpheader "configcenter/src/common/http/header"
+	"configcenter/src/common/http/header/util"
+	"configcenter/src/thirdparty/apigw/apigwutil"
+	"configcenter/src/thirdparty/apigw/user/types"
+)
+
+// ClientI is the cmdb api gateway client
+type ClientI interface {
+	BatchSearchVirtualUser(ctx context.Context, h http.Header, loginNames []string) ([]types.VirtualUserItem, error)
+}
+
+var (
+	virtualUserAuth = make(map[string]string)
+	lock            sync.RWMutex
+)
+
+// getAuthConfigByTenant get virtual user by tenantID
+func getAuthConfigByTenant(tenantID string) (string, bool) {
+	lock.RLock()
+	defer lock.RUnlock()
+	authConfig, exist := virtualUserAuth[tenantID]
+	if !exist {
+		return "", false
+	}
+	return authConfig, true
+}
+
+// setAuthConfig set virtual user by tenantID
+func setAuthConfig(tenantID string, authConfig string) {
+	lock.Lock()
+	defer lock.Unlock()
+	virtualUserAuth[tenantID] = authConfig
+	return
+}
+
+// SetBKAuthHeader set api gateway authorization header
+func SetBKAuthHeader(ctx context.Context, conf *apigwutil.ApiGWConfig, header http.Header,
+	userCli ClientI) (http.Header, error) {
+
+	tenantID := httpheader.GetTenantID(header)
+	if tenantID == "" {
+		tenantID = util.GetDefaultTenant()
+		httpheader.SetTenantID(header, tenantID)
+	}
+
+	if authInfo, exist := getAuthConfigByTenant(tenantID); exist {
+		header = httpheader.SetBkAuth(header, authInfo)
+		return header, nil
+	}
+
+	authConf := apigwutil.AuthConfig{
+		AppAuthConfig: apigwutil.AppAuthConfig{
+			AppCode:   conf.AppCode,
+			AppSecret: conf.AppSecret,
+		},
+	}
+
+	resp, err := userCli.BatchSearchVirtualUser(ctx, header, []string{"bk_admin"})
+	if err != nil {
+		blog.Errorf("search virtual user failed, err: %v", err)
+		return header, err
+	}
+
+	if len(resp) != 1 {
+		blog.Errorf("search virtual user failed, resp: %v", resp)
+		return header, fmt.Errorf("search virtual user failed, resp: %v", resp)
+	}
+
+	authConf.UserName = resp[0].VirtualUserName
+
+	authInfo, err := json.Marshal(authConf)
+	if err != nil {
+		blog.Errorf("marshal default api auth config %+v failed, err: %v", authConf, err)
+		return header, err
+	}
+
+	header = httpheader.SetBkAuth(header, string(authInfo))
+	setAuthConfig(tenantID, string(authInfo))
+	return header, nil
+}